Privacy Policy
7 min read
Version 1.0 — March 2026
Our One's Constitution prohibits surveillance advertising, behavioral profiling, and the sale of member data. This document is where that prohibition becomes specific. It tells you exactly what data we collect, why we collect it, how long we keep it, and what we will never do with it.
Read it before you join. Hold us to it after.
What we collect and why
What you give us directly
Account information. When you create an account: your name, email address, and — if you sign in with GitHub or Google — the basic profile information those services share with us (your name, email, and profile photo). We use this only to create and authenticate your account.
Profile information. Work history, skills, headline, location, website — whatever you choose to share. All of it is optional beyond a display name.
Content. Posts, articles, questions, replies, and any other content you publish. This is yours. It lives on the platform because you put it there. You can take it back at any time.
Messages. The content of your private conversations. Messages are never read by us, never scanned, never used for any purpose other than delivering them to the person you sent them to.
Signals. When you signal a post (Practical, Clear, Brave, etc.), we store that signal. Signals replace likes. They are intentional, categorized, and give authors meaningful feedback. Your signal history is yours.
Active Season. Your declared current focus — what you are working on or learning right now. This is declared by you, not inferred. It shapes your Brief and Field discovery. When it expires, it is gone. We do not retain expired Active Season data.
Brief preferences. Your reading preferences: density mode, format preference, content weights. These configure your experience. They are not used for profiling.
Payment information. Your payment is processed by Stripe. We do not store your payment card details. We store only the record that you paid, the amount, and when your membership renews.
What we collect automatically
Technical data. When you use the platform: your IP address (to operate the service and prevent abuse), the pages you visit within Our One, and basic technical data like your browser type and device.
Session cookies. We use a single session cookie to keep you signed in. That is it. No tracking cookies. No third-party cookies. No fingerprinting. No cross-site tracking pixels.
We use technical data to operate the platform — to debug problems, prevent spam and abuse, and understand in aggregate how the platform is used. Not to profile you. Not to sell to anyone.
What we never collect
We do not infer your interests, politics, beliefs, income, health, or any personal characteristic from your behavior. We do not build behavioral profiles. We do not purchase data about you from third parties. We do not combine your Our One data with data from other sources. We do not use variable-reward mechanics or track engagement patterns to optimize for time-on-platform.
How we use your data
To operate the platform. Your profile is displayed as you configured it. Your posts are published as you directed. Your messages are delivered to the people you addressed them to. Your Brief is generated from your declared preferences — not from inferred behavior.
To understand aggregate usage. How many articles were published this month. What skill categories are most common. How many members are active. This data cannot be traced back to you.
To communicate with you. Notifications you requested, security alerts, and membership-related messages. You control all non-essential email in your settings.
To prevent abuse. Rate limiting, spam detection, and enforcement of member conduct rules.
What we will never do
Never sell your data. To anyone. For any purpose. This is a constitutional prohibition.
Never use your content for AI training without your explicit consent. If Our One develops an AI project, you will be asked directly, individually, with full explanation. Participation is voluntary. The default is no. There are no exceptions for "platform improvement" or "research."
Never display surveillance advertising. No ads based on your behavior, your data, or your profile. We will never build the infrastructure required to do this.
Never build behavioral profiles. Your Active Season is declared, not inferred. When it expires, it is gone. We do not silently construct a model of who you are from your browsing patterns.
Third-party services
We work with a small number of service providers to operate the platform. They process data on our behalf and are contractually prohibited from using it for any other purpose.
| Service | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing | Payment details (we never see your card number) |
| Neon | Database hosting (PostgreSQL) | All platform data (encrypted at rest) |
| Vercel | Application hosting and CDN | Request data, IP addresses |
| Resend | Transactional email | Email address, notification content |
| Upstash | Rate limiting (Redis) | IP address, request metadata |
| GitHub (if you use GitHub sign-in) | Authentication | Name, email, profile photo |
| Google (if you use Google sign-in) | Authentication | Name, email, profile photo |
We do not use analytics services that track individual users. We do not embed third-party widgets, social buttons, or tracking pixels from other platforms.
Cookies
Our One uses one cookie: a session cookie that keeps you signed in. It expires when your session ends or after a reasonable inactivity period.
We do not use:
- Tracking cookies
- Third-party cookies
- Advertising cookies
- Analytics cookies that identify individual users
- Browser fingerprinting
How long we keep it
While you are a member: We keep your data to provide the service.
When you delete your account: We remove your data from our active systems within 30 days. Backups are purged within 90 days. After deletion, we retain nothing attributable to you, except where law requires it (for example, payment records for tax purposes).
Active Season data: Deleted when the season expires and you do not renew it.
Your rights
Export. You can export everything you have contributed — profile, posts, connections, signals, endorsements — at any time, in a standard format, immediately. No waiting period. No friction. The export tool is in your account settings.
Correction. If data we hold about you is wrong, you can correct it directly in your profile or by contacting us.
Deletion. You can delete your account at any time. The process takes thirty seconds. It is not buried. It is in your account settings, labeled clearly.
Objection. If you believe we are handling your data in a way that conflicts with this document or the Constitution, tell us. We will investigate and respond.
For EU members (GDPR). You have the right to access, rectification, erasure, data portability, restriction of processing, and objection. Our export and deletion tools fulfill most of these automatically. For anything else, contact us.
For California members (CCPA). You have the right to know what data we collect, to request deletion, and to opt out of the sale of your data. We do not sell your data. Ever. For access or deletion requests, contact us.
Children
Our One is designed for professionals. You must be at least 13 years old to create an account. If we learn that a member is under 13, we will delete their account and data promptly.
Security
We use encryption in transit (TLS) and at rest. Access to member data is limited to stewards who need it to operate the platform. We conduct regular security reviews.
If a breach occurs that affects your data, we will notify you promptly and specifically — not with a vague announcement weeks later. We will tell you what happened, what data was affected, and what we are doing about it.
Changes to this policy
If we change this policy, we will notify members at least 30 days before the change takes effect. If the change touches constitutional matters, it requires community ratification.
We will not change this policy quietly.
Contact
Privacy questions, requests, or concerns: privacy@our.one
We read every message. We respond to every message.
Our One — Privacy Policy, Version 1.0 Effective: March 2026