Terms of use & Privacy policy

Last updated: 23 October 2025

Company: Onecub (Onecub SAS), registered in France under RCS Paris 530 008 887, with registered office at 54 Rue Greneta 75002 Paris.

Contact: olivier@onecub.fr

1) Scope

These Terms govern your use of Onecub websites, documentation, and publicly available resources (the Site), and—unless superseded by a separate order form, Master Services Agreement (MSA), or Data Processing Agreement (DPA)—your access to Onecub-operated applications and sandbox services (collectively, the Services). If you use the Services on behalf of an organisation, you confirm you have authority to bind that organisation. “You” means you and the organisation you represent.

If you have an MSA/DPA with Onecub: the MSA/DPA prevails over these Terms to the extent of any conflict.

2) Changes

We may update these Terms and related policies to reflect operational, legal, or security changes. We will post the new version and update the “Last updated” date. Material changes will be notified by reasonable means. Your continued use after changes take effect constitutes acceptance.

3) Eligibility & Accounts

You must be at least 18 and have capacity to contract. Keep credentials confidential and promptly notify us of unauthorised use. You remain responsible for activity under your account.

4) Description of the Services

Onecub provides software and professional services to help organisations design, operate, and participate in data spaces (federated data-sharing ecosystems) and build agentic AI workflows that interact with data space resources. Capabilities may include connectors, catalogues, policy engines, identity & trust, consent, monitoring, billing, and collaboration tooling.

5) Acceptable Use

You agree not to:
• breach any applicable law or rights of others;
• attempt to access data or systems without authorisation, remove/obscure security or usage controls, or probe, scan, or test for vulnerabilities;
• upload unlawful content, malware, or content that infringes IP, privacy, or publicity rights;
• misuse the Services to build a competitor, reverse engineer (except as permitted by law), or benchmark without permission;
• send spam, interfere with networks, or degrade service for others.

6) Your Content & Responsibilities

You retain ownership of Customer Content (data, prompts, files, configurations). You grant Onecub a limited licence to host, process, transmit, and display Customer Content solely to provide, secure, and support the Services, and to comply with law. You are responsible for obtaining necessary rights/consents and for your users’ activity. We do not use Customer Content to train general-purpose AI models unless we have your explicit written agreement and consent from concerned persons.

7) Third-Party Services & Data Spaces

The Services may interoperate with third-party software, connectors (e.g., EDC, Prometheus-X), identity providers, or other data spaces. Those services are governed by their own terms, and you are responsible for enabling and configuring them. Onecub is not a party to data-sharing agreements concluded between participants within or across data spaces.

8) Beta/Experimental Features

We may offer beta or experimental features. They are provided as-is, may be modified or withdrawn at any time, and may be subject to additional terms.

9) Availability, Support & Security

We provide the Services on a commercially reasonable basis. Planned maintenance and emergencies may affect availability. We implement administrative, technical, and organisational measures designed to protect the Services and Customer Content.

10) Intellectual Property

The Services and Site (including software, documentation, and branding) are owned by Onecub or its licensors and are protected by IP laws. No rights are granted except as expressly stated in these Terms or your MSA.

11) Confidentiality

Non-public information disclosed by a party and marked confidential (or that reasonably should be understood as confidential) must be protected with at least reasonable care and used only for the permitted purpose. Confidentiality obligations do not apply to information that is public, independently developed, rightfully obtained, or disclosed under legal process (with notice where lawful).

12) Warranties & Disclaimers

Except as expressly stated in a signed MSA, the Services and Site are provided “as is” without warranties of any kind (including merchantability, fitness for a particular purpose, non-infringement). We do not warrant that outputs from AI features will be error-free or fit for your purpose. You are responsible for human oversight of AI-assisted workflows.

13) Limitation of Liability

To the maximum extent permitted by law, Onecub and its suppliers will not be liable for indirect, incidental, special, consequential, or exemplary damages (including lost profits, revenues, data, or business). Our aggregate liability arising out of or related to the Services is limited to the amounts paid by you to Onecub for the Services giving rise to the claim in the twelve (12) months preceding the event. The foregoing does not limit liability for death or personal injury caused by negligence, fraud, or where liability cannot be excluded by law.

14) Indemnity

You agree to defend, indemnify, and hold harmless Onecub from claims arising from your unlawful use of the Services or breach of these Terms. Onecub will indemnify you for third‑party IP claims alleging that our unmodified Service infringes valid IP rights, subject to customary exclusions and your MSA.

