Kin
OnlySearch
Legal

Privacy Policy

Last updated May 4, 2026

This policy explains what information OnlySearch collects, how we use it, and what choices you have. We've tried to write it in plain English. Where the law requires specific phrasing, we use it; otherwise we keep it readable.

The headline, if you've read our FAQ: we don't train AI models on your queries or connected data, and we don't sell your information. The rest of this document is the long version of that promise plus everything else the law expects us to disclose.

Who we are

The OnlySearch service is operated by OnlySearch AI LLC (referred to here as "OnlySearch," "we," "us," or "our"), a Delaware limited liability company. You can reach us at support@onlysearch.ai for any privacy-related question.

Information we collect

We collect information in three ways: information you give us directly, information collected automatically as you use the service, and information from third-party accounts you choose to connect.

Information you give us

  • Account details. When you sign up, we collect the email address you provide and any profile fields you choose to fill in.
  • Authentication credentials. When you sign in via a third-party identity provider, we receive the basic profile information that provider shares with us (typically email address and account identifier).
  • Connected data sources. When you connect external accounts — Google Analytics 4, Google Search Console, BigQuery, Postgres or MySQL databases, your own DataForSEO key, and similar — we store the OAuth tokens, service-account credentials, or API keys necessary to query those systems on your behalf. We do not copy and store the underlying analytics data; we query it at the time you ask a question.
  • Queries and outputs. The questions you ask the agent and the analyses we return are stored in your account so you can revisit them and so the agent can provide context-aware follow-ups.
  • Support communications. If you email or open a support thread, we keep the contents for as long as is reasonable to handle the request.
  • Payment information. For paid tiers, payments are processed by our payment-processing partner. We receive only the billing information needed to confirm transactions; we do not store full payment-card numbers ourselves.

Information collected automatically

  • Usage telemetry. Which features you interact with, error reports, performance metrics, and timestamps of activity. We use this to operate and improve the service.
  • Device and connection metadata. IP address, user-agent string, language preference, time zone, and approximate location derived from IP geolocation.
  • Cookies and similar technologies. See the cookies section below.

Information from third parties you connect

When you connect a Google Analytics property, a Search Console site, a database, or another source, OnlySearch queries that source on your behalf. The information returned by those queries is processed to answer your question and stored only as part of the resulting analysis. We act as a processor of that information; the data remains yours.

How we use information

We use the information we collect for these purposes:

  • To run the service. Authenticating sessions, executing queries, joining data across sources, returning results, and saving them to your account.
  • To bill you. Issuing invoices, processing payments, and reconciling subscriptions for paid tiers.
  • To support you. Answering questions, troubleshooting issues, and acting on requests you make.
  • To improve reliability. Aggregating telemetry, analyzing failures, fixing bugs, and measuring whether changes we ship actually help.
  • To keep the service secure. Detecting fraud, abuse, and unauthorized access, and responding to security incidents.
  • To comply with the law. Meeting regulatory requirements and responding to lawful requests from public authorities.

What we do not do:

  • We do not train AI models on your queries, your connected data, or your outputs.
  • We do not sell or rent your personal information to anyone.
  • We do not use your data to target advertising on or off our service.

How we share information

We share personal information only in the following circumstances:

  • Service providers. Vendors who help us operate OnlySearch — including our hosting provider, payment processor, email-delivery, and operational-monitoring services — receive only the information they need and are bound by contract to use it solely on our instructions.
  • AI model providers. When the agent processes a query, we send the relevant context to the AI model provider that powers the response. We choose providers operating under terms that prohibit training on API-submitted data and limit retention to what is needed for service operation.
  • Legal compliance. We may disclose information if required by law, court order, or other legal process. Where the law allows, we will notify you of any compelled disclosure before it occurs.
  • Protection of rights and safety. We may share information when we believe in good faith it is necessary to protect the rights, property, or safety of OnlySearch, our users, or the public.
  • Business transfers. If OnlySearch is acquired, merged, or undergoes a similar corporate transaction, your information may transfer to the successor entity. We will notify you so you can choose to delete your account before any transfer takes effect.
  • With your consent. Any sharing not described above requires your explicit consent.

