Last updated: October 17, 2025
At OnlyOnce, your memories are yours. We collect the minimum data needed to run the service, we never sell your data, and we design our systems so that your private vault stays private by default. This Privacy Policy explains what we collect, why, how we protect it, the choices you have, and your rights.
• Controller: OnlyOnce, operated in the United States.
• Contact for privacy requests: support@onlyonce.life
• For EU/UK residents: You may contact us at the above address to exercise GDPR rights. We use Standard Contractual Clauses (SCCs) for international transfers as described below.
A) Account data
• Email (required) — used for login, receipts, and critical notices.
• Phone number (optional) — used for two-factor codes and text reminders.
B) Content you add (your “Vault”)
• Photos, audio/voice reflections, captions, and related metadata you choose to store.
C) Technical and usage data
• Device, app version, timestamps, diagnostics and crash logs.
• Limited analytics events (see “Analytics” below).
We do not intentionally collect sensitive categories unless you upload them to your Vault. Please avoid uploading content that you do not want stored.
• We do not sell or “share” your personal information for crosscontext behavioral advertising.
• We do not use your voice, photos, or Vault content to train AI models.
• We do not make your Vault public by default. Only people you explicitly invite can see items you explicitly share.
• To provide the service (contract): account setup, secure storage, authentication, content delivery to people you choose.
• To prevent abuse, secure our systems, and fix bugs (legitimate interests).
• To take payment and manage subscriptions (contract/legal obligation).
• With your consent: analytics/telemetry and marketing messages.
We carefully select vendors and limit what we send them. Vendors act as “processors” under GDPR and process data on our instructions.
• Google Cloud Storage (GCS) — Encrypted storage of your Vault (photos, audio, limited metadata). Serverside encryption at rest and TLS in transit by default. Region: primarily United States; content may be processed globally for reliability.
• Stripe — Payment processing (payer name if provided, email, billing address when required by card networks, transaction details; no full card numbers on our servers). OnlyOnce never sees or stores your full card number; Stripe is PCI DSS compliant.
• Twilio — Messaging infrastructure. We use Twilio to send SMS access codes and reminders. We also use Twilio SendGrid for transactional emails (login links, receipts, and service notices). Message content is limited to what’s needed to deliver the communication.
• Google Analytics 4 (GA4) — Event analytics to help us understand app performance and reliability. GA4 does not log or store IP addresses. We avoid collecting fields that directly identify you in analytics.
• PostHog — Product analytics, with privacypreserving configuration. We minimize event properties and apply data anonymization. We use PostHog for aggregate insights and debugging—not to build personal profiles.
• Account/Vault: kept while your subscription is active.
• After cancellation: your Vault remains accessible until the end of the billing period. Then we schedule deletion. We retain limited records (invoices, tax, fraud prevention) as required by law.
• Backups: pointintime backups are automatically purged on a rolling schedule. Deleted items are removed from active systems promptly and then from backups during normal rotation.
We use layered security controls including: encryption in transit (TLS) and at rest; access control with least privilege; audit logging; secrets management; regular backups; and vulnerability management. Access to user content is restricted to a small, trained team and only when you ask for support or where required to protect the service.
If we become aware of a data breach that is likely to result in a high risk to your rights or freedoms, we will notify you without undue delay and also notify regulators where required by law.
If you are in the EU/EEA/UK, your data may be processed in the United States and other countries. We use the European Commission’s Standard Contractual Clauses (SCCs) with our processors to safeguard these transfers, and we implement supplementary measures where appropriate.
Regardless of where you live, you can:
• Access, correct, or delete your data.
• Port your Vault (export).
• Object to or restrict certain processing.
• Withdraw consent for analytics/marketing at any time.
To exercise rights, email support@onlyonce.life. You also have the right to complain to a dataprotection authority.
OnlyOnce is for families but not for children to create their own accounts. We do not knowingly collect personal data from children under 13 (or older, where local law requires). If we learn that we have collected data from a child without verifiable parental consent, we will delete it.
Our mobile and web apps may use cookies or SDKs for core functionality (authentication, security) and for analytics. You can control analytics in Settings and via your device’s system controls.
We will post any changes on this page, update the “Last updated” date, and, for material changes, email you or show an inapp notice.