Legal
Privacy Policy
Last updated: 16 July 2026
This Privacy Policy explains what personal data OneBase collects, why we collect it, the legal bases we rely on, who we share it with, and the rights you have under the EU General Data Protection Regulation (GDPR) and Romanian data-protection law.
1. Who we are
OneBase is operated by Coffee in Code Out S.R.L., a company registered in Romania under Trade Register number J24/2235/2022, tax identification number (CUI) 47132601, with its registered office at Str. Cristian 9A, 430066 Baia Mare, Maramureș, Romania ("OneBase", "we", "us").
For the personal data described in this policy, Coffee in Code Out S.R.L. is the data controller. You can reach us about privacy at support@onebase.ro.
2. The data we collect
We collect only what we need to run the service:
- Account data — your name, email address and password (stored only as a secure hash).
- Workspace content — the objects, records, notes, files and other data you create in your workspace. This may include personal data about your own customers and contacts, for which you are the controller and we act as your processor.
- Billing data — your plan and subscription status. Card details are handled by Stripe and never touch our servers.
- Usage and technical data — log data such as IP address, browser type and timestamps, kept to secure and operate the service.
- Support data — the contents of any support ticket or email you send us.
3. Why we use it, and our legal bases
We process your personal data on the following legal bases:
- To provide the service (performance of a contract) — creating your account and workspace, storing your data, and delivering the features you use.
- To bill you (performance of a contract) — managing your subscription and payments through Stripe.
- To secure and improve OneBase (legitimate interests) — preventing abuse, diagnosing problems, and understanding aggregate usage.
- To send transactional email (performance of a contract) — email verification, password resets, invitations and important service notices.
- For optional analytics cookies (consent) — only where you have accepted them; you can withdraw consent at any time (see the Cookie Policy).
4. Processors and sub-processors
We use a small set of carefully chosen providers to run OneBase. Each processes data only on our instructions and under a data-processing agreement:
- Stripe — subscription billing and payment processing.
- Our hosting provider (OVHcloud) — EU-based infrastructure that stores your workspace data.
- Our transactional email provider (MXroute) — delivery of verification, reset, invitation and notice emails.
- Our AI provider (Anthropic) — powers the optional AI schema consultant. Only the text you send to the consultant is processed, to generate a reply; it is not used to train the provider's models. See our AI usage and compliance notes for detail.
5. Where your data is stored
Your workspace data is hosted within the European Union. We do not transfer your workspace content outside the EU/EEA. Where a provider necessarily operates internationally (for example, payment processing), any transfer relies on an appropriate GDPR safeguard such as the European Commission's Standard Contractual Clauses.
6. How long we keep it
We keep your account and workspace data for as long as your account is active. If you close your account, we delete or anonymise your personal data within a reasonable period, except where we must retain certain records (for example, invoices) to meet legal or accounting obligations. Log data is kept only as long as needed to secure and operate the service.
7. Your rights
Under the GDPR you have the right to access, correct, erase, restrict, and object to the processing of your personal data, and the right to data portability. OneBase gives you a one-click export of everything in your workspace at any time, so your data is always yours to take with you.
To exercise any of these rights, contact us at support@onebase.ro. You also have the right to lodge a complaint with the Romanian supervisory authority, the National Supervisory Authority for Personal Data Processing (ANSPDCP).
8. Security
We protect your data with encryption in transit, hashed passwords, strict tenant isolation so one workspace can never read another's data, and access controls on our systems. No service can promise perfect security, but we work to keep your data safe and to notify you promptly of any breach that affects you, as the law requires.
9. Cookies
OneBase uses only essential cookies by default, plus optional analytics cookies where you consent. For the full detail, see our Cookie Policy.
10. Changes to this policy
We may update this policy as OneBase evolves. When we make a material change, we will update the date above and, where appropriate, notify you by email or in the app.
Questions?
Write to us at support@onebase.ro and we will help.