This privacy policy explains how onelmon.com collects, uses, retains, and discloses personal data. It applies to data we collect both through our website and offline.

By visiting our site or submitting personal data to us, you agree that we may process your personal data as described here.

We update this policy from time to time. Though changes may be substantive, we will alert you through our homepage and/or email notifications.

Who we are

Our website address is https://onelmon.com.

For all data protection matters, you can contact our Data Protection Officer, Olivia Johnson
Nickname at olivia@onelmon.com or by mail at the following address:

What personal data we collect, and why

We collect personal data, transactional data, and technical data to operate effectively and securely and to provide the best experience we can. We only keep what is required for those purposes. Specifically:

We collect first and last names, and email addresses for account registration. We use this to operate our services, identify and authenticate users, bill customers, provide products and services, and send transactional emails like order confirmations or password reset notices. Where required by law, we ask for consent to collect and process this data. We may also retain some transactional data (purchase records, billing records, etc.) to comply with accounting regulations. Depending on payment processors, some payment information may also be retained for fraudulent transaction checking.

Media uploads like images may include location data (EXIF data). Visitors should remove this before uploading to avoid unintended disclosure. Uploaded images are publicly accessible.

If you leave a comment on our site we collect your name, email address, IP address, user agent string, and any information you provide in your comment submission form. We use this to recognize/approve comments, contact users about the comment if needed, reduce comment spam, and provide a more collaborative discussion platform. Comment content and metadata are retained indefinitely pending automatic filtering and review.

Our contact forms collect names, email addresses, phone numbers, and any details about the message and potential file/document attachments. We retain this data for up to six months for customer service purposes.

Page view data, referring URLs and internal site search terms used are captured through Google Analytics and similar plugins to improve our services. We may also use some technical data internally for debugging purposes, but obfuscate IP addresses wherever possible.

Who we share your data with

No visitor data is shared with third parties. If you request a password reset, only the reset email contains your IP address at time of request.

Comments or media files uploaded may be checked against various anti-spam databases or other threat detection mechanisms, but contain no user identifying data for such automatic analysis.

Site administrators may access user account data including comment records to accommodate user issues on a case by case basis.

How long we retain your data

User account data is retained indefinitely for convenience, though unused accounts may expire pending automatic filtering or review.

Comment metadata is retained indefinitely, pending automatic filtering and review. Media uploads and comments may remain publicly visible on the site unless removed by the site admins.

Page view analytics through Google Analytics and similar are retained for 1 year from time of visit. Raw web server access logs are deleted after 1 month. Contact form submissions are retained up to six months for customer service purposes.

Payment processing data is retained for billing purposes, tax/accounting purposes, and fraudulent transaction checking as required by our payment processors and accounting regulations respectively.

What rights you have over your data

If you have an account, you can request an account data export from your account page to obtain any personal data we have — or request account data erasure there as well. This does not include data we must keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments and media uploads may be checked against spam databases or threat detection mechanisms. Page view analytics via embedded scripts ping servers operated by those third party analytics services (like Google).

Our site and data are hosted on servers provided by Third Party Hosting Provider. For performance, security, and redundancy purposes they may store or process data on our behalf across multiple regions, including servers based outside the EU — but are reviewed to uphold adequate protection and compliance with European data protection standards.

For site caching and performance, content may be duplicated by LiteSpeed Cache caching mechanisms and temporarily held or processed on caching servers provided by QUIC.cloud. Their Privacy Policy can be found here: https://quic.cloud/privacy-policy/

How we protect your data

We implement security measures like encryption, 2FA, and staff data privacy training to protect user data. We conduct Privacy Impact Assessments of third party services before use to assess security/privacy risks posed. We also have data breach procedures in place to contain and mitigate any potential exposures should one arise.

Additional disclosures

Our site’s primary purpose is not commercial in nature nor focused on marketing/advertising. As such we do not engage in extensive automated decision making/profiling activities with users’ personal data, though we may conduct basic analysis of user data in aggregate/anonymized formats at times to improve our services.

If any concerns arise over our data practices or this privacy policy, please contact us via the means listed under the “Who we are” section to resolve them.