1. Data Controller

Oneva is the data controller for personal data processed through the portal and workspace services.

2. Data We Collect

• Account data: Name, email address, phone number, chosen username
• Workspace data: Files, emails, calendar entries, contacts, and other content you store
• Technical data: IP addresses, login timestamps, server access logs

3. How We Use Your Data

We process your data to:

• Provision and operate your workspace
• Send account-related notifications (verification, invitations, password resets)
• Monitor service health and security
• Create and maintain backups for disaster recovery

4. Data Storage and Location

All data is stored on Hetzner Cloud infrastructure within the European Union:

• Primary: Helsinki, Finland (hel1)
• Backups: Falkenstein, Germany (fsn1)

5. Data Sharing

We do not sell or share your data with third parties. Infrastructure is provided by Hetzner Online GmbH (Germany), which acts as a data processor under GDPR.

6. Data Retention

Workspace data is retained as long as your account is active. Upon account deletion, data is permanently removed within 30 days. Backups are retained for up to 90 days after deletion.

7. Your Rights (GDPR)

You have the right to:

• Access your personal data
• Rectify inaccurate data
• Request deletion of your data
• Export your data (data portability)
• Object to processing

8. Security

We protect your data with encryption at rest and in transit, SSH key authentication, firewall restrictions, and regular security updates.

9. Contact

For privacy inquiries, contact us at privacy@oneva.cloud.

This is a placeholder document. A complete Privacy Policy should be reviewed by legal counsel before commercial launch.