Skip to content

Privacy Policy

Last updated: 2026-05-14

We collect the minimum personal data needed to run the service. We do not sell your data, and we do not use it to train AI models. This page tells you exactly what we have, why we have it, and how to get it back or delete it.

1. Who we are (data controller)

For the personal data you provide directly to OneClick, the controller is Fontaine Farm SRL, Belgium. Contact for privacy matters: [email protected].

2. What data we collect

You give us

  • Account data: name, email address, password hash (if you use email login) or Google account identifier (if you use Google login).
  • Business data: the sentence and answers you type into the funnel, your business name, location, phone, and similar details you choose to publish.
  • Uploads: photos and files you upload for your site.
  • Generated site content: the text, layouts and images produced by the AI based on your inputs, plus your edits.
  • Payment data: your card details are entered directly into Stripe's checkout form. We never see or store your full card number. Stripe sends us a token, the last four digits, and the card brand.
  • Support correspondence: what you write to us by email or contact form.

We collect automatically

  • Technical data: IP address, browser type, device, language, timestamps of requests.
  • Usage data: which pages you load, which features you use, how long things take to render. We use first-party Umami and Vercel Web Analytics, no third-party advertising cookies.
  • Error telemetry: stack traces and request context when something breaks, via Sentry.

3. Lawful basis for processing (GDPR Article 6)

  • Performance of a contract (Article 6(1)(b)): account, billing, hosting, AI generation — everything required to deliver the service you signed up for.
  • Legitimate interests (Article 6(1)(f)): error monitoring, abuse prevention, aggregate product analytics, securing the platform.
  • Consent (Article 6(1)(a)): optional marketing emails and non-essential cookies. You can withdraw consent at any time.
  • Legal obligation (Article 6(1)(c)): tax records, responding to lawful requests from authorities.

4. How we use your data

  • To create and run your OneClick account and your published site.
  • To generate AI drafts (copy, layouts, images, logos) from the inputs you provide.
  • To process payments and renewals.
  • To send transactional email — login links, receipts, security notices, service announcements.
  • To provide customer support.
  • To monitor performance and fix bugs.
  • To detect and prevent fraud, abuse, and security incidents.
  • If you opt in: to send product news and tips.

5. AI services and your data

To generate website content, we send your inputs (text, business details, uploaded photos) to AI services. We use:

  • Microsoft Azure OpenAI Service (Sweden region) for text and image generation.
  • Anthropic models via Microsoft Azure Foundry.
  • OpenAI Whisper via Azure (Sweden region) for voice transcription, if you record audio.

These services operate under enterprise agreements that prohibit using your data to train their foundation models. Data sent through these endpoints is processed only to return the requested generation back to OneClick. See the Subprocessors page for the full list and links to each provider's data processing agreement.

6. Sharing with third parties

We do not sell personal data. We share data only with the subprocessors needed to run the service (full list at /legal/subprocessors), with payment processors when you pay, and where required by law. We do not pass your data to advertising networks.

7. International transfers

Some of our subprocessors are based in the United States (Vercel, Neon, Stripe, Cloudflare, Sentry). Personal data transferred outside the European Economic Area is protected by:

  • The EU–US Data Privacy Framework, where the recipient is certified; and/or
  • Standard Contractual Clauses approved by the European Commission, plus supplementary technical and organisational measures.

8. How long we keep your data

  • Active accounts: for as long as your account exists.
  • After account deletion: we permanently delete personal data and site content within 30 days. Encrypted off-site backups may persist for up to 30 days more, after which they are overwritten.
  • Tax and accounting records: kept for the period required by Belgian law (currently 7 years for accounting records).
  • Server logs: 90 days, then aggregated or deleted.
  • Support email: up to 3 years.

9. Your rights under GDPR

If you are in the European Economic Area or the UK, you have the right to:

  • Access a copy of the personal data we hold about you.
  • Rectification of inaccurate or incomplete data.
  • Erasure of your data ("the right to be forgotten") in the situations described in GDPR Article 17.
  • Portability — a structured, machine-readable copy of the data you have given us, so you can move it elsewhere.
  • Restriction of processing in certain circumstances.
  • Objection to processing based on legitimate interests, including direct marketing.
  • Withdraw consent at any time for processing that depends on consent. Withdrawing consent does not affect the lawfulness of processing carried out before.

To exercise any of these rights, email [email protected]. We respond within 30 days. If you are not satisfied, you may lodge a complaint with your local data protection authority — for Belgium, this is the Autorité de protection des données / Gegevensbeschermingsautoriteit.

10. Children

OneClick is not intended for children under 16. If we learn we have collected data from a child under 16 without parental consent, we delete it.

11. Security

We use HTTPS everywhere, encrypt data at rest, hash passwords with industry- standard algorithms, restrict employee access on a need-to-know basis, and run automated security monitoring. No system is perfectly secure; if we discover a breach affecting your personal data, we will notify you and the relevant regulators within 72 hours, in line with GDPR.

12. Changes to this policy

We update this policy when our practices change. Material changes will be announced by email and on the dashboard. The "Last updated" date at the top of this page always reflects the current version.

13. Contact

For privacy questions or to exercise your rights, email [email protected]. Other ways to reach us are on the Contact page.