← onnie.ai

Privacy Policy

How Onnie collects, uses, and protects your personal information.

Privacy Policy

Effective date: June 28, 2026 · Last updated: June 28, 2026

The short version

We collect what we need to run Onnie — no more. Your workspace content is yours; we don't read it to serve ads or sell it to anyone. Payments are handled by Creem.io, our merchant of record — we never store your card details. If you want to know what we hold about you, or want it deleted, write us at legal@onnie.ai.

1. Who we are

Heizen Tecnologia Ltda. ("Heizen", "we", "us", or "our") is a Brazilian company (CNPJ 47.624.793/0001-83) operating Onnie — an AI-powered workspace platform at onnie.ai. When this policy says "we" or "Onnie," it means Heizen acting through the Onnie platform.

2. What this policy covers

This policy applies to:

  • visitors to our website (onnie.ai and related pages)
  • people who create or use an Onnie account or workspace
  • workspace members who are invited by an account holder

It does not cover third-party websites or services you may reach through links inside Onnie.

3. Two roles we play

Our platform is designed for individuals and organizations managing their own workspace. Depending on your relationship with Onnie:

  • For account and billing data (your name, email, subscription status, support communications) — Heizen acts as the data controller: we decide how and why this data is processed.
  • For Customer Content (the records, tasks, pages, files, and other data you put into your workspace) — Heizen acts as a data processor / service provider on behalf of you or your organization. We process Customer Content only to deliver the service you asked for.

4. What we collect

4.1 Information you give us

  • Account data: name, email address, authentication identifiers, workspace role.
  • Workspace content: everything you create or upload inside your workspace — tasks, pages, tables, records, files, agent configurations, and related content.
  • Support and communications: messages you send us, feedback, and support requests.
  • Billing contact info: the email and name used for invoicing. Payment details (card numbers, etc.) are handled exclusively by Creem.io, our merchant of record — we never receive or store them.

4.2 Information collected automatically

  • Usage data: which features you use, how often, and how you interact with them.
  • Technical data: IP address, browser type, device identifiers, operating system, language preference, and timestamps.
  • Logs and diagnostics: error reports and performance metrics used to keep the service running reliably.

4.3 Cookies and similar technologies

We use cookies and local storage for authentication, session management, user preferences, and aggregate analytics. See Section 14 for more detail.

4.4 Information from third parties

  • If you sign in via a third-party identity provider (e.g., Google OAuth), we receive basic profile data (name, email) from that provider.
  • If you are invited to a workspace, the person who invited you provided your email address.

5. How we use your information

We use the information we collect to:

  • Run Onnie — create accounts, authenticate users, enable collaboration, execute agent routines, and deliver workspace features.
  • Keep the service secure — detect and prevent abuse, fraud, unauthorized access, and misuse.
  • Improve the product — understand how features are used, identify bugs, and test improvements.
  • Handle billing — enforce plan limits, track usage for extended usage billing, and coordinate payments with Creem.io.
  • Communicate with you — send service notifications, security alerts, billing receipts, and support responses. We may send optional product updates; you can opt out at any time.
  • Comply with law — respond to lawful requests, enforce our policies, and meet our legal obligations.

6. Legal bases for processing

Where applicable (including under Brazil's LGPD and the EU's GDPR):

  • Contract: to provide the service you subscribed to.
  • Legitimate interests: to secure and improve Onnie, and to operate our business — balanced against your rights.
  • Consent: for non-essential cookies and optional marketing communications.
  • Legal obligation: to comply with applicable law and lawful requests.

7. Who we share your information with

We do not sell personal data. We share it only in the following circumstances:

  • Creem.io — our merchant of record processes all subscription payments and extended usage billing on our behalf.
  • AI model providers — when you use Onnie's AI features (Onnie, Onniebots, Routines), inputs are sent to underlying model providers to generate outputs. These providers operate under confidentiality obligations.
  • Infrastructure and operations — hosting, database, monitoring, email delivery, and support tooling providers. All operate under data processing agreements.
  • Legal and safety — if we believe in good faith that disclosure is necessary to comply with law or legal process, protect our users or the public, or enforce our policies.
  • Business transfers — if Heizen is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction, with appropriate notice and safeguards.

8. Data retention

We keep personal data for as long as necessary to:

  • provide the service and manage your account
  • meet legal, accounting, or regulatory obligations
  • resolve disputes and enforce our agreements

Workspace content is retained while your workspace is active. You may delete content within your workspace at any time. On account closure, we delete or anonymize your data within a reasonable period, subject to any legal hold requirements.

9. Security

We apply administrative, technical, and organizational measures designed to protect your data against unauthorized access, alteration, loss, or disclosure. No security measure is perfect; we cannot guarantee absolute security, and we encourage you to protect your own credentials and account access.

10. International transfers

Heizen is based in Brazil. We may process and store data on servers located in other countries. When we transfer personal data internationally, we use contractual protections and, where applicable, the mechanisms recognized by Brazilian law and equivalent frameworks (such as standard contractual clauses for EU/UK data).

11. Your rights

Depending on your location, you have rights regarding your personal data. Under Brazil's LGPD — and under equivalent frameworks in the EEA, UK, and other jurisdictions — these typically include:

  • Access — confirm whether we hold data about you and receive a copy.
  • Correction — fix inaccurate or incomplete data.
  • Deletion — ask us to delete your data (subject to legal retention requirements).
  • Portability — receive your data in a structured, machine-readable format.
  • Objection or restriction — object to or restrict certain types of processing.
  • Consent withdrawal — withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email legal@onnie.ai. We may verify your identity before acting on a request. If your data is managed by a workspace owner (e.g., your employer), you may need to contact them first for workspace-level content.

12. Children's privacy

Onnie is not directed to children under 13, and we do not knowingly collect personal data from them. If you believe a child has provided us with data, contact legal@onnie.ai and we will delete it.

13. AI features and your content

When you use Onnie's AI features — including the Onnie agent, Onniebots, and Routines — the content you provide is processed to generate the output you requested. We process this content to deliver the requested feature and to maintain the security and reliability of the service.

Workspace owners control what data is sent to AI features through configuration and permissions. AI-generated outputs may be saved into your workspace if you choose to store them. Outputs may be inaccurate — you remain responsible for reviewing them before acting on them.

14. Cookies

We use:

  • Essential cookies — authentication, session security, and core functionality. These cannot be disabled without breaking the service.
  • Preference cookies — remembering your settings and workspace preferences.
  • Analytics — aggregate data about how Onnie is used, to improve the product.

You can control non-essential cookies through your browser settings or any consent banner we provide. Disabling essential cookies will affect your ability to use the service.

15. Changes to this policy

We may update this policy as our practices evolve. If changes are material, we will post the updated policy with a new "Last updated" date and notify you through the product or by email. Continuing to use Onnie after the effective date means you accept the updated policy.

16. Contact us

  • Email: legal@onnie.ai
  • Company: Heizen Tecnologia Ltda. · CNPJ 47.624.793/0001-83
  • Address: Av. Brig. Faria Lima 1811, Office 1119 · São Paulo, SP · 01452001 · Brazil