Privacy Policy

Effective Date: March 25, 2026
Last Updated: March 25, 2026
Version: Public v1.0

This Privacy Policy explains how FireGroup, OneExperts, and the applicable affiliate identified on the relevant website, application, order form, invoice, app marketplace listing, or service documentation (collectively, the “Company,” “we,” “us,” or “our“) collect, use, disclose, store, and otherwise process personal data in connection with our websites, applications, software, APIs, integrations, mobile applications, publishing services, support channels, and related products, including Transcy, OneMobile, OneLoyalty, and any other services that link to or reference this Privacy Policy (collectively, the “Services“).

This Privacy Policy is intended to provide a globally usable privacy notice for business customers and users of our Services, including customers in the European Economic Area (“EEA“), the United Kingdom (“UK“), the United States, and other jurisdictions.

If you do not agree with this Privacy Policy, please do not use the Services.

This Privacy Policy applies to personal data that we process when:

  • you visit our websites;
  • you create an account, install, subscribe to, configure, or use our Services;
  • you contact us for support, sales, onboarding, demos, or other inquiries;
  • you connect third-party integrations or provider accounts;
  • we process data on behalf of our business customers through the Services; or
  • you otherwise interact with us in a business or commercial context.

This Privacy Policy does not apply to:

  • personal data processed by our customers independently of our Services;
  • websites, services, or applications operated by third parties;
  • app marketplaces, analytics providers, AI providers, translation providers, payment processors, or other third parties that process data under their own privacy notices; or
  • employment-related data handled in the context of job applications or personnel administration, unless stated otherwise.

The Company provides software and technology solutions for eCommerce and digital commerce businesses, including:

  • Transcy, which may provide translation, localization, multilingual content support, AI-assisted content processing, currency conversion, language and currency switching, and related integrations;
  • OneMobile, which may provide mobile app building, app publishing support, web and admin tools, push notification functionality, and related integrations; and
  • OneLoyalty, which may provide loyalty, rewards, referrals, and related engagement tools.

For privacy questions, data subject requests, or data processing inquiries, please use the contact details in the “Contact Us” section below.

Our role depends on the context in which personal data is processed.

3.1 When We Act as Controller

We generally act as a controller or equivalent business entity under applicable law for personal data we process for our own business purposes, such as:

  • account registration and administration;
  • billing, invoicing, and subscription management;
  • website analytics and service performance monitoring;
  • security, fraud prevention, and abuse detection;
  • customer support and communications;
  • legal compliance and recordkeeping; and
  • marketing communications where permitted by law.

3.2 When We Act as Processor or Service Provider

We generally act as a processor, service provider, or similar role when we process personal data on behalf of our business customers through the Services, such as when our customers use our Services to process store content, customer interactions, translated content, mobile app content, loyalty activity, or related operational data.

In those cases, our customer is typically the party responsible for determining the purposes and means of processing and for providing required notices, collecting any necessary consents, and responding to data subject rights requests, unless otherwise required by law.

3.3 Third-Party Controllers

Third parties such as app stores, analytics tools, AI providers, translation providers, payment processors, hosting providers, and integrated applications may independently process personal data under their own privacy notices and terms. We encourage you to review their privacy documentation carefully.

Depending on how you interact with the Services, we may collect the following categories of personal data.

4.1 Account and Business Contact Information

This may include:

  • name;
  • business name;
  • email address;
  • phone number;
  • job title;
  • billing address;
  • account credentials; and
  • account settings and preferences.

4.2 Commercial and Transaction Information

This may include:

  • subscription plan details;
  • purchase history;
  • invoice and billing records;
  • payment-related information provided through payment processors or app marketplaces;
  • service usage tied to pricing, plan limits, or overages; and
  • support or implementation history.

4.3 Technical, Device, and Usage Information

This may include:

  • IP address;
  • browser type;
  • device identifiers;
  • operating system;
  • application version;
  • access timestamps;
  • log files;
  • crash data;
  • session information;
  • feature usage data;
  • performance and diagnostic information; and
  • cookie and similar technology data collected through websites or dashboards.

4.4 Customer Content and Service Data

Depending on the Service, this may include data submitted to or processed through the Services, such as:

  • product information;
  • store content;
  • translations and source text;
  • localized content;
  • prompts and generated outputs;
  • pricing and currency display data;
  • app content and app assets;
  • loyalty-related activity;
  • search inputs;
  • metadata;
  • support attachments; and
  • operational data required to provide service functionality.

