Data Protection Policy
One Oat Platform & Community Effective Date: 1.1.2025

One Oat is committed to safeguarding the privacy, security, and integrity of all personal data processed on our platform and community features. This Data Protection Policy outlines how we collect, use, store, and protect user data while ensuring compliance with global data protection regulations.

1. Purpose and Scope

This policy applies to:

  • All data collected, processed, and stored within the One Oat Platform and its community.
  • Users engaging in social networking, group discussions, forums, interactive activities, soft skills training, mindfulness practices, journaling, and AI-based assistance.
  • All employees, contractors, and third-party service providers handling user data.

The objective is to ensure data transparency, user control, and strong security measures in compliance with applicable laws.

2. Data Collection and Processing

A. Types of Data Collected

We collect the following types of user data:

  • Personal Identifiable Information (PII): name, email, age, profile information.
  • Behavioral Data: posts, comments, interactions, and activity patterns.
  • Mindfulness and Soft Skills Data: Information derived from AI interactions (anonymized).
  • Technical Data: IP address, device type, browser details, and system logs.

B. Legal Basis for Processing

We process user data based on:

  • User Consent: An explicit agreement when signing up.
  • Legitimate Interests: To enhance the platform and community experience.
  • Legal Compliance: As required by applicable regulations.

C. Special Category Data

Sensitive data (e.g., mental wellness insights) is only collected when voluntarily provided by users and is always anonymized and encrypted.

3. Purpose of Data Usage

We use collected data to:

  • Improve the user experience through personalized recommendations.
  • Enhance AI-driven mindful support for better engagement.
  • Ensure community safety through content moderation.
  • Conduct research on youth empowerment and skill development (with anonymized data).
  • Comply with legal and security obligations.

User data is never sold, rented, or used for third-party advertising.

4. Data Storage and Security

A. Encryption and Protection

  • In Transit: Data is encrypted using SSL/TLS protocols.
  • At Rest: Sensitive data is stored with AES-256 encryption.

B. Access Control

  • Role-based access ensures only authorized personnel can access sensitive data.
  • Multi-factor authentication (MFA) is required for administrative access.

C. Backup & Disaster Recovery

  • Regular encrypted backups are performed to prevent data loss.
  • Incident response protocols ensure quick action during security breaches.

We retain user data based on the following guidelines:

  • Active Accounts: Data is stored as long as the user is active.
  • Inactive Accounts: If a user remains inactive for 24 months, their data is anonymized.
  • User-Controlled Data: Users can delete personal information, posts, and journals at any time.

Retention of specific data may be required for legal or compliance reasons.

6. User Rights & Control

Users have the following rights:

  • Access: Request a copy of personal data.
  • Rectification: Edit or update inaccurate data.
  • Erasure: Delete personal data from the platform.
  • Processing Restrictions: Limit how data is used.
  • Data Portability: Request a structured copy of data.
  • Objection: Withdraw consent for processing activities.

Requests can be submitted via support@oneoat.org.

7. Data Sharing and Third-Party Access

We may share data with:

  • Platform Service Providers: For hosting, analytics, and security.
  • Research Partners: In an anonymized format for academic purposes.
  • Legal Authorities: When required to comply with regulations.

We do not share data for advertising or commercial exploitation.

8. Data Breach Response

In case of a data breach, we will:

  1. Assess and Contain: Identify and isolate the source.
  2. Notify Users: Affected users will be informed within 72 hours.
  3. Report Incident: Compliance with regulatory reporting requirements.
  4. Implement fixes: Strengthen security to prevent future breaches.

9. Data Transfers & Compliance

Since One Oat serves a global audience, some data may be processed outside a user’s country. We ensure:

  • Compliance with GDPR, CCPA, and other applicable laws.
  • Secure data transfers using Standard Contractual Clauses (SCCs).

10. Staff Responsibilities & Compliance

  • Employees and contractors undergo annual data protection training.
  • Internal Data Protection Officers (DPOs) monitor compliance.
  • Regular security audits are conducted to enhance platform safety.

11. Children’s Data Protection

  • The platform is designed for individuals 15 years and older.
  • Users under 18 may require parental consent, based on local regulations.
  • We comply with COPPA and other child data protection laws.

12. Policy Updates

This policy may be updated periodically. Changes will be announced on the platform. Communicated via email if significant.

Continued use of One Oat Platform and its community constitutes acceptance of the revised policy.

13. Contact Information

For questions, concerns, or data requests, contact:
Email: support@oneoat.org
Website: oneoat.org

By using the One Oat Platform and Community, you acknowledge and accept this Data Protection Policy