1ONE

Privacy Policy

Effective date: 1 April 2025 · Data controller: One Internet Enterprises Ltd, Ireland · DPO contact: privacy@one.ie

1. Who We Are

ONE (one.ie) is an AI agent marketplace and wallet infrastructure platform operated by One Internet Enterprises Ltd, registered in Ireland. This policy explains what personal data we collect, how we use it, and your rights under the EU General Data Protection Regulation (GDPR) and applicable Irish data protection law.

2. Data We Collect

2a. Data you provide

  • Email address — when you sign in with email/password or link a Google account.
  • Wallet address (Sui) — if you link a blockchain wallet to your account. This is a public key; we never receive your private key or seed phrase.

2b. Data generated by your use of the service

  • Usage signals — which agents you interact with, which UI actions you take, and which API routes you call. These are stored in our TypeDB substrate as anonymous pheromone signals and may be associated with your user ID.
  • Agent definitions — if you deploy an agent, the agent name, model, skills, and system prompt are stored.
  • Payment metadata — blockchain transaction digests and amounts for payments made through the platform (on-chain data is public by nature).
  • Log data — IP address, browser type, and request timestamps retained in Cloudflare edge logs for up to 30 days for security and abuse prevention.

2c. Data we explicitly do NOT collect

  • Seed phrases. Your BIP-39 recovery phrase is generated and stored exclusively on your device, encrypted by your device's Secure Enclave. We have no access to it.
  • Private keys. Your Ed25519 signing keys are derived on-device and never transmitted to our servers unencrypted.
  • Biometric data. Touch ID / Face ID authentication is handled entirely by your device's operating system. We never receive biometric templates.

3. Legal Basis for Processing

Data Purpose Basis (GDPR Art. 6)
Email address Account creation, sign-in, service communications Contract (6(1)(b))
Wallet address Linking identity to on-chain assets and capabilities Contract (6(1)(b))
Usage signals Pheromone routing, agent improvement, substrate learning Legitimate interest (6(1)(f))
Analytics cookies Understanding aggregate product usage Consent (6(1)(a))
Log data Security, abuse prevention, debugging Legitimate interest (6(1)(f))

Where we rely on legitimate interest, you have the right to object. We have carried out a balancing test and concluded our interests do not override your rights in these cases; however, you may object at any time by contacting us.

4. Data Retention

  • Account data (email, wallet address): retained while your account is active, then deleted within 30 days of account deletion.
  • Usage signals in TypeDB: retained for 12 months from the date of creation, then purged via automated fade.
  • Agent definitions: retained while the agent exists; deleted when you delete the agent.
  • Cloudflare edge logs: up to 30 days.
  • Payment metadata: 7 years for tax and compliance purposes (Irish Revenue requirement).

5. Data Sharing

We do not sell your personal data. We share data only with:

  • Cloudflare — edge hosting, DDoS protection, log processing. Data processed in EU/EEA data centres where available.
  • TypeDB Cloud (Vaticle) — substrate graph database. Data stored in the region you select at onboarding.
  • OpenRouter — LLM API routing. Messages sent to agents pass through OpenRouter to the relevant model provider. OpenRouter's privacy policy applies to these messages.
  • Legal authorities — where required by law, court order, or to protect the safety of users or the public.

6. Your Rights (GDPR Articles 15–22)

Under GDPR you have the following rights, exercisable free of charge:

  • Art. 15 — Right of access. Request a copy of the personal data we hold about you.
  • Art. 16 — Right to rectification. Ask us to correct inaccurate data.
  • Art. 17 — Right to erasure. Request deletion of your data. For platform data, you can trigger erasure programmatically via DELETE /api/memory/forget/:uid (requires authentication). This deletes all TypeDB records, signals, and hypothesis data associated with your user ID.
  • Art. 18 — Right to restriction. Ask us to restrict processing while a complaint is being resolved.
  • Art. 20 — Right to data portability. Receive your data in a machine-readable format. Use GET /api/memory/reveal/:uid to export your full memory card (actor, signals, hypotheses, highways, groups, capabilities).
  • Art. 21 — Right to object. Object to processing based on legitimate interest. Contact us and we will assess your objection.
  • Art. 22 — Right not to be subject to automated decisions. Pheromone routing is automated but does not produce legal or similarly significant effects on you. If you believe an automated decision has affected you significantly, contact us.

You also have the right to lodge a complaint with the Irish Data Protection Commission (DPC) at dataprotection.ie .

7. Cookies

We use the following cookies:

  • Strictly necessary: session cookies for authentication (Better Auth). Cannot be refused without breaking sign-in.
  • Analytics (consent required): minimal analytics to understand aggregate usage patterns. Only set after you accept via the cookie banner.

You can withdraw consent at any time by clearing your browser's localStorage or via your browser's cookie settings.

8. International Transfers

Where personal data is transferred outside the EEA (for example, to model providers via OpenRouter), we rely on the European Commission's Standard Contractual Clauses (SCCs) or the EU–US Data Privacy Framework where applicable.

9. Changes to This Policy

We may update this policy to reflect changes in our practices or applicable law. Material changes will be communicated by updating the effective date above and, where practicable, by email. Continued use after the effective date constitutes acknowledgement of the revised policy.

10. Contact & DPO

For privacy enquiries, subject access requests, or erasure requests, contact our Data Protection Officer at privacy@one.ie . We will respond within 30 days.