OneKit
Join waitlist

Legal

Privacy Policy

Effective date: April 19, 2026  ·  Last updated: May 22, 2026

OneKit is operated by AISquads LLC, a California limited liability company ("AISquads," "we," "us," or "our"). This Privacy Policy explains how we collect, use, share, and protect information about you when you use the OneKit desktop application and any related services (collectively, the "Service"). By using the Service you agree to this policy.

1. Information We Collect

Account Information

When you sign up, we collect your email address to create and manage your account. We use Supabase for authentication and data storage.

Connected Service Credentials

When you connect third-party services (Gmail, X/Twitter, LinkedIn, Instagram, TikTok, YouTube, Google Calendar), we store OAuth access and refresh tokens on your behalf so OneKit can act on your instructions. We also store your platform user ID and display name for each connected service so we can show you which account is linked. We never store your passwords for these services. When you disconnect a service, all stored data for that connection — including tokens, user IDs, and display names — is permanently deleted.

Content You Create or Import

We store content you create or import through the Service, including contacts and email addresses you upload, email drafts and sent-email records, social media posts you compose, meeting notes and voice transcriptions, and documents you upload for processing.

Usage Data

We collect information about how you use the Service, such as features accessed, actions taken, and error logs, to improve reliability and performance.

Payment Information

Payments are processed by a third-party payment processor. We do not store full credit card numbers or payment credentials on our servers.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Execute actions you request (send emails, publish posts, sync calendars, transcribe audio) using your connected accounts
  • Authenticate you and keep your account secure
  • Communicate with you about your account, updates, and support
  • Monitor usage against plan limits and enforce them
  • Improve and develop new features based on aggregate, anonymized usage patterns
  • Comply with legal obligations

We do not sell your personal information to third parties. We do not use your email content, contact lists, or documents to train AI models without your explicit consent.

Email Tracking

When you send marketing emails through OneKit's Email tool, we may embed a small tracking pixel (a 1×1 transparent image) and rewrite links in your emails to measure open and click-through rates. This tracking data is visible to you in the campaign report. You can disable tracking on a per-email basis using the tracking toggle in the compose view. Recipients can opt out of future emails at any time via the unsubscribe link included in every marketing email.

Content Repurposing (Auto-Post)

When you enable auto-post for TikTok or Instagram, OneKit periodically polls your own account (using the OAuth credentials you provided) to detect new content you have published. OneKit downloads your content, temporarily stores it on our servers for the purpose of publishing it to your other connected platforms, and deletes the temporary copy after publishing. If you enable AI caption rewriting, your original caption is sent to Anthropic's Claude API to generate a platform-adapted version. OneKit only accesses content from your own authenticated accounts — it does not access or download content from other users' accounts.

3. Third-Party Services

The Service integrates with third-party platforms. When you connect them, their own privacy policies also apply:

  • Supabase — database, authentication, and file storage
  • Anthropic (Claude) — AI responses and content generation. Prompts you send are processed by Anthropic subject to their usage policies.
  • Google — Gmail sending and Google Calendar sync
  • X (Twitter), LinkedIn, Instagram, TikTok, YouTube — social media publishing

We only request the permissions these services require to perform the actions you explicitly instruct.

LinkedIn

When you connect your LinkedIn account, OneKit collects your LinkedIn profile name and user ID (one time only, during connection) and stores an OAuth access token to publish posts on your behalf. OneKit does not access, read, or store your LinkedIn feed, connections, messages, or any other LinkedIn content beyond what is listed here. Posts are only published when you explicitly approve them. OneKit does not use LinkedIn data for advertising, analytics, or any purpose other than publishing posts you author. You can withdraw consent at any time by disconnecting LinkedIn from the Repurpose page, which permanently deletes all stored LinkedIn data including your access token and profile information. You may also request full deletion of your LinkedIn data by contacting us at support@onekit.co. OneKit's use of the LinkedIn API is subject to the LinkedIn API Terms of Use.

Instagram (via Meta Platform)

When you connect your Instagram account, OneKit accesses your Instagram Business Account username and ID through the Facebook Graph API, and stores a Facebook Page access token to publish content on your behalf. This requires an Instagram Business or Creator account linked to a Facebook Page. When auto-post is enabled, OneKit periodically reads your Instagram feed to detect new posts for cross-platform repurposing (see Section 2, "Content Repurposing"). OneKit does not access or store your followers, direct messages, insights, or engagement metrics. We request only the permissions required for publishing: pages_show_list, instagram_basic, and instagram_content_publish. Posts are only published when you explicitly approve them. OneKit does not use Instagram or Facebook data for advertising, profiling, surveillance, eligibility determinations, or any purpose other than publishing posts you author. You can withdraw consent at any time by disconnecting Instagram from the Repurpose page, which permanently deletes all stored Instagram and Facebook Page data including your access token and account identifiers. You may also request full deletion by contacting us at support@onekit.co. OneKit's use of the Meta Platform is subject to the Meta Platform Terms and Meta Developer Policies.

