Privacy Policy

1. Introduction

OneOh Cloud LLC ("we," "our," or "us") develops and distributes OneBox (desktop client) and OneBoxM (mobile client), cross-platform graphical user interface (GUI) applications built upon the open-source sing-box kernel. We are committed to protecting the privacy of our users and to being transparent about our data practices.

This Privacy Policy describes what information we may collect when you use our applications (OneBox or OneBoxM), the purposes of such collection, your rights, and how to contact us. It applies globally, with specific provisions for users in the European Economic Area (EEA) under the General Data Protection Regulation (GDPR) and users in California under the California Consumer Privacy Act (CCPA).

2. Data Controller

As the data controller under GDPR, we determine the purposes and means of any personal data processing carried out in connection with our applications.

3. Information We May Collect

Our applications are designed with privacy in mind. The only information we may collect is crash-related diagnostic data, and only when a crash occurs. This may include:

• Application version — the version of OneBox / OneBoxM you are using
• Operating system information — type (macOS, Windows, Linux), CPU architecture (e.g., arm64, amd64), and OS version
• Crash stack traces — technical details about the error or exception that caused the crash, which may include internal application state at the time of the crash
• Crash timestamp — the time at which the crash occurred

What we do NOT collect

• Your name, email address, or any other personally identifying information
• Network traffic data, proxy configurations, or VPN usage
• Subscription credentials or service provider information
• Your geographic location
• Browsing history or any data outside the scope of our applications

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area, our legal basis for processing crash log data is our legitimate interests pursuant to Article 6(1)(f) of the GDPR, specifically:

• Diagnosing and resolving software defects to improve the stability of our applications
• Understanding the severity and frequency of technical issues
• Ensuring a reliable and high-quality user experience

We have conducted a legitimate interests assessment and concluded that our interests are not overridden by your fundamental rights and freedoms, given the strictly technical and non-personal nature of crash log data.

We do not rely on consent as a legal basis for processing crash data, nor do we process any special categories of personal data (Article 9 GDPR).

5. How We Use the Information

Crash log data is used exclusively to:

• Identify and fix bugs and crashes in our applications
• Improve software stability and performance
• Prioritize development resources based on crash frequency and impact

We do not use crash log data for advertising, user profiling, analytics unrelated to software quality, or any commercial purpose.

6. Data Sharing and Third-Party Processors

Depending on the crash reporting mechanism in use at any given time, crash logs may be processed by third-party crash reporting services. If such services are used, they act as our data processors and are contractually bound by appropriate data processing agreements that limit their use of data to providing crash reporting services to us.

We will update this Privacy Policy if specific third-party processors are engaged, identifying them by name.

We do not sell your data. We do not share crash log data with any third parties except as described above or as required by applicable law.

7. International Data Transfers

OneOh Cloud LLC is based in the United States. If crash log data from EEA or UK residents is transferred to the United States or other countries outside the EEA, we ensure such transfers comply with applicable data protection laws. Where required, we rely on:

• Standard Contractual Clauses (SCCs) adopted by the European Commission
• Other legally approved transfer mechanisms as applicable

For detailed information about the safeguards we rely on for international data transfers, please visit our Data Transfer Safeguards page.

8. Data Retention

Crash log data is retained only as long as necessary to diagnose and resolve the reported issue. In any event, crash log data is retained for no longer than 12 months from the date of collection. After this period, data is deleted or irreversibly anonymized.

9. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

EEA / UK Residents

You have the right to lodge a complaint with your local data protection authority (DPA). A list of EEA DPAs is available at: edpb.europa.eu.

California Residents (CCPA / CPRA)

You have the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale or sharing of personal information. We do not sell or share personal information.

To exercise any of your rights, please contact us at: support@oneoh.cloud. We will respond within the timeframes required by applicable law (e.g., 30 days under GDPR).

10. Security

We implement appropriate technical and organizational measures to protect crash log data against unauthorized access, alteration, disclosure, or destruction. However, no method of electronic transmission or storage is completely secure. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authorities and affected individuals as required by applicable law.

11. Children's Privacy

Our applications (OneBox and OneBoxM) are not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal data from children. If you believe we have inadvertently collected information from a child, please contact us immediately at support@oneoh.cloud and we will promptly delete it.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will indicate the "Last Updated" date at the top of this page. For material changes, we will endeavor to provide additional notice (e.g., within the application). Your continued use of our applications after any changes constitutes your acknowledgment of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us: