Privacy Policy
Last updated: January 28, 2026
Our Commitment to Privacy
Onelist is built on a foundation of privacy. We use end-to-end encryption (E2EE) for all user content, which means we cannot read your data. This isn't just a feature - it's the architecture.
Information We Collect
Account Information
- Email address (for account management and support)
- Password (hashed, never stored in plaintext)
- Billing information (processed by Stripe, not stored by us)
Content (Encrypted)
All your entries, notes, memories, and attachments are encrypted on your device before being transmitted. We store only the encrypted blobs. We cannot decrypt this data.
Usage Data
- Anonymous analytics (entry counts, feature usage - no content)
- Error reports (with your consent)
- Server logs (IP addresses, retained for 30 days)
How We Use Your Information
- Provide and maintain the service
- Process payments
- Send important account notifications
- Improve the product (using anonymous analytics only)
- Respond to support requests
What We Don't Do
- Read your content (we can't - it's encrypted)
- Sell your data to third parties
- Use your data for advertising
- Train AI models on your content
- Share data with anyone except as required by law
Data Retention
Your encrypted data is retained as long as your account is active. If you delete your account, all data is permanently deleted within 30 days. Backups are purged within 90 days.
Self-Hosting
If you self-host Onelist, your data never touches our servers. You are responsible for your own privacy practices.
Contact
For privacy-related questions, contact us at privacy@onelist.my.