4.5 End User Data Processed on Behalf of Customers

When our customers use the Services, we may process personal data relating to their customers, visitors, or app users, such as:

  • names;
  • contact details;
  • order-related identifiers;
  • device or app usage data;
  • language, country, or locale signals;
  • loyalty actions;
  • app activity;
  • customer support information; and
  • other personal data the customer chooses to submit through the Services.

4.6 Communication Data

This may include:

  • emails;
  • chat transcripts;
  • support tickets;
  • meeting notes;
  • onboarding communications; and
  • feedback, survey responses, or product requests.

4.7 Marketing and Preference Data

This may include:

  • subscription preferences;
  • consent or opt-out status;
  • campaign engagement data; and
  • event or webinar registration details.

We collect personal data from several sources, including:

  • directly from you when you create an account, contact us, configure Services, or submit information;
  • from your organization or other authorized users on your account;
  • from your connected platforms, integrations, or provider accounts;
  • from your use of our websites, dashboards, and Services;
  • from cookies and similar technologies;
  • from service providers, subprocessors, and analytics providers;
  • from app marketplaces or payment platforms; and
  • from publicly available or commercially available business information sources where permitted by law.

We use personal data for the following purposes, as applicable.

6.1 To Provide and Operate the Services

Including to:

  • create and manage accounts;
  • authenticate users;
  • provide product functionality;
  • process translations, localization, app-building workflows, loyalty workflows, and related outputs;
  • support integrations and connected services;
  • provide publishing assistance, push services, analytics functionality, and other requested features; and
  • maintain service continuity.

6.2 To Support, Secure, and Improve the Services

Including to:

  • troubleshoot issues;
  • monitor usage and performance;
  • detect abuse, fraud, and security incidents;
  • maintain logs and backups;
  • perform debugging, quality assurance, and system administration; and
  • improve service design, reliability, and user experience.

6.3 To Communicate With You

Including to:

  • respond to inquiries;
  • provide onboarding, support, and account notices;
  • send transactional, billing, security, legal, and administrative communications; and
  • notify you of changes to the Services or related documentation.

6.4 To Manage Commercial Relationships

Including to:

  • process orders and subscriptions;
  • manage billing and payments;
  • provide implementation or professional services;
  • maintain business records; and
  • administer contracts, renewals, and customer relationship activities.

6.5 For Marketing and Business Development

Where permitted by law, we may use personal data to:

  • send product updates, newsletters, event invitations, and promotional communications;
  • measure campaign effectiveness;
  • understand business interests and market demand; and
  • improve our commercial communications.

You can opt out of marketing communications at any time using the unsubscribe mechanism in the message or by contacting us.

6.6 To Comply With Legal Obligations and Protect Rights

Including to:

  • comply with applicable laws, regulations, court orders, or lawful requests;
  • enforce our Terms and other agreements;
  • protect our rights, systems, Services, personnel, customers, and users; and
  • investigate claims, disputes, misuse, or suspected unlawful activity.

If data protection laws require us to identify a legal basis for processing, we generally rely on one or more of the following:

  • Performance of a contract: where processing is necessary to provide the Services, manage accounts, process subscriptions, or fulfill our contractual obligations.
  • Legitimate interests: where processing is necessary for our legitimate business interests, such as securing, maintaining, improving, and supporting the Services, preventing fraud, managing commercial relationships, and operating our business, provided those interests are not overridden by your rights and freedoms.
  • Consent: where required by law, for example for certain marketing activities, certain cookies, or other activities that require opt-in consent.
  • Legal obligation: where processing is necessary to comply with applicable laws, regulations, or lawful requests.

Where we process personal data on behalf of our customers as a processor or service provider, the customer is typically responsible for identifying the appropriate legal basis for that processing.

8.1 Use of AI and Automated Technologies

Certain Services use artificial intelligence, machine translation, recommendation systems, search technologies, classification, and other automated processing to generate, transform, classify, personalize, localize, optimize, or analyze content.

8.2 Data Sent Through AI or Translation Features

Depending on the product, plan, and configuration, data processed through these features may include source text, translated text, prompts, metadata, language preferences, app content, search inputs, outputs, and related operational data necessary to provide the relevant functionality.

8.3 Processing Paths

Depending on the Service and customer configuration, processing may occur through:

  • third-party AI or translation providers selected by the customer;
  • customer-supplied provider credentials or API keys;
  • Company-managed provider credentials or infrastructure; and/or
  • Company-managed routing, orchestration, caching, validation, logging, moderation, or analytics layers.

8.4 Data Use for Model Training

We do not use Customer Data to train our proprietary machine learning models unless the relevant customer has explicitly opted in through a separate mechanism.

