One Labs legal

Privacy Policy

This Privacy Policy explains how One Labs collects, uses, shares, retains, and protects personal data when you use our websites, Shopify apps, themes, and related services.

Company One Labs
Last updated March 24, 2026
Contact [email protected]

1. Who we are

One Labs ("One Labs", "we", "us", or "our") develops Shopify applications, themes, websites, and related services. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal data when you use our websites, apps, themes, and support services, or otherwise interact with us.

For the purposes of applicable privacy law, One Labs is the controller of the personal data described in this Policy unless otherwise stated.

2. Scope

This Policy applies to:

  • our websites and landing pages that link to this Policy;
  • our Shopify apps, themes, and related support services;
  • sales, billing, and account administration activities;
  • marketing communications where permitted by law; and
  • other interactions with us, including by email, forms, or customer support.

This Policy does not apply to third-party websites, platforms, payment providers, app stores, or services that we do not control. Those third parties have their own privacy notices and practices.

3. Personal data we collect

Information you provide directly

  • contact details, such as your name, company name, email address, phone number, billing address, and support contact details;
  • account and store information you provide when installing, configuring, or using our apps, themes, or services;
  • transaction and billing information, including subscription details and payment-related records (full payment card numbers are typically processed by our payment processors, not stored by us);
  • communications you send to us, including support tickets, messages, feedback, reviews, and survey responses; and
  • any other information you choose to provide to us.

Information collected automatically

  • device, browser, and log data, such as IP address, browser type, operating system, language, referring pages, pages viewed, session activity, and timestamps;
  • cookie and similar technology data, subject to your preferences and applicable consent requirements; and
  • analytics and usage data about how our websites, apps, themes, and services are used.

Information from third parties

  • Shopify and related platform data needed to provide app, theme, billing, and support functionality;
  • payment processors and billing platforms;
  • marketing, analytics, anti-fraud, or security providers; and
  • business partners, resellers, or referral sources where relevant to a commercial relationship.

If you provide us with personal data about another individual, you must be authorized to do so and must ensure that the information may lawfully be shared with us.

4. How we use personal data

We may use personal data for the following purposes:

  • to provide, operate, maintain, support, secure, and improve our websites, apps, themes, and services;
  • to set up accounts, authenticate users, process subscriptions, and administer billing;
  • to troubleshoot issues, respond to requests, and provide customer support;
  • to communicate service updates, product notices, administrative messages, and security alerts;
  • to monitor usage, perform analytics, improve performance, and develop new features;
  • to prevent fraud, abuse, unauthorized access, and other harmful activity;
  • to comply with legal obligations, enforce our agreements, and protect our rights, users, and business; and
  • to send marketing communications where permitted by law and subject to your choices.

6. Cookies and similar technologies

We use cookies and similar technologies to operate our websites and improve user experience. Depending on your location and applicable law, we may request consent before placing non-essential cookies.

  • Strictly necessary cookies: required for core website, security, session, and app functionality.
  • Preference cookies: remember settings such as language or display preferences.
  • Analytics cookies: help us understand usage and improve performance.
  • Advertising or marketing cookies: may be used to measure campaigns or deliver more relevant marketing, where permitted.

You can manage cookies through your browser settings and, where available, through our cookie banner or preference center. Blocking some cookies may affect site functionality.

7. Shopify and payment processing

Our products and services may operate through Shopify or interact with Shopify stores. Shopify may process store, billing, and related technical information under its own terms and privacy documentation. We may also use payment processors and billing service providers to process payments and subscriptions. Those providers process payment information under their own privacy notices and security controls.

For Shopify’s current legal information, see the Shopify Privacy Policy and Shopify Terms of Service.

8. Sharing of personal data

We do not sell personal data in exchange for money. We may disclose personal data to the following categories of recipients, only as reasonably necessary and subject to applicable law:

  • service providers that help us host, support, secure, analyze, market, or operate our business;
  • Shopify, payment processors, and other platforms needed to provide the services you request;
  • professional advisers such as lawyers, auditors, insurers, and accountants;
  • authorities, courts, regulators, or law enforcement when required by law or necessary to protect rights, safety, or property; and
  • a buyer, investor, or successor entity in connection with a merger, acquisition, financing, reorganization, or sale of all or part of our business, subject to appropriate safeguards.

