LEGAL

Privacy Policy

Learn how Onsomble collects, uses, and protects your personal information.

Last updated: December 14, 2025

On this page

Introduction

Onsomble AI LTD ("Onsomble," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered knowledge management platform (the "Service").

Onsomble AI LTD is a sole tradership registered in New Zealand. By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

Information We Collect

Account Information

When you create an account, we collect:

  • Email address (required)
  • Full name (optional)
  • Profile picture/avatar (optional)
  • Account preferences and settings

Content You Create

When you use the Service, we store:

  • Notebooks and their contents
  • Documents you upload (PDFs, Word documents, spreadsheets, etc.)
  • URLs and web content you import
  • Audio files and transcripts
  • Chat conversations and messages
  • Workspace files and folder structures

Usage Data

We automatically collect information about how you use the Service:

  • Activity logs (actions taken within the platform)
  • AI model usage and preferences
  • Credit consumption and transaction history
  • Feature usage patterns
  • Search queries within the platform

Technical Data

We collect technical information including:

  • IP address
  • Browser type and version
  • Device information
  • Operating system
  • Time zone and location data
  • Error logs and diagnostic information

How We Use Your Information

We use the information we collect to:

Provide and Improve the Service

  • Deliver the core functionality of the platform
  • Process and respond to your AI chat queries
  • Generate audio summaries and transcriptions
  • Build and maintain your knowledge graphs
  • Improve and optimise our services

Account Management

  • Create and manage your account
  • Process credit transactions and billing
  • Send service-related notifications
  • Provide customer support

Security and Compliance

  • Detect and prevent fraud or abuse
  • Enforce our terms of service
  • Comply with legal obligations
  • Protect the rights and safety of users

AI and Machine Learning

Our Service uses artificial intelligence to provide its core features. Understanding how your data is processed by AI systems is important:

Large Language Models (LLMs)

When you use chat features, your queries and relevant context from your notebooks are sent to third-party AI providers (currently OpenRouter) for processing. This includes:

  • Your chat messages and conversation history
  • Relevant excerpts from your uploaded documents (for context)
  • System instructions that help the AI understand your request

Important: We do not use your data to train AI models. Your content is processed solely to generate responses for you.

Document Processing

  • Embeddings: Your documents are converted into mathematical representations (embeddings) stored securely in our database to enable semantic search and retrieval.
  • Knowledge Graphs: We extract entities and relationships from your documents to build knowledge graphs that enhance understanding of your content.
  • Transcription: Audio files are processed using AI transcription services to convert speech to text.
  • Text-to-Speech: When generating audio summaries, text is sent to TTS providers to create audio output.

Information Sharing

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers

We work with trusted third-party providers to deliver our Service:

  • Supabase: Authentication, database hosting, and file storage
  • OpenRouter: AI model inference and processing
  • TTS Providers: Audio generation services
  • Sentry: Error tracking and monitoring (frontend only)

These providers are contractually obligated to protect your data and may only use it to provide services to us.

Legal Requirements

We may disclose your information if required by law, such as:

  • In response to valid legal process (subpoenas, court orders)
  • To comply with applicable laws and regulations
  • To protect our rights, property, or safety
  • To protect the rights, property, or safety of our users or the public

Business Transfers

If Onsomble AI is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.

Data Storage and Security

Where We Store Your Data

Your data is stored on secure servers provided by Supabase. Supabase uses industry-standard cloud infrastructure to ensure reliability and security.

Security Measures

We implement appropriate technical and organisational measures including:

  • Encryption of data in transit (TLS/SSL)
  • Encryption of data at rest
  • Access controls and authentication
  • Regular security assessments
  • Activity logging and monitoring

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

For All Users

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Export: Download your content and data

GDPR Rights (EU/EEA Users)

If you are in the European Union or European Economic Area, you also have:

  • Right to data portability
  • Right to restrict processing
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

CCPA Rights (California Residents)

If you are a California resident, you have:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of the sale of personal information (we do not sell data)
  • Right to non-discrimination for exercising your rights

To exercise any of these rights, please contact us at [email protected].

Data Retention

We retain your information for as long as your account is active or as needed to provide services:

  • Account data: Retained until you delete your account
  • Content (notebooks, documents, conversations): Retained until deleted by you or upon account deletion
  • Usage logs: Retained for up to 2 years for analytics and troubleshooting
  • Billing records: Retained as required by law (typically 7 years for financial records)

When you delete your account, we will delete or anonymise your personal information within 30 days, except where we are required to retain it by law.

Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected].

If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information.

International Data Transfers

Onsomble AI is based in New Zealand. If you access the Service from outside New Zealand, your information may be transferred to, stored, and processed in New Zealand or other countries where our service providers operate.

For EU/EEA users, we rely on appropriate safeguards for international data transfers, including standard contractual clauses approved by the European Commission.

By using our Service, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date
  • Sending an email notification for material changes (if you have an account)

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

For GDPR-related inquiries or to exercise your data subject rights, you may also contact us at the email address above.