15) Suspension & Termination

We may suspend or terminate access for material breaches, security risk, non-payment, or on legal request. You may terminate by closing your account (and, where applicable, per your MSA). On termination, your right to use the Services ceases and we may delete or anonymise Customer Content per Retention below and your MSA/DPA.

16) Governing Law & Venue

These Terms are governed by French law. Exclusive jurisdiction lies with the courts of Paris, France (subject to mandatory law). Consumers in the EU may benefit from local mandatory protections.

17) Contact

Onecub SAS — Legal & Compliance, 54 rue Greneta 75002 Paris, France • olivier@onecub.fr

1) Who is the controller?

Unless your contract states otherwise, Onecub SAS is the data controller for personal data collected via the Site and for account/usage data of our Services. For Customer Content processed on your instructions, Onecub acts as a data processor and data intermediary (Data Governance Act) and a separate DPA applies.

Contact (privacy): contact@onecub.fr

Data Protection Officer (DPO): contact@onecub.fr

2) What personal data we collect

We collect and process:
• Contact data: name, email, organisation and message (only to reach out to you).
• Usage & telemetry: device/browser data, IP, interactions with features (for security, analytics, and support);

3) Why we process your data (legal bases)

• Contract (Art. 6(1)(b) GDPR): to create and manage accounts, deliver the Services, and provide support.
• Legitimate interests (Art. 6(1)(f)): to secure and improve Services, prevent abuse, measure reach, and contact professional users about closely related updates (you can opt out).
• Consent (Art. 6(1)(a)): for marketing communications, non-essential cookies, and certain events/downloads.
• Legal obligation (Art. 6(1)(c)): to comply with tax, accounting, sanctions/export controls, and to respond to lawful requests.

AI assurance: We do not use Customer Content to train general-purpose models without your explicit opt‑in. We may use pseudonymised/aggregated telemetry to improve safety and performance.

4) Cookies & tracking

Because we're using matomo which is using the IP address, we are not using cookies, therefore we are not stocking your data with cookies.

5) Who we share data with

• Processors: trusted vendors providing hosting, email, analytics, payments, support, and security. We require data‑processing terms and appropriate safeguards.
• Data space integrations: when you connect to third‑party connectors, identity providers, or other data spaces, the relevant third party receives data per your configuration and their policies.
• Legal & compliance: to comply with law, enforce terms, protect rights, or respond to lawful requests.
• Corporate events: in case of merger, acquisition, or asset sale, we may transfer data subject to continuity of protections.

6) International transfers

Where data is transferred outside the EEA/UK, we use recognised safeguards (e.g., Standard Contractual Clauses, UK IDTA/Addendum) and implement supplementary measures as needed.

7) Data retention

We keep personal data only as long as necessary for the purposes above:
• Account data: for the life of the account plus up to 12 months;
• Logs/telemetry: typically 12–24 months;
• Marketing/events: until you unsubscribe or after inactivity (24 months) unless you re-consent;
• Support: duration of the ticket plus 24 months;
• Recruitment: up to 24 months with your consent. Retention may be longer if required by law or to establish/defend legal claims.

8) Your rights

Under GDPR, you can access, rectify, erase, or port your data, and restrict or object to processing (including profiling for direct marketing). Where processing relies on consent, you can withdraw consent at any time. To exercise rights, email contact@onecub.fr You may also lodge a complaint with CNIL or your local authority.

9) Security

We apply organisational and technical measures aligned with industry practices (e.g., access controls, encryption in transit/at rest where appropriate, network segmentation, vulnerability management, backups, monitoring, incident response). No system is 100% secure; you should also protect your credentials and devices.

10) Children

Our Services are not directed to children under 16. If you believe we have collected data from a child, contact us and we will take appropriate steps.

11) Automated decision‑making

We do not perform decisions producing legal or similarly significant effects solely based on automated processing without human involvement. If this changes for a specific feature, we will provide clear notice and your choices.

12) Changes to this Policy

We may update this Privacy Policy. We will post changes with a new “Last updated” date and, where appropriate, provide additional notice.

13) Contact

Controller: Onecub SAS, 54 rue Greneta 75002 Paris, France

DPO: Olivier Dion, olivier@onecub.fr

Privacy: olivier@onecub.fr

Onecub n’utilise pas de cookies grâce à l’utilisation de Matomo.

If Onecub processes Customer Personal Data on your behalf, our DPA applies and includes: subject matter & duration, nature & purpose, types of data and data subjects, security measures, sub‑processing, international transfers (SCCs), assistance with data subject requests, breach notification, audits, and deletion/return at the end of services. Contact olivier@onecub.fr to obtain the latest DPA.