Account Information

When you create an account, we collect:

• Email address (for account creation and authentication)
• Name (optional, for personalization)
• Account creation date

Encrypted Content

We store your encrypted content, but we cannot decrypt or access it because:

• All content is encrypted on your device before transmission
• Encryption keys are never sent to our servers
• We operate on a zero-knowledge architecture

Technical Information

For service operation and security, we may collect:

• IP address (temporarily, for rate limiting and abuse prevention)
• Browser type and version (for compatibility)
• Link access timestamps (for expiration management)

We use your information solely to:

• Provide and maintain the OneTimeLink service
• Authenticate your account and secure access
• Send important service notifications (security alerts, service updates)
• Prevent abuse and ensure service security
• Comply with legal obligations when required

We do NOT:

• Sell, rent, or share your personal information with third parties
• Use your data for advertising or marketing purposes
• Track your browsing behavior outside our service
• Access or decrypt your stored content

Encryption

• All sensitive content is encrypted using AES-256 encryption
• Encryption happens on your device before data transmission
• We never have access to your encryption keys

Infrastructure Security

• All data transmission uses HTTPS/TLS encryption
• Servers are hosted on secure, SOC 2 compliant infrastructure
• Regular security audits and monitoring
• Access to systems is strictly limited and logged

Automatic Deletion

Your encrypted content is automatically deleted when:

• The link expires (based on your time setting)
• The maximum view count is reached
• 30 days have passed since creation (maximum retention)

Account Data

• Account information is retained while your account is active
• You can delete your account at any time from your dashboard
• Upon account deletion, all associated data is permanently removed within 30 days

You have the right to:

• Access your personal information
• Correct inaccurate information
• Delete your account and associated data
• Withdraw consent for data processing
• Export your account data
• File a complaint with data protection authorities

To exercise these rights, contact us at otl@icai.kz

We use the following third-party services:

• Hosting: Secure cloud infrastructure for service delivery
• Authentication: NextAuth.js for secure login management
• Payment Processing: Stripe for payment processing (encrypted)

These services have their own privacy policies and security measures. We ensure they meet our privacy and security standards.

Your data may be processed in countries other than your residence. We ensure:

• Appropriate safeguards are in place for international transfers
• Compliance with applicable data protection laws (GDPR, CCPA, etc.)
• Standard contractual clauses with service providers

OneTimeLink is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us immediately.

We may update this Privacy Policy periodically. When we do:

• We'll notify you of significant changes via email
• The updated policy will be posted on this page
• The "Last updated" date will be revised

Continued use of our service after changes constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us: