Onnies ("Onnies", "we", "us", or "our") operates the Onnies hiring marketplace at www.onnies.app (the "Service"), connecting international English-speaking teachers with schools in China. This Privacy Policy explains what personal data we collect, how we use and share it, the legal bases on which we rely, and the rights you have over your data.
By using the Service you confirm you have read and understood this Privacy Policy. If you do not agree with it, do not use the Service.
1. Who is responsible for your data
For the purposes of the EU/UK General Data Protection Regulation ("GDPR"), the South African Protection of Personal Information Act ("POPIA"), and comparable laws, Onnies is the data controller of the personal data we collect through the Service.
You can contact our privacy team at info@onnies.app.
2. The data we collect
2.1 Data you provide directly
- Account data: name, email address, password (stored hashed), account role (teacher, school, or admin).
- Teacher profile data: nationality and passport country, date of birth, current location and city preferences, visa status, qualifications (degree, TEFL/CELTA, other certifications), uploaded documents (CV, certificates, degree scans), work history, references, salary expectations, optional video introductions, profile photos, and any other content you choose to add.
- School profile data: school name, school type, location, contact person details, hiring needs, subscription information, and any other content you choose to add.
- Communications: messages you send to other users through the Service, support requests, and feedback.
- Payment data (for paid plans): billing details processed by our payment provider. We do not store full card numbers on our servers.
2.2 Data we collect automatically
- Device and usage data: IP address, browser type and version, operating system, device identifiers, pages viewed, referring URLs, and timestamps.
- Cookies and similar technologies: we use strictly necessary cookies for authentication and session management, and limited analytics cookies to understand product usage. See our Cookie Policy for details.
- Log data: server logs that record requests, error traces, and security-relevant events.
2.3 Data from third parties
- Authentication providers: if you sign in with a third-party provider, we receive the profile fields the provider shares with us (typically name, email, and a provider user ID).
- Verification partners: where we verify credentials or right-to-work indicators, we may receive confirmation results from third-party verifiers.
3. How we use your data
We use your personal data to:
- create and operate your account and provide the Service;
- display teacher profiles to verified school accounts, and display school profiles to teachers, to enable hiring matches;
- verify identity, eligibility, and credentials (for example, passport country for Z-visa eligibility);
- send transactional emails such as account confirmations, password resets, and notifications about activity on your account;
- provide customer support and respond to your questions or complaints;
- improve and develop the Service, including measuring feature usage and diagnosing technical issues;
- protect the Service, our users, and the public from fraud, abuse, and security incidents;
- comply with legal obligations and enforce our Terms of Service.
We do not sell your personal data, and we do not use it for third-party advertising.
4. Legal bases for processing (EEA / UK / SA users)
We rely on the following legal bases under the GDPR and POPIA:
- Performance of a contract — to provide the Service you have signed up for, including making your profile available to the counterparty side of the marketplace.
- Legitimate interests — to operate, secure, and improve the Service, prevent fraud, and conduct limited product analytics. We balance our interests against your rights and freedoms.
- Consent — for non-essential cookies, optional marketing emails, and any special-category data you choose to provide. You can withdraw consent at any time.
- Legal obligation — where we must process data to comply with applicable law.
5. How we share your data
5.1 Other users on the Service
Onnies is a two-sided marketplace. Information you place on your teacher or school profile is shared with the counterparty side of the marketplace as follows:
- Public profile preview: we may show a limited preview of teacher profiles (such as first name, country, summary of qualifications) to visitors and signed-in schools without unlocking contact details.
- Unlocked profile: verified school accounts can unlock full teacher profiles, including documents and contact details, subject to plan limits.
- School profiles: school names and public-facing details may be visible to teachers and visitors.
5.2 Service providers (processors)
We rely on trusted third-party providers who process data on our behalf under written agreements. These include:
- Hosting and infrastructure: Vercel Inc. (United States) for application hosting and edge delivery.
- Database and authentication: Supabase Inc. (United States, with regional storage) for our database, auth, and file storage.
- Email delivery: transactional email providers used to send account, security, and notification emails.
- Analytics: privacy-conscious product analytics limited to aggregate usage trends.
- Payments: our payment processor, where applicable, to handle subscription billing.
5.3 Legal, safety, and corporate transactions
We may disclose personal data:
- to comply with a lawful request, court order, or regulatory obligation;
- to investigate, prevent, or take action against suspected illegal activity, security incidents, or violations of our Terms;
- in connection with a merger, acquisition, reorganization, or sale of assets, in which case we will require the recipient to honour this Privacy Policy or notify you of any material change.
6. International data transfers
Onnies operates across borders. Personal data may be processed in countries outside the one in which you live, including the United States (where our hosting and database providers operate), countries where our team works, and China (where partner schools access the Service). Where data is transferred from the EEA, UK, or South Africa to a country without an adequacy decision, we rely on appropriate safeguards such as Standard Contractual Clauses and equivalent mechanisms.
7. How long we keep your data
We retain personal data only for as long as needed for the purposes described in this policy, including for the duration of your account and a reasonable period thereafter to handle disputes, comply with legal obligations, and enforce agreements.
- Active accounts: we keep account and profile data for as long as the account is active.
- Closed accounts: we delete or anonymize personal data within a reasonable period after account closure, typically within 90 days, except where law or legitimate interests (records of payments, fraud prevention, audit logs) require a longer period.
- Backups: residual copies in encrypted backups are overwritten on a rolling schedule.
8. Your rights
Depending on where you live, you have some or all of the following rights:
- Access — a copy of the personal data we hold about you.
- Rectification — correction of inaccurate or incomplete data.
- Erasure — deletion of your data where it is no longer needed, where consent has been withdrawn, or where other legal grounds apply.
- Restriction and objection — to limit or object to certain processing, including processing based on our legitimate interests.
- Portability — to receive your data in a structured, commonly used, machine-readable format.
- Withdraw consent — where processing is based on consent, without affecting prior lawful processing.
- Lodge a complaint — with your local data protection authority (for example, the UK Information Commissioner's Office, an EU supervisory authority, or the South African Information Regulator).
To exercise any of these rights, email info@onnies.app. We may need to verify your identity before responding and will reply within the time limits required by applicable law.
9. Security
We use technical and organizational measures appropriate to the risk, including encryption in transit (TLS), encryption at rest for credentials and uploaded documents, role-based access controls, audit logging, and least-privilege access for our team. No system is perfectly secure; if we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant authority as required by law.
10. Children
The Service is not directed to children. You must be at least 18 years old (or the age of majority in your jurisdiction) to use Onnies. If we learn we have collected personal data from a child without verified parental consent, we will delete it.
11. Cookies
We use cookies and similar technologies for authentication, session management, and limited analytics. You can control cookies through your browser settings. Blocking strictly necessary cookies may break sign-in and other core features. See our Cookie Policy for the categories of cookies we use.
12. Automated decision-making
We do not make decisions that produce legal or similarly significant effects about you using solely automated processing. Hiring decisions are made by schools, not by Onnies.
13. Marketing communications
We may send you product updates, onboarding tips, and launch announcements where we have a lawful basis to do so. You can unsubscribe at any time using the link in any marketing email or by contacting us. Transactional emails (security alerts, account activity, billing) are not optional while your account is active.
14. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes we will notify you by email or in-product notice before the change takes effect. The "Last updated" date at the top of this page always reflects the current version.
15. Contact us
For privacy questions, data subject requests, or any other privacy-related matter, contact us at info@onnies.app.