Privacy Policy

Last updated: March 14, 2026

OneHub360 (“OneHub360,” “we,” “us,” or “our”) is operated by Dan Morrell and is based in Illinois, United States. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our website at https://onehub360.com, our platform, embeddable widgets, and related services (collectively, the “Service”).

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

  • Account information: name, email address, phone number, company name, and business details when you register for an account.
  • Payment information: billing address and payment method details. Payment card data is processed and stored by our payment processor, Stripe, and is never stored on our servers.
  • Communications: messages you send through our live chat widget, support requests, and email correspondence.
  • Content you upload: files, images, contact lists, email templates, and other materials you upload to the Service.
  • Contact data: information about your customers and contacts that you store in your OneHub360 CRM, including names, emails, phone numbers, and notes.

1.2 Information Collected Automatically

  • Usage data: pages visited, features used, clicks, time spent on pages, and interaction patterns.
  • Session recordings: we may record user sessions (mouse movements, clicks, scrolls, and page interactions) to improve our Service. Session recordings do not capture passwords or payment card fields.
  • Device and browser information: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
  • Log data: server logs including access times, referring URLs, and error logs.
  • Chat widget data: when our embeddable chat widget is installed on a customer's website, we collect visitor IP addresses, browser information, page URLs, and chat transcripts from visitors who interact with the widget.

1.3 Information from Third Parties

  • OAuth providers: if you sign in using Google OAuth, we receive your name, email address, and profile picture from Google.
  • Social integrations: if you connect Facebook, LinkedIn, or Twitter/X accounts, we may receive profile information and engagement data as permitted by those platforms.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, maintain, and improve the Service.
  • Process transactions and send related billing and payment confirmations.
  • Send transactional communications such as account confirmations, technical notices, updates, security alerts, and support messages.
  • Send marketing and promotional communications (with your consent or where permitted by law), including email campaigns and SMS messages.
  • Respond to your comments, questions, and support requests.
  • Monitor and analyze trends, usage, and activities to improve user experience.
  • Record and replay user sessions to diagnose issues and improve the platform.
  • Power AI-assisted features such as the AI chat assistant and content generation using OpenAI.
  • Detect, investigate, and prevent fraudulent transactions, abuse, and other illegal activities.
  • Comply with legal obligations and enforce our Terms of Service.

3. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data based on the following legal grounds:

  • Contract performance: processing necessary to provide the Service you have requested.
  • Legitimate interests: processing necessary for our legitimate business interests, such as fraud prevention, security, and service improvement, where those interests are not overridden by your rights.
  • Consent: where you have given us explicit consent to process your data for specific purposes, such as marketing communications.
  • Legal obligation: processing necessary to comply with applicable laws and regulations.

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your data in the following circumstances:

4.1 Service Providers

We share data with third-party service providers who perform services on our behalf:

  • Stripe — payment processing and billing.
  • Google — OAuth authentication, Google Analytics, and Google Calendar synchronization.
  • Twilio — SMS messaging and delivery.
  • OpenAI — AI-powered features including chat assistant and content generation.
  • HeyGen — AI video generation features.
  • Facebook, LinkedIn, Twitter/X — social media integrations you choose to connect.

Each provider processes data in accordance with their own privacy policies and our data processing agreements.

4.2 Legal Requirements

We may disclose your information if required to do so by law, in response to valid legal process (such as a subpoena, court order, or government request), or to protect the rights, property, or safety of OneHub360, our users, or the public.

4.3 Business Transfers

If OneHub360 is involved in a merger, acquisition, or sale of all or a portion of its assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service of any change in ownership.

4.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

5. Multi-Tenant Data Processing

OneHub360 is a multi-tenant SaaS platform. When you create an account, you become a “Tenant” and may store your own customers' data (“End User Data”) within the Service. In this capacity:

  • You are the data controller for End User Data you store in OneHub360.
  • OneHub360 acts as a data processor on your behalf.
  • You are responsible for obtaining appropriate consent from your customers and complying with applicable privacy laws regarding End User Data.
  • You must not use the Service to store sensitive personal data (such as health records, Social Security numbers, or financial account numbers) unless the Service explicitly supports such use.

6. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

  • Essential cookies: required for authentication (NextAuth session cookies), security, and core functionality. These cannot be disabled.
  • Analytics cookies: used to understand how visitors interact with the Service (e.g., Google Analytics).
  • Functionality cookies: used to remember your preferences and settings.

You can control non-essential cookies through your browser settings. Disabling essential cookies may prevent you from using the Service. Our embeddable chat widget may set cookies on your customers' websites for session continuity.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: retained while your account is active and for up to 30 days after account deletion to allow for recovery.
  • Session recordings: retained for up to 90 days unless you delete them sooner.
  • Chat transcripts: retained while your account is active.
  • Billing records: retained for up to 7 years to comply with tax and accounting obligations.
  • Server logs: retained for up to 90 days.

You may request deletion of your data at any time by contacting support@onehub360.com.

8. Data Security

We implement industry-standard security measures to protect your personal information, including:

  • Encryption of data in transit using TLS/SSL.
  • Access controls and authentication requirements for all systems.
  • Regular security reviews and vulnerability assessments.
  • Secure payment processing through PCI-compliant Stripe.

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. Your Privacy Rights

9.1 Rights for All Users

Regardless of your location, you may:

  • Access the personal information we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your personal data and account.
  • Opt out of marketing communications at any time by using the unsubscribe link in emails or contacting us.

9.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to know: you may request details about the categories and specific pieces of personal information we have collected, the sources of collection, the purposes of collection, and the categories of third parties with whom we share data.
  • Right to delete: you may request that we delete your personal information, subject to certain exceptions.
  • Right to correct: you may request correction of inaccurate personal information.
  • Right to opt out of sale or sharing: we do not sell your personal information. We do not share personal information for cross-context behavioral advertising.
  • Right to non-discrimination: we will not discriminate against you for exercising your CCPA rights.

To exercise these rights, contact us at support@onehub360.com. We will verify your identity before processing your request and respond within 45 days.

Categories of personal information collected in the preceding 12 months: identifiers (name, email, phone, IP address); commercial information (billing and transaction records); internet or electronic network activity (usage data, session recordings, chat transcripts); professional or employment-related information (company name, job title); and inferences drawn from the above.

9.3 European Economic Area, United Kingdom, and Switzerland (GDPR)

If you are located in the EEA, UK, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access: obtain confirmation of whether we process your data and receive a copy.
  • Right to rectification: correct inaccurate or incomplete personal data.
  • Right to erasure: request deletion of your personal data (“right to be forgotten”).
  • Right to restrict processing: request that we limit how we use your data.
  • Right to data portability: receive your data in a structured, machine-readable format.
  • Right to object: object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent: withdraw consent at any time where processing is based on consent.

To exercise these rights, contact us at support@onehub360.com. You also have the right to lodge a complaint with your local data protection authority.

10. International Data Transfers

OneHub360 is based in the United States, and your data is stored on servers located in the United States. If you are accessing the Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

For transfers from the EEA, UK, or Switzerland to the United States, we rely on Standard Contractual Clauses approved by the European Commission, or other legally recognized transfer mechanisms, to ensure adequate protection for your personal data.

11. Email and SMS Communications (CAN-SPAM & TCPA)

We comply with the CAN-SPAM Act and applicable anti-spam laws. All marketing emails sent through OneHub360 will:

  • Clearly identify the sender.
  • Include a valid physical mailing address.
  • Provide a clear and conspicuous opt-out mechanism.
  • Honor opt-out requests within 10 business days.

For SMS communications sent via Twilio, we comply with the Telephone Consumer Protection Act (TCPA). SMS messages are sent only with prior express consent and include opt-out instructions.

As a Tenant using our email and SMS campaign tools, you are responsible for ensuring your own communications comply with CAN-SPAM, TCPA, GDPR, and other applicable laws.

12. Children's Privacy

OneHub360 is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal information, please contact us at support@onehub360.com.

13. Third-Party Links and Services

The Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through OneHub360.

14. Do Not Track Signals

Some browsers transmit “Do Not Track” (DNT) signals. At this time, we do not respond to DNT signals because there is no industry-wide standard for compliance. We will update this policy if a standard is established.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the revised policy on this page and update the “Last updated” date at the top. If we make material changes, we will notify you by email or through a prominent notice on the Service prior to the changes becoming effective.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR-related inquiries, you may also contact your local data protection authority.