When a feature relies on a Third-Party AI Provider or translation provider, that provider may process data under its own terms and privacy policies. We use commercially reasonable efforts to select configurations and providers suitable for business use and, where available, settings intended to limit use of submitted API data for training of public or generalized models. However, third-party provider functionality and policies may vary over time.

8.5 Human Review and Validation

AI-generated and machine-translated outputs may be inaccurate, incomplete, contextually unsuitable, or contain hallucinations, omissions, bias, formatting issues, or other errors. Our customers are responsible for reviewing, editing, and validating outputs before publishing or relying on them.

8.6 Automated Decision-Making

Some features may support personalization, recommendations, language detection, ranking, routing, or similar automated or semi-automated functionality. Customers are responsible for determining whether their use of such features triggers any disclosure, notice, consent, opt-out, or similar obligations under applicable law.

8.7 Sensitive Data Restrictions

Unless explicitly approved in writing and supported by the relevant product configuration, customers should not submit payment card data, protected health information, biometric data, government-issued identification numbers, or special-category or similarly sensitive personal data to AI, translation, or automation features.

We and our service providers may use cookies, pixels, SDKs, local storage, and similar technologies on our websites, dashboards, and mobile-related experiences to:

  • remember preferences and settings;
  • authenticate users;
  • analyze traffic and usage;
  • improve website and service performance;
  • understand campaign effectiveness; and
  • support security and fraud prevention.

Where required by applicable law, we will request consent before using non-essential cookies or similar technologies.

You may be able to manage cookie preferences through your browser settings, cookie banner, or device settings. Please note that disabling certain technologies may affect functionality.

We may disclose personal data to the following categories of recipients, as applicable.

10.1 Affiliates and Related Companies

We may share personal data with our affiliates or related entities where necessary to operate the Services, manage our business, or provide support.

10.2 Service Providers and Subprocessors

We may share personal data with vendors and subprocessors that help us provide the Services, such as:

  • cloud hosting and infrastructure providers;
  • customer support and ticketing providers;
  • analytics and monitoring providers;
  • AI and translation providers;
  • push notification providers;
  • app publishing and distribution-related providers;
  • communications and email providers;
  • security and fraud detection providers; and
  • other vendors that assist with product functionality, support, and operations.

A current list of material subprocessors is available on our Subprocessor List page.

10.3 Third-Party Integrations Chosen by Customers

If you enable or configure a third-party integration, we may share personal data or Customer Data with that third party as necessary to provide the integration or requested functionality.

10.4 Payment Processors and Marketplaces

Payments, app subscriptions, and marketplace billing may be handled by third-party processors or app platforms. We do not generally receive or store full payment card details unless expressly stated.

10.5 Professional Advisors and Corporate Transactions

We may disclose personal data to legal, accounting, insurance, financing, or other professional advisors, and in connection with a merger, acquisition, financing, restructuring, sale of assets, or similar corporate transaction.

10.6 Legal, Regulatory, and Protective Disclosures

We may disclose personal data where necessary to:

  • comply with law, regulation, court order, or lawful request;
  • enforce our agreements;
  • protect the rights, property, safety, and security of the Company, our customers, users, or others; or
  • investigate fraud, abuse, security issues, or unlawful activity.

10.7 With Your Direction or Consent

We may disclose personal data where you direct us to do so or where consent is otherwise required and obtained.

We may process and transfer personal data internationally, including to countries outside the EEA, UK, or your place of residence, where our affiliates, service providers, subprocessors, or relevant infrastructure providers operate.

Where required by applicable law, we take steps designed to provide appropriate safeguards for cross-border transfers, which may include:

  • the European Commission’s Standard Contractual Clauses;
  • the UK International Data Transfer Addendum or equivalent safeguards;
  • adequacy decisions;
  • contractual commitments; and/or
  • other lawful transfer mechanisms recognized by applicable law.

You may contact us to request additional information about applicable transfer safeguards where relevant.

We retain personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and support our legitimate business operations.

  • Where a merchant uninstalls one of our apps, we generally delete the merchant’s Customer Data and related service data within 45 days for merchants on a free plan and within 90 days for merchants on a paid plan. 
  • Where a merchant deactivates an app but does not uninstall it, we generally retain the merchant’s data until the merchant requests deletion or until deletion is required under applicable platform rules, including Shopify retention requirements where applicable. (https://www.shopify.com/legal/privacy/merchants#retention)

We may retain limited data for a longer period where required or permitted by law, or where reasonably necessary to comply with legal, tax, accounting, or regulatory obligations, resolve disputes, enforce agreements, maintain security, prevent fraud or abuse, or complete backup, recovery, and deletion cycles.

When personal data is no longer required, we will delete, anonymize, or de-identify it, unless retention is required or permitted by law.

Where we act as a processor or service provider, retention and deletion may also depend on our customer’s instructions, the applicable contract, and our operational backup and deletion practices.

We maintain administrative, technical, and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure, taking into account the nature of the data and the risks involved.

These measures may include, as appropriate:

  • access controls;
  • authentication measures;
  • logging and monitoring;
  • encryption in transit and, where appropriate, at rest;
  • backup and recovery practices;
  • network and application security measures;
  • vendor management; and
  • internal processes for incident detection and response.

No method of transmission, storage, or processing is completely secure, and we cannot guarantee absolute security.

Depending on your location and applicable law, you may have certain privacy rights regarding your personal data.

14.1 Rights for Individuals in the EEA, UK, and Similar Jurisdictions

Subject to applicable law, you may have the right to:

  • request access to personal data we hold about you;
  • request correction of inaccurate or incomplete personal data;
  • request deletion of personal data;
  • request restriction of processing;
  • object to certain processing, including certain direct marketing or processing based on legitimate interests;
  • request data portability; and
  • withdraw consent where processing is based on consent.

You may also have the right to lodge a complaint with your local data protection authority.

14.2 Rights for U.S. Residents

Depending on your U.S. state of residence and applicable law, you may have rights such as:

  • the right to know or access certain personal information;
  • the right to request deletion;
  • the right to request correction;
  • the right to data portability;
  • the right to opt out of certain targeted advertising, profiling, or sales/sharing of personal information where applicable; and
  • the right not to be discriminated against for exercising your privacy rights.

We do not sell personal data for monetary consideration in the traditional sense. However, certain advertising, analytics, or cookie-based activities may be treated as a “sale,” “sharing,” or targeted advertising under some U.S. state laws. Where required, we will provide applicable rights and choice mechanisms.

14.3 Processor Requests

If we process your personal data on behalf of one of our customers, you should direct your request to that customer first. If appropriate, we will assist our customer in responding to your request in accordance with applicable law and our contractual obligations.

14.4 How to Exercise Your Rights

To exercise privacy rights, please contact us using the details below. We may need to verify your identity before processing your request. We may also limit or decline a request where permitted by applicable law.

Authorized agents may submit requests where permitted by law, subject to verification and proof of authority.

You may opt out of receiving marketing emails from us by using the unsubscribe link in the email or by contacting us. Even if you opt out of marketing communications, we may still send service-related, billing, legal, security, or administrative messages where permitted by law.

The Services are designed for businesses and are not directed to children. We do not knowingly collect personal data directly from children in a context where such collection would require parental consent under applicable law.

If you believe that a child has provided personal data to us inappropriately, please contact us so that we can review and take appropriate action.

17.1 California and Other U.S. State Privacy Disclosures

For residents of California and certain other U.S. states, the categories of personal information we collect and disclose are described in this Privacy Policy. These categories generally correspond to identifiers, commercial information, internet or network activity, geolocation signals derived from IP address, professional or employment-related information, inferences, and other information described above, depending on your use of the Services.

We collect, use, retain, and disclose such information for the business and commercial purposes described in this Privacy Policy. We may disclose personal information to service providers, contractors, affiliates, advisors, integration partners chosen by customers, and legal or regulatory authorities as described above.

Where required by applicable law, residents may exercise rights to know, delete, correct, opt out, appeal, or limit certain uses of sensitive personal information, subject to applicable exceptions.

17.2 Nevada

Nevada residents may have the right to request that certain covered information not be sold under Nevada law. We do not currently sell covered information in a manner that triggers that law as commonly understood, but Nevada residents may contact us with requests.

We may update this Privacy Policy from time to time to reflect changes in our Services, legal requirements, technology, vendors, or privacy practices.

If we make material changes, we will provide notice by posting the updated version on the relevant website, within the Services, by email, or by other reasonable means. The “Last Updated” date at the top of this Privacy Policy indicates when it was most recently revised.

Your continued use of the Services after the effective date of the updated Privacy Policy constitutes acknowledgment of the revised Privacy Policy, to the extent permitted by law.

For privacy questions, data subject requests, DPA requests, subprocessor inquiries, or other privacy-related matters, please contact us:

FireGroup JSC
F21-22, 182 Le Dai Hanh St., Ward 15, District 11, HCMC.
General Support – Transcy: [email protected]
General Support – OneMobile / OneLoyalty: [email protected]

If required by applicable law, you may also contact your local supervisory authority or regulator.

We encourage you to review the following related legal documents so you can better understand your rights, how your data is protected, and what to expect from our services: