Your data stays yours

Account basics (name, email, Jordan-local phone if you give it), your brief + project memory, wallet top-ups + ledger, emails sent + received through your mailbox, and server logs for security. That's it — no pixel trackers, no third-party ad networks.

To run the service: remember who you are, pay ONI's cycles, let ONI act on your behalf (send invoices, reply to clients), and defend the platform against abuse. No other reason. We don't sell it, we don't hand it to advertisers, we don't train public AI models on it.

Encrypted Postgres in AWS Frankfurt (EU). Backups are encrypted and rotated. Secrets (API keys you add) are encrypted at rest with per-project envelope keys. Stripe holds card details — we only see tokens. Sent emails are stored in S3 for 90 days then deleted.

Only you and Onneta staff on a need-to-know basis (ops, fraud review). ONI is scoped to your project — it can't read other users' data. We don't grant data access to third parties unless compelled by Jordanian law, and we'll tell you when we can.

Export everything from Settings → Privacy. Delete your account same place — 30-day grace, then permanent. Request a specific slice of data (one project, one month of ledger) by emailing support. GDPR/CCPA-style rights apply even though we're in Jordan — we'd rather respect them than not.

Privacy questions: privacy@onneta.com. Legal: legal@onneta.com. We aim to respond within 3 business days.