Privacy Policy

01 Information We Collect

1.1 Account & Registration Information

When an administrator registers, we collect:

• Name and email address
• Company name, size, and industry
• Password (stored in hashed form; never in plaintext)
• Billing information, including credit card details (processed and stored securely by Stripe — we do not store full card numbers)
• Selected billing plan

1.2 New Team Member Information

When new members are invited to onboard, we collect information they provide during the onboarding questionnaire, including:

• Name and email address
• Professional background and work history
• Skills, competencies, and areas of expertise
• Preferred learning styles and methods
• Onboarding progress and milestone completion data

1.3 Company Content & Knowledge Base Data

With your authorization, we index content from connected platforms to power onboarding personalization. This may include:

• Documents and files (e.g., from Google Drive, Box, or uploaded directly)
• Code repositories (e.g., from GitHub)
• Project management data (e.g., Jira issues, Confluence pages, Notion databases)
• Future integrations: CRM data (e.g., Salesforce), messaging content (e.g., Slack), and other connected service platforms

1.4 Usage Data

We automatically collect certain data about how the Service is used, including:

• Log data (IP addresses, browser type, pages visited, timestamps)
• Device and connection information
• Interactions with the AI chatbot (questions asked and responses received)
• Feature usage patterns used to improve the Service

1.5 Cookies & Tracking Technologies

We use cookies and similar technologies to maintain session state, remember preferences, and analyze usage. You may control cookie settings through your browser, though disabling certain cookies may limit functionality.

02 How We Use Your Information

We use collected information to:

• Provide, maintain, and improve the Service
• Generate personalized AI-driven onboarding plans and track new hire progress
• Power the AI chatbot to answer new team member questions
• Index and search your organization's content via our proprietary document indexer
• Process payments and manage billing
• Send transactional and onboarding-related emails to invited team members
• Communicate with you about your account, updates, and support
• Ensure security, detect fraud, and enforce our Terms
• Comply with legal obligations

03 Third-Party Integrations & Data Sharing

3.1 Connected Third-Party Services

When you connect integrations, those services transmit data to us under the permissions you grant. Current integrations include GitHub, Atlassian Jira, Atlassian Confluence, and Notion. Planned future integrations include Salesforce, Slack, Google Drive, Box, and other CRM and document management platforms. Data from these integrations is used solely to build and maintain your knowledge index and to personalize onboarding experiences.

3.2 Service Providers

We share data with trusted third-party service providers who assist in operating the Service, subject to confidentiality obligations, including:

• Stripe — payment processing
• Cloud infrastructure providers (e.g., AWS, GCP) — hosting and storage
• Email delivery providers — transactional and invitation emails
• Analytics providers — aggregated, non-identifiable usage analytics

3.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent in-app notice before your information is transferred and becomes subject to a different privacy policy.

3.4 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or a valid governmental request.

3.5 No Sale of Personal Data

We do not sell, rent, or lease your personal information to third parties for their marketing or other purposes.

04 Data Retention

We retain personal data for as long as your account is active or as needed to provide the Service. Upon account termination, Customer Content is available for export for 30 days, after which it is deleted from our systems. Log data and aggregated analytics may be retained longer in anonymized form. Billing records are retained as required by applicable law.

05 Security

We implement industry-standard administrative, technical, and physical safeguards to protect your information, including encryption in transit (TLS) and at rest, role-based access controls, and regular security reviews. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

06 International Data Transfers

The Service is operated from the United States. If you are located outside the U.S., your information may be transferred to and processed in the U.S. where data protection laws may differ from those in your jurisdiction. For users in the European Economic Area (EEA), we rely on appropriate transfer mechanisms such as Standard Contractual Clauses.

07 Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected such information, we will take prompt steps to delete it.

08 Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal information:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate or incomplete data
• Deletion — request deletion of your personal data, subject to legal obligations
• Portability — request a machine-readable export of your data
• Objection / Restriction — object to or request restriction of certain processing activities
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior lawful processing

To exercise these rights, please contact us at legal@onboarding0.ai. We will respond to verified requests within 30 days.

09 California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA, including:

• The right to know what personal information is collected, used, shared, or sold
• The right to delete personal information
• The right to opt out of the sale or sharing of personal information (we do not sell personal information)
• The right to correct inaccurate personal information
• The right to non-discrimination for exercising these rights

To submit a verifiable consumer request, please contact us at legal@onboarding0.ai.

10 GDPR (EEA Users)

If you are in the European Economic Area, our legal bases for processing your personal data include:

• Performance of a contract — to provide and maintain the Service
• Legitimate interests — security, fraud prevention, and service improvement
• Consent — where you have expressly opted in to specific processing
• Compliance with legal obligations — as required by applicable EU/EEA law

You have the right to lodge a complaint with your local supervisory authority if you believe we have processed your data in violation of applicable law.

11 Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or prominent in-app notice prior to the change becoming effective. The updated policy will be posted at onboarding0.ai/privacy with a revised effective date.

12 Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please reach out: