Applications

Get Started

Applications

Infra One Privacy Policy.

Introduction and Overview.

An overview of data protection

We at Infra One (provided by Allocator One Fund Services GmbH) take the protection of your personal data very seriously. This Privacy Policy explains what data we collect from you, how we use and protect it, and your rights regarding your data. Personal data means any information that can personally identify you. Please read this policy carefully to understand our practices.

When you visit our website or use the Infra One application, we collect various personal data. The sections below detail what information we collect, how and why we process it, and how you can control your data.

Data Controller and Contact Information.

The “controller” (responsible entity) for data processing is:

Allocator One Fund Services GmbH (operating the Infra One app)
Wasagasse 11/9, 1090 Vienna, Austria
Phone: +43 664 1481651
Email: michael@allocator.one

If you have any questions about this Privacy Policy or how we handle your data, please contact us at the above address or email.

The “controller” (responsible entity) for data processing is:

Allocator One Fund Services GmbH (operating the Infra One app)
Wasagasse 11/9, 1090 Vienna, Austria
Phone: +43 664 1481651
Email: michael@allocator.one

If you have any questions about this Privacy Policy or how we handle your data, please contact us at the above address or email.

The “controller” (responsible entity) for data processing is:

Allocator One Fund Services GmbH (operating the Infra One app)
Wasagasse 11/9, 1090 Vienna, Austria
Phone: +43 664 1481651
Email: michael@allocator.one

If you have any questions about this Privacy Policy or how we handle your data, please contact us at the above address or email.

What Data We Collect.

We collect personal data when you interact with our website or app. This includes data you actively provide to us and data collected automatically:

Data You Provide: When you create an Infra One account, fill out a contact form, or communicate with us (e.g. by email, telephone, or fax), you may give us personal information such as your name, email address, phone number, or other details related to your request. We process this data to fulfill the purpose for which you provided it (for example, to respond to your inquiry or to provide the services you requested). We do not share this data with third parties without your consent, except as described in this policy.

Data Collected Automatically: When you visit our website or use our app, our IT systems may collect technical data automatically. This includes information such as your browser type and version, operating system, referrer URL (the page you visited before ours), the date and time of access, your device’s host name and IP address, and similar technical identifiers. This technical information is collected to ensure the proper functioning and security of our website and services. For example, server logs record these details to help us diagnose issues and protect against misuse. We may also use this data to analyze how users navigate our site or app (in an aggregated, non-identifying way) so we can improve user experience. This technical data (often collected in server log files) is processed based on our legitimate interest in maintaining a secure, efficient service (Art. 6(1)(f) GDPR).

Cookies and Tracking: Our website uses cookies and similar technologies to enhance your experience and analyze usage. Some cookies are essential for the site to function (e.g. for keeping you logged in), while others (used with your consent) help us understand traffic or remember your preferences. For more details on cookies and how to manage them, please see our Cookie Policy or relevant sections below.

We collect personal data when you interact with our website or app. This includes data you actively provide to us and data collected automatically:

Data You Provide: When you create an Infra One account, fill out a contact form, or communicate with us (e.g. by email, telephone, or fax), you may give us personal information such as your name, email address, phone number, or other details related to your request. We process this data to fulfill the purpose for which you provided it (for example, to respond to your inquiry or to provide the services you requested). We do not share this data with third parties without your consent, except as described in this policy.

Data Collected Automatically: When you visit our website or use our app, our IT systems may collect technical data automatically. This includes information such as your browser type and version, operating system, referrer URL (the page you visited before ours), the date and time of access, your device’s host name and IP address, and similar technical identifiers. This technical information is collected to ensure the proper functioning and security of our website and services. For example, server logs record these details to help us diagnose issues and protect against misuse. We may also use this data to analyze how users navigate our site or app (in an aggregated, non-identifying way) so we can improve user experience. This technical data (often collected in server log files) is processed based on our legitimate interest in maintaining a secure, efficient service (Art. 6(1)(f) GDPR).

Cookies and Tracking: Our website uses cookies and similar technologies to enhance your experience and analyze usage. Some cookies are essential for the site to function (e.g. for keeping you logged in), while others (used with your consent) help us understand traffic or remember your preferences. For more details on cookies and how to manage them, please see our Cookie Policy or relevant sections below.

We collect personal data when you interact with our website or app. This includes data you actively provide to us and data collected automatically:

Data You Provide: When you create an Infra One account, fill out a contact form, or communicate with us (e.g. by email, telephone, or fax), you may give us personal information such as your name, email address, phone number, or other details related to your request. We process this data to fulfill the purpose for which you provided it (for example, to respond to your inquiry or to provide the services you requested). We do not share this data with third parties without your consent, except as described in this policy.

Data Collected Automatically: When you visit our website or use our app, our IT systems may collect technical data automatically. This includes information such as your browser type and version, operating system, referrer URL (the page you visited before ours), the date and time of access, your device’s host name and IP address, and similar technical identifiers. This technical information is collected to ensure the proper functioning and security of our website and services. For example, server logs record these details to help us diagnose issues and protect against misuse. We may also use this data to analyze how users navigate our site or app (in an aggregated, non-identifying way) so we can improve user experience. This technical data (often collected in server log files) is processed based on our legitimate interest in maintaining a secure, efficient service (Art. 6(1)(f) GDPR).

Cookies and Tracking: Our website uses cookies and similar technologies to enhance your experience and analyze usage. Some cookies are essential for the site to function (e.g. for keeping you logged in), while others (used with your consent) help us understand traffic or remember your preferences. For more details on cookies and how to manage them, please see our Cookie Policy or relevant sections below.

Integration with Google Services (Google User Data).

As part of the Infra One application, we offer features that integrate with Google services, specifically your Gmail account. If you choose to connect your Google account with Infra One, our app will request access to certain Google user data in order to provide you with the intended functionality. We use Google’s OAuth 2.0 protocol to obtain your permission for this access, and we will only retrieve and use your Google data with your explicit consent.

What Google User Data We Access: When you link your Google account (for example, to use Gmail features within our app), Infra One will access data from your Gmail on your behalf. This may include your email messages and associated information such as email addresses of senders and recipients, subject lines, timestamps, email bodies, and attachments in your Gmail account. We access this data only to the extent necessary to provide the specific features and services of our application that you have elected to use. We do not collect any Google user data beyond what is needed for those features, and we do not access any other data from your Google account (for instance, we do not view your Google Drive files, contacts, or other Google account data unless explicitly stated and authorized by you).

How We Use Google User Data: Any Gmail data we access is used strictly to provide you with functionalities within the Infra One app. For example, if Infra One offers the ability to view or organize your emails, we will retrieve your relevant Gmail messages and display them to you in the app; or if the app allows you to send emails or create content based on your emails, we will use the necessary Gmail data to perform those actions at your request. We use your Google data solely to deliver the services and features you have requested – in other words, to operate and improve Infra One’s user-facing features that involve your Gmail content. We do not use data from your Gmail for any other purposes outside of our application’s core functionality. In particular, we will never use your Gmail information for marketing or advertising, profiling you, or for any purposes unrelated to providing the Infra One service to you.

Sharing and Disclosure of Google User Data: We do not share, transfer, or disclose any data obtained from your Google account to any third party except in very limited circumstances: (1) if you explicitly direct or consent to us sharing specific data (for example, if you use a feature to intentionally share an email or content with someone else, or export data to another service, we will do so only with your instruction); or (2) if we are legally required to disclose the data (for instance, to comply with a valid court order or regulatory demand). Internally, access to your Google data is restricted to authorized Infra One personnel or contractors who need it to operate and maintain the service, and who are bound by strict confidentiality and data protection obligations. We also want to clarify that we do not sell your Google user data, and we do not disclose it for any purposes other than those necessary to serve you as described. Your Gmail data remains within the Infra One system under your control.

Data Retention and Deletion (Google User Data): We retain data fetched from your Google account only for as long as necessary to fulfill the purposes for which you granted access. This generally means that your Gmail data is stored on our systems only while your Infra One account is active and you continue to use the Google-integrated features. If you disconnect or revoke Infra One’s access to your Google account, or if you delete your Infra One account, we will cease accessing your Google data and will delete the Google user data we have stored (subject to any legal obligations to retain certain data). You also have the ability to delete specific Google-sourced content through the Infra One app (for example, you might remove an imported email or attachment), and you may request full deletion of all Google data we hold about you at any time by contacting us. Upon such a request, we will delete the data from our servers unless we are required by law to keep it. In summary, we store your Google-sourced personal information only as long as needed to serve you and as permitted by you. When it is no longer needed (or when you ask us to), we will delete it securely.

Data Security for Google User Data: We apply high security standards to all personal data in our custody, including Google user data. All communication between the Infra One app and Google’s servers is encrypted via HTTPS (SSL/TLS), which prevents unauthorized parties from intercepting the data in transit. Any Google data stored on our systems is protected by robust access controls and encryption measures. We limit access to your Google data strictly to personnel and processes that require it to operate the service for you. In addition, we regularly review our information security practices to guard against unauthorized access or disclosure. In plain terms, we use industry-standard security practices (encryption, access control, etc.) to keep your Google data safe within Infra One.

By using the Google integration features of Infra One, you consent to our access and use of your Google user data as described above. We will notify you of any important changes to how we handle Google data via updates to this Privacy Policy or through in-app notifications.

Why We Process Your Data (Purposes and Legal Bases).

We process your personal data for the following purposes, and pursuant to the legal bases defined by applicable law (such as the EU General Data Protection Regulation, GDPR):

Providing and Improving Our Services: We use your data to operate Infra One and provide the features and services you expect. For example, we process login credentials to authenticate you, and we use technical information to ensure our website and app display correctly on your device. We also collect certain data to maintain the security and integrity of our platform (such as monitoring for fraudulent or unauthorized activity). Additionally, understanding how users interact with our app (through analytics or feedback) helps us improve our product. The legal bases for these processing activities are typically performance of a contract (Art. 6(1)(b) GDPR) – since most data we collect is needed to deliver our services as per our user agreement – and our legitimate interests in operating a safe, efficient, and useful service (Art. 6(1)(f) GDPR). We ensure that our legitimate interests do not override your fundamental rights and freedoms by using data in a proportionate and privacy-conscious way (for instance, analyzing usage in aggregate form and securing data appropriately).

Communication and Customer Support: If you contact us with questions, requests, or for support, we will use your provided information (like your contact details and the content of your request) to respond to you. We may also send you service-related communications (e.g. important account notices, security alerts, or updates about our terms or policies). These communications are considered part of our contractual obligations to you or are in our legitimate interest to effectively service our users. Promotional communications (such as newsletters or offers) will only be sent to you if you have opted in to receive them, in which case the legal basis is your consent (Art. 6(1)(a) GDPR). You can withdraw your consent for marketing communications at any time (for example, by using the “unsubscribe” link in an email).

Compliance with Legal Obligations: In certain cases, we may need to process personal data to comply with legal obligations, regulations, or court orders (Art. 6(1)(c) GDPR). For instance, we might retain transaction records for financial reporting or respond to legally binding requests from authorities. We will only disclose the data that is necessary and will ensure any request is legitimate before doing so.

We will not use your personal data for any purpose that is not disclosed in this Privacy Policy without your consent. Importantly, we do not use your personal data for selling to data brokers, for third-party advertising purposes, or for any profiling or analytics beyond what is needed to provide and improve our own services.

We process your personal data for the following purposes, and pursuant to the legal bases defined by applicable law (such as the EU General Data Protection Regulation, GDPR):

Providing and Improving Our Services: We use your data to operate Infra One and provide the features and services you expect. For example, we process login credentials to authenticate you, and we use technical information to ensure our website and app display correctly on your device. We also collect certain data to maintain the security and integrity of our platform (such as monitoring for fraudulent or unauthorized activity). Additionally, understanding how users interact with our app (through analytics or feedback) helps us improve our product. The legal bases for these processing activities are typically performance of a contract (Art. 6(1)(b) GDPR) – since most data we collect is needed to deliver our services as per our user agreement – and our legitimate interests in operating a safe, efficient, and useful service (Art. 6(1)(f) GDPR). We ensure that our legitimate interests do not override your fundamental rights and freedoms by using data in a proportionate and privacy-conscious way (for instance, analyzing usage in aggregate form and securing data appropriately).