Data retention

We keep personal information only as long as we need it for the purposes described above:

  • Account information is retained while your account is active and for a reasonable period after closure (typically 90 days) to handle disputes, comply with legal obligations, and prevent abuse.
  • Queries and outputs can be deleted by you at any time within the product. Closing your account triggers deletion of remaining queries within 30 days, except where retention is legally required.
  • Connected-data-source credentials are deleted immediately when you disconnect the source or close your account.
  • Telemetry and logs are de-identified or aggregated within 90 days and retained in that form for performance and security analysis.
  • Backups may persist for a longer period in encrypted form; we delete from backups on the next regular backup-retention cycle.

Security

We protect personal information using industry-standard practices: encryption in transit (TLS 1.2 or higher), encryption at rest, role-based access controls, and regular security review. Production access is limited to a small number of personnel who require it to operate the service. We are pursuing SOC 2 Type II certification.

No system is completely immune to compromise. If we identify a security incident affecting your information, we will notify you and the appropriate regulators within the time limits set by applicable law.

Your rights

Depending on where you live, you may have specific rights with respect to the personal information we hold about you. These commonly include:

  • Access — receiving a copy of the information we hold about you.
  • Correction — asking us to fix information that is inaccurate or incomplete.
  • Deletion — asking us to delete your information, subject to legal retention requirements.
  • Portability — receiving your information in a structured, machine-readable format.
  • Objection and restriction — objecting to specific kinds of processing or asking us to limit how we use your information.
  • Withdrawing consent — where we rely on your consent, you can withdraw it at any time.

To exercise these rights, email support@onlysearch.ai. We respond within 30 days, or another period required by applicable law. We may need to verify your identity before completing the request.

If you are in the European Economic Area, the United Kingdom, or Switzerland, you may also lodge a complaint with your local data-protection supervisory authority.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (as amended), including the right to know, delete, correct, and limit certain uses of sensitive personal information. We do not sell or share personal information for cross-context behavioral advertising as those terms are defined under California law.

International data transfers

OnlySearch is operated from the United States. If you access the service from outside the United States, the information we collect will be transferred to and processed in the United States. For transfers from the European Economic Area, the United Kingdom, or Switzerland, we rely on the European Commission's Standard Contractual Clauses, the UK International Data Transfer Agreement, or other appropriate transfer mechanisms.

Children's privacy

OnlySearch is intended for use by professionals and is not directed to children. We do not knowingly collect personal information from individuals under 13 (or, where local law sets a higher digital-consent age, under that age). If you become aware that a child has provided us with personal information, please email support@onlysearch.ai and we will delete it promptly.

Cookies and similar technologies

We use a small set of cookies and similar technologies, grouped into three categories:

  • Strictly necessary — required for the service to function (for example, remembering your sign-in session). These cannot be turned off through our interface.
  • Functional — remember your preferences and improve your experience. You can disable these in your browser; some features may stop working.
  • Analytics — help us understand aggregate usage patterns at the page or feature level. We do not use cross-site advertising trackers.

You can clear cookies and similar storage at any time using your browser settings.

Third-party services and links

OnlySearch integrates with third-party data sources and services and may include links to third-party websites. Those services are governed by their own privacy practices, which we do not control. Reviewing their policies is your responsibility.

Changes to this policy

We may update this policy as the service evolves or as the law requires. When we do:

  • We post the updated policy with a new "Last updated" date.
  • For material changes, we provide notice in-product or by email at least 30 days before the changes take effect, where reasonably practical.
  • Continuing to use the service after a change takes effect means you accept the updated policy.

Contact us

For questions, requests, or complaints about this policy, email support@onlysearch.ai. For formal data-protection inquiries — including those exercising rights under the GDPR, UK GDPR, or CCPA — use the same address and include "Privacy Request" in the subject line.