TikTok

When you connect your TikTok account, OneKit collects your TikTok creator username, nickname, and account privacy/interaction settings (such as allowed privacy levels and whether comments, duets, or stitches are enabled on your account). We store an OAuth access token and refresh token to publish video content on your behalf. Before each post, OneKit queries your current creator settings to ensure your chosen privacy level and interaction preferences are valid and respected. OneKit does not access, read, or store your TikTok feed, followers, direct messages, analytics, or any content beyond what is listed here. Videos are only published when you explicitly approve them and select your privacy and disclosure preferences. OneKit does not use TikTok data for advertising, profiling, or any purpose other than publishing content you author with settings you choose. You can withdraw consent at any time by disconnecting TikTok from the Repurpose page, which permanently deletes all stored TikTok data including your access token, refresh token, creator username, and saved posting preferences. You may also request full deletion by contacting us at support@onekit.co. OneKit's use of the TikTok API is subject to the TikTok Terms of Service and TikTok API Terms of Service.

OneKit's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, market research, or AI model training. Google user data is only used to provide the features you explicitly interact with within the Service.

4. Data Sharing

We share your information only in the following circumstances:

  • Service providers — vendors who help us operate the Service (e.g. Supabase, payment processors) under confidentiality obligations
  • Business transfers — if AISquads LLC is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction
  • Legal requirements — when required by law, court order, or to protect our legal rights or the safety of others
  • With your consent — for any other purpose with your explicit permission

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. When you disconnect a third-party service (e.g. LinkedIn, Gmail, X), all data collected from that service — including OAuth tokens, profile identifiers, and display names — is immediately and permanently deleted. If you delete your account, we will delete or anonymize all of your personal data within 30 days, except where we are required to retain it for legal, tax, or compliance purposes.

6. Security

We use industry-standard security measures including encryption in transit (TLS) and infrastructure-level encryption at rest provided by our hosting platform. OAuth tokens are stored in access-controlled databases with row-level security policies. No method of transmission over the Internet is 100% secure; we cannot guarantee absolute security but we take reasonable steps to protect your information.

7. California Residents — CCPA Rights

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know — request disclosure of the categories and specific pieces of personal information we have collected about you
  • Right to Delete — request deletion of your personal information, subject to certain exceptions
  • Right to Opt Out of Sale — we do not sell personal information
  • Right to Non-Discrimination — we will not discriminate against you for exercising any of these rights

To exercise your rights, contact us at support@onekit.co. We will respond within 45 days.

8. EU/EEA/UK Residents — GDPR Rights

If you are located in the European Union, European Economic Area, or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access — request a copy of the personal data we hold about you
  • Right to Rectification — request correction of inaccurate or incomplete personal data
  • Right to Erasure — request deletion of your personal data, subject to certain legal exceptions
  • Right to Restrict Processing — request that we limit how we use your data in certain circumstances
  • Right to Data Portability — request your data in a structured, machine-readable format
  • Right to Object — object to processing of your data based on legitimate interests, including for direct marketing purposes

Lawful basis: We process your personal data on the basis of contractual necessity (to provide the Service you signed up for) and legitimate interest (to improve and secure the Service). Where we rely on consent (such as for optional email tracking), you may withdraw consent at any time.

To exercise any of these rights, contact us at support@onekit.co. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9. International Users

The Service is operated from the United States. If you access it from outside the US, your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country. By using the Service, you consent to this transfer.

10. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the app at least 14 days before the change takes effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Data Deletion Requests

If you would like to request deletion of all data OneKit has stored in connection with your account — including OAuth tokens, platform user IDs, and any content you created through the Service — please contact us at support@onekit.co. Include the email address or username associated with your account so we can locate your data. We will process your request and permanently delete all associated data within 30 days.

You can also disconnect any individual platform (Instagram, X, LinkedIn, TikTok, YouTube, Gmail) at any time from within the OneKit app, which immediately and permanently deletes all data stored for that connection.

13. Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, contact us at:

AISquads LLC

California, United States

support@onekit.co