This Privacy Policy ("Policy") describes how ONERROR, operated by Myung Gon Jung ("Operator," "we," "us," or "our"), collects, uses, stores, protects, and discloses information obtained from users ("User," "you," or "your") of the ONERROR platform located at onerror.live (the "Platform").
All purchases made through the Platform are processed by Lemon Squeezy, LLC (merchant of record). Lemon Squeezy collects and processes payment-related data (including payment card information) independently under its own Privacy Policy. The Operator does not collect, store, or have access to your payment card details.
By using the Platform, you consent to the collection and use of your information as described in this Policy. If you do not agree with this Policy, please do not use the Platform.
| Data Type | Purpose | Required |
|---|---|---|
| Email address | Account creation, authentication, communication | Yes |
| Marketing consent preference | Sending promotional content | No |
| Referrer code (if applicable) | Referral program tracking | No |
| Self-declaration content | Digital product generation (certificate, worksheet) | Only during product workflow |
| Data Type | Purpose |
|---|---|
| IP address | Security, fraud prevention, analytics |
| Browser type and version | Platform optimization |
| Device type and operating system | Platform optimization |
| Pages visited and time spent | Analytics, improvement |
| Referring URL and UTM parameters | Referral tracking, marketing analytics |
| Cookies and local storage data | Session management, authentication |
| Data Type | Purpose |
|---|---|
| Referral code and referral activity | Referral program management |
| Membership tier and status | Access control |
| Purchase history | Product delivery, customer support |
| Certificate data (number, hash, declared text) | Verification page generation, tamper-proof record |
| Account creation timestamp | Analytics |
2.1 Contract Performance: Processing necessary to provide the Platform and fulfill our obligations under the Terms of Service, including account management and product delivery.
2.2 Consent: Processing based on your explicit consent, including marketing communications and optional data collection. You may withdraw consent at any time.
2.3 Legitimate Interests: Processing necessary for our legitimate business interests, including fraud prevention, security, analytics, and Platform improvement, provided such interests are not overridden by your rights.
2.4 Legal Obligation: Processing necessary to comply with applicable legal requirements.
3.1 Platform Operation: To create and manage your Account, authenticate your identity, deliver purchased Digital Products, manage referral tracking, and provide customer support.
3.2 Communication: To send transactional emails (magic links, account notifications, product delivery confirmations), and, with your consent, marketing communications regarding new products and Platform updates.
3.3 Security: To detect, prevent, and address fraud, abuse, security incidents, and technical issues, including monitoring for multiple account creation, referral abuse, and unauthorized access attempts.
3.4 Analytics and Improvement: To analyze usage patterns, measure the effectiveness of the Platform, improve user experience, and develop new features and products.
3.5 Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.
Your data is stored and processed using Supabase, a cloud-based database platform providing enterprise-grade security features including encryption at rest and in transit, row-level security (RLS), and regular security audits.
The Platform employs a passwordless authentication system (magic link) managed by Supabase Auth. Session tokens are stored in the browser's local storage using encrypted JWT (JSON Web Tokens). No passwords are stored or transmitted.
The Operator does not collect, store, or process payment card information. All payment data is handled directly by Lemon Squeezy and its payment processor (Stripe), both of which are PCI-DSS compliant. The Operator only receives transaction confirmation data (order ID, product purchased, amount, date) necessary for product fulfillment.
We implement appropriate technical and organizational measures to protect your personal information, including: (a) encryption of data in transit (TLS/SSL) and at rest; (b) row-level security policies ensuring users can only access their own data; (c) rate limiting on API endpoints; (d) regular security monitoring; and (e) access controls limiting personnel access to personal data on a need-to-know basis.
In the event of a personal data breach likely to result in a risk to your rights, we will notify you without undue delay via email and, where required, report the breach to the relevant supervisory authority within seventy-two (72) hours.
We share your information with the following third-party service providers who process data on our behalf:
Lemon Squeezy (Merchant of Record): Transaction processing, tax collection, refund processing, and payment-related customer communications. Lemon Squeezy processes payment data under its own Privacy Policy.
Supabase: Database hosting, authentication, and backend infrastructure.
Cloudflare: Content delivery, DDoS protection, and DNS management.
We may disclose your information if required by law or in good faith belief that disclosure is necessary to: (a) comply with a legal obligation; (b) protect the rights, property, or safety of the Operator, users, or others; (c) investigate fraud or respond to government requests; or (d) enforce our Terms of Service.
In the event of a merger, acquisition, or sale of assets, your personal information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.
We do not sell your personal information to third parties. We do not share your personal information with third parties for their direct marketing purposes.
Depending on your jurisdiction, you may have the following rights regarding your personal information:
6.1 Right of Access: Request a copy of personal information we hold about you.
6.2 Right to Rectification: Request correction of inaccurate or incomplete information.
6.3 Right to Erasure: Request deletion of your personal information, subject to legal exceptions.
6.4 Right to Restrict Processing: Request restriction of processing under certain circumstances.
6.5 Right to Data Portability: Receive your information in a structured, machine-readable format.
6.6 Right to Object: Object to processing based on legitimate interests or for direct marketing.
6.7 Right to Withdraw Consent: Withdraw consent at any time without affecting prior lawful processing.
To exercise any of these rights, please contact us at contact@onerror.live. We will respond within thirty (30) days.
The Platform uses browser local storage to maintain authentication sessions. The authentication token (stored as onerror-auth) is essential for Platform functionality.
Referral links use UTM parameters to track the source, medium, and campaign of user referrals, used solely for analytical purposes and referral program management.
The Platform uses a service worker for Progressive Web App (PWA) functionality and caching of static assets. Cached data can be cleared through your browser settings.
We retain your personal information for as long as your Account is active and as necessary to provide the Platform and fulfill our obligations.
Upon Account deletion, we will delete or anonymize your personal information within thirty (30) days, except where retention is required by applicable law or for legitimate business purposes (fraud prevention, dispute resolution).
Publicly accessible certificate verification data (certificate number, character name, SHA-256 hash, and verification status) is retained permanently as part of the product's tamper-proof verification feature. This data does not contain personally identifiable information.
Your information may be transferred to and processed in countries other than your country of residence. By using the Platform, you consent to such transfers. We take appropriate safeguards to ensure your information remains protected, including standard contractual clauses or other approved transfer mechanisms.
The Platform is not directed to individuals under the age of eighteen (18). We do not knowingly collect personal information from children. If we become aware of such collection, we will delete the information promptly. If you believe we have collected information from a child, please contact us at contact@onerror.live.
We may update this Privacy Policy from time to time. Material changes will be notified through the Platform or via email. The "Last Updated" date at the top indicates the most recent revision. Your continued use of the Platform after changes constitutes acceptance of the updated Policy.
For questions or requests regarding this Policy, contact us at contact@onerror.live.