Last updated: March 20, 2026
One Coworking GmbH ("One Coworking", "we", "us", or "our") operates the One Coworking platform at www.onecoworking.com and associated mobile applications (together, the "Platform"). We are the controller responsible for your personal data unless we process it on behalf of an enterprise client (in which case we act as a processor — see Section 10).
Contact details:
One Coworking GmbH Rudi-Dutschke-Straße 23, 10969 Berlin, Germany Email: privacy@onecoworking.com
We collect the following categories of personal data when you use the Platform:
| Category | Examples |
|---|---|
| Identity Data | First name, last name, profile picture |
| Contact Data | Email address, phone number |
| Account Data | User ID, login credentials (stored as hashed values only), role and permissions, account preferences, team memberships |
| Booking Data | Booking history, workspace preferences, check-in and check-out records, cancellations |
| Usage & Behavioral Data | Pages visited, features used, booking frequency, engagement metrics |
| Device & Technical Data | IP address, browser type and version, device type, operating system, app version |
| Payment Data | Credit purchase records, transaction history, Stripe customer ID. We do not store credit card numbers — all card data is handled directly by our payment processor, Stripe. |
| Communication Data | Content of transactional emails we send you (booking confirmations, invitations), customer support chat history |
| Diagnostic Data | Error logs and performance data used to maintain and improve the Platform |
We do not collect special categories of personal data (e.g., health data, biometric data, political opinions) as defined under Article 9 GDPR.
We collect personal data in the following ways:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing the Platform and processing bookings | Performance of a contract (Art. 6(1)(b)) |
| Managing your account and authentication | Performance of a contract (Art. 6(1)(b)) |
| Processing payments and managing credits | Performance of a contract (Art. 6(1)(b)) |
| Sending transactional emails (booking confirmations, receipts, invitations) | Performance of a contract (Art. 6(1)(b)) |
| Customer support via in-app chat | Legitimate interest (Art. 6(1)(f)) — providing effective user support |
| Error monitoring and platform stability | Legitimate interest (Art. 6(1)(f)) — maintaining a reliable service |
| Platform analytics and usage statistics | Legitimate interest (Art. 6(1)(f)) — improving our product |
| Marketing communications | Consent (Art. 6(1)(a)) — you can withdraw consent at any time |
| Compliance with legal obligations (e.g., tax records) | Legal obligation (Art. 6(1)(c)) |
We share personal data only with service providers who process data on our behalf (processors), or where otherwise required. We do not sell your personal data.
| Provider | Location | Purpose |
|---|---|---|
| Supabase Inc. | Frankfurt, Germany (EU) | Database hosting, user authentication, file storage |
| Stripe Inc. | United States | Payment processing |
| Resend Inc. | United States | Transactional email delivery |
| Intercom Inc. | United States | Customer support messaging and in-app communication |
| Functional Software Inc. (Sentry) | Germany (EU) | Error monitoring and diagnostics |
| Vercel Inc. | United States / Global Edge | Application hosting and content delivery |
| Google LLC | United States | Platform analytics (via Google Tag Manager), mapping services |
| Slack Technologies LLC (Salesforce) | United States | Internal operational notifications |
When you book a workspace, we share your name and booking details with the relevant workspace host so they can provide access to the booked space. The host processes your data as an independent controller subject to their own privacy policies.
Your personal data is primarily stored and processed within the European Economic Area (EEA). Where we use service providers located outside the EEA (see Section 5), we ensure appropriate safeguards are in place:
The Platform uses cookies and similar technologies. Cookies are small text files stored on your device.
| Cookie Type | Purpose | Examples |
|---|---|---|
| Strictly Necessary | Essential for the Platform to function (authentication, session management) | Supabase auth cookies |
| Analytics | Help us understand how you use the Platform so we can improve it | Google Tag Manager, Vercel Analytics |
| Customer Support | Enable our in-app support chat | Intercom |
You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Platform.
We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Account data | For the duration of your account, plus 30 days after deletion |
| Booking and transaction data | Up to 10 years after the transaction (German tax law, §§ 147 AO, 257 HGB) |
| Support chat history | Up to 2 years after your last interaction |
| Error logs and diagnostics | Up to 90 days |
| Analytics data | Aggregated and anonymized after 26 months |
When data is no longer needed, we delete it or anonymize it so it can no longer be linked to you.
Under the GDPR, you have the following rights regarding your personal data:
To exercise any of these rights, contact us at privacy@onecoworking.com. We will respond within one month as required by law.
You also have the right to lodge a complaint with your local data protection supervisory authority. For Berlin, this is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit Friedrichstr. 219, 10969 Berlin https://www.datenschutz-berlin.de
If you use the Platform as an Authorized User through your employer's enterprise account, your employer is the data controller and One Coworking acts as a data processor on their behalf. In this case, your employer's privacy policy governs the processing of your personal data, and any data subject requests should be directed to your employer in the first instance.
The Platform is not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us at privacy@onecoworking.com and we will delete it promptly.
The Platform may contain links to websites operated by third parties (e.g., workspace host websites). We are not responsible for the privacy practices of these websites and encourage you to review their privacy policies.
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. For significant changes, we may also notify you by email or through the Platform.
If you have questions about this Privacy Policy, want to exercise your data rights, or have concerns about how we handle your data:
One Coworking GmbH Rudi-Dutschke-Straße 23, 10969 Berlin, Germany Email: privacy@onecoworking.com
