Privacy Policy

1. Information you provide

When you create an account and run your books, you give us:

• Account details — your name, email address, country, and a password. Your password is stored only as a secure one-way hash (bcrypt), never in plain text. We email you links to verify your address and to reset your password.
• Business profile — your business and legal name, address, phone, logo, tax registration number (VAT/GST/sales tax), currency and, where relevant, your business name in Arabic.
• Accounting data you enter — invoices, quotes, customers, suppliers, items, purchases, expenses, payments, journal entries, bank statements and reconciliations. This can include contact details and tax numbers of your customers and suppliers, and supplier bank details you choose to store.
• Attachments — files you upload, such as receipts and contracts (PDF or images, up to 10 MB each).

2. Information we collect automatically

We do not use third-party advertising or analytics trackers. We do collect the minimum needed to run and secure the service:

• Technical data — IP address, browser type and basic request logs, used to operate the service, keep it secure and prevent abuse (for example, rate-limiting sign-in attempts).
• Essential session cookie — a single first-party cookie that keeps you signed in (see “Cookies” below).
• Audit logs — a record of key actions in your workspace (who created or changed a record, and when) for your security and accountability.

3. How we use your information

We use your information to:

• Provide, maintain and secure the OneBooks service and your workspace.
• Authenticate you and process subscription billing.
• Send transactional emails — verification, password resets, team invitations and important service notices.
• Provide customer support and respond to your requests.
• Meet legal, accounting and tax obligations, and enforce our terms.
• Improve reliability and performance.

4. Payments

Subscriptions are processed by Stripe. When you subscribe, your card details are entered directly with Stripe on their PCI-DSS-compliant systems — OneBooks never receives or stores your full card number, security code or expiry date. We retain only your Stripe customer and subscription identifiers and your plan and billing status. Stripe's handling of your payment data is governed by Stripe's own privacy policy.

5. Cookies

We use one essential, first-party session cookie to keep you authenticated. It is HttpOnly and, in production, Secure (sent over HTTPS only), and it expires after a period of inactivity. We do not use advertising, analytics or cross-site tracking cookies. Our web app may store non-sensitive interface preferences in your browser's local storage; this never contains your password or accounting data.

6. How we share information

We do not sell your personal data. We share it only with the service providers that help us run OneBooks, and only as needed:

• Stripe — payment processing and subscription billing.
• Email delivery — a transactional email provider sends account and service emails such as verification and password-reset links.
• Cloud hosting & database — infrastructure providers host the application and store your data.
• Tax authorities — where the law requires e-invoicing, OneBooks transmits invoice data on your behalf. In Saudi Arabia, e-invoices (including buyer and seller details and line items) are submitted to ZATCA's FATOORA platform for clearance or reporting. In India, GSTR data is prepared for you to file — OneBooks does not transmit it to the GST portal automatically.
• Applications you connect — if you link a POS or partner app (such as LithosPOS) over OAuth, sales data flows between that app and OneBooks at your direction.
• Legal & safety — we may disclose information when required by law, or to protect our rights, our users or the public.

7. International transfers

OneBooks serves customers across many countries, so your data may be processed in a country other than your own. Where we transfer data internationally, we take steps to ensure it remains protected to the standard described in this policy.

8. Data retention

We keep your account and accounting data for as long as your account is active. Accounting records are typically subject to statutory retention periods (often several years), and both you and we may be legally required to keep them even after your account is closed. When data is no longer required, we delete or anonymize it.

9. How we protect your data

Security measures we apply include:

• Passwords hashed with bcrypt; email-verification and password-reset tokens stored only as hashes.
• Encryption in transit over HTTPS.
• Strict tenant isolation — each business's data is scoped to its own workspace.
• Rate-limiting and abuse protection on authentication endpoints.
• Encrypted storage of signing-key material used for Saudi Arabia e-invoicing.

10. Your rights

Depending on where you live, you may have rights to access, correct, export or delete your personal data, and to object to or restrict certain processing.

• Access & portability — export your customers, suppliers, items and transactions to Excel (XLSX) at any time from within OneBooks.
• Correction — edit your account and business details directly in the app.
• Deletion — request deletion of your account and personal data by writing to us; we will action it, subject to legal retention obligations.

11. Children

OneBooks is a business tool and is not directed to children. We do not knowingly collect personal data from anyone under 16.

12. Changes to this policy

We may update this policy from time to time. We will post the new version here and update the date above; we will notify you of significant changes in-app or by email.

13. Contact us

Questions or requests about your privacy? Write to [email protected] or [email protected].