Privacy Policy
OneIndex AI, Inc.
OneIndex AI, Inc. ("OneIndex AI," "we," "us," or "our") provides software that helps organizations transform contracts, legal documents, and enterprise content into structured data, searchable knowledge, and actionable insights.
This Privacy Policy describes how we collect, use, disclose, and protect personal information when you access or use our websites, applications, APIs, and related services (collectively, the "Services").
Definitions
For purposes of this Privacy Policy:
- Customer means an organization that purchases or subscribes to the Services.
- Authorized User means an individual authorized by a Customer to access the Services.
- Customer Content means contracts, documents, files, data, and other information submitted to the Services by or on behalf of a Customer.
Where OneIndex AI processes Customer Content on behalf of a Customer, OneIndex AI acts as a service provider or processor and processes such information in accordance with the Customer's instructions and applicable agreements. If you have questions about how your employer processes your data through our platform, please contact your employer directly.
Table of Contents
- 1. Information We Collect
- 2. How We Use Information
- 3. Artificial Intelligence and Machine Learning
- 4. How We Share Information
- 5. Data Retention
- 6. Security
- 7. International Data Transfers
- 8. Your Privacy Rights
- 9. California Residents (CCPA/CPRA)
- 10. EEA, UK, and Switzerland (GDPR)
- 11. Children's Privacy
- 12. Third-Party Websites
- 13. Changes to This Policy
- 14. Contact Us
1. Information We Collect
Account and Business Information
We may collect information you provide directly, including name, business email address, employer and job title, business phone number, account credentials, billing and payment information, and customer support communications.
Customer Content
Customers may upload or connect contracts, amendments, statements of work, vendor agreements, procurement documents, legal documents, and other files. Customer Content may contain personal information depending on the nature of the documents uploaded.
Usage and Technical Information
We automatically collect information about how you interact with the Services, including IP addresses, device and browser information, authentication and audit logs, usage statistics, and error and performance data.
Information from Integrations
If enabled by a Customer, we may receive information from third-party services such as document repositories, cloud storage providers, identity providers, and other business software connected to the Services.
2. How We Use Information
We use information to:
- Provide, maintain, and improve the Services
- Authenticate users and manage accounts
- Process and analyze Customer Content as directed by Customers
- Generate document insights, metadata, summaries, and structured outputs
- Respond to support requests and communicate about the Services
- Monitor system performance and security
- Prevent fraud, abuse, and unauthorized access
- Comply with legal obligations
- Send marketing communications where permitted by law — you may opt out at any time
We may use aggregated or de-identified information that cannot reasonably be used to identify a Customer or individual for product improvement, research, and industry reporting.
3. Artificial Intelligence and Machine Learning
OneIndex AI uses artificial intelligence and machine learning technologies to analyze Customer Content and generate outputs requested by Customers.
Unless expressly agreed otherwise in writing:
- Customer Content is not used to train public or shared foundation models.
- Customer Content remains subject to the confidentiality obligations in applicable agreements.
- OneIndex AI may use aggregated, de-identified information to improve and operate the Services.
Customers are responsible for reviewing AI-generated outputs before relying on them for legal, business, compliance, or operational decisions.
4. How We Share Information
We do not sell personal information. We share information only as described below.
Service Providers
We engage third-party vendors to help us deliver and operate the Services — including providers of cloud hosting, data storage, authentication, customer support, analytics, security monitoring, and payment processing. These vendors are contractually restricted from using your data for any purpose other than providing services to us. A current list of our subprocessors is available upon request.
AI Infrastructure Providers
Where applicable, Customer Content may be processed through third-party AI providers solely to deliver requested Services, subject to contractual confidentiality and data protection obligations.
Your Employer
If you access the Services as an Authorized User, we may share account and usage information with the Customer that authorized your access, consistent with our agreement with that Customer.
Legal Compliance
We may disclose information when required by applicable law, regulation, court order, or legal process, or when we believe in good faith that disclosure is necessary to protect the safety of any person, prevent fraud, or enforce our legal rights.
