Privacy Policy

oneXwise is a digital architecture studio operating from Toronto, Canada. For the purposes of GDPR, oneXwise is the data controller of the personal information described in this policy.

You can reach us about any privacy question, request, or concern at contact@onexwise.com.

Information you give us

When you submit our contact form or email us, we collect the information you choose to provide: your name, email address, phone number and country, company name (optional), area of interest, and the content of your message. If you email us directly, we also collect whatever you include in that email.

Information collected automatically

When you visit the site, our hosting and analytics providers may log technical information such as your IP address (truncated by Google Analytics where possible), device and browser type, operating system, referring URL, pages viewed, and interaction events. If you have not accepted analytics cookies, this information is either not collected or is collected in a cookieless, aggregated form only.

Security & anti-abuse

Our contact form uses Google reCAPTCHA v3 to prevent spam and abuse. Google receives hardware and software information (device and application data) and processes it to score the likelihood that a submission is automated. Use of reCAPTCHA is subject to the Google Privacy Policy and Terms of Service.

We do not knowingly collect special categories of personal data (health, biometric, political views, etc.) and we ask that you not submit any through our contact form.

Under GDPR we must identify a lawful basis for each processing activity. The table below summarises ours.

• Responding to your inquiry

  Basis: performance of a contract or steps taken at your request prior to entering a contract (GDPR Art. 6(1)(b)), and our legitimate interest in following up on business enquiries (Art. 6(1)(f)).

• Site security & spam prevention

  Basis: legitimate interest in protecting our systems and yours (Art. 6(1)(f)).

• Analytics & product improvement

  Basis: your consent, given via our cookie banner (Art. 6(1)(a)). You can withdraw it any time from the Cookie Preferences link in the footer.

• Legal & compliance

  Basis: compliance with legal obligations we are subject to (Art. 6(1)(c)) — for example, responding to a lawful government request.

We do not sell your personal information, we do not use it for automated decision-making or profiling with legal or similarly significant effects, and we do not engage in behavioural advertising.

We keep personal information only for as long as we need it for the purpose it was collected:

• Contact form submissions and email correspondence: up to 24 months after our last interaction, then deleted or anonymised. Records that become part of an active client engagement are kept under the terms of the engagement.
• Analytics data: Google Analytics is configured with a 14-month retention window for user-level data. Aggregated reports may be kept longer.
• Consent records:your cookie choice and its timestamp are stored in your browser's local storage on your device and remain there until you clear it or re-open preferences.

We do not sell personal data. We share it only with service providers (“processors”) who help us run the site and respond to you, and only for the purposes set out above. Our current key processors are:

• Google LLC — Google Analytics 4, Google reCAPTCHA v3, Google Fonts. Processes visit, interaction, and anti-abuse data.
• Our hosting and email providers — deliver the site and route inbound email.

We may also disclose personal information where we are legally required to (e.g., to comply with a lawful request from a public authority) or to protect the rights, property, or safety of oneXwise, our clients, or others.

oneXwise operates from Canada, and some of our processors (including Google) are based in the United States. Where we transfer personal data from the EEA, UK, or Switzerland to a country that has not been found to provide an adequate level of protection, we rely on the European Commission's Standard Contractual Clauses (SCCs) or an equivalent lawful transfer mechanism published by our processor.

Canada has been recognised by the European Commission as providing an adequate level of protection for commercial personal data transferred from the EEA.

We use a small number of cookies and similar technologies. The banner you saw on your first visit lets you accept or reject non-essential categories. For a detailed breakdown of each cookie and how to change your choice, see our Cookie Policy.

If GDPR, UK GDPR, or PIPEDA applies to the processing of your data, you have the following rights, which you can exercise free of charge:

• Access — a copy of the personal data we hold about you.
• Rectification — have inaccurate or incomplete data corrected.
• Erasure(“right to be forgotten”) — ask us to delete your data where there is no overriding reason to keep it.
• Restriction — ask us to pause processing while a request or objection is being reviewed.
• Portability — receive the data you gave us in a structured, machine-readable format.
• Objection — object to processing based on our legitimate interests.
• Withdraw consent — where we rely on consent (e.g., analytics cookies), withdraw it at any time. This does not affect the lawfulness of processing done before withdrawal.

To make a request, email contact@onexwise.com. We will respond within 30 days. We may need to verify your identity before acting on a request.

If you believe we have mishandled your personal data, you have the right to lodge a complaint with a supervisory authority — in the EU, your national data protection authority; in the UK, the Information Commissioner's Office; in Canada, the Office of the Privacy Commissioner of Canada. We would appreciate the chance to address your concerns directly first.

We apply reasonable technical and organisational measures to protect personal data in transit and at rest, including TLS encryption, HSTS, a strict Content Security Policy, restricted access, and reCAPTCHA-based abuse prevention on the contact form. No system is completely secure; if we become aware of a breach that is likely to affect your rights, we will notify you and the relevant authority in line with applicable law.

Our services are aimed at businesses and are not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has submitted data to us, please contact us and we will delete it.

We may update this policy from time to time to reflect changes in our practices or the law. We will update the “Last updated” date at the top of the page, and for material changes we will give a more prominent notice (for example, via the cookie banner).

Questions, requests, or complaints about this policy or our handling of your data: contact@onexwise.com.