Privacy policy
OneDay Privacy Policy
Effective from: 1 January 2025
Last updated: 30 March 2025
digital services to help individuals overcome addictions and improve their lifestyle. We are
the data controller under the UK General Data Protection Regulation (UK GDPR) and the
Data Protection Act 2018.
● Identification & Contact Details: name, email, phone number.
● Health & Lifestyle Data: information you provide via questionnaires, assessments,
or interactions with our tools — such as habits, triggers, weight, mental wellbeing, or
substance use history.
● Device & Usage Data: how you use our website and app, including cookie data, app
settings, and technical device identifiers.
● Subscription & Payment Data: subscription plan, billing records, partial payment
details (we do not store your full card information).
● Communication History: messages, support tickets, and email interactions.
● Provide and personalise addiction support services.
● Offer health and wellbeing recommendations.
● Create and manage your user account.
● Handle payments and subscriptions.
● Communicate with you regarding service updates.
● Monitor service quality and safety.
● Improve our platform through anonymised analytics.
We do not use your personal data for external marketing, automated profiling with significant
effects, or data sales.
● Consent – for processing sensitive data (e.g., health-related info).
● Performance of Contract – to deliver the services you’ve subscribed to.
● Legitimate Interest – to improve our service, ensure security, or respond to your
queries.
● Legal Obligation – where required by UK law (e.g., compliance, audits).
You may withdraw your consent at any time by contacting us (see Section 9).
● With IT and infrastructure partners – for hosting, data storage, and analytics.
● With payment service providers – for processing transactions.
● With NHS services or healthcare professionals – only when legally required or
with your explicit consent.
● With legal or regulatory authorities – when required by UK law.
All our data processors operate under contracts that comply with UK GDPR standards.
We do not transfer your data outside the UK without appropriate safeguards. Currently, your
data is stored exclusively on servers within the United Kingdom.
● As long as your account is active or your subscription is valid.
● For up to 6 years after account closure, in line with HMRC and legal obligations.
● Sensitive health data is retained securely and anonymised or deleted upon your
request, unless required for legal reasons (e.g., clinical records, fraud prevention).
● Access your data and receive a copy.
● Correct inaccurate or outdated data.
● Delete your data ("right to be forgotten"), subject to exceptions.
● Restrict how your data is used in specific cases.
● Object to processing based on our legitimate interest.
● Withdraw consent at any time.
● Data portability – request transfer of your data to another provider.
To exercise these rights, contact us via the details in Section 9.
● End-to-end encryption
● Role-based access control
● Regular vulnerability assessments
● Staff training in data protection
● Secure cloud infrastructure located in the UK
● Email: privacy@oneday.com
● Address: OneDay Ltd – Privacy Team, [Insert company address], United Kingdom
● Phone: [Insert number], Mon–Fri, 9:00–17:00
We aim to respond to all data requests within 30 days.
Significant changes will be announced via email or in-app messages. The latest version will
always be available at oneday.com/privacy.
By using our services, you agree to this policy and its updates.
Effective from: 1 January 2025
Last updated: 30 March 2025
- Who We Are
digital services to help individuals overcome addictions and improve their lifestyle. We are
the data controller under the UK General Data Protection Regulation (UK GDPR) and the
Data Protection Act 2018.
- What Personal Data We Collect
● Identification & Contact Details: name, email, phone number.
● Health & Lifestyle Data: information you provide via questionnaires, assessments,
or interactions with our tools — such as habits, triggers, weight, mental wellbeing, or
substance use history.
● Device & Usage Data: how you use our website and app, including cookie data, app
settings, and technical device identifiers.
● Subscription & Payment Data: subscription plan, billing records, partial payment
details (we do not store your full card information).
● Communication History: messages, support tickets, and email interactions.
- Why We Process Your Data
● Provide and personalise addiction support services.
● Offer health and wellbeing recommendations.
● Create and manage your user account.
● Handle payments and subscriptions.
● Communicate with you regarding service updates.
● Monitor service quality and safety.
● Improve our platform through anonymised analytics.
We do not use your personal data for external marketing, automated profiling with significant
effects, or data sales.
- Legal Bases for Processing
● Consent – for processing sensitive data (e.g., health-related info).
● Performance of Contract – to deliver the services you’ve subscribed to.
● Legitimate Interest – to improve our service, ensure security, or respond to your
queries.
● Legal Obligation – where required by UK law (e.g., compliance, audits).
You may withdraw your consent at any time by contacting us (see Section 9).
- Data Sharing and Transfers
● With IT and infrastructure partners – for hosting, data storage, and analytics.
● With payment service providers – for processing transactions.
● With NHS services or healthcare professionals – only when legally required or
with your explicit consent.
● With legal or regulatory authorities – when required by UK law.
All our data processors operate under contracts that comply with UK GDPR standards.
We do not transfer your data outside the UK without appropriate safeguards. Currently, your
data is stored exclusively on servers within the United Kingdom.
- Data Retention
● As long as your account is active or your subscription is valid.
● For up to 6 years after account closure, in line with HMRC and legal obligations.
● Sensitive health data is retained securely and anonymised or deleted upon your
request, unless required for legal reasons (e.g., clinical records, fraud prevention).
- Your Rights
● Access your data and receive a copy.
● Correct inaccurate or outdated data.
● Delete your data ("right to be forgotten"), subject to exceptions.
● Restrict how your data is used in specific cases.
● Object to processing based on our legitimate interest.
● Withdraw consent at any time.
● Data portability – request transfer of your data to another provider.
To exercise these rights, contact us via the details in Section 9.
- Security Measures
● End-to-end encryption
● Role-based access control
● Regular vulnerability assessments
● Staff training in data protection
● Secure cloud infrastructure located in the UK
- Contact Us
● Email: privacy@oneday.com
● Address: OneDay Ltd – Privacy Team, [Insert company address], United Kingdom
● Phone: [Insert number], Mon–Fri, 9:00–17:00
We aim to respond to all data requests within 30 days.
- Policy Updates
Significant changes will be announced via email or in-app messages. The latest version will
always be available at oneday.com/privacy.
By using our services, you agree to this policy and its updates.
