Privacy notice
OneFriday CRM — One Event Group
[LEGAL TEXT PENDING] — the sections below are skeleton placeholders. Final wording is being prepared with legal counsel and will replace this content before public release.
1. Who we are
OneFriday CRM is operated by One Event Group. [LEGAL TEXT PENDING] — full legal entity name, registration, contact email for data inquiries.
2. What data we collect
OneFriday CRM stores the following categories of personal data:
- Account data — name, work email, role, office assignment. Used to authenticate you and route work to the right team.
- Customer contact data — names, work emails, phone numbers, language preferences, and notes for the contacts you manage. Used to track relationships and prepare deals.
- Deal and financial data — deal names, dates, group sizes, turnover figures, status. Used to operate the business and meet tax-record retention obligations.
- Activity logs — a record of when you log in, what you change, and when. Used to investigate security incidents and meet audit obligations.
3. Why we keep it (lawful basis)
[LEGAL TEXT PENDING] — explicit GDPR Article 6 lawful basis statements (legitimate interest, legal obligation, contract).
4. How long we keep it (retention)
Customer contact data is retained for 5 years from the last meaningful interaction (deal touched or contact record edited). After that, the contact's name, email, phone and notes are automatically anonymized; the underlying business records remain to satisfy tax-record retention requirements under Polish law.
You can request earlier erasure at any time — see Your rights below.
5. Cookies
OneFriday CRM uses only essential cookies:
- Session cookie — keeps you signed in for up to 8 hours of inactivity. Required for the app to work.
- Trusted-device cookie — set only if you tick "Remember this device for 7 days" during two-factor authentication. Required to skip the email code on subsequent logins from the same browser.
We do not use analytics cookies, marketing cookies, or third-party trackers.
6. Where the data is stored
The application and database are hosted on Render (PostgreSQL, EU region). Email delivery for two-factor codes and notifications is handled by Resend (EU region, Frankfurt). Error monitoring (anonymized stack traces) is handled by Sentry (EU region). [LEGAL TEXT PENDING] — DPAs (Data Processing Agreements) with each provider will be referenced once concluded.
7. Your rights (GDPR)
If your personal data is in OneFriday CRM, you have the right to:
- Request a copy of your data
- Request correction of inaccurate data
- Request erasure of your data (we will replace your name, email, phone and notes with anonymized placeholders within 30 days; financial records linked to past deals will be retained per Polish tax law)
- Object to or restrict processing
- Lodge a complaint with the relevant data protection authority (in Poland: Urząd Ochrony Danych Osobowych, UODO)
To exercise any of these rights, contact us at [LEGAL TEXT PENDING] — DPO email or general contact address.
8. Changes to this notice
If we change how we handle your data, we will update this page and notify users via email or an in-app banner. The current version is dated below.
Last updated: [LEGAL TEXT PENDING] — date