This Privacy Policy was last updated on October 3rd, 2024.
Thank you for joining One Coach AI. We at Org 360 (“Org 360”, “we”, “us”) respect your privacy and want you to understand how we collect, use, and share data about you. This Privacy Policy covers our data collection practices and describes your rights regarding your personal data.
This Privacy Policy applies when you visit or use Org 360 websites, mobile applications, or related services (the “Services”). It also applies to prospective and current customers of our business and enterprise products. By using the Services, you agree to the terms of this Privacy Policy. You shouldn’t use the Services if you don’t agree with this Privacy Policy or any other agreement that governs your use of the Services.

1. How we Collect and Use your Data:

We collect various types of personal data to provide and improve our Services:

1.1 Registration Information

1.1.1 Data Collected: Name, Email Address.
1.1.2 How We Collect It: You provide this information when you sign up for an account.
1.1.3 Purpose of Collection:
o To create and administer your account.
o Provide customer support.
o Process billing and payment information.
o Maintain the safety and security of our users and Services.
o Communicate with you, including for marketing purposes.
o Respond to valid legal requests.
o Evaluate, improve, and develop our Services.
o Ensure quality control of our Services.


1.2 Onboarding Information

1.2.1 Data Collected: Date of Birth, Age, Profession, Personal Information, Gender.
1.2.2 How We Collect It: Provided via chat with the AI Coach during onboarding.
1.2.3 Purpose of Collection:
o To personalize your experience and tailor our Services to your needs.


1.3 Main Coach Interactions

1.3.1 Data Collected: Frequency and type of sessions, frequency and type of activities, information relating to tasks, time zones, tracking of completion, details of activities and sessions, chat conversations.
1.3.2 How We Collect It: Collected through chat interactions with the Main Coach.
1.3.3 Purpose of Collection:
o To optimize your time and enhance efficiency.
o Facilitate the use and provision of our Services.
o Personalize and improve your experience with the application.


1.4 Learning Sessions

1.4.1 Data Collected: Chat conversations, evaluations, reasons for evaluations, information relating to skills and intelligences.
1.4.2 How We Collect It: Collected through chat during learning sessions.
1.4.3 Purpose of Collection:
o To display relevant information and track your progress.
o Personalize and enhance our Services to suit your learning needs.


1.5 Google-Related Functions

1.5.1 Data Collected: Calendar syncing and events, creation of calendar events, content of emails, contact details of others, calendar information.
1.5.2 How We Collect It: When you link your account with Google.
1.5.3 Purpose of Collection:
o To create events in your calendar, and send out calendar invitations
o Read and manage calendar entries to provide certain features.
o Customize and personalize your experience with our application.


1.6 Subscription Information

1.6.1 Data Collected: Name of the plan, duration, purchase history, invoice ID generated by Stripe for payment processing.
1.6.2 How We Collect It: When you purchase plans from our plan page.
1.6.3 Purpose of Collection:
o To enrol you in services and manage your account.
o Provide customer support.
o Process billing and payment information.
o Maintain the safety and security of our users and Services.
o Communicate with you, including for marketing purposes.
o Respond to valid legal requests.
o Evaluate, improve, and develop our Services.
o Customize and personalize your experience with the application.

We do not save any payment details such as card numbers, Payment IDs, or net banking credentials.

1.7 Payments

1.7.1 Data Shared with Stripe (Third Party Payment Gateway): Name, Phone Number, Email.
1.7.2 Purpose of Sharing: To process payments securely.
1.7.3 Data Collected by Us:
o Details of the plan purchased.
o Expiry date according to the plan.
o Features or services allocated based on the plan.
o Invoice ID generated by Stripe.

We do not store sensitive payment information.

1.8 When You Contact Us

1.8.1 Data Collected: Email address and any information you provide in your communication.
1.8.2 How We Collect It: Directly from you when you contact us via email.
1.8.3 Purpose of Collection:
o To respond to and address your inquiries or concerns.
o Provide customer support.
o Improve our Services based on your feedback.


1.9 Technical Data

1.9.1 Data Collected: Metrics on system or app feature use, time zone, calendar information, Expo token, notifications, system events, and status information.
1.9.2 How We Collect It: When you purchase plans from our plan page.
1.9.3 Purpose of Collection:
o To create anonymized or aggregated data for improving and delivering our Services.
o Comply with legal obligations.
o Maintain the security and integrity of our infrastructure.
o Optimize and facilitate the delivery of our Services.
o Monitor performance of our data centers, networks, systems, and applications.
o Provide technical support.
o Administer business continuity and disaster recovery plans.
o Detect, investigate, and prevent fraudulent, harmful, unauthorized, or illegal activities.
o Develop new products and features.
o Send notifications relevant to your use of the Services.


1.10 Persistent Identifiers

1.10.1 Data Collected: IP addresses, device IDs, browser type, Internet Service Provider (ISP), date/time stamps.
1.10.2 How We Collect It: Automatically when you use our Services, through cookies, pixels, and similar technologies (including Google Analytics and Google Ads).
1.10.3 Purpose of Collection:
o To evaluate, improve, and develop our Services.
o Develop new products and features.
o Analyze usage patterns to enhance user experience.
o Evaluate the effectiveness of our marketing campaigns.
o Tailor advertising and marketing efforts.
o Comply with legal obligations.

2. Data Sharing and Security:

Our policy ensures that your data is shared only with your consent or when required by law. We only share your data with authorised personnel and the third parties listed in this document. We safeguard your data from unauthorized access and breaches by using strict data protection protocols to ensure the security and confidentiality of your data. In the event of a merger, acquisition, or asset sale, your personal data may be transferred.

3. Collection of Certain Types of Personal Information:

While using our services you consent to the collection, use, and disclosure of your personal information, which includes demographic details. We take all necessary and reasonable precautions to protect this data and only use it in furtherance of providing users with the services.

4. User Rights:

Our platform is designed to facilitate the exercise of your rights, ensuring prompt and efficient responses to your requests regarding data processing. We will respond to any request regarding your data rights within 7 of receipt. This period may be extended by 7 if necessary, due to the complexity or number of requests, with prior notification.

4.1 You have the right to refuse, or withdraw your consent at any time.
4.2 You have the right to seek rectification or removal of your personal data as and when you deem fit.
4.3 You have the right to demand access to information regarding whether personal data is being processed, why, by whom, the time period for its storage, criteria used for that and the existence of automated decision-making used for it.
4.4 All information, communications, and actions taken are provided free of charge. However, for requests that are manifestly unfounded, excessive, or repetitive, we may charge a reasonable fee or refuse to act.
4.5 If there is doubt about the identity of the person making a request regarding their data, we may ask for additional information to confirm their identity.
4.6 You have the right to demand disclosure of your personal data to the respective authorities or any other medical practitioner. We do not sell, lease, or share personal information with third parties except as required by law or for the purposes listed in this policy.
4.7 In instances where we are unable to take action on your request or prohibited by law from doing so, we will inform you within 10 business days, providing reasons for our inaction and guiding you on how to appeal the decision.
4.8 You have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent please contact [email protected]
4.9 These rights extend to all services and any information compiled for legal proceedings.
4.10 If you wish to exercise any of your rights listed in this policy please email us at [email protected]

5. Data Sharing and Disclosure:

5.1 Third Parties:
We only utilise third party services that agree to comply with data protection laws and standards. It the course of providing our services, we may share your personal information with selected third parties, which currently include:-
• Stripe
• Amazon Web Services
• MongoDB
• OpenAI
• Google

By using our services, you consent to us sharing user data with third-party service providers to facilitate the use of our application and enhance user experience. We do not share information with third parties unless it is required for the purposes listed or such disclosure is required under law.

5.2 For Legal Reasons:
We reserve the right to disclose your personal information if required to do so by law or in response to valid requests by public authorities, including to meet national security or law enforcement requirements. Such disclosure will be limited to the extent necessary to comply with our legal obligations.


5.3 Emergency Situations:
In rare, urgent circumstances, we may disclose your personal information when we believe in good faith that such action is necessary to protect the personal safety of users of our services or the public, or to protect our rights or property. In such cases, we will provide the minimum amount of information necessary to address the emergency.


5.4 Business Transfers:
In the event of a merger, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, we may transfer your personal information to a third party or parties in connection with the transaction.

6. Breach Notification:

6.1 Breach of Protected Information:
In the unfortunate event of a data breach that involves unsecured protected information, we are committed to notifying affected individuals promptly. This notification will occur as soon as possible or within 7 business days from when the breach is discovered.

6.2 Discovery of Breach:
A breach is deemed to have been 'discovered' when it is known, or, with reasonable diligence, should have been known, to any member of our workforce or our agents. This definition excludes the person(s) responsible for the breach. We maintain rigorous systems and protocols to ensure timely discovery and reporting of any such breaches.


6.3 Timeliness of Notification:
Following the discovery of a breach, we will notify affected individuals without undue delay. In compliance with legal requirements, all notifications will be made no later than 60 calendar days after the discovery of the breach, unless a different timeline is specified by applicable laws.


6.3 Content of Notification
The notification will provide a clear description of the breach, including the types of information that were involved. It will also include recommended steps that individuals can take to protect themselves, the actions we are taking to mitigate the harm and prevent future breaches, and relevant contact information for further inquiries.


6.5 Plain Language:
We are committed to ensuring that all notifications are written in plain, easily understandable language. Our goal is to ensure that the general public can comprehend the content without difficulty.


6.6 Methods of Notification:
Notifications will be conveyed through the most effective means available to us. This includes but is not limited to sending a message to the registered phone number or email of affected individuals or through a notification via our application, with the aim to provide timely and direct communication.

7. Data Retention:

In furtherance of using our services we collect, use and store some of the information you provide. While we retain data while you use your account, and upon deletion of your account we will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and as anonymized data retained for the purpose of improvement of our services or for research in the manner listed in clause three of this policy. All other personal information is automatically deleted within 90 days of deletion of your account.

8. Updates and Modifications

We reserve the right to modify this Privacy Policy at any time. As we improve, alters and expand our Services, the privacy policy will be altered to reflect these changes. All changes, including but not limited to stylistic or grammatical changes will be posted and notified on our website and app, ensuring you are always informed about our data collection and use processes. We encourage you to review this policy periodically.

9. Consent:

By using Org 360s services and the One Coach AI Application, you agree to the collection, use, and sharing of your personal data as outlined in this Privacy Policy.
Consent granted by you encompasses the collection, processing, and sharing of your personal data as necessary for the provision of our services, improvement of user experience, and all other terms listed in this privacy policy.
If you do not agree with the entirety of this privacy policy please do not use our services.