Communication and Customer Support: If you contact us with questions, requests, or for support, we will use your provided information (like your contact details and the content of your request) to respond to you. We may also send you service-related communications (e.g. important account notices, security alerts, or updates about our terms or policies). These communications are considered part of our contractual obligations to you or are in our legitimate interest to effectively service our users. Promotional communications (such as newsletters or offers) will only be sent to you if you have opted in to receive them, in which case the legal basis is your consent (Art. 6(1)(a) GDPR). You can withdraw your consent for marketing communications at any time (for example, by using the “unsubscribe” link in an email).

Compliance with Legal Obligations: In certain cases, we may need to process personal data to comply with legal obligations, regulations, or court orders (Art. 6(1)(c) GDPR). For instance, we might retain transaction records for financial reporting or respond to legally binding requests from authorities. We will only disclose the data that is necessary and will ensure any request is legitimate before doing so.

We process your personal data for the following purposes, and pursuant to the legal bases defined by applicable law (such as the EU General Data Protection Regulation, GDPR):

Providing and Improving Our Services: We use your data to operate Infra One and provide the features and services you expect. For example, we process login credentials to authenticate you, and we use technical information to ensure our website and app display correctly on your device. We also collect certain data to maintain the security and integrity of our platform (such as monitoring for fraudulent or unauthorized activity). Additionally, understanding how users interact with our app (through analytics or feedback) helps us improve our product. The legal bases for these processing activities are typically performance of a contract (Art. 6(1)(b) GDPR) – since most data we collect is needed to deliver our services as per our user agreement – and our legitimate interests in operating a safe, efficient, and useful service (Art. 6(1)(f) GDPR). We ensure that our legitimate interests do not override your fundamental rights and freedoms by using data in a proportionate and privacy-conscious way (for instance, analyzing usage in aggregate form and securing data appropriately).

Communication and Customer Support: If you contact us with questions, requests, or for support, we will use your provided information (like your contact details and the content of your request) to respond to you. We may also send you service-related communications (e.g. important account notices, security alerts, or updates about our terms or policies). These communications are considered part of our contractual obligations to you or are in our legitimate interest to effectively service our users. Promotional communications (such as newsletters or offers) will only be sent to you if you have opted in to receive them, in which case the legal basis is your consent (Art. 6(1)(a) GDPR). You can withdraw your consent for marketing communications at any time (for example, by using the “unsubscribe” link in an email).

Compliance with Legal Obligations: In certain cases, we may need to process personal data to comply with legal obligations, regulations, or court orders (Art. 6(1)(c) GDPR). For instance, we might retain transaction records for financial reporting or respond to legally binding requests from authorities. We will only disclose the data that is necessary and will ensure any request is legitimate before doing so.

Disclosure of Your Personal Data to Third Parties.

We do not sell or rent your personal information to any third parties. In general, we will not share your personal data with anyone outside Infra One and its direct service providers, except in the following circumstances:

Service Providers (Processors): We may share data with trusted third-party companies that we engage to perform services on our behalf. These include, for example, cloud hosting providers (who store or process data for us), email delivery services (that help us send communications to you), analytics providers (that help us understand how our product is used), or other IT and security service providers. These parties act under strict contracts as our data processors. They are only permitted to process your data for our specified purposes and in line with our instructions, and they are obligated to keep your data confidential and secure. Sharing information with such partners is done to support the functionality of Infra One and provide our services to you. We ensure that these providers have appropriate data protection measures in place.

With Your Consent or At Your Direction: We will share your information with external parties if (and only if) you have explicitly instructed us to do so, or have given us your clear consent. For example, if Infra One allows you to export or sync your data to another platform, we will do so only when you initiate that action. Similarly, if you ask us to refer you to a partner or you integrate Infra One with another service, we will share data as needed and as authorized by you. In these cases, you will typically be informed of what information will be shared and with whom, and we will proceed only with your approval.

Legal Obligations or Protection of Rights: We may disclose personal data to third parties if we are required to by law or if such action is necessary to: (i) comply with a legal obligation, process, or request (e.g. responding to a court order, law enforcement inquiry, or regulatory requirement); (ii) enforce our terms of service or other agreements; or (iii) protect the rights, property, or safety of Infra One, our users, or the public. This could include exchanging information with law enforcement or other authorities for fraud prevention or investigation. In any case, we will only disclose the minimum data necessary and will ensure there is a valid legal basis for the disclosure.

Aside from the circumstances above, your data will not be shared with third parties. Notably, any data from your Google account that we access through the Infra One app is treated with even stricter non-disclosure: as explained in the "Google User Data" section, we do not disclose your Google-derived information to any third party unless you direct us to or we are compelled by law.

Service Providers (Processors): We may share data with trusted third-party companies that we engage to perform services on our behalf. These include, for example, cloud hosting providers (who store or process data for us), email delivery services (that help us send communications to you), analytics providers (that help us understand how our product is used), or other IT and security service providers. These parties act under strict contracts as our data processors. They are only permitted to process your data for our specified purposes and in line with our instructions, and they are obligated to keep your data confidential and secure. Sharing information with such partners is done to support the functionality of Infra One and provide our services to you. We ensure that these providers have appropriate data protection measures in place.

With Your Consent or At Your Direction: We will share your information with external parties if (and only if) you have explicitly instructed us to do so, or have given us your clear consent. For example, if Infra One allows you to export or sync your data to another platform, we will do so only when you initiate that action. Similarly, if you ask us to refer you to a partner or you integrate Infra One with another service, we will share data as needed and as authorized by you. In these cases, you will typically be informed of what information will be shared and with whom, and we will proceed only with your approval.

Legal Obligations or Protection of Rights: We may disclose personal data to third parties if we are required to by law or if such action is necessary to: (i) comply with a legal obligation, process, or request (e.g. responding to a court order, law enforcement inquiry, or regulatory requirement); (ii) enforce our terms of service or other agreements; or (iii) protect the rights, property, or safety of Infra One, our users, or the public. This could include exchanging information with law enforcement or other authorities for fraud prevention or investigation. In any case, we will only disclose the minimum data necessary and will ensure there is a valid legal basis for the disclosure.

