In this policy, once.to refers to the service offered by Yktoo Solutions (the “Company” or “We”) through the once.to website (the “Service”). We sometimes refer to “You”, which may be a visitor on one of our websites, a user of one or more of our services (“User” or “Customer”), or a visitor of a link handled by the service (“Visitor”). This document explains what information we collect through your access and use of our service and how we make use of this information.
What happens when you create an account?
When you create a new account as a user, your full name, email address, and IP address will be collected. The email address will serve as your identity for all operations on the service. You will receive all important notifications such as confirmation emails, password reset links, and any updates to our policies and terms of service through this email address. Your email address will not be shared with any external entity or used for any other purpose, except in cases when we are obliged to do so by law.
We are required to take certain measures in order to prevent malicious users (such as spammers and bots) from excessively creating new accounts. This is to prevent an unfair degradation of service to non-malicious users, which might arise from a consistent attack from bots or human users. The Service may use CAPTCHA and email verification to mitigate such issues, record your IP address at any point for blacklisting if found to be in violation of our terms, as well as other techniques.
What data do we collect?
We make it a policy to collect as little user information as possible to allow users of the service and visitors on other websites using the service to maintain Internet privacy, and allow anonymity, to the extent possible.
The service’s user data collection is limited to the following:
- Creating an account as a customer: As described in the previous section, your full name, email address, and IP address are collected.
- Following a link handled by the service: Whenever you visit a link that is registered in the service, we log the time of visit and collect non-personal information provided by your browser and/or TCP connection, such as your IP address, OS and browser version, your preferred languages. This is for imposing usage limits on customer accounts and providing basic analytics to customers.
- Authenticating as a customer of the service: When you sign into your account on the service, a unique, randomly generated token (“Session”) will be stored as a cookie in your browser in order to remember you on future visits. Upon successfully authenticating yourself with a OAuth provider, all the information returned by the provider is stored and associated with your Session. This may include, but is not limited to, your full name, your email address, your photo, and a URL to your public profile. This information will never be sold to advertisers, marketing agencies, or any other organization for user tracking or any other purpose.
- Communications with the company: All communications with the company, such as support requests, feature requests, bug reports, or any feedback may be saved by our staff. This information may also be displayed publicly with your approval (such as in the case of testimonials).
- Data Use: We do not have any advertising on our website. Any data that we do have will never be shared except under the circumstances described below in our Data disclosure policy.
Data storage: location, security, and reliability
The company uses the services of Netlify (USA), Cloudflare (USA), and Scaleway (France/Netherlands) to host all components. All care is taken to securely protect your data, including the encryption of all user data using a secret key accessibly only to the employees of the company (your password is not accessible to anyone as it’s cryptographically hashed). Backups of the entire database are regularly made in the event it is necessary to restore user data.
When a customer deletes their account through the web profile interface, all derived information related to the account (including short links and registered domains) is permanently deleted from all servers. The account itself is kept in our registry for the duration of up to one year. Deleted data may be retained in our backups for another 30 days.
Data disclosure policy
We do not sell or rent data to any third party, including marketers, advertisers, and tracking agencies.
We may, however, use and disclose data as we believe necessary:
- under applicable law, or payment method rules;
- to enforce our terms and conditions;
- to protect our rights, privacy, safety or property, you or others;
- to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.
We may, from time to time, contest court orders if there is a public interest in doing so. In such situations, the company will not comply with the court order until all legal or other remedies have been exhausted. Therefore, not all court orders may lead to data disclosure.
We reserve the right to periodically review and change this policy from time to time. We will notify all customers about any such changes through the email address registered with us. Continued use of the service will be deemed as acceptance of such changes.
Because email communications are not always secure, please do not include credit card or other sensitive data (such as racial or ethnic origin, political opinions, religion, health, or the like) in your messages to us.