Privacy Policy
Last updated June 11, 2026
OnePaywall provides monetization infrastructure for publishers. This policy explains what we collect, why, and the rights you have — both as a publisher using our dashboard and as a reader of a publisher site where OnePaywall is embedded. The short version: anonymous readers stay anonymous, raw behavioural data is deleted after 90 days, and we never sell data to anyone.
1. Who this policy covers
Two groups of people interact with OnePaywall:
- Publishers — account holders and their team members who use the OnePaywall dashboard.
- Readers — visitors of publisher websites where the OnePaywall embed script runs.
Publishers are our customers; for reader data processed through the embed, the publisher is the data controller and OnePaywall acts as a processor on their behalf.
2. What we collect from readers
The embed script identifies readers with an anonymous browser fingerprint. Readers do not create accounts, and we do not collect names, email addresses, or any other personal information from anonymous readers.
For anonymous readers we process:
- Behavioural signals: page URLs visited on the publisher's site, read time, scroll depth, device type, and referrer.
- Gate interactions: which gates were shown, passed, skipped, or completed.
- A derived engagement profile: segment, topic interests, and engagement scores computed from the signals above.
Raw behavioural signals are hard-deleted after 90 days. Derived profiles contain no personal data and cannot be tied back to a person without the fingerprint on that person's own device.
There is one exception: when a reader pays for a subscription, an article unlock, a digital product, or submits a lead-capture form, we store their email address — as a normalised hash for matching, and encrypted with AES-256-GCM for magic-link access restore, receipts, and support. This is the only reader PII we hold.
3. What we collect from publishers
When you create a publisher account we collect your name, email address, and password (stored as a bcrypt hash). We also store the configuration you create — domains, gates, pricing, ad creatives, team members — and billing records for your OnePaywall subscription.
If you connect your own payment gateway or email provider, your credentials are encrypted at rest with AES-256-GCM and used only to operate the features you configured.
4. Cookies and local storage
The publisher dashboard uses a single HTTP-only session cookie for authentication. We do not use advertising or cross-site tracking cookies.
On publisher sites, the embed stores a reader token in the browser so returning readers keep their unlocks and metering state. This token identifies a browser, not a person.
5. Payments
Payments are processed by Razorpay. Card and banking details go directly to the payment processor and never touch OnePaywall servers. We store transaction metadata (amount, currency, payment ID, status) to maintain your revenue ledger and invoices.
6. Sub-processors
We use a small set of infrastructure providers to run the service:
- Neon — managed Postgres database hosting.
- Vercel — application hosting and content delivery.
- Cloudflare R2 — storage for ad creatives and digital product files.
- Razorpay — payment processing.
- Resend — transactional and publisher email delivery.
- Trigger.dev — background job processing (profile computation, billing enforcement).
7. Data retention and deletion
- Raw reader behavioural signals: deleted after 90 days, automatically.
- Paid-reader email records: retained while the subscription or purchase record must be kept for the publisher's accounting; deleted on verified request.
- Publisher account data: retained while the account is active. Deleting your workspace from Settings → Danger zone deactivates your domains and removes team access immediately.
8. Your rights
Depending on where you live (including under GDPR and CCPA), you may have the right to access, correct, export, or delete personal data we hold about you, and to object to or restrict certain processing.
Publishers can export their workspace data from Settings → Danger zone. Readers should contact the publisher whose site they visited (the data controller); we support publishers in fulfilling these requests, and you can also reach us directly at hello@onepaywall.com.
9. Security
All traffic is encrypted in transit with TLS. Credentials and reader emails are encrypted at rest. Access to production systems is restricted and audited. Authentication endpoints are rate-limited and sessions expire after 8 hours.
10. Changes to this policy
We will post any changes on this page and update the date above. For material changes affecting publisher obligations, we will notify account owners by email before the change takes effect.
Questions about this document? Write to hello@onepaywall.com.