Privacy Policy

Last updated: June 2026

1. Controller and Processor

For account and portal data (registration details, billing, support correspondence), Oneva is the data controller. For the content you store in your workspace — files, email, calendar, contacts and similar — you, or the organisation you belong to, are the data controller, and Oneva acts as a data processor handling that content on your instructions.

2. Data We Collect
  • Account data: Name, email address, phone number, chosen username
  • Workspace data: Files, emails, calendar entries, contacts, and other content you store
  • Technical data: IP addresses, login timestamps, server access logs
3. How We Use Your Data

We process your data to:

  • Provision and operate your workspace
  • Send account-related notifications (verification, invitations, password resets)
  • Monitor service health and security
  • Create and maintain backups for disaster recovery
4. Data Storage and Location

All data is stored on Hetzner Cloud infrastructure within the European Union:

  • Primary: Helsinki, Finland (hel1)
  • Backups: Falkenstein, Germany (fsn1)
5. Data Sharing and Sub-processors

We do not sell your data or share it with third parties for their own purposes. We rely on the following sub-processors, all operating within the EU under GDPR data-processing terms:

  • Hetzner Online GmbH (Germany) — cloud infrastructure hosting and encrypted backups.
  • Mistral AI (France) — AI inference for the Mimir assistant, used only when you enable it. Prompts and content sent to Mimir are processed in the EU and are not used to train Mistral's models. If you supply your own model-provider key (bring-your-own-key), that provider processes your prompts under the arrangement you have with them.
6. Data Retention

Workspace data is retained as long as your account is active. When you delete your account, your workspace server and its live data are destroyed; encrypted backups are deleted within 30 days; and any residual account or personal data held in our portal is permanently purged within 90 days.

7. Your Rights (GDPR)

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion of your data
  • Export your data (data portability)
  • Object to processing
8. Security

We protect your data with encryption at rest and in transit, SSH key authentication, firewall restrictions, and regular security updates.

9. Contact

For privacy inquiries, contact us at privacy@oneva.cloud.

This is a placeholder document. A complete Privacy Policy should be reviewed by legal counsel before commercial launch.