Privacy Policy

Last updated: **February 2025**

1. Overview

This Privacy Policy describes how Postly Technologies, Inc. (“Onu”, “we”, “our”, “us”) collects, processes, stores, and protects your information when you use the Onu app, website (heyonu.com), and related services.

Onu follows strict industry standards including **SOC 2**, **GDPR**, **CCPA**, and **bank-grade security requirements** for financial integrations.

2. Key Definitions

Personal Data: Any information that identifies you.

Financial APIs: Secure third-party connections (e.g., Plaid, MX, Truelayer).

Service: The Onu platform across mobile, desktop, and web.

You: The user of the Onu Services.

3. Information We Collect

  • Account Info: Email, name, workspace details.
  • Audio & Voice Data: If enabled, recordings + transcriptions.
  • Financial Data (Read-Only): Balances, transactions, accounts — never credentials.
  • Device & Usage Data: IP, OS, app activity.
  • Optional Location Data (if granted).
  • Cookies & Analytics for improving product performance.

4. Financial Data & API Integrations

Onu integrates with reputable financial data providers (e.g., Plaid, MX, Truelayer) to offer insights.

We **never** receive your banking login or password. Financial APIs give us:

  • Account names & types
  • Balances
  • Transactions
  • Institution metadata

All financial data is **read-only**, **encrypted in transit and at rest**, and **not used for advertising**.

6. Cookies & Tracking Technologies

We use cookies and analytics to make Onu smoother and more reliable.

7. Third-Party Services

We only partner with providers who meet strict security standards:

  • Hosting: Google Cloud, Hetzner — ISO 27001 certified.
  • Finance APIs: Plaid / MX / Truelayer.
  • Email Delivery: AWS SES (fully encrypted).
  • Error Monitoring: Sentry (anonymized data only).

We do not allow these providers to use your data for their own purposes.

8. How We Use Your Information

  • Provide ambient awareness & financial intelligence features.
  • Improve recommendations & search.
  • Deliver reminders, nudges, and insights.
  • Respond to customer support requests.
  • Ensure security & fraud protection.
  • Comply with laws and audit requirements.

9. Data Sharing

We **never sell your data**. We only share data when:

  • You explicitly authorize it (e.g., connecting a bank).
  • With vetted service providers under strict contracts.
  • To comply with legal obligations.
  • During mergers or acquisitions (with notice).

10. Security Measures & Protections

Onu uses **bank-level** and **enterprise-grade** security:

  • Encryption in Transit: TLS 1.3
  • Encryption at Rest: AES-256 across all storage
  • Zero-knowledge financial credentials (we never see your banking login)
  • Read-only financial access enforced by API providers
  • Role-Based Access Control (RBAC) for internal access
  • MFA-protected admin dashboards
  • Regular penetration testing & vulnerability scans
  • Continuous security monitoring (SOC monitoring)
  • Audit logs for all internal access

While we maintain robust security, no system is fully immune. We encourage enabling strong passwords and 2-factor authentication.

11. Data Retention Controls

  • Financial Data: Only stored during session; refreshed securely when you open Onu.
  • Account Data: Deleted within 30 days of account closure.
  • Backups: Purged within 30–60 days.

12. Your Rights

You may exercise the following rights at any time:

  • Access your data
  • Download/export your data
  • Request deletion
  • Correct inaccuracies
  • Withdraw consent
  • Restrict certain uses

Contact us at mailto:[email protected].

13. International Data Transfers

By using Onu, you consent to your data being processed in the **United States** under GDPR-compliant safeguards such as SCCs.

14. Children’s Privacy

Onu is not intended for users under 13 (or 16 in certain regions).

15. Changes to This Policy

We may update this Policy from time to time. Material changes will be communicated via email or in-app notifications.

16. Contact Us

For privacy inquiries, data requests, or security concerns:

📧 mailto:[email protected]

🌐 https://heyonu.com