Privacy Policy
Last updated: October 18, 2025
How we collect, use, and protect your personal information when you use ONYT.
Disclaimer: This document is a template and not legal advice. Please consult with qualified legal counsel for advice specific to your situation.
Summary & Scope
ONYT OÜ ("ONYT", "we", "us", or "our") is committed to protecting your privacy and being transparent about how we collect, use, and share your personal information. This Privacy Policy applies to our cashback platform, donation services, and all related features.
Data We Collect
Account Data
- Email address and name for account creation and communication
- Password (encrypted and securely stored)
- Profile information and preferences you choose to provide
- Account verification status and identity documents (when required)
Usage Data
- Pageviews, session duration, and feature interactions
- Device information (browser type, operating system, screen resolution)
- IP address and general geographic location (country/region)
- Referrer information and search terms
Click Tracking Data
- Offer clicks with unique tracking references (clickRef)
- Merchant redirect information for affiliate attribution
- Click timestamps and engagement metrics
Transaction Data
- Purchase information from partner merchants (amounts, dates, items)
- Cashback calculations and transaction history
- Payout requests and payment information
- Refund and dispute information
User-Submitted Charity Data
- Charity names, descriptions, and contact information you submit
- Documentation provided to verify charitable status
- Your relationship to submitted charities
How We Use Data
- Authentication & Account Management: Secure login, account maintenance, and customer support
- Service Provision: Track purchases, calculate cashback, process payouts and donations
- Fraud Prevention & Security: Detect abuse, prevent unauthorized access, ensure platform integrity
- Analytics & Performance: Understand user behavior, improve platform performance and features
- Communications: Send account updates, cashback notifications, and optional newsletters
Legal Bases (GDPR)
We process your personal data based on the following legal grounds:
- Contract Performance: To provide cashback and donation services you've requested
- Legitimate Interests: To improve our platform, prevent fraud, and ensure security
- Consent: For marketing communications and optional analytics where required
- Legal Obligations: To comply with financial regulations, tax requirements, and law enforcement
Sharing & Processors
We work with trusted service providers and processors to deliver our services. These are examples of common providers used in projects like ours:
Hosting & Infrastructure
- Vercel: Frontend application hosting and CDN
- Railway: Backend API hosting and deployment
- MongoDB Atlas: Database hosting and management
Monitoring & Analytics
- Sentry: Error monitoring and performance tracking
- Plausible: Privacy-focused, cookieless website analytics
Communication & Automation
- Resend: Transactional and marketing email delivery
- n8n: Internal workflow automation and data processing
Important: We do not sell your personal information to third parties. All processors are bound by data protection agreements and process data only as instructed.
International Transfers
Some of our service providers may process data outside of Estonia. We ensure appropriate safeguards are in place, including standard contractual clauses and adequacy decisions where applicable. We work only with reputable providers who maintain strong data protection standards.
Retention
- Account Data: Retained while your account is active and for legal compliance periods after closure
- Transaction Data: Kept for tax and financial compliance (typically 7 years)
- Analytics & Logs: Retained for reasonable periods to improve service (typically 12-24 months)
- Marketing Data: Until you withdraw consent or we determine it's no longer needed
Your Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete information
- Erasure: Request deletion (subject to legal retention requirements)
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to processing based on legitimate interests
- Restriction: Limit how we process your data in certain circumstances
To exercise these rights, contact us at contact@onyt.net
Cookies & Tracking
We use cookies and similar technologies for authentication, security, and analytics. For detailed information about our cookie practices, please see our Cookie Policy.
Children's Privacy
Our service is not directed to children under 16 (or 13 in some jurisdictions). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child, we will take steps to delete it promptly.
Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy and updating the effective date. Continued use of our service constitutes acceptance of the updated policy.
Contact
For questions about this Privacy Policy or data protection matters, contact us at: contact@onyt.net
ONYT OÜ
Your Address, City, Country