Service Providers (Processors): We may share data with trusted third-party companies that we engage to perform services on our behalf. These include, for example, cloud hosting providers (who store or process data for us), email delivery services (that help us send communications to you), analytics providers (that help us understand how our product is used), or other IT and security service providers. These parties act under strict contracts as our data processors. They are only permitted to process your data for our specified purposes and in line with our instructions, and they are obligated to keep your data confidential and secure. Sharing information with such partners is done to support the functionality of Infra One and provide our services to you. We ensure that these providers have appropriate data protection measures in place.

With Your Consent or At Your Direction: We will share your information with external parties if (and only if) you have explicitly instructed us to do so, or have given us your clear consent. For example, if Infra One allows you to export or sync your data to another platform, we will do so only when you initiate that action. Similarly, if you ask us to refer you to a partner or you integrate Infra One with another service, we will share data as needed and as authorized by you. In these cases, you will typically be informed of what information will be shared and with whom, and we will proceed only with your approval.

Legal Obligations or Protection of Rights: We may disclose personal data to third parties if we are required to by law or if such action is necessary to: (i) comply with a legal obligation, process, or request (e.g. responding to a court order, law enforcement inquiry, or regulatory requirement); (ii) enforce our terms of service or other agreements; or (iii) protect the rights, property, or safety of Infra One, our users, or the public. This could include exchanging information with law enforcement or other authorities for fraud prevention or investigation. In any case, we will only disclose the minimum data necessary and will ensure there is a valid legal basis for the disclosure.

Data Transfers to Non-EU Countries.

Infra One is based in the European Union (our headquarters are in Austria). However, some of the personal data we collect may be processed by third-party service providers in other countries, including outside the European Economic Area (EEA). For example, if we use a cloud server or email service located in the United States or another country, or if we integrate with Google’s systems, your data may be transferred to and stored/processed in that country.

When personal data is transferred to a country outside the EU/EEA that may not have the same level of data protection as within Europe, we take steps to safeguard your privacy. These measures include:

EU Standard Contractual Clauses: We sign standard data protection clauses (approved by the European Commission) with non-EU service providers to contractually require that your data receives an equivalent level of protection as it would under EU law.
Privacy Frameworks: Where applicable, we ensure our partners are certified or comply with recognized data protection frameworks (for instance, adherence to the EU-U.S. Data Privacy Framework, or any successor mechanism, for transfers to the United States).

Your Consent in Specific Cases: In the event we ever need to transfer data to a new third country and no other legal safeguard is available, we would do so only with your informed consent (Art. 49(1)(a) GDPR).

Despite these safeguards, please note that when data is stored or processed in another country, it may be subject to the laws of that jurisdiction (for example, data in the U.S. might be accessible to government authorities under U.S. law). No matter where your data is processed, we will take appropriate measures to protect it in line with this Privacy Policy. You can contact us if you have questions about our international data transfer practices.

EU Standard Contractual Clauses: We sign standard data protection clauses (approved by the European Commission) with non-EU service providers to contractually require that your data receives an equivalent level of protection as it would under EU law.
Privacy Frameworks: Where applicable, we ensure our partners are certified or comply with recognized data protection frameworks (for instance, adherence to the EU-U.S. Data Privacy Framework, or any successor mechanism, for transfers to the United States).

Your Consent in Specific Cases: In the event we ever need to transfer data to a new third country and no other legal safeguard is available, we would do so only with your informed consent (Art. 49(1)(a) GDPR).

EU Standard Contractual Clauses: We sign standard data protection clauses (approved by the European Commission) with non-EU service providers to contractually require that your data receives an equivalent level of protection as it would under EU law.
Privacy Frameworks: Where applicable, we ensure our partners are certified or comply with recognized data protection frameworks (for instance, adherence to the EU-U.S. Data Privacy Framework, or any successor mechanism, for transfers to the United States).

Your Consent in Specific Cases: In the event we ever need to transfer data to a new third country and no other legal safeguard is available, we would do so only with your informed consent (Art. 49(1)(a) GDPR).

Data Security Measures.

We implement robust security measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. Some of the key security practices we follow include:

Encryption: All data transmitted between your browser or app and our servers is secured using SSL/TLS encryption. You can verify this by noting the "https://" at the beginning of our website URL and the lock icon in your browser’s address bar. Encryption in transit helps ensure that no one can eavesdrop on your communications with our service. We also employ encryption at rest for sensitive data stored in our databases, adding an extra layer of protection in case of any unauthorized access to our storage.

Access Controls: We restrict access to personal data strictly to employees and contractors who need that information to operate, develop, or support our services. These individuals are bound by confidentiality obligations and are subject to discipline (including termination or legal action) if they fail to meet these obligations. Within our organization, access to sensitive information is controlled and logged.

Monitoring and Testing: We maintain appropriate technical and organizational measures to prevent security breaches. Our systems are protected by firewalls and regularly updated to patch vulnerabilities. We periodically test and evaluate the effectiveness of our security measures. In addition, we have a data breach response plan to handle any incidents swiftly and transparently, in accordance with applicable laws.

While we strive to protect your information with high standards, it’s important to note that no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee absolute security of your data. However, we continuously improve our security practices to mitigate risks, and if we become aware of a data breach that affects your personal data, we will inform you and the relevant authorities as required by law.

We implement robust security measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. Some of the key security practices we follow include:

Encryption: All data transmitted between your browser or app and our servers is secured using SSL/TLS encryption. You can verify this by noting the "https://" at the beginning of our website URL and the lock icon in your browser’s address bar. Encryption in transit helps ensure that no one can eavesdrop on your communications with our service. We also employ encryption at rest for sensitive data stored in our databases, adding an extra layer of protection in case of any unauthorized access to our storage.

Access Controls: We restrict access to personal data strictly to employees and contractors who need that information to operate, develop, or support our services. These individuals are bound by confidentiality obligations and are subject to discipline (including termination or legal action) if they fail to meet these obligations. Within our organization, access to sensitive information is controlled and logged.

Monitoring and Testing: We maintain appropriate technical and organizational measures to prevent security breaches. Our systems are protected by firewalls and regularly updated to patch vulnerabilities. We periodically test and evaluate the effectiveness of our security measures. In addition, we have a data breach response plan to handle any incidents swiftly and transparently, in accordance with applicable laws.

