Privacy Policy

INTRODUCTION

One Estate, Inc. ("OneEstateOS," "we," "our," or "us") is committed to protecting the privacy of our users. This Privacy Policy describes how we collect, use, disclose, store, and protect information about users ("you" or "your") of the OneEstateOS software-as-a-service platform, including all Vaults, Service Suites, and associated features (collectively, the "Service").

This Privacy Policy applies to all users of the Service located in the United States. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.

This Privacy Policy is incorporated by reference into the OneEstateOS Terms of Service. Capitalized terms used but not defined herein have the meanings given in the Terms of Service.

1. INFORMATION WE COLLECT

1.1 Information You Provide Through Google Authentication

The Service uses Google OAuth 2.0 as its sole authentication method. When you sign in with Google, we receive and store the following information from your Google account, subject to your Google account privacy settings:

1. Full name as registered with your Google account;
2. Email address associated with your Google account;
3. Email verification status (whether Google has verified the email address); and
4. Profile picture URL, if available and provided by Google (we store the URL reference, not the image itself).

We do not create or store passwords. Authentication is managed entirely by Google. We do not receive or store your Google account password or any payment information associated with your Google account.

1.2 Account and Profile Information You Voluntarily Provide

After authentication, you may voluntarily enhance your profile by providing:

1. A display name (which may differ from your Google name);
2. Mobile phone number;
3. Company or organization name;
4. City and state; and
5. Communication and notification preferences.

All profile enhancements beyond your Google-provided name and email are optional and may be provided, modified, or deleted at any time from your account profile settings.

1.3 Customer Data You Upload

The Service allows you to upload documents, records, and data to your Vaults. This may include real property records (deeds, title insurance policies, mortgage documents, lease agreements, purchase contracts, inspection reports), entity records (operating agreements, formation documents, EIN assignments, beneficial ownership records), and financial records (rent rolls, bank statements, tax returns, investment summaries). We process this Customer Data solely to provide the Service to you as described in the Terms of Service.

1.4 Automatically Collected Information

When you access the Service, we automatically collect certain technical information, including:

1. IP address — collected at authentication and for security monitoring;
2. Browser type and version (user-agent string);
3. Device type (desktop, tablet, or mobile, as inferred from user-agent);
4. Operating system;
5. Referring URL — the page from which you navigated to the Service;
6. Session activity logs — actions taken within the Service, timestamps, and features accessed; and
7. Consent records — timestamps, document version identifiers, and acceptance method for each disclosure accepted.

1.5 Cookies and Similar Technologies

We use session cookies and similar technologies to maintain your authenticated session and provide core Service functionality. We may also use analytics cookies to understand how users interact with the Service in aggregate, to improve platform performance and features. You may configure your browser to refuse cookies; however, doing so may impair certain Service functionality, including authentication.

We do not use advertising cookies or sell your information to third-party advertising networks.

2. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

1. To provide and operate the Service — authenticating your identity, creating and maintaining your account and Vaults, processing documents you upload, and generating the workflow outputs and reports you request;
2. To maintain security and prevent fraud — monitoring for unauthorized access, suspicious activity, policy violations, and security threats;
3. To maintain compliance records — storing your disclosure acceptance records as required to demonstrate informed consent;
4. To communicate with you — sending transactional notifications about your account, Vaults, service updates, and maintenance windows; sending periodic platform digests and feature updates, subject to your notification preferences;
5. To improve the Service — analyzing aggregated, de-identified usage data to understand feature adoption, diagnose performance issues, and prioritize platform improvements; and
6. To enforce our Terms — investigating potential violations of our Terms of Service or Acceptable Use Policy.

We do not use your Customer Data (the documents and records you upload to Vaults) to train machine learning models, for advertising purposes, or for any purpose other than providing the Service to you.

3. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information. We share information only in the following limited circumstances:

1. Service Providers and Subprocessors. We engage vetted third-party service providers to support platform operations, including cloud infrastructure providers (e.g., hosting, storage), authentication services (Google OAuth), communications platforms (email delivery), and analytics tools. These providers are contractually prohibited from using your information for any purpose other than providing services to OneEstateOS and are subject to appropriate confidentiality and security obligations;
2. Authorized Collaborators. Information and documents within a Vault are accessible to any Authorized User or collaborator you invite to that Vault. You are responsible for the collaborators you grant access to;
3. Legal Requirements. We may disclose information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of OneEstateOS, our users, or the public;
4. Business Transfers. In connection with a merger, acquisition, sale of assets, or other corporate transaction, your information may be transferred to the successor entity. We will provide notice before your information is transferred and becomes subject to a different privacy policy; and
5. With Your Consent. We may share information for any other purpose with your explicit prior consent.

