Privacy Policy
Last updated: July 2026
Who we are
ONIXCREATOR is operated by AndAnd Operations OÜ (registry code 16445425, VAT EE102489723), Narva mnt 7-634, Kesklinna linnaosa, Tallinn, Harju maakond, 10117, Estonia. AndAnd Operations OÜ is the data controller for the personal data described in this policy. Contact: support@onixcreator.com.
Your metadata stays in your browser
ONIXCREATOR does not store any book metadata or uploaded files on its servers. All metadata you enter or upload exists only in your browser session and is permanently lost when you close the tab or refresh the page.
Access and email addresses
ONIXCREATOR is an invite-only service. Access is granted manually by the ONIXCREATOR team. To enable login, we store your email address in a secure database hosted on Supabase (EU region).
Your email address is used to verify your identity, send you a login link, and — if you subscribe — to manage your subscription. It is never used for marketing. It is not shared with third parties except the service providers listed under “Third-party services” below, including our payment processor (see “Payments and subscriptions”).
Login links are single-use, expire after 15 minutes, and are sent via Resend from noreply@onixcreator.com.
Usage analytics (with your consent)
If you accept cookies, we use Amplitude to collect usage events — for example, when a file is uploaded or an ONIX file is downloaded. These events contain no book content and no personal data beyond a randomly generated device identifier. Automatic data capture is disabled. We do not track page clicks, mouse movements, or any behaviour beyond the specific events listed below. If you decline cookies, Amplitude is not loaded.
Events we track
- Session started
- Login requested
- Login completed
- Editor opened
- File uploaded (file type and row count only)
- Column mapping confirmed (row count only)
- Validation completed (pass/fail counts only)
- ONIX file downloaded (product count only)
Payments and subscriptions
Paid subscriptions are processed by Stripe. When you subscribe, your name, email address, and billing address are shared with Stripe to set up and manage your subscription.
Card details are entered directly on Stripe's secure, hosted payment page — we never see, handle, or store your full card number. We store only your subscription status and Stripe customer and subscription identifiers in our Supabase database, so we know whether your account is active.
Stripe's handling of your payment data is governed by Stripe's privacy policy.
Cookies
We set one strictly necessary HTTP-only session cookie (oc_session) when you log in, plus a cookie that remembers your cookie-consent choice. Analytics (Amplitude) and advertising-measurement (Google Ads) technologies are loaded only if you accept them via the consent banner. Full details, including how to change your choice, are in our Cookie Policy.
Third-party services
- Vercel — hosting. May process standard server logs (IP, browser type, timestamp) governed by Vercel's privacy policy.
- Supabase — database for storing allowed email addresses and login tokens. EU region. Governed by Supabase's privacy policy.
- Resend — transactional email for sending login links. Governed by Resend's privacy policy.
- Amplitude — usage analytics, loaded only with your consent. EU servers. No book content or directly identifying data.
- Google Ads — advertising conversion measurement, loaded only with your consent. Governed by Google's privacy policy.
- Stripe — payment processing for subscriptions. Receives your name, email, and billing address; processes card details directly (we never store them). Governed by Stripe's privacy policy.
Contact
If you have any questions about this policy or want to exercise your data-protection rights, email support@onixcreator.com.