Privacy Policy

The controller responsible for data processing on this platform is:

OneTrot GmbH
Germany
Email: info@onetrot.com

We collect and process the following categories of data:

• Account data — email address, name, password (hashed), and profile information you provide during registration.
• Organisation data — company name, address, VAT ID, contact details, and branding settings for stables, customer organisations, vet practices, and associations.
• Breeding & order data — stallion information, mare details, breeding orders, delivery records, semen collection data, vet contracts, and associated documents.
• Payment data — Stripe customer IDs, payment status, and invoice references. We do not store credit card numbers; these are handled exclusively by Stripe.
• Usage data — IP address, browser type, pages visited, and timestamps for security and analytics purposes.
• Uploaded documents — blood tests, semen analyses, vet protocols, shipping documents, and other files you upload to the Platform.

We process your data based on:

• Contract performance (Art. 6(1)(b) GDPR) — to provide the Platform services, process orders, and handle payments.
• Legitimate interests (Art. 6(1)(f) GDPR) — for platform security, fraud prevention, analytics, and improving our services.
• Legal obligations (Art. 6(1)(c) GDPR) — for tax documentation, invoicing records, and other regulatory requirements.
• Consent (Art. 6(1)(a) GDPR) — where explicitly given, e.g. for marketing emails.

We use your data to:

• Provide and operate the Platform
• Process breeding orders and payments
• Generate and manage invoices
• Facilitate vet contract workflows
• Send transactional emails (order confirmations, contract notifications, etc.)
• Provide customer support
• Improve and develop the Platform
• Ensure platform security and prevent fraud
• Comply with legal obligations

We share your data only as necessary to operate the Platform:

• Between users — breeding orders share relevant data between the stallion station, breeder, designated vet, and selected association as required for the transaction.
• Stripe — payment data is shared with Stripe for processing transactions. See Stripe's Privacy Policy.
• Firebase / Google Cloud — we use Google Firebase for authentication, database, and file storage. Data is processed in the EU. See Firebase Privacy Information.
• Email services — we use a transactional email provider to send notifications and contract emails.

We do not sell your personal data to third parties. We do not share data for advertising purposes.

We retain your data for as long as your account is active and as necessary to provide our services. After account deletion, we retain data only as required by law (e.g. tax records for 10 years under German law) or for legitimate business purposes (e.g. resolving disputes).

Uploaded documents are deleted when you remove them from the Platform or when your account is deleted, subject to legal retention requirements.

Under the GDPR, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate data.
• Erasure — request deletion of your data ("right to be forgotten").
• Restriction of processing — request that we limit how we use your data.
• Data portability — receive your data in a structured, machine-readable format.
• Object — object to processing based on legitimate interests.
• Withdraw consent — withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at info@onetrot.com.

The Platform uses only essential cookies required for authentication and session management. We do not use tracking cookies or third-party advertising cookies.

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), secure authentication, role-based access controls, and regular security reviews.

Our primary infrastructure is hosted in the EU (Google Cloud, europe-west region). Where data is transferred outside the EU (e.g. by sub-processors), appropriate safeguards are in place, such as EU Standard Contractual Clauses.

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU member state of your habitual residence, place of work, or the place of the alleged infringement.

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. The "Last updated" date at the top of this page indicates when this policy was last revised.

If you have any questions about this Privacy Policy or our data practices, please contact us at info@onetrot.com.