OnlyStructure
← Back to home
Legal

Privacy Policy

Last updated: April 27, 2026

PG Media Consulting LLC (“OnlyStructure”, “we”, “our”, or “us”) operates the website onlystructure.com and the application at app.onlystructure.com. This Privacy Policy explains how we collect, use, and protect your personal information when you use our service.

We respect your privacy and are committed to protecting your personal data. This policy applies to all users worldwide, with specific protections for users in the European Economic Area (GDPR) and California (CCPA).

1. Information We Collect

We collect information you provide directly to us, including:

  • Account information: name, email address, password (hashed)
  • Agency information: agency name, billing address, tax ID, bank details (optional)
  • Team data: team member names, emails, roles, permissions
  • Creator and operational data: content schedules, finance entries, posting plans
  • Usage data: log files, IP address, browser type, device information, page views
  • Communications: emails you send to support, feedback, support tickets

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our service
  • Process transactions and send related information
  • Send you technical notices, updates, security alerts, and support messages
  • Respond to your comments, questions, and customer service requests
  • Monitor and analyze trends, usage, and activities in connection with our service
  • Detect, investigate, and prevent fraudulent transactions and other illegal activities
  • Comply with legal obligations

3. Legal Bases for Processing (GDPR)

If you are in the European Economic Area, we process your personal data based on the following legal bases:

  • Contract: processing necessary to perform the service we provide to you
  • Legitimate interests: improving the service, preventing fraud, ensuring security
  • Consent: for marketing communications (you can withdraw at any time)
  • Legal obligations: to comply with applicable laws and regulations

4. Sub-Processors and Service Providers

We share your data with carefully selected service providers who help us deliver our service. All sub-processors are contractually required to protect your data:

  • Supabase (database hosting, EU region) — stores user accounts, agency data, application data
  • Vercel (web hosting and CDN) — serves the website and application
  • Cloudflare (DNS, CDN, security) — handles network routing and security
  • Resend (transactional email) — sends notifications and account emails
  • Stripe (payment processing, when activated) — handles payments and billing

We do not sell your personal information to third parties. We do not use third-party analytics or advertising trackers.

5. Data Storage and Security

Your data is stored on servers in the European Union (Frankfurt region). We implement industry-standard security measures including:

  • AES-256 encryption at rest for all database content and uploaded files
  • TLS encryption for all data in transit
  • Role-based access control with granular permissions
  • Built-in audit logging of all sensitive operations
  • Daily encrypted backups with point-in-time recovery
  • Regular security reviews and access audits

While we take reasonable steps to protect your information, no method of transmission over the internet is 100% secure.

6. Your Rights

Depending on your location, you have certain rights regarding your personal information:

  • Access: request a copy of the personal data we hold about you
  • Rectification: request correction of inaccurate data
  • Erasure: request deletion of your data (subject to legal obligations)
  • Portability: request your data in a machine-readable format
  • Restriction: request that we limit how we use your data
  • Objection: object to processing based on legitimate interests
  • Withdraw consent: for any processing based on consent

To exercise these rights, contact us at support@onlystructure.com. We will respond within 30 days.

California residents have additional rights under the CCPA, including the right to know what personal information we collect and the right to opt out of any sale of personal information (we do not sell personal information).

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. After account deletion, we retain certain data for legal compliance, dispute resolution, and audit purposes for up to 7 years (financial records) or 90 days (operational data), after which it is permanently deleted from our systems.

8. International Data Transfers

As a US-based company with data stored in the European Union, your information may be transferred between regions. We use Standard Contractual Clauses approved by the European Commission to ensure adequate protection for cross-border transfers.

9. Children's Privacy

Our service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

10. Cookies and Tracking

We use only essential cookies necessary for the operation of our service (authentication, session management). We do not use third-party tracking cookies or advertising tracking. You can configure your browser to refuse cookies, but this may limit your ability to use the service.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the “Last updated” date. For significant changes affecting your rights, we will provide additional notice via email.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

PG Media Consulting LLC

Email: support@onlystructure.com

Website: onlystructure.com