This Privacy Policy explains how OneStop ESG ("OneStop ESG," "we," "us," or "our") collects, uses, shares, and protects personal data when you visit or use onestopesg.com (the "Site") and related services (the "Services"). It also describes your rights and choices.
By using the Site or the Services, you agree to this Privacy Policy.
This Policy covers personal data we collect through:
This Policy does not cover third-party websites or services that link to or from our Site.
We do not collect payment card data.
We use cookies, pixels, and local storage for:
Tools in use include: Google Analytics, Hotjar, Plausible, Microsoft Clarity.
You can control cookies in your browser settings. Some features may not work without certain cookies. Where required by law, we will seek consent before setting non-essential cookies.
When you sign in with Google or LinkedIn via NextAuth, we receive the basic profile data you approve during sign-in. We do not request contacts, work history, or posting permissions.
We do not seek to collect sensitive personal data (such as health data, precise geolocation, or government IDs). Do not submit such data through the Site.
Legal basis (GDPR): performance of a contract or steps prior to entering into a contract; legitimate interests to run and protect our Services.
Legal basis: legitimate interests to improve and secure our Services; consent where local law requires it for analytics cookies.
Legal basis: performance of a contract (service messages); consent or legitimate interests for marketing. You can unsubscribe at any time from marketing emails.
Legal basis: performance of a contract and legitimate interests to operate the marketplace.
Legal basis: legal obligations and legitimate interests to protect our users and Services.
We do not conduct automated decision-making that produces legal or similarly significant effects.
We do not sell or rent personal data. We do not share data with advertisers for their own marketing.
We share data with trusted providers that support our operations, such as:
These providers process data on our instructions and under contract.
We may share data when the law requires it or to protect rights, safety, or the integrity of the Services.
We serve users globally. Your data may be stored or processed in countries that may have different data protection laws than your country.
When we transfer personal data from the EEA/UK/Switzerland to countries that are not covered by an adequacy decision, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, where required by law.
We keep personal data for as long as needed for the purposes described in this Policy. If you delete your account or request deletion, we will delete your personal data unless we need to keep it to meet legal, accounting, or security needs. Usage logs and backups may persist for a limited period.
You can request deletion at any time by emailing [email protected].
We apply access controls, account-level restrictions, monitoring, and other administrative safeguards to protect data. Our databases run on AWS.
Data is not encrypted at rest in our systems. We do not provide end-to-end encryption. Do not share confidential or sensitive information through free-text fields.
No method of transmission or storage is fully secure. We work to detect and respond to incidents and will notify users and authorities when required.
You may have the right to:
To exercise these rights, email [email protected]. We will respond within one month, or as local law requires. You can lodge a complaint with your local supervisory authority.
You may have the right to:
We do not sell or share personal information as those terms are defined in the CPRA. To exercise rights, email [email protected]. We will respond within 45 days, or as the law allows.
We honor requests to access, correct, or delete personal data, and we follow local laws that apply. Contact [email protected].
You can unsubscribe using the link in our emails or by emailing [email protected].
Use your browser settings to block or delete cookies. You can also use built-in tools from some analytics providers to reduce tracking. Where required, we will ask for consent before setting analytics cookies.
You can request access, correction, or deletion of your account by emailing [email protected].
Our Services are not directed to children. We do not knowingly collect personal data from children under 13 (or a higher age where local law sets it). If you believe a child provided data to us, email [email protected] and we will act.
The Site may include links to third-party websites or services. Their privacy policies govern those services. We are not responsible for their practices.
We may update this Policy from time to time. We will post the new version on this page and change the "Last updated" date. If changes meaningfully affect your rights, we will provide a clear notice.
name, email, IP address, device and browser identifiers
pages viewed, clicks, session duration, referrers
inferred from IP
usage patterns used to improve Services
We do not collect payment information through the Site.
To exercise your rights, email [email protected]. We may ask for information to verify your identity and to protect your account. If an agent submits a request for you, we may ask for proof of authorization.