Privacy Policy

Privacy-first, always watching, never surveilling. Here is how OneHaven collects, uses, and protects your data.

1. Information We Collect

We collect the following categories of data when you use OneHaven:

Registration Data. Name, email address, phone number, and account credentials collected when you create an account.

Activation Data. Device pairing codes, invite tokens, and onboarding information collected when linking caregiver and protected member devices.

Personal Data. Profile information including name, date of birth, and relationship designations (for example, parent, child, co-caregiver).

Location Data. Precise GPS coordinates, approximate address, and location history from devices where location permission has been granted. Location is collected in the foreground and, when "Allow all the time" permission is granted, in the background while the app is closed. Location data is used to display family members on the family map, enable real-time location sharing within your care group, and support SOS alerts. Location data is shared only with members of your care group and is never sold or shared with third parties.

Device & Usage Data. Device identifiers, operating system version, app usage statistics, screen time data, and app activity collected from protected member devices to support monitoring and reporting features.

Managed User Data. Information about protected members (children or seniors) added to your account, including their device activity, app usage, and account settings.

Monitored Communications Data. App access requests, alert history, and activity logs generated by protected member devices.

Financial Monitoring Data. Payment information processed securely through our payment provider. We do not store full card numbers or payment credentials on our servers.

Notification & Contact Data. Emergency contacts, notification preferences, and caregiver contact information used to deliver alerts and SOS notifications.

2. Data Controller and Processor Relationship

You are the data controller of monitored data. OneHaven acts as data processor for the purpose of providing Services.

3. Legal Bases for Processing (EU/UK)

We process data based on consent, contract, legal obligations, and legitimate interests.

4. How We Use Information

We use data to provide and improve Services, display family member locations, deliver alerts and SOS notifications, enforce screen time and app controls, detect fraud, and communicate with you.

5. Sharing and Disclosure

We share data only with trusted third-party service providers (for example, payment processors, analytics providers, security services). We do not sell personal data.

6. Data Storage & Retention

Data is stored in the United States unless otherwise stated. Monitoring logs are retained only as long as necessary for business, legal, or security purposes before secure deletion.

7. Cross-Border Transfers

When data is transferred outside your country, safeguards such as Standard Contractual Clauses are applied.

8. Children's Privacy (COPPA & GDPR-K)

Parental consent is required for accounts involving minors. No child may independently create an account.

9. Seniors' Privacy & Caregiver Management

Enhanced security applies for seniors. Caregivers must verify their authority for managed senior accounts.

10. Individual Users

Individual users may manage their own accounts and monitoring preferences.

11. Your Rights

Depending on location, you may access, correct, delete, restrict, or port your data, or withdraw consent.

12. California-Specific & State Privacy Rights

California residents have rights under the CCPA and CPRA, including: (a) right to know, (b) right to delete, (c) right to opt-out of sale or sharing of personal data, (d) right to limit sensitive data use. Residents of other states (VA, CO, CT, UT) have similar rights. To make a request, please contact us.

13. Data Security

We use encryption, monitoring, and audits to protect your data.

14. AI Data Handling

Some Services use AI models to process communications, browsing, and fraud detection data. AI outputs may not be 100% accurate and should be reviewed by caregivers. Personal data is not used to train external AI models except in anonymized or aggregated form where legally permitted.

15. Transparency Commitment

We will notify users of material changes to AI-driven features or privacy practices that affect how monitored data is processed.

16. Data Retention and Deletion

Personal data is retained only as long as necessary for legitimate business or legal purposes. Deletion requests may be submitted by contacting us.

17. Third-Party Links

Our Services may include links to third-party sites. We are not responsible for their practices.

18. Changes to this Policy

We may update this Privacy Policy from time to time. Users will be notified of significant changes as required by law.

19. We do not sell your data

We do not sell or share mobile or personal data with third parties, affiliates, or partners for marketing or promotional purposes. We only share data with third parties when it is strictly necessary to deliver our service and only under binding agreements that ensure confidentiality. Under no circumstances will mobile data be shared or sold for advertising or promotional use.

20. Contact

For privacy inquiries, please contact us.