Privacy Policy
Last updated: July 11, 2026
1. Who is responsible for your data
OGOLD LTD, trading as 1cc.ai ("1cc.ai", "we", "us", or "our"), is the controller of personal data covered by this Privacy Policy. OGOLD LTD is registered in England and Wales under company number 16512852. Our registered office is 82A James Carter Road, Mildenhall, United Kingdom, IP28 7DE.
This policy applies when you visit 1cc.ai, use our mobile apps, create or access an account, authorize a connected application, contact us, or otherwise use our related services (the "Services"). It does not govern an independently operated service merely because it connects to 1cc.ai.
2. Data we collect
Depending on the features you use, we may process:
- Account and identity data: email address, account identifier, and limited profile details shared by a sign-in provider such as Google or Apple.
- Authentication and authorization data: session tokens, login events, connected application details, requested permissions, approval or denial decisions, and related security records.
- Financial records: transactions, holdings, notes, categories, and calculations you enter into the app. The app is designed so that detailed records are ordinarily stored in an encrypted database on your device or in personal cloud storage you choose. We do not use those records for advertising or sell them.
- Feature content: information you deliberately submit to a remote feature, such as selected records or prompts sent for AI-assisted analysis, or files and screenshots you send to support. The app should identify when a feature requires remote processing.
- Usage and device data: pages or screens viewed, interactions, browser and device type, operating system, language, approximate location derived from an IP address, diagnostic events, and cookie or similar identifiers. Before you consent, Google Analytics receives limited cookieless signals with analytics storage disabled.
- Communications: your contact details and the contents of messages, support requests, complaints, or legal correspondence you send us.
- Market-data requests: symbols, asset types, currencies, or similar query information needed to retrieve a price or rate. A third-party provider may also receive network and device metadata inherent in an internet request.
3. How detailed financial records are stored
The core record-keeping design stores detailed financial records locally on your device. If you enable personal-cloud sync, the app sends the synchronized database between your device and the cloud account you select. Your cloud provider controls its own platform and handles data under its terms and privacy policy.
This local-first design does not mean that no personal data ever reaches us or a service provider. Account authentication, authorization, website measurement, support, market-data requests, and a remote AI feature can involve separate processing as described in this policy. You can use core record-keeping features without consenting to website analytics.
4. Why we use data and our legal bases
- To provide requested Services: create and secure accounts, maintain sessions, complete authorization decisions, perform calculations, sync data when enabled, and provide requested AI or support features. We rely on performance of our contract with you.
- To protect and operate the Services: prevent abuse, investigate errors, maintain security, and improve reliability. We rely on our legitimate interests in operating a secure and effective service, balanced against your rights.
- To measure website use: Google Analytics receives limited cookieless measurement signals by default with analytics storage disabled. If you choose "Accept" in our cookie control, it may use analytics storage for fuller measurement. We rely on our legitimate interests in understanding aggregate website use for the limited cookieless measurement, and on your consent for analytics storage. You can withdraw that consent at any time through Cookie settings.
- To communicate with you: answer requests, provide service notices, and address complaints. We rely on our contract, legitimate interests, or legal obligations depending on the communication.
- To comply with law: keep records or disclose information where required by a valid legal obligation.
Where we rely on consent, you may withdraw it without affecting processing that occurred before withdrawal. Where providing data is necessary for an account or requested feature, that feature may not work if the data is not provided.
5. Service providers and other recipients
We disclose only the data reasonably needed for the relevant purpose to:
- Supabase, which supplies account authentication, session, and authorization infrastructure;
- Google or Apple when you choose one of them as an identity provider, under their own privacy terms;
- Google Analytics for cookieless measurement and, when you consent, analytics using browser storage;
- website hosting, security, communications, cloud, market-data, and AI service providers where needed for a feature you use;
- an application you expressly authorize, limited to the approved permissions; and
- professional advisers, a buyer or successor in a business transaction, courts, regulators, or authorities where reasonably necessary and lawful.
We do not sell personal data. We do not disclose personal data for third-party targeted advertising.
6. International transfers
Some providers may process data outside the United Kingdom. Where UK data protection law requires a transfer safeguard, we use an applicable adequacy regulation or contractual safeguards such as the UK International Data Transfer Agreement or UK Addendum, and supplementary measures where appropriate. You may contact us for more information about the safeguard relevant to your data.
7. How long we keep data
We retain personal data only for as long as reasonably necessary:
- account and authorization records are generally kept while the account or authorization remains active and for a limited period afterward for security, dispute, and legal purposes;
- security and diagnostic records are kept for a limited period based on the severity of the event and operational need;
- analytics data follows the retention settings applied in Google Analytics and is deleted or aggregated when no longer needed;
- support and legal correspondence is kept for as long as needed to resolve the matter and meet legal record-keeping obligations; and
- records held only on your device or in your personal cloud remain there until you delete them using that device or cloud service.
Retention may be extended where necessary to establish, exercise, or defend legal claims, comply with law, or investigate abuse. We delete or anonymize data when it is no longer needed.
8. Cookies and analytics choices
We use local storage to remember whether you accepted or declined analytics storage. The Google tag loads with analytics storage denied by default and may send limited cookieless measurement signals. If you accept, analytics storage is enabled. You can withdraw consent or change your selection at any time using the Cookie settings link in the website footer. Necessary storage used for security, authentication, or remembering your choice does not depend on analytics consent.
Withdrawing consent disables analytics storage and returns future measurement to limited cookieless signals. It does not automatically erase data already held by an analytics provider. You may request deletion as described below where the data can be linked to you.
9. Security and your choices
We use technical and organizational measures designed to protect personal data, including encrypted transport for network connections and access controls for account services. The app uses an encrypted local database for detailed records. No storage or transmission method is completely secure, so we cannot guarantee absolute security.
Protect your device, account credentials, identity-provider account, and personal-cloud account. Review permissions before approving a connected application, revoke access you no longer want, and avoid including unnecessary sensitive information in support messages or AI prompts.
10. Your data protection rights
Depending on where you live and the circumstances, you may have the right to request access to, correction of, deletion of, restriction of, or portability of your personal data; to object to processing; and to withdraw consent. You also have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. We do not use the data covered by this policy for that type of decision.
Send a request to support@1cc.ai. We may need to verify your identity. These rights are subject to legal exceptions, and some records stored only on your device or personal cloud must be accessed or deleted by you directly.
You may complain to the UK Information Commissioner's Office at ico.org.uk/make-a-complaint. You may also have the right to complain to your local data protection authority. We would appreciate the opportunity to address your concern first.
11. Children
The Services are not directed to children under 13, and we do not knowingly collect their personal data. A person under the age of legal majority should use the Services only with the involvement of a parent or legal guardian. If you believe a child has provided us with personal data improperly, contact us so we can investigate and take appropriate action.
12. Changes to this policy
We may update this policy when our Services, providers, or legal obligations change. We will post the updated version and revise the date above. Where a change materially affects how we use personal data, we will provide additional notice through an appropriate channel before the change takes effect where required.
13. Contact us
For privacy questions or rights requests, contact OGOLD LTD at support@1cc.ai or write to 82A James Carter Road, Mildenhall, United Kingdom, IP28 7DE.