We implement robust security measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. Some of the key security practices we follow include:

Encryption: All data transmitted between your browser or app and our servers is secured using SSL/TLS encryption. You can verify this by noting the "https://" at the beginning of our website URL and the lock icon in your browser’s address bar. Encryption in transit helps ensure that no one can eavesdrop on your communications with our service. We also employ encryption at rest for sensitive data stored in our databases, adding an extra layer of protection in case of any unauthorized access to our storage.

Access Controls: We restrict access to personal data strictly to employees and contractors who need that information to operate, develop, or support our services. These individuals are bound by confidentiality obligations and are subject to discipline (including termination or legal action) if they fail to meet these obligations. Within our organization, access to sensitive information is controlled and logged.

Monitoring and Testing: We maintain appropriate technical and organizational measures to prevent security breaches. Our systems are protected by firewalls and regularly updated to patch vulnerabilities. We periodically test and evaluate the effectiveness of our security measures. In addition, we have a data breach response plan to handle any incidents swiftly and transparently, in accordance with applicable laws.

Your Rights as a Data Subject.

As an individual using Infra One and our services, you have certain rights regarding your personal data. We respect your rights and have processes in place to help you exercise them. Below is a summary of your key data protection rights:

Right to Withdraw Consent: If we are processing any of your personal data based on your consent (for example, optional profile information or receiving marketing emails), you have the right to revoke that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we carried out before your withdrawal. It will, however, mean that we stop the specific processing that was based on consent. For instance, if you consented to receive a newsletter, you can opt out later and we will cease sending it.

Right to Object to Processing: You have the right to object to the processing of your personal data in certain circumstances. This includes:

Objecting to Legitimate Interest Processing: If we are processing your data based on our legitimate interests (Art. 6(1)(f) GDPR) or for a task in the public interest (Art. 6(1)(e)), you can object to that processing on grounds relating to your particular situation. If you lodge such an objection, we will consider it and will stop or restrict processing your data unless we have compelling legitimate grounds that override your rights and interests, or if we need to continue processing for the establishment, exercise, or defense of legal claims.

Objecting to Direct Marketing: You always have the right to object to your personal data being processed for direct marketing purposes. This is an absolute right. If you object to processing for direct advertising (including any related profiling for marketing), we will immediately stop using your personal data for those purposes.

Right of Access: You have the right to request confirmation of whether we are processing personal data about you, and if so, to access that data and be informed about details of the processing. This is often called a Data Subject Access Request. Upon request, we will provide you with a copy of the personal data we have about you (in a common electronic format, unless otherwise requested) along with details such as the purposes of processing, the categories of data, the recipients (or categories of recipients) to whom the data has been disclosed, and the applicable retention period or criteria.

Right to Rectification: You have the right to correct inaccurate personal data we hold about you, and to have incomplete data completed. If you become aware that the information you provided to us is no longer up to date or is incorrect, please let us know and we will rectify it without undue delay.

Right to Erasure ("Right to be Forgotten"): You have the right to request deletion of your personal data in certain circumstances. This includes situations where: (i) the data is no longer necessary for the purposes it was collected or processed; (ii) you withdraw consent and we have no other legal basis to continue processing; (iii) you object to processing (see above) and we have no overriding legitimate grounds to continue; (iv) the data has been processed unlawfully; or (v) the data must be erased to comply with a legal obligation. Please note that this right is not absolute – sometimes we may have lawful grounds to retain some data (for example, we may need to keep certain records to comply with tax laws or if there’s an unresolved issue relating to your account). If that is the case, we will inform you. Otherwise, upon a valid erasure request, we will promptly delete or anonymize your personal data and confirm to you once this has been done.

Right to Restriction of Processing: You have the right to ask us to limit or "freeze" the processing of your personal data in certain situations. When processing is restricted, we can still store your data but not use it further (until the restriction is lifted). You can request restriction if:

You contest the accuracy of your personal data – for the period we need to verify your claim.
The processing is unlawful but you oppose erasure and prefer us to restrict use of the data instead.
We no longer need the personal data for the original purposes, but you need the data to establish, exercise, or defend legal claims.
You have objected to processing based on our legitimate interests (Art. 21(1) GDPR), and you are awaiting verification of whether our grounds override yours.

If you obtain restriction of processing, we will inform you before lifting the restriction. During the restricted period, we will only process your data (aside from storing it) with your consent or for specific legal reasons (such as protecting another person’s rights or for important public interest reasons).

Right to Data Portability: For data that you have provided to us and which we process by automated means based on your consent or on a contract with you, you have the right to receive that data in a structured, commonly used, machine-readable format. You also have the right to request that we transmit this data directly to another data controller, where technically feasible. In practical terms, this means you can ask us for an export of personal data that you provided via the Infra One service (e.g. your profile information, or content you’ve input), so you can move it to another service. We will facilitate such requests to the extent possible.

Right to Lodge a Complaint: If you believe that we have infringed your data protection rights or violated applicable privacy laws, you have the right to file a complaint with a supervisory authority. You may do this in the EU Member State where you reside, where you work, or where the issue occurred. For example, in Austria you can contact the Österreichische Datenschutzbehörde (Austrian Data Protection Authority). In most cases, we would appreciate the chance to address your concerns directly before you approach a regulator, so we encourage you to contact us with any complaint and we will do our best to resolve it amicably and swiftly.

Exercising Your Rights: You can exercise any of the above rights by contacting us via the contact information provided in this Privacy Policy. For security reasons, we may need to verify your identity before fulfilling certain requests (to ensure that it’s really you making the request). We will respond to your request as soon as possible, and at the latest within the timeframe required by law (generally within one month for GDPR requests, with the possibility of an extension in complex cases). There is no fee for exercising your rights; however, if a request is manifestly unfounded or excessive (for example, repetitive), we may charge a reasonable fee or refuse to act on it, as permitted by law.

Right to Withdraw Consent: If we are processing any of your personal data based on your consent (for example, optional profile information or receiving marketing emails), you have the right to revoke that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we carried out before your withdrawal. It will, however, mean that we stop the specific processing that was based on consent. For instance, if you consented to receive a newsletter, you can opt out later and we will cease sending it.

