Privacy Policy

Last updated: December 20, 2025

H-One ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our e-commerce platform and related services (the "Service").

By using our Service, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

1. Information We Collect

1.1 Personal Data

When you register for an account or use our Service, we may collect personally identifiable information, including but not limited to:

  • Name and email address
  • Business name and VAT number (for business accounts)
  • Billing address and payment information
  • Phone number (if provided)
  • Account credentials (username and encrypted password)

1.2 Usage Data

We automatically collect certain information when you visit, use, or navigate the Service:

  • IP address and browser type
  • Operating system and device information
  • Pages visited, time spent on pages, and click data
  • Referring website addresses
  • Access times and dates

1.3 Store and Customer Data

If you use our platform to operate an online store, we collect and process data related to your store operations, including product information, order data, customer information, and transaction records. This data is stored in isolated tenant databases specific to your store.

2. How We Use Your Information

We use the information we collect or receive to:

  • Create and manage your account
  • Process your subscriptions and payments via Mollie
  • Provide, operate, and maintain our Service
  • Improve, personalize, and expand our Service
  • Understand and analyze how you use our Service
  • Develop new products, services, features, and functionality
  • Communicate with you, including for customer service, updates, and marketing
  • Send you technical notices and support messages
  • Prevent fraud and enhance security
  • Comply with legal obligations and enforce our Terms of Service

3. Third-Party Services

We may employ third-party companies and services to facilitate our Service. These third parties have access to your personal data only to perform specific tasks on our behalf.

3.1 Payment Processing

We use Mollie for payment processing and subscription management. When you make a payment, your payment information is transmitted directly to Mollie and is subject to Mollie's privacy policy. We do not store complete credit card or bank account numbers on our servers.

4. Data Retention

We will retain your personal data only for as long as necessary for the purposes set out in this Privacy Policy:

  • Account Data: Retained while your account is active and for 7 years after account closure for legal and tax compliance
  • Transaction Records: Retained for 7 years to comply with Dutch accounting and tax regulations
  • Usage Data: Retained for up to 2 years for analytics and service improvement

5. Data Security

The security of your data is important to us. We implement industry-standard technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit using HTTPS/TLS
  • Secure authentication using JWT tokens stored in httpOnly cookies
  • Multi-tenant database architecture with isolated schemas per tenant
  • Regular security audits and updates
  • Encrypted password storage using industry-standard hashing

6. Your Rights Under GDPR

If you are a resident of the European Economic Area (EEA) or the Netherlands, you have certain data protection rights under the General Data Protection Regulation (GDPR):

  • Right of Access: You have the right to request copies of your personal data
  • Right to Rectification: You have the right to request correction of inaccurate or incomplete data
  • Right to Erasure: You have the right to request deletion of your personal data under certain conditions
  • Right to Data Portability: You have the right to request transfer of your data to another organization
  • Right to Object: You have the right to object to our processing of your personal data

To exercise any of these rights, please contact us at edwarddijkstra@h-one.ai.

7. Contact Us

If you have any questions about this Privacy Policy, please contact us:

H-One

Email: edwarddijkstra@h-one.ai

8. Supervisory Authority

If you are located in the EEA or the Netherlands, you have the right to lodge a complaint with your local data protection supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority).

Back to Home