OneKitTools logoOneKitTools
Back to home

Privacy Policy

Last updated: April 3, 2026

At OneKitTools (operated by Alizelabs), we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and share information when you use our website (onekittools.com) and online tools. We comply with the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and other applicable data protection laws.

1. Data We Collect

Account Information

When you create an account, we collect your name, email address, and hashed password. If you sign up via OAuth (Google, GitHub), we receive your name, email, and profile picture from the provider. We never store your OAuth or plain-text password.

Usage Data

We record which tools you use, how often, and basic interaction data (timestamps, feature toggles). This helps us improve our tools and enforce plan limits (free: 20 uses/day, Starter, Pro).

Files You Upload

Files you upload for processing (images, PDFs, audio, etc.) are processed on our servers and stored temporarily. If you are a subscriber, processed results may be saved to your cloud storage (Cloudflare R2) at your request. Files from anonymous users are automatically deleted after processing.

Payment Information

Payment is handled entirely by Stripe. We never see or store your full credit card number. We receive from Stripe: your subscription status, plan type, billing period, and a customer ID for reconciliation.

Technical Data

We automatically collect your IP address, browser type, operating system, device type, referrer URL, and pages visited. This data is collected via server logs and via Umami, a self-hosted cookieless analytics tool we run on our own infrastructure (lens.alizelabs.com).

2. How We Use Your Data

  • Provide, maintain, and improve our online tools and platform features.
  • Detect, prevent, and address fraud, abuse, and security issues (rate limiting, anti-abuse trial protection).
  • Send you transactional emails (account verification, password reset, payment confirmations) via our Postal email servers.
  • Analyze aggregated, anonymized usage patterns (via Umami self-hosted, cookieless) to improve our tools and user experience.
  • Comply with legal obligations and enforce our Terms of Service.

4. Data Sharing & Third Parties

Stripe

Processes payments, manages subscriptions, and handles trial periods. Stripe is PCI DSS Level 1 certified. Privacy policy: stripe.com/privacy.

Cloudflare

Provides our CDN, DNS, tunnel infrastructure, and R2 cloud storage for subscriber files. Privacy policy: cloudflare.com/privacypolicy.

Google AdSense

Google AdSense (ads for free users, only with consent). Privacy policy: policies.google.com/privacy.

Umami

Umami self-hosted on our own infrastructure (lens.alizelabs.com) for cookieless, RGPD-compliant traffic analytics. No personal data is shared with third parties.

GlitchTip

Self-hosted error tracking (Sentry-compatible) on our own servers. Error reports may contain technical data (browser, URL, stack traces) but no personal content.

We never sell, rent, or trade your personal data to third parties for marketing purposes.

5. Data Retention

  • Account data: Retained as long as your account is active. Deleted within 30 days of account deletion request.
  • Uploaded files: Anonymous users — deleted immediately after processing. Subscribers — stored in R2 until you delete them or your subscription ends (purged within 30 days after cancellation).
  • Server logs: Retained for 90 days for security and debugging purposes, then automatically purged.
  • Upon account deletion, all personal data is removed or anonymized. Anonymized usage statistics (no link to your identity) may be retained for aggregate analytics.

6. Your Rights (GDPR Articles 15-22)

Right of Access

You can request a copy of all personal data we hold about you (Article 15).

Right to Rectification

You can correct inaccurate or incomplete personal data at any time via your dashboard (Article 16).

Right to Erasure

You can request deletion of your account and all associated data. We will comply within 30 days (Article 17).

Right to Data Portability

You can export all your data in a machine-readable format (JSON) from your dashboard (Article 20).

Right to Restriction

You can request that we limit processing of your data in certain circumstances (Article 18).

Right to Object

You can object to processing based on legitimate interest, including by enabling Do Not Track in your browser (which Umami respects). You can also opt out of advertising at any time via cookie settings (Article 21).

To exercise any of these rights, go to your Dashboard > Settings, or contact us at [email protected]. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

7. Cookies

We use cookies and similar technologies on our website. For detailed information about which cookies we use and how to manage them, please see our dedicated Cookie Policy.

View our Cookie Policy

8. Security Measures

We implement industry-standard security measures to protect your data: encrypted connections (TLS/HTTPS everywhere), hashed passwords (bcrypt), access controls, server firewall (UFW — only SSH open), Cloudflare Tunnel (server IP hidden), regular security updates, and GlitchTip error monitoring. While no system is 100% secure, we continuously work to improve our security posture.

9. Children's Privacy

OneKitTools is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at [email protected] and we will promptly delete it.

10. International Data Transfers

Our servers are located in Germany (Hetzner, EU). Some third-party processors (Stripe, Google, Cloudflare) may transfer data outside the EU/EEA. These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, or the processors are certified under recognized frameworks ensuring adequate data protection.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via email (if you have an account) and update the "Last updated" date at the top of this page. We encourage you to review this page periodically.

12. Contact Us

If you have any questions about this Privacy Policy or want to exercise your data rights, please contact us at [email protected] or use our contact form.

Contact us