Privacy Policy

This Privacy Policy describes how Postly Technologies, Inc. (“Onu”, “we”, “our”, “us”) collects, processes, stores, and protects your information when you use the Onu app, website (heyonu.com), and related services.

Onu follows strict industry standards including **SOC 2**, **GDPR**, **CCPA**, and **bank-grade security requirements** for financial integrations.

Personal Data: Any information that identifies you.

Financial APIs: Secure third-party connections (e.g., Plaid, MX, Truelayer).

Service: The Onu platform across mobile, desktop, and web.

You: The user of the Onu Services.

• Account Info: Email, name, workspace details.
• Audio & Voice Data: If enabled, recordings + transcriptions.
• Financial Data (Read-Only): Balances, transactions, accounts — never credentials.
• Device & Usage Data: IP, OS, app activity.
• Optional Location Data (if granted).
• Cookies & Analytics for improving product performance.

Onu integrates with reputable financial data providers (e.g., Plaid, MX, Truelayer) to offer insights.

We **never** receive your banking login or password. Financial APIs give us:

• Account names & types
• Balances
• Transactions
• Institution metadata

All financial data is **read-only**, **encrypted in transit and at rest**, and **not used for advertising**.

We use cookies and analytics to make Onu smoother and more reliable.

We only partner with providers who meet strict security standards:

• Hosting: Google Cloud, Hetzner — ISO 27001 certified.
• Finance APIs: Plaid / MX / Truelayer.
• Email Delivery: AWS SES (fully encrypted).
• Error Monitoring: Sentry (anonymized data only).

We do not allow these providers to use your data for their own purposes.

• Provide ambient awareness & financial intelligence features.
• Improve recommendations & search.
• Deliver reminders, nudges, and insights.
• Respond to customer support requests.
• Ensure security & fraud protection.
• Comply with laws and audit requirements.

We **never sell your data**. We only share data when:

• You explicitly authorize it (e.g., connecting a bank).
• With vetted service providers under strict contracts.
• To comply with legal obligations.
• During mergers or acquisitions (with notice).

Onu uses **bank-level** and **enterprise-grade** security:

• Encryption in Transit: TLS 1.3
• Encryption at Rest: AES-256 across all storage
• Zero-knowledge financial credentials (we never see your banking login)
• Read-only financial access enforced by API providers
• Role-Based Access Control (RBAC) for internal access
• MFA-protected admin dashboards
• Regular penetration testing & vulnerability scans
• Continuous security monitoring (SOC monitoring)
• Audit logs for all internal access

While we maintain robust security, no system is fully immune. We encourage enabling strong passwords and 2-factor authentication.

• Financial Data: Only stored during session; refreshed securely when you open Onu.
• Account Data: Deleted within 30 days of account closure.
• Backups: Purged within 30–60 days.

You may exercise the following rights at any time:

• Access your data
• Download/export your data
• Request deletion
• Correct inaccuracies
• Withdraw consent
• Restrict certain uses

Contact us at mailto:[email protected].

By using Onu, you consent to your data being processed in the **United States** under GDPR-compliant safeguards such as SCCs.

Onu is not intended for users under 13 (or 16 in certain regions).

We may update this Policy from time to time. Material changes will be communicated via email or in-app notifications.

For privacy inquiries, data requests, or security concerns:

📧 mailto:[email protected]

🌐 https://heyonu.com