4. DATA RETENTION

4.1 Active Accounts.

We retain your account information, profile data, consent records, and session logs for as long as your account is active or as needed to provide the Service.

4.2 Customer Data in Vaults.

Documents and data uploaded to your Vaults are retained for the duration of your active subscription. Upon subscription expiration or account termination, your Vaults are placed in read-only status for sixty (60) days to allow data export. After this period, Customer Data may be permanently deleted.

4.3 Consent and Compliance Records.

Disclosure acceptance records, including timestamps, document version hashes, and IP addresses, are retained for a minimum of seven (7) years for compliance and legal purposes, even after account closure.

4.4 Security Logs.

Authentication logs, session activity logs, and IP address records are retained for a minimum of twelve (12) months for security monitoring and fraud prevention purposes.

4.5 Deletion Requests.

Subject to Section 5 (Your Rights) and applicable legal retention obligations, you may request deletion of your personal information by contacting privacy@oneestateos.com. We will respond within forty-five (45) days.

5. YOUR PRIVACY RIGHTS

Depending on your state of residence, you may have certain rights regarding your personal information. The following rights apply to all U.S.-based users to the extent provided by applicable law:

1. Right to Know / Access. You may request information about the categories and specific pieces of personal information we have collected about you, the purposes for which it was collected, and the categories of third parties with whom it has been shared;
2. Right to Correct. You may request correction of inaccurate personal information we hold about you. Profile information can be corrected directly within your account settings;
3. Right to Delete. You may request deletion of your personal information, subject to legal retention requirements (such as our retention of consent records) and our obligations to other users who may share a Vault with you;
4. Right to Opt Out of Sale. We do not sell personal information. No opt-out action is required; and
5. Right Against Discrimination. We will not discriminate against you for exercising any of the rights described in this section.

5.1 California Residents — CCPA/CPRA

California residents have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including the right to limit the use of sensitive personal information and the right to opt out of sharing for cross-context behavioral advertising. We do not share personal information for cross-context behavioral advertising. To exercise your California rights, contact privacy@oneestateos.com with "California Privacy Request" in the subject line. We will respond within forty-five (45) days, with one possible forty-five (45) day extension with prior notice.

5.2 How to Exercise Your Rights

To exercise any of the rights described above, contact us at privacy@oneestateos.com. We may need to verify your identity before processing your request. We will not require you to create an account to submit a rights request, and we will not charge a fee for reasonable requests.

6. DATA SECURITY

We implement industry-standard administrative, technical, and physical safeguards designed to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

1. Encryption of data in transit using TLS 1.2 or higher;
2. Encryption of Customer Data at rest;
3. Access controls limiting employee access to personal information on a need-to-know basis;
4. Authentication via established OAuth 2.0 protocols with no platform-managed passwords; and
5. Regular security assessments of platform infrastructure.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. In the event of a security breach affecting your information, we will notify you as required by applicable law.

7. THIRD-PARTY SERVICES AND LINKS

The Service uses Google OAuth 2.0 for authentication. Your use of Google's authentication services is governed by Google's Privacy Policy (policies.google.com/privacy) and Google's Terms of Service. OneEstateOS is not responsible for Google's privacy practices.

The Service may integrate with or contain links to third-party applications. OneEstateOS is not responsible for the privacy practices of any third-party service, and we encourage you to review the privacy policies of any third-party services you use in connection with the platform.

8. CHILDREN'S PRIVACY

The Service is intended for use by adults in connection with business and investment activities and is not directed to children under the age of 18. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected personal information from a person under 18, we will promptly delete that information. If you believe we have inadvertently collected information from a minor, please contact us at privacy@oneestateos.com.

9. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically to reflect changes in our practices, the Service, or applicable law. We will notify you of material changes by sending an email to the address associated with your account and by displaying a notice within the Service prior to the effective date of the change. For changes that materially affect how we handle your personal information, we will provide at least thirty (30) days' advance notice and, where required, seek your affirmative consent through the platform's disclosure acceptance mechanism.

The most current version of this Privacy Policy is always accessible at oneestateos.com/privacy, with the effective date and version number indicated at the top.

10. CONTACT US

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have a privacy-related concern, please contact us:

Privacy Inquiries:
One Estate, Inc.
Attn: Privacy / Compliance
9169 W State Street #1121
Garden City, ID 83714
Email: privacy@oneestateos.com

We will respond to all privacy inquiries within forty-five (45) days.