OneOne

Privacy Policy

Last updated: 30 June 2026

OneOne ("we", "us", "our") is a calm, intentional posting app that lets you share one meaningful post per day. We care deeply about your privacy. This policy explains, in plain language, what information we collect, why we collect it, how we use it, and the choices you have.

If you have any questions, contact us at hello@getoneone.app.


Who we are

OneOne is operated by Mohamed Hagras, based in Malmö, Sweden. For the purposes of the EU General Data Protection Regulation (GDPR), we are the "data controller" of your personal data.


The information we collect

We collect only what we need for the app to work. Here is everything:

Information you give us

  • Account information: your email address (used to sign in and to send you reminders you have enabled).
  • Profile information: your display name, username, and optionally a profile photo, a short bio, your interests, and a location you type in yourself. All profile fields except name and username are optional.
  • Your content: the posts you create, including the post text, the "why does this matter" reflection, the category, any image you upload, and link details for article posts. This also includes comments you write and reactions you add to other posts.

Information we collect automatically when you use the app

  • Settings and activity: your timezone, whether you have enabled email reminders, whether you have completed onboarding, and the time you were last active. These let the app work correctly and send reminders at sensible times.
  • Social actions: who you follow, posts you save to revisit, and reports you submit about content.
  • Notifications: in-app notifications we generate for you, and, if you enable push notifications, a device token that allows us to deliver them to your phone.
  • Technical and usage data: basic visit and usage analytics provided by our hosting platform (Lovable), which helps us understand how the app is used and keep it running. We do not use third-party advertising or tracking tools.

Information we do NOT collect

  • We do not store your password. Sign-in and passwords are handled securely by our authentication provider.
  • We do not collect payment information, your home address, or your phone number.
  • We do not sell your personal data to anyone.
  • We do not use your personal content to train artificial intelligence models. If this ever changes in the future, we will ask for your explicit, opt-in consent first, and you will always be free to decline.

How we use your information

We use your information to:

  • create and maintain your account;
  • show your posts, profile, and activity to you and, where you choose to make them public, to others;
  • send you the daily reminder emails and notifications you have enabled;
  • let you follow others, comment, react, and save posts;
  • keep the app safe, including reviewing content that is reported;
  • operate, maintain, and improve the app.

We rely on the following legal bases under GDPR: performing our contract with you (to provide the app), your consent (for example, for email reminders and push notifications, which you can withdraw at any time), and our legitimate interests (keeping the app safe and functioning).


Who we share information with

We do not sell your data. We share it only with the service providers that make the app work, and only as far as needed:

  • Lovable / Supabase: our hosting, database, and storage provider, where your account, profile, posts, and images are securely stored.
  • ImprovMX: handles email forwarding for our contact address.
  • Apple Push Notification service and Google Firebase Cloud Messaging: deliver push notifications to your device, if you enable them.

These providers process data on our behalf and are not permitted to use it for their own purposes.

We may also disclose information if required by law, or to protect the rights, safety, and security of our users and the app.


Where your data is stored

Your data is stored on secure servers operated by our hosting providers. Some providers may process data outside the European Economic Area. Where that happens, we rely on appropriate safeguards (such as the European Commission's standard contractual clauses) to protect your data.


How long we keep your data

We keep your information for as long as your account is active. If you delete your account, we delete your personal data and content, except where we are required to keep certain records (for example, suppression records that prevent us from emailing an address that has unsubscribed or bounced).


Your rights

Under GDPR, you have the right to:

  • access the personal data we hold about you;
  • correct inaccurate data;
  • delete your data ("right to be forgotten");
  • object to or restrict certain processing;
  • withdraw consent at any time (for example, turn off email reminders or push notifications);
  • request a copy of your data in a portable format;
  • lodge a complaint with your local data protection authority. In Sweden, this is the Integritetsskyddsmyndigheten (IMY).

To exercise any of these rights, email us at hello@getoneone.app. You can also delete your account directly in the app.


Children

OneOne is not directed at children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us and we will delete it.


Changes to this policy

We may update this policy from time to time. When we make significant changes, we will update the "last updated" date at the top and, where appropriate, notify you in the app.


Contact us

If you have any questions about this policy or your data, email hello@getoneone.app.