Privacy Policy

Last updated: December 22, 2025

1. Introduction

OnCalm.io ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

This Privacy Policy is designed to comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws in the European Union.

Note: OnCalm.io is currently in development and not yet formally established as a legal entity. Once incorporated, we will update this policy with our complete legal details. If you have questions, please contact us at info@oncalm.io.

2. Data Controller

For now, you can contact us at: info@oncalm.io

3. Information We Collect

3.1 Information You Provide Directly

  • Email Address: When you join our beta waitlist or sign up for updates
  • Account Information: When you create an account (username, email, password)
  • Profile Information: Optional information you provide (name, company, role)
  • Communications: Messages you send us through contact forms or email

3.2 Information Collected Automatically

  • Usage Data: How you interact with our platform, scenarios completed, time spent
  • Technical Data: IP address, browser type, device information, operating system
  • Cookies and Similar Technologies: See our Cookie Policy for details
  • Log Data: Server logs, error reports, access times

3.3 Information from Third Parties

  • Analytics Providers: Aggregated usage statistics and insights
  • Payment Processors: Transaction data (we do not store payment card details)

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

  • Consent: When you sign up for our waitlist or marketing communications (Article 6(1)(a))
  • Contract Performance: To provide our services when you create an account (Article 6(1)(b))
  • Legitimate Interests: For analytics, security, and service improvement (Article 6(1)(f))
  • Legal Obligation: To comply with applicable laws and regulations (Article 6(1)(c))

5. How We Use Your Information

We use your personal data for the following purposes:

  • Service Delivery: To provide access to our training platform and scenarios
  • Account Management: To create and manage your account
  • Communications: To send you updates, beta access, and service notifications
  • Improvement: To analyze usage patterns and improve our platform
  • Security: To protect against fraud, abuse, and security threats
  • Legal Compliance: To comply with legal obligations and enforce our terms
  • Marketing: To send promotional content (only with your consent, which you can withdraw)

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

6.1 Service Providers

  • Cloud hosting providers (infrastructure services)
  • Email service providers (for communications)
  • Analytics providers (for usage insights)
  • Payment processors (for billing, if applicable)

All service providers are contractually bound to protect your data and use it only for the purposes we specify.

6.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our rights, property, or safety.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity, subject to this Privacy Policy.

7. International Data Transfers

We plan to operate within the European Union. If we transfer data outside the EEA, we will ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other legally approved transfer mechanisms

8. Your Rights Under GDPR

As an EU data subject, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Limit how we process your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for marketing
  • Right to Withdraw Consent: Withdraw consent at any time (where consent is the legal basis)
  • Right to Lodge a Complaint: File a complaint with your national data protection authority

To exercise these rights, please contact us at info@oncalm.io or visit our Data Subject Rights page.

9. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

  • Waitlist Data: Until you create an account or request deletion
  • Account Data: For the duration of your account plus 30 days after closure
  • Usage Data: Aggregated data may be retained indefinitely; personal identifiers removed after 2 years
  • Legal Obligations: Some data may be retained longer to comply with legal requirements

10. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Regular backups and disaster recovery procedures
  • Employee training on data protection

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. For detailed information, please see our Cookie Policy.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page with a new "Last updated" date
  • Sending an email notification to registered users (for significant changes)
  • Displaying a prominent notice on our website

Your continued use of our services after changes take effect constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

15. Supervisory Authority

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU supervisory authorities can be found here.