Privacy Policy

Overview

Oncecheck (“we”, “us”, “our”) is a compliance scanning tool for iOS, Android, and Web projects. This policy explains what personal information we collect, how we use it, and your rights regarding that information.

Information We Collect

We collect only the information necessary to provide our service:

• Account information — your email address, first name, and last name, provided when you create an account.
• Payment information — processed entirely by Stripe. We do not store your credit card number, CVC, or billing address. We only receive a Stripe customer ID and subscription status.
• Usage data — a daily scan counter used to enforce plan limits (Starter plan: 3 scans per day). We do not store or transmit your source code or scan results.
• Cookie preferences — your cookie consent choice, stored in your browser and optionally in your account profile.

How We Use Your Information

• To create and maintain your account
• To process payments and manage your subscription
• To enforce plan limits (scan quota)
• To communicate important service updates
• To respond to support inquiries

We do not sell, rent, or share your personal information with third parties for marketing purposes.

Third-Party Services

We use the following third-party services to operate Oncecheck:

• Supabase — authentication and database hosting. Your email and account data are stored in Supabase's infrastructure. Supabase Privacy Policy
• Stripe — payment processing. Stripe handles all payment data under their PCI-DSS compliant infrastructure. Stripe Privacy Policy

Cookies

We use essential cookies for authentication sessions and cookie consent preferences. Stripe may set cookies for fraud prevention. For full details, see our Cookie Policy.

Data Security

All connections use HTTPS encryption. Database access is protected by Row Level Security policies ensuring users can only access their own data. Payment information is handled by Stripe under PCI-DSS compliance. We never store your source code or scan results on our servers — all scanning happens locally on your machine via the CLI.

Data Retention

Your account data is retained for as long as your account is active. If you request account deletion from your account settings, your account enters a 90-day retention period. During this time you can reactivate by logging back in. After 90 days, your account and personal data are permanently deleted from our systems. Stripe may retain payment records as required by financial regulations.

Your Rights

Depending on your location, you may have the following rights:

• Access — request a copy of the personal data we hold about you.
• Rectification — update or correct your personal information.
• Deletion — request deletion of your account and associated data from your account settings. Deletion completes after a 90-day retention period.
• Portability — receive your data in a portable format.
• Opt-out — opt out of non-essential data processing at any time.

These rights apply under GDPR (EU/EEA), CCPA (California), and similar privacy regulations.

Children's Privacy

Oncecheck is not intended for children under the age of 13. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this policy from time to time. When we do, we will revise the “Last updated” date at the top of this page.