We may publish testimonials, reviews, logos, case studies, or other customer endorsements only with appropriate authorization or another lawful basis. Private project communications should not be used publicly without clear permission.

9. International transfers

We may process or store personal data in countries other than the country where you are located. Where required by law, we take appropriate measures to protect cross-border transfers, such as contractual safeguards, adequacy mechanisms, or other lawful transfer tools.

10. Data retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Policy, including to provide services, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary depending on the type of data and the context.

Category Typical retention approach
Account and subscription records Kept while the account or subscription remains active and for a reasonable period afterward for support, audit, tax, and legal purposes.
Support communications Kept as needed to resolve issues, maintain service history, train support, and defend legal claims.
Billing and tax records Kept for the period required by applicable accounting, tax, and audit laws.
Marketing preferences Kept until you opt out, withdraw consent, or we determine the records are no longer needed.
Security and log data Kept for a limited period unless needed longer for security investigations, abuse prevention, or legal compliance.

Where possible, we delete or anonymize information that is no longer needed.

11. Security

We use reasonable administrative, technical, and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. However, no internet transmission or storage system is completely secure, and we cannot guarantee absolute security.

If we become aware of a personal data breach, we will respond in accordance with applicable law, which may include investigation, mitigation, and notice to affected individuals or authorities where required.

12. Your privacy rights

Depending on where you live, you may have some or all of the following rights, subject to legal exceptions and verification of your request:

  • access the personal data we hold about you;
  • correct inaccurate or incomplete personal data;
  • request deletion of personal data;
  • object to or restrict certain processing;
  • withdraw consent where processing relies on consent;
  • receive a portable copy of certain data;
  • opt out of certain marketing communications;
  • opt out of certain sharing or targeted advertising where applicable; and
  • not receive discriminatory treatment for exercising applicable privacy rights.

Residents of the EEA, UK, and Switzerland may also have the right to lodge a complaint with their local data protection authority. California residents may have additional rights under California privacy law, including rights relating to access, deletion, correction, and sensitive personal information where applicable.

13. Children’s privacy

Our websites, apps, themes, and services are not directed to children, and we do not knowingly collect personal data from children where prohibited by law. If you believe a child has provided us personal data, contact us so we can investigate and take appropriate action.

14. Third-party analytics, anti-spam, and embedded services

We may use third-party tools such as analytics, security, anti-spam, form, captcha, hosting, and embedded content providers. Those services may collect device or usage information in accordance with their own privacy notices and configurations.

If Google reCAPTCHA or a similar anti-abuse tool is used on a page, that provider may process information such as IP address, browser data, and user interactions for security and fraud-prevention purposes. Use of those tools is governed by the provider’s own terms and privacy documentation.

15. Marketing communications

Where permitted by law, we may send you product updates, newsletters, or promotional communications. You can opt out at any time by using the unsubscribe link in the message or by contacting us. Transactional or service-related messages may still be sent when necessary for your account or services.

16. Changes to this Policy

We may update this Policy from time to time to reflect legal, technical, or business developments. When we make material changes, we will update the “Last updated” date and, where required, provide additional notice.

17. Contact us

Privacy Compliance Officer
One Labs
[email protected]
Zwanenburg, the Netherlands

18. Business-specific items to confirm before publishing

Before publishing this page, confirm the following:

  • the exact legal name, incorporation details, and registered address of the company;
  • which apps, themes, websites, and domains are covered;
  • which Shopify APIs, store data, and customer data are actually accessed by each app or theme;
  • the identity of your analytics, email, support, hosting, CRM, and payment vendors;
  • whether you use targeted advertising, cross-context behavioral advertising, or any activity that may trigger additional US state-law disclosures;
  • the precise retention periods that apply to your support records, billing records, logs, and backups;
  • whether you need a separate Cookie Policy or cookie preference center for EEA/UK visitors; and
  • whether any customer logos, reviews, or testimonials are publicly displayed and, if so, the permission workflow you use.