Right to Object to Processing: You have the right to object to the processing of your personal data in certain circumstances. This includes:

Objecting to Legitimate Interest Processing: If we are processing your data based on our legitimate interests (Art. 6(1)(f) GDPR) or for a task in the public interest (Art. 6(1)(e)), you can object to that processing on grounds relating to your particular situation. If you lodge such an objection, we will consider it and will stop or restrict processing your data unless we have compelling legitimate grounds that override your rights and interests, or if we need to continue processing for the establishment, exercise, or defense of legal claims.

Objecting to Direct Marketing: You always have the right to object to your personal data being processed for direct marketing purposes. This is an absolute right. If you object to processing for direct advertising (including any related profiling for marketing), we will immediately stop using your personal data for those purposes.

Right of Access: You have the right to request confirmation of whether we are processing personal data about you, and if so, to access that data and be informed about details of the processing. This is often called a Data Subject Access Request. Upon request, we will provide you with a copy of the personal data we have about you (in a common electronic format, unless otherwise requested) along with details such as the purposes of processing, the categories of data, the recipients (or categories of recipients) to whom the data has been disclosed, and the applicable retention period or criteria.

Right to Rectification: You have the right to correct inaccurate personal data we hold about you, and to have incomplete data completed. If you become aware that the information you provided to us is no longer up to date or is incorrect, please let us know and we will rectify it without undue delay.

Right to Erasure ("Right to be Forgotten"): You have the right to request deletion of your personal data in certain circumstances. This includes situations where: (i) the data is no longer necessary for the purposes it was collected or processed; (ii) you withdraw consent and we have no other legal basis to continue processing; (iii) you object to processing (see above) and we have no overriding legitimate grounds to continue; (iv) the data has been processed unlawfully; or (v) the data must be erased to comply with a legal obligation. Please note that this right is not absolute – sometimes we may have lawful grounds to retain some data (for example, we may need to keep certain records to comply with tax laws or if there’s an unresolved issue relating to your account). If that is the case, we will inform you. Otherwise, upon a valid erasure request, we will promptly delete or anonymize your personal data and confirm to you once this has been done.

Right to Restriction of Processing: You have the right to ask us to limit or "freeze" the processing of your personal data in certain situations. When processing is restricted, we can still store your data but not use it further (until the restriction is lifted). You can request restriction if:

You contest the accuracy of your personal data – for the period we need to verify your claim.
The processing is unlawful but you oppose erasure and prefer us to restrict use of the data instead.
We no longer need the personal data for the original purposes, but you need the data to establish, exercise, or defend legal claims.
You have objected to processing based on our legitimate interests (Art. 21(1) GDPR), and you are awaiting verification of whether our grounds override yours.

Right to Data Portability: For data that you have provided to us and which we process by automated means based on your consent or on a contract with you, you have the right to receive that data in a structured, commonly used, machine-readable format. You also have the right to request that we transmit this data directly to another data controller, where technically feasible. In practical terms, this means you can ask us for an export of personal data that you provided via the Infra One service (e.g. your profile information, or content you’ve input), so you can move it to another service. We will facilitate such requests to the extent possible.

Right to Lodge a Complaint: If you believe that we have infringed your data protection rights or violated applicable privacy laws, you have the right to file a complaint with a supervisory authority. You may do this in the EU Member State where you reside, where you work, or where the issue occurred. For example, in Austria you can contact the Österreichische Datenschutzbehörde (Austrian Data Protection Authority). In most cases, we would appreciate the chance to address your concerns directly before you approach a regulator, so we encourage you to contact us with any complaint and we will do our best to resolve it amicably and swiftly.

Right to Withdraw Consent: If we are processing any of your personal data based on your consent (for example, optional profile information or receiving marketing emails), you have the right to revoke that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we carried out before your withdrawal. It will, however, mean that we stop the specific processing that was based on consent. For instance, if you consented to receive a newsletter, you can opt out later and we will cease sending it.

Right to Object to Processing: You have the right to object to the processing of your personal data in certain circumstances. This includes:

Objecting to Legitimate Interest Processing: If we are processing your data based on our legitimate interests (Art. 6(1)(f) GDPR) or for a task in the public interest (Art. 6(1)(e)), you can object to that processing on grounds relating to your particular situation. If you lodge such an objection, we will consider it and will stop or restrict processing your data unless we have compelling legitimate grounds that override your rights and interests, or if we need to continue processing for the establishment, exercise, or defense of legal claims.

Objecting to Direct Marketing: You always have the right to object to your personal data being processed for direct marketing purposes. This is an absolute right. If you object to processing for direct advertising (including any related profiling for marketing), we will immediately stop using your personal data for those purposes.

Right of Access: You have the right to request confirmation of whether we are processing personal data about you, and if so, to access that data and be informed about details of the processing. This is often called a Data Subject Access Request. Upon request, we will provide you with a copy of the personal data we have about you (in a common electronic format, unless otherwise requested) along with details such as the purposes of processing, the categories of data, the recipients (or categories of recipients) to whom the data has been disclosed, and the applicable retention period or criteria.

Right to Rectification: You have the right to correct inaccurate personal data we hold about you, and to have incomplete data completed. If you become aware that the information you provided to us is no longer up to date or is incorrect, please let us know and we will rectify it without undue delay.

Right to Erasure ("Right to be Forgotten"): You have the right to request deletion of your personal data in certain circumstances. This includes situations where: (i) the data is no longer necessary for the purposes it was collected or processed; (ii) you withdraw consent and we have no other legal basis to continue processing; (iii) you object to processing (see above) and we have no overriding legitimate grounds to continue; (iv) the data has been processed unlawfully; or (v) the data must be erased to comply with a legal obligation. Please note that this right is not absolute – sometimes we may have lawful grounds to retain some data (for example, we may need to keep certain records to comply with tax laws or if there’s an unresolved issue relating to your account). If that is the case, we will inform you. Otherwise, upon a valid erasure request, we will promptly delete or anonymize your personal data and confirm to you once this has been done.

