Privacy Policy

This Privacy Policy explains how Postly Technologies, Inc. ("Onu," "we," "us," or "our") collects, uses, shares, and protects your information when you use our Services, including the Onu mobile application, website (heyonu.com), and related features. By using our Services, you consent to the practices described in this policy.

We are committed to safeguarding your privacy and ensuring compliance with applicable data protection laws, including GDPR, CCPA, and SOC 2 standards.

Personal Data: Information that can identify you, such as your name, email address, or voice recordings.

Financial APIs: Third-party services like Plaid or MX that enable secure access to your financial account data.

Service: The Onu app, website, and associated platforms operated by Postly Technologies, Inc.

You: The individual or entity using our Services.

We collect information to provide and improve our Services. The types of data we collect include:

• Information You Provide: Name, email address, password, and preferences provided during account creation or use of the Services.
• Voice and Audio Data: Audio recordings and transcripts generated when you enable ambient voice recording or use voice commands.
• Financial Data: With your explicit consent, we collect read-only financial data (e.g., account balances, transactions) via trusted Financial APIs like Plaid. We do not store your banking credentials.
• Automatically Collected Data: Device information (e.g., IP address, device type, operating system), usage data (e.g., app interactions), and approximate location (if enabled).
• Cookies and Tracking: We use cookies and similar technologies to enhance functionality and analyze usage. See Section 7 for details.

Onu integrates with Financial APIs (e.g., Plaid) to provide financial insights. These APIs allow us to:

• Retrieve account names, balances, and transaction histories.
• Analyze spending patterns to offer personalized financial recommendations.
• Facilitate secure, read-only access to your financial accounts.

All financial data is encrypted end-to-end, and we do not store sensitive credentials. Your use of these integrations is subject to the respective provider’s privacy policies (e.g., Plaid’s Privacy Policy).

Onu’s ambient AI voice technology captures thoughts, conversations, and insights with your permission. We:

• Record and transcribe voice data when you enable voice features.
• Use transcriptions to generate personalized suggestions and insights.
• Analyze anonymized voice data to improve our AI algorithms.

All recordings are encrypted and stored securely. You can disable voice recording or delete recordings at any time via app settings.

We use cookies, web beacons, and similar technologies to enhance your experience and analyze usage. These technologies help us:

• Remember your preferences and settings.
• Track app usage and performance.
• Deliver personalized content and features.

You can manage cookie preferences through your browser settings. Note that disabling cookies may limit some Service functionalities.

We partner with trusted third-party providers to deliver the Services, including:

• Financial APIs: Providers like Plaid for secure financial data access.
• Analytics: Tools to analyze usage and improve the Services.
• Hosting: Cloud providers like Google Cloud Platform and Hetzner for secure data storage.
• Communication: Services like AWS SES for encrypted email delivery.

These providers operate under their own privacy policies, and we ensure they meet our stringent security standards. We are not responsible for their practices.

We use your information to:

• Provide core Service functionality, such as voice transcription and financial insights.
• Personalize your experience with tailored recommendations.
• Improve and optimize the Services through usage analysis.
• Respond to support requests and inquiries.
• Send updates, newsletters, or promotional messages (with opt-out options).
• Ensure compliance with legal and regulatory requirements.

We do not use your voice or financial data for advertising purposes.

We do not sell your personal data. We may share your information in the following cases:

• Service Providers: With trusted partners (e.g., analytics, hosting, payment processors) who assist in delivering the Services, bound by strict confidentiality agreements.
• With Your Consent: When you explicitly authorize sharing, such as connecting financial accounts via APIs.
• Legal Requirements: To comply with laws, regulations, or legal processes, such as responding to subpoenas or government requests.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred, with notice provided.

We implement industry-leading security measures to protect your data, including:

• End-to-end encryption with TLS 1.3 for data in transit and AES-256 for data at rest.
• Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA) for internal systems.
• Regular security audits and penetration testing by independent third parties.
• Continuous monitoring for suspicious activity via our Security Operations Center (SOC).

While we strive to protect your data, no system is 100% secure. We recommend using strong passwords and enabling MFA to enhance your account security.

We retain your data only as long as necessary to provide the Services or meet legal obligations:

• Audio Data: Stored for up to 30 days unless you choose to save it, with transcripts retained until account deletion.
• Financial Data: Cached only during active sessions and deleted afterward, unless required for ongoing services.
• Account Data: Retained while your account is active; deleted within 30 days of account deletion (including backups).

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of your personal data.
• Correction: Update or correct inaccurate data.
• Deletion: Request deletion of your data or account.
• Restriction: Limit how we process your data.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to certain data processing, such as marketing.
• Withdraw Consent: Revoke consent for data processing at any time.

To exercise these rights, contact us at Email us. We will respond within 30 days, as required by applicable laws (e.g., GDPR, CCPA).

Our Services are hosted in the United States. If you access the Services from outside the U.S., your data may be transferred to, stored, and processed in the U.S. By using the Services, you consent to this transfer and processing, subject to our compliance with applicable data protection laws (e.g., GDPR for EU users).

We use Standard Contractual Clauses (SCCs) and other safeguards to ensure lawful international data transfers.

The Services are not intended for children under 13 years of age (or 16 in certain jurisdictions, such as the EU). We do not knowingly collect personal data from minors. If we learn that we have collected such data, we will delete it promptly. Contact us at Email us if you believe we have inadvertently collected data from a minor.

We may update this Privacy Policy to reflect changes in our Services, legal requirements, or industry standards. Material changes will be communicated via email, in-app notifications, or by posting the updated policy on our website. Continued use of the Services after such changes constitutes acceptance of the updated policy.

For questions, concerns, or to exercise your data rights, please contact us:

📧 Email us

🌐 https://heyonu.com