Legal

Privacy Policy

How OneStaff.ai collects, uses and protects your information — and the choices you have.

Last updated: 23 June 2026

1. Overview

OneStaff.ai ("OneStaff", "we", "us") provides an AI workforce platform that runs business operations on behalf of our customers. This policy explains what personal information we process, why, and how we keep it safe. It applies to our website and our products.

We act as a data controller for information about visitors to this website and the administrators of our customer accounts. When we process information inside a customer's workspace on their instructions, we act as a data processor on that customer's behalf, governed by our Data Processing Addendum (available on request).

2. Information we collect

Information you give us

  • Contact & account data — name, work email, company, role and anything you submit when you book a demo, start a trial or create an account.
  • Communications — messages you send us by email, chat or form.
  • Connected data — when you connect tools (email, CRM, helpdesk, billing, etc.), we access the data needed to perform the tasks you configure.

Information we collect automatically

  • Usage & device data — pages viewed, actions taken, browser, device and approximate location derived from IP address.
  • Cookies & similar technologies — see Cookies below.

3. How we use your information

  • To provide, operate, secure and improve the OneStaff.ai platform.
  • To carry out the tasks and workflows you instruct our AI to perform.
  • To respond to enquiries, provide support and send service communications.
  • To send marketing you can opt out of at any time (where permitted).
  • To detect, prevent and investigate fraud, abuse and security incidents.
  • To comply with legal obligations and enforce our agreements.

Our legal bases (where GDPR applies) are performance of a contract, our legitimate interests in running and securing our business, your consent (which you can withdraw), and compliance with legal obligations.

4. AI processing and your data

OneStaff.ai uses large language models and related AI systems to read context and act on the workflows you configure. We design for data minimisation and customer control:

  • We do not sell your data, and we do not use customer workspace content to train foundation models for other customers.
  • Every automated action is logged with a full audit trail so it can be reviewed and explained.
  • You set guardrails and approval limits; actions outside them are escalated to a human.
  • Customers with stricter requirements can use private or self-hosted model options.

5. How we share information

We share personal information only with:

  • Service providers / subprocessors (e.g. cloud hosting, analytics, model providers) bound by contract to protect it. A current list is available on request.
  • Professional advisers and authorities where required by law or to protect rights and safety.
  • A successor in connection with a merger, acquisition or asset sale, subject to this policy.

6. Data retention

We keep personal information only as long as needed for the purposes above, then delete or anonymise it. Customer workspace data is retained per the customer's agreement and deleted on request or after account closure, subject to legal hold requirements.

7. Security

We protect data with encryption in transit and at rest, granular access controls, continuous monitoring and independent audits. Read more on our Security page. No method of transmission or storage is 100% secure, but we work hard to protect your information and to notify you of incidents as required by law.

8. Your rights

Depending on where you live (e.g. the EU/UK under GDPR, or California under the CCPA/CPRA), you may have the right to access, correct, delete, port or restrict processing of your personal information, to object to processing, and to opt out of "sales" or "sharing" (we do neither). To exercise any right, email info@onestaff.ai. We will not discriminate against you for exercising your rights, and you may appeal a decision or complain to your local data-protection authority.

9. International transfers

We operate globally and may transfer information to countries other than your own. Where we do, we rely on appropriate safeguards such as the EU Standard Contractual Clauses. Customers can choose their data-residency region where that option is offered.

10. Cookies

We use strictly necessary cookies to run the site and, with your consent where required, analytics cookies to understand usage. You can control cookies through your browser settings; blocking some may affect functionality.

11. Changes & contact

We may update this policy from time to time; we will post the new version here and update the date above. Questions or requests? Contact us at info@onestaff.ai.