Right to Restriction of Processing: You have the right to ask us to limit or "freeze" the processing of your personal data in certain situations. When processing is restricted, we can still store your data but not use it further (until the restriction is lifted). You can request restriction if:

You contest the accuracy of your personal data – for the period we need to verify your claim.
The processing is unlawful but you oppose erasure and prefer us to restrict use of the data instead.
We no longer need the personal data for the original purposes, but you need the data to establish, exercise, or defend legal claims.
You have objected to processing based on our legitimate interests (Art. 21(1) GDPR), and you are awaiting verification of whether our grounds override yours.

Right to Data Portability: For data that you have provided to us and which we process by automated means based on your consent or on a contract with you, you have the right to receive that data in a structured, commonly used, machine-readable format. You also have the right to request that we transmit this data directly to another data controller, where technically feasible. In practical terms, this means you can ask us for an export of personal data that you provided via the Infra One service (e.g. your profile information, or content you’ve input), so you can move it to another service. We will facilitate such requests to the extent possible.

Right to Lodge a Complaint: If you believe that we have infringed your data protection rights or violated applicable privacy laws, you have the right to file a complaint with a supervisory authority. You may do this in the EU Member State where you reside, where you work, or where the issue occurred. For example, in Austria you can contact the Österreichische Datenschutzbehörde (Austrian Data Protection Authority). In most cases, we would appreciate the chance to address your concerns directly before you approach a regulator, so we encourage you to contact us with any complaint and we will do our best to resolve it amicably and swiftly.

Use of Analytics and Advertising Tools.

We may use third-party analytics and advertising tools on our website to better understand user behavior and to promote our services. These tools might utilize cookies or similar technologies to collect information about your website usage over time. Any analysis of browsing patterns is typically done in aggregate form, meaning it does not focus on you individually but rather on general usage trends (unless we have your consent to analyze more personalized data).

For example, we might use Google Analytics or a similar service to see how many users visit a certain page, how long they stay, and what content is popular. This information helps us improve the website and our marketing strategies. If we use such tools, we will update our Cookie Policy or this section with details on what is used and how you can opt out. You always have the option to refuse or disable cookies through your browser settings, though note that some features of our site may require cookies to function properly.

Advertising and Marketing Communications: When you visit or log in to our website, we (and certain authorized partners) may use cookies and tracking technology to associate your activity on our site with other information about you in order to send you targeted communications. For instance, our online advertising partners might recognize a cookie on your browser and, based on that, link your site usage with contact information (such as an email or mailing address) that you may have provided to us or to third parties in the past. This practice is sometimes known as “identity resolution” and is used to present relevant outreach to users across different channels. As a result, we or our service providers may send you marketing emails or postal mail that we believe could be of interest, based on your interactions with our site.

If you prefer not to have your browsing on our site associated with your personal information for marketing purposes, you have options to opt out:

You can visit Retention.com’s opt-out page, as we partner with Retention.com for certain marketing analytics. Using that opt-out will prevent Retention.com from further linking your website visits to personal information for the purpose of marketing.

More generally, you can opt out of receiving marketing emails from us by clicking the “unsubscribe” link in any promotional email, or by adjusting your communication preferences in your Infra One account settings (if available). We honor such opt-outs promptly.

You can also configure your browser to block third-party cookies or use browser extensions to block tracking scripts. Please note, however, that completely blocking cookies might affect the functionality of our site.

We are committed to respecting your privacy choices. Any advertising or analysis programs we engage in will be disclosed to you, and we will provide a way to opt out whenever applicable. Importantly, none of the data we use for third-party analytics or marketing is derived from your Google account integration. We do not use any Gmail or Google-provided data for advertising or share it with advertising partners. Those partners only have access to data collected from your interactions with our website (as described above), not your personal content from the Infra One app.

If you prefer not to have your browsing on our site associated with your personal information for marketing purposes, you have options to opt out:

You can visit Retention.com’s opt-out page, as we partner with Retention.com for certain marketing analytics. Using that opt-out will prevent Retention.com from further linking your website visits to personal information for the purpose of marketing.

More generally, you can opt out of receiving marketing emails from us by clicking the “unsubscribe” link in any promotional email, or by adjusting your communication preferences in your Infra One account settings (if available). We honor such opt-outs promptly.

You can also configure your browser to block third-party cookies or use browser extensions to block tracking scripts. Please note, however, that completely blocking cookies might affect the functionality of our site.

If you prefer not to have your browsing on our site associated with your personal information for marketing purposes, you have options to opt out:

You can visit Retention.com’s opt-out page, as we partner with Retention.com for certain marketing analytics. Using that opt-out will prevent Retention.com from further linking your website visits to personal information for the purpose of marketing.

More generally, you can opt out of receiving marketing emails from us by clicking the “unsubscribe” link in any promotional email, or by adjusting your communication preferences in your Infra One account settings (if available). We honor such opt-outs promptly.

You can also configure your browser to block third-party cookies or use browser extensions to block tracking scripts. Please note, however, that completely blocking cookies might affect the functionality of our site.

Storage Duration.

We keep your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. The length of time we retain data can vary depending on the type of information and the context in which it was collected:

Account Data: If you create an Infra One account, we will retain your account information (such as your name, email, and any other profile info, as well as content you generate or store in the app) for as long as your account remains active. If you decide to terminate your account, or if your account is otherwise removed, we will delete or anonymize the personal data associated with your account within a reasonable period after closure. In some cases, we may retain certain limited information even after account deletion if necessary for legal compliance or legitimate business purposes – for example, keeping records of a transaction as required by financial regulations, or retaining an email address to honor an opt-out request and ensure we don’t contact you again. Any such data will be kept secure and only used for the purpose of meeting those obligations.

Contact and Inquiry Data: If you contact us (for example, via email or support request), we will retain the correspondence and your contact details for as long as needed to address your query and maintain a record of our communication. Typically, once your issue is resolved or question answered, we might archive the communication. We generally will not keep inquiry data longer than necessary, except if the correspondence is relevant to any contractual matters or legal considerations, or if you ask us to keep it for future reference.