Corporate Transactions
Information may be transferred in connection with a merger, acquisition, financing, reorganization, or sale of assets. We will notify you of any such change as required by applicable law.
With Your Consent
We may share information for other purposes with your explicit consent.
5. Data Retention
We retain personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, and maintain security. The applicable retention period depends on the nature of the information and the legal basis for processing.
Customer Content is retained in accordance with the applicable Customer agreement and Customer instructions. When retention is no longer required, we securely delete or anonymize information. Where immediate deletion is not feasible (e.g., backup archives), we isolate the data from further processing until deletion is possible.
6. Security
We implement administrative, technical, and organizational safeguards designed to protect information against unauthorized access, disclosure, alteration, and destruction. No security system is completely secure, and we cannot guarantee absolute security.
If you believe your privacy has been compromised, please contact us immediately at privacy@oneindex.ai.
7. International Data Transfers
OneIndex AI is headquartered in the United States. Information may be processed and stored in the United States and other countries where OneIndex AI or its service providers operate. Where required by law, we implement appropriate safeguards for international transfers of personal information, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- EU-U.S. Data Privacy Framework (DPF) and the UK Extension thereto
- Swiss-U.S. Data Privacy Framework
For more information about our transfer mechanisms, contact privacy@oneindex.ai.
8. Your Privacy Rights
Depending on your jurisdiction, you may have the right to access, correct, delete, restrict processing of, object to processing of, or receive a portable copy of your personal information. You may also withdraw consent where processing is based on consent.
To submit a request, contact privacy@oneindex.ai. We will verify your identity and respond within the timeframe required by applicable law. You will not be discriminated against for exercising your privacy rights.
Where OneIndex AI processes personal information as a processor on behalf of a Customer, requests should generally be directed to the applicable Customer.
9. California Residents (CCPA/CPRA)
California residents have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:
- Know what personal information we collect, use, disclose, and share.
- Access and receive a copy of personal information we hold about you.
- Correct inaccurate personal information.
- Delete personal information, subject to certain exceptions.
- Opt out of the sale or sharing of personal information for cross-context behavioral advertising.
- Limit the use of sensitive personal information.
- Non-discrimination for exercising these rights.
OneIndex AI does not sell personal information. We do not share personal information for cross-context behavioral advertising.
To submit a California rights request, contact privacy@oneindex.ai. You may designate an authorized agent to act on your behalf with appropriate written authorization.
California's "Shine the Light" law: We do not disclose personal information to third parties for their own direct marketing purposes.
10. EEA, UK, and Switzerland (GDPR)
Legal Bases for Processing
We process personal data subject to the GDPR and equivalent laws on the following legal bases:
- Contractual necessity: Processing required to enter into or perform a contract with you, including account creation and delivery of the Services.
- Legitimate interests: Processing necessary for our legitimate business interests — such as improving our Services, fraud prevention, and marketing to business contacts — where not overridden by your rights and interests.
- Legal obligation: Processing required to comply with applicable law.
- Consent: Where we have obtained your explicit consent, such as for certain marketing communications or non-essential cookies.
Data Subject Rights
Residents of the EEA, UK, and Switzerland may exercise all rights described in Section 8. You also have the right to lodge a complaint with your local supervisory authority. EU authority contacts are available at ec.europa.eu/justice/data-protection/bodies/authorities. UK residents may contact the Information Commissioner's Office at ico.org.uk.
Representatives and DPO
[EU/UK representative and Data Protection Officer details to be added upon commencement of EEA/UK operations. Contact privacy@oneindex.ai for inquiries in the meantime.]
11. Children's Privacy
The Services are intended for business use and are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe a minor has provided us with personal information, contact privacy@oneindex.ai and we will promptly delete it.
12. Third-Party Websites
Our website may contain links to third-party websites or integrations. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you use. We are not responsible for the privacy practices of third-party sites.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date and, where required by law, notify you directly. We encourage you to review this policy periodically.
14. Contact Us
For questions, concerns, or to exercise your privacy rights:
OneIndex AI, Inc.
Email: privacy@oneindex.ai
Website: www.oneindex.ai