1. Introduction

ONELESS is a trade name of Mason Stanton Bartlett, a Sole Proprietor located in Austin, Texas, operating under Travis County Assumed Name Certificate file #2026701418. References to "ONELESS," "we," "our," or "us" in this policy mean the same entity. We operate an SMS-based assistant. This Privacy Policy describes what data we collect, why we collect it, how we use and store it, and your rights. By using ONELESS, you agree to this policy.

2. Data We Collect

We collect:

Phone number — to deliver SMS and identify your account
Email address — if you use the email-sending feature or sign in with Google
Location data — city or zip you provide for weather and timezone
Google Calendar data — events and metadata when you connect your Google account
SMS content — messages you send to and receive from ONELESS
Usage metrics — request counts, token usage, and feature usage for billing and product improvement

3. Why We Collect It

We use this data to provide the service: routing your messages, sending reminders, syncing your calendar, delivering digests, and improving reliability and features.

4. How Data Is Stored

Data is stored in PostgreSQL on our servers. Sensitive values (API keys, tokens) are encrypted at rest and managed via Rails credentials and environment configuration.

5. Third-Party Data Sharing

We share data only as needed to operate the service:

Twilio — SMS delivery (phone number and message content)
Anthropic / Claude — Your message content and conversation context are sent to Anthropic's Claude API for intent classification and response generation. Anthropic's commercial API terms prohibit using your data for model training. Anthropic may retain input/output data for up to 30 days for trust and safety purposes. See Anthropic's privacy policy for details.
Google — calendar sync when you connect your Google account
Stripe — billing (payment method, email, subscription data)

We do not sell, rent, or share your phone number, SMS opt-in consent, or SMS message content with third parties for marketing or promotional purposes. The only parties that receive this data are the service providers listed above, and only to the extent necessary to operate the Service.

Each provider has its own privacy policy governing their use of data.

We maintain data processing agreements with our service providers that require them to protect your data in accordance with applicable law and to process it only as directed by us. Links to our providers' privacy policies:

6. AI-Generated Content

ONELESS uses artificial intelligence (Anthropic's Claude) to interpret your messages and generate responses. You should be aware that:

AI responses are generated automatically and may contain errors, inaccuracies, or outdated information
ONELESS is not a substitute for professional advice (legal, medical, financial, or otherwise)
We send your message content and relevant context (such as recent conversation history) to our AI provider to generate responses
We do not send your phone number, email, or payment information to the AI provider
Under our commercial API agreement, your message content is not used to train AI models

7. Data Retention

We retain your data for the following periods:

SMS message content — retained for 90 days to support service functionality and troubleshooting, then permanently deleted
Account data (phone number, email, preferences) — retained for the duration of your account plus 30 days after account deletion
Usage metrics — retained in aggregated, anonymized form indefinitely for product improvement
Billing records — retained for 7 years per tax and legal requirements
Google Calendar data — synced in real-time and removed from our systems within 30 days of disconnecting your Google account
Consent records — retained for a minimum of 4 years per FCC requirements

You may request deletion of your data at any time (see Your Rights below), subject to the retention periods above where required by law.

8. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you promptly in accordance with applicable state law. Most US states require notification within 30 to 72 days of discovering a breach. We will notify affected users via SMS and/or email, and will provide details about the nature of the breach, the data affected, and steps you can take to protect yourself.

9. Your Rights

You may:

Request a copy of your data (data export)
Request deletion of your account and associated data
Opt out of marketing or non-essential SMS (e.g., reply STOP for digests)

To request export or deletion, contact us at the address below.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

Right to Know — You may request details about the categories and specific pieces of personal information we have collected about you, the sources, the business purposes, and the categories of third parties we share it with.
Right to Delete — You may request deletion of your personal information, subject to certain exceptions (e.g., completing a transaction, legal obligations).
Right to Opt-Out of Sale/Sharing — We do not sell or share your personal information as defined by the CCPA. If this changes, we will provide an opt-out mechanism.
Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA rights.
Right to Correct — You may request correction of inaccurate personal information.
Right to Limit Use of Sensitive Personal Information — Your phone number and precise geolocation qualify as sensitive personal information under the CCPA. We use this data only as necessary to provide the service.

To exercise any of these rights, contact us at support@one-less.io. We will respond within 45 calendar days. We may need to verify your identity before fulfilling your request.

11. International Users

ONELESS is currently available only to users in the United States. We do not knowingly offer the Service to individuals located in the European Union, European Economic Area, or the United Kingdom. If you are located outside the United States, please do not use this Service.

12. Cookies and Sessions

We use a Rails session cookie to keep you logged in when you visit our website. We do not use third-party tracking or advertising cookies.

13. Contact

For privacy inquiries, data requests, or questions about this policy, contact us at:

support@one-less.io

14. Children (COPPA)

ONELESS is not intended for users under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.