Skip to main content

Privacy Policy

Last updated: March 2026

1. Introduction

OneStopReal ("we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform.

2. Information We Collect

We collect the following categories of information:

  • Account information: your name, email address, and password (stored in hashed form).
  • Project data: the financial models, inputs, calculations, and scenarios you create within the platform.
  • Usage data: pages visited, features used, and timestamps for analytics and service improvement.
  • Payment data: handled entirely by Paddle, our Merchant of Record. We never see, process, or store your credit card numbers or payment details.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the OneStopReal platform.
  • Process subscription billing through Paddle.
  • Send transactional emails such as proforma Excel exports (via Resend).
  • Analyze usage patterns to improve the platform experience.
  • We do NOT sell, rent, or share your personal data with third parties for marketing purposes.
  • We do NOT use your project data for any purpose other than providing the service directly to you.

4. Third-Party Services

We use the following trusted third-party services to operate our platform:

  • Supabase - database and authentication (hosted on AWS).
  • Paddle - payment processing and subscription management (Merchant of Record).
  • Resend - transactional email delivery.
  • Cloudflare Turnstile - anti-spam protection on signup and login.
  • Netlify - website hosting and deployment.
  • PostHog (EU-hosted) - product analytics to understand how visitors interact with our platform. Uses a single first-party cookie. No data is shared with third parties. You can opt out via our cookie banner.
  • OpenAI - powers our AI assistant and document import features. When you use these features, relevant project data is sent to OpenAI's API for processing. OpenAI does not use API data for training. No data is sent to OpenAI unless you actively use the AI assistant or document import.

5. Cookies

We use essential cookies for session authentication and storing your cookie consent preference. If you accept analytics cookies, we use PostHog (hosted in the EU) which places a single first-party cookie to understand how visitors use our platform. PostHog does not use third-party cookies and no data is shared with external parties. You can opt out of analytics cookies at any time via our cookie banner.

6. Data Storage & Security

Your data is stored in Supabase hosted on Amazon Web Services (AWS) in the US East (North Virginia) region. Row Level Security (RLS) is enforced at the database level. All connections are encrypted via TLS/SSL. Access to data is restricted to authenticated users viewing only their own workspace data. We follow industry best practices for data protection.

7. Project Sharing & Collaboration

OneStopReal allows you to share projects with other users by granting them viewer or editor access. When you share a project, the recipient can view (and, if granted editor access, modify) the financial data within that project. You are responsible for managing who has access to your shared projects. We recommend sharing only with trusted parties such as lenders, investors, or team members.

8. Data Retention

Your data is retained for as long as your account is active. Upon account deletion, all associated project data is permanently removed from our systems within 30 days.

9. Your Rights (GDPR)

Under applicable data protection laws, you have the following rights:

  • Right to access - request a copy of the personal data we hold about you.
  • Right to rectification - request correction of inaccurate or incomplete data.
  • Right to erasure - request deletion of your account and all associated data.
  • Right to data portability - export your data via our Excel export feature.
  • Right to object - object to certain processing of your personal data.

To exercise any of these rights, contact us at info@onestopreal.com.

10. Children

OneStopReal is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. We encourage you to review this page periodically.

12. Contact

If you have any questions about this Privacy Policy, please contact us at info@onestopreal.com.