Technical and Analytics Data: Server logs and analytics records are kept for varying durations. Server logs containing IP addresses and visit information are generally retained for a short period (a few weeks to a few months) unless we need to investigate security incidents, in which case we might retain specific logs longer until the issue is resolved. Aggregated analytics data (which does not directly identify individuals) may be retained over longer periods to observe long-term trends, but this data does not contain personal identifiers. If any analytic data is linked to personal identifiers, we treat it like other personal data and retain it only as long as necessary for the analysis purposes (often this is ephemeral or short-term).

Google User Data: As noted in the Integration with Google Services section, any data fetched from your Google account is retained only as long as you use the Google-connected features. For example, if Infra One pulls in an email from your Gmail, that email data is stored to enable the app’s functionality for you, but if you disconnect Gmail or delete the content, we remove it from our storage. We generally synchronize with your Google account as needed, rather than store a separate permanent copy of all data. If some Google-derived data does persist in our databases (for performance or offline access reasons), it will be regularly updated and purged when you remove the integration or upon your request. Additionally, if you simply grant access but never actually use the feature, we won’t continue to store your Google data unnecessarily.

In all cases, when we no longer have a lawful reason to keep your personal data, we will securely erase or anonymize it. For example, if you withdraw consent for a particular use of your data and we have no other basis to keep it, we will delete that data. If the retention period defined by law or by our policy expires, we will ensure the data is deleted or anonymized. We also periodically review the data we hold and delete or de-identify records that are no longer needed.

Please note that due to technical reasons, backups or archived copies might take a short time before they are also deleted. However, we have processes to ensure that backups eventually follow the deletion decision as well, so that your data is not kept indefinitely in backups. During any such period, your data remains protected and is not actively processed.

Account Data: If you create an Infra One account, we will retain your account information (such as your name, email, and any other profile info, as well as content you generate or store in the app) for as long as your account remains active. If you decide to terminate your account, or if your account is otherwise removed, we will delete or anonymize the personal data associated with your account within a reasonable period after closure. In some cases, we may retain certain limited information even after account deletion if necessary for legal compliance or legitimate business purposes – for example, keeping records of a transaction as required by financial regulations, or retaining an email address to honor an opt-out request and ensure we don’t contact you again. Any such data will be kept secure and only used for the purpose of meeting those obligations.

Contact and Inquiry Data: If you contact us (for example, via email or support request), we will retain the correspondence and your contact details for as long as needed to address your query and maintain a record of our communication. Typically, once your issue is resolved or question answered, we might archive the communication. We generally will not keep inquiry data longer than necessary, except if the correspondence is relevant to any contractual matters or legal considerations, or if you ask us to keep it for future reference.

Technical and Analytics Data: Server logs and analytics records are kept for varying durations. Server logs containing IP addresses and visit information are generally retained for a short period (a few weeks to a few months) unless we need to investigate security incidents, in which case we might retain specific logs longer until the issue is resolved. Aggregated analytics data (which does not directly identify individuals) may be retained over longer periods to observe long-term trends, but this data does not contain personal identifiers. If any analytic data is linked to personal identifiers, we treat it like other personal data and retain it only as long as necessary for the analysis purposes (often this is ephemeral or short-term).

Google User Data: As noted in the Integration with Google Services section, any data fetched from your Google account is retained only as long as you use the Google-connected features. For example, if Infra One pulls in an email from your Gmail, that email data is stored to enable the app’s functionality for you, but if you disconnect Gmail or delete the content, we remove it from our storage. We generally synchronize with your Google account as needed, rather than store a separate permanent copy of all data. If some Google-derived data does persist in our databases (for performance or offline access reasons), it will be regularly updated and purged when you remove the integration or upon your request. Additionally, if you simply grant access but never actually use the feature, we won’t continue to store your Google data unnecessarily.

Account Data: If you create an Infra One account, we will retain your account information (such as your name, email, and any other profile info, as well as content you generate or store in the app) for as long as your account remains active. If you decide to terminate your account, or if your account is otherwise removed, we will delete or anonymize the personal data associated with your account within a reasonable period after closure. In some cases, we may retain certain limited information even after account deletion if necessary for legal compliance or legitimate business purposes – for example, keeping records of a transaction as required by financial regulations, or retaining an email address to honor an opt-out request and ensure we don’t contact you again. Any such data will be kept secure and only used for the purpose of meeting those obligations.

Contact and Inquiry Data: If you contact us (for example, via email or support request), we will retain the correspondence and your contact details for as long as needed to address your query and maintain a record of our communication. Typically, once your issue is resolved or question answered, we might archive the communication. We generally will not keep inquiry data longer than necessary, except if the correspondence is relevant to any contractual matters or legal considerations, or if you ask us to keep it for future reference.

Technical and Analytics Data: Server logs and analytics records are kept for varying durations. Server logs containing IP addresses and visit information are generally retained for a short period (a few weeks to a few months) unless we need to investigate security incidents, in which case we might retain specific logs longer until the issue is resolved. Aggregated analytics data (which does not directly identify individuals) may be retained over longer periods to observe long-term trends, but this data does not contain personal identifiers. If any analytic data is linked to personal identifiers, we treat it like other personal data and retain it only as long as necessary for the analysis purposes (often this is ephemeral or short-term).

Google User Data: As noted in the Integration with Google Services section, any data fetched from your Google account is retained only as long as you use the Google-connected features. For example, if Infra One pulls in an email from your Gmail, that email data is stored to enable the app’s functionality for you, but if you disconnect Gmail or delete the content, we remove it from our storage. We generally synchronize with your Google account as needed, rather than store a separate permanent copy of all data. If some Google-derived data does persist in our databases (for performance or offline access reasons), it will be regularly updated and purged when you remove the integration or upon your request. Additionally, if you simply grant access but never actually use the feature, we won’t continue to store your Google data unnecessarily.

Changes to this Privacy Policy.

We may update this Privacy Policy from time to time to reflect changes in our practices, to clarify our policies, or to ensure compliance with legal requirements. When we make material changes to this Privacy Policy, we will provide a prominent notice, for example by displaying an alert on our website or within the app, or by emailing you if appropriate. The "last updated" date below will always indicate when the latest changes were made. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting the personal data we collect. Your continued use of Infra One after any update to this Policy will constitute your acknowledgment of the changes and agreement to be bound by the terms of the updated Policy.

Last updated: August 11, 2025.