Call Now
Click here
+1 689 2416 305
complaince@oneclickaway.co
Facebook-f X-twitter Instagram
Get Started
Call Now
Click here
+1 689 2416 305
complaince@oneclickaway.co
Facebook-f X-twitter Instagram
Get Started

Data Security, Storage, and Privacy Policy

Effective Date: Jan 1, 2026

1. Introduction

Onceclickaway Inc (“Oneclickaway,” “we,” “us,” or “our”) is an authorized retailer for top internet carriers in the United States. Our business operates primarily through inbound call leads generated from our website, oneclcikawayusa.com, where customers can compare internet carriers in their zip code. All customer interactions, including guidance on carrier plans and order processing, occur via inbound calls to our call center located at 84 East Old Country Road, Hicksville, NY 11801, USA.

Crucially, Onceclickaway Inc does not directly process, store, or transmit any sensitive customer data on its website or directly in its call center beyond what is absolutely necessary for the referral process. Our website does not support online transactions and therefore does not collect, relay, or store customer payment information or other sensitive personal data. Customer orders, including any associated payment processing, are handled entirely within the secure and compliant ecosystems of the internet carriers.

This Data Security, Storage, and Privacy Policy outlines our comprehensive approach to protecting any data we do handle, maintaining a secure operating environment, and respecting the privacy of individuals, all in compliance with the jurisdiction of the United States of America.

2. Data Collection and Usage

Given our business model, our data collection is inherently limited:

  • Website Data: The oneclcikawayusa.com website primarily uses cookies for website functionality and analytics (as detailed in our Cookie Policy). It does not collect or store personal customer data for transactions.
  • Call Center Data: When customers call our agents, agents guide them through carrier and plan comparisons. Any information exchanged is for the purpose of facilitating the customer’s selection of a service and their subsequent transition to the carrier’s ecosystem for order finalization. We do not require or intentionally collect sensitive personal data (e.g., Social Security Numbers, credit card numbers, health information) directly from customers. If such information is inadvertently shared, we follow strict protocols for immediate handling and redaction from recordings.
  • Call Recordings: We record all inbound and permissible outbound calls for quality assurance, training, compliance, and dispute resolution purposes. These recordings are retained for 5 years. For details on consent, please refer to our “Call Recording and Monitoring Consent Policy.”
  • Limited Outbound Communication Data: Our policy allows for limited outbound calls only to phone numbers that have initiated an inbound call within the last 30 days. This phone number, used for call-back purposes, is the only direct customer contact data we may retain for a limited period.

We do not sell, rent, or lease any customer information to third parties.

3. Data Security Principles and Measures

Oneclickaway Inc maintains a robust data security posture, guided by industry’s best practices and a commitment to continuous improvement. While our direct handling of sensitive customer data is minimal, we implement comprehensive security controls across our systems and operations to protect any data we do possess and to ensure the integrity of our referral process. Our security program is built upon the following principles and implemented measures:

3.1. Foundational Security & Access Control:
  • Least Privilege: Our systems are configured in accordance with the principle of least privilege. Unique user identifiers are required, and Role-Based Access Controls (RBAC) are utilized to restrict privileges to the minimum levels necessary for each job function.
  • Regular Access Reviews: User privileges and access levels are formally reviewed and signed off by management at least annually for all users authenticating to scoped systems, ensuring adherence to the principle of least privilege.
  • Segregation of Duties: Scoped systems are configured to adhere to the principle of segregation of duties, preventing a single user from individually performing critical business or IT functions.
  • Device Hardening Program: We maintain a documented, reviewed, and management-approved Device Hardening Program governing all scoped systems.
  • Secure Defaults: Default passwords are changed or disabled prior to deploying devices into scoped production systems.
  • Session Management: Scoped systems are configured to expire authenticated sessions after 30 minutes or less of inactivity.
3.2. Network and System Security:
  • Network Diagram & Demarcations: A documented, reviewed, and management-approved Network Diagram(s) for scoped systems defines demarcations between sensitive network areas, on-premise systems, customer information (where relevant), and connections/data flow with external parties, including cloud providers. This diagram is reviewed at least annually.
  • Logical Segregation/Isolation: Scoped systems are configured to logically segregate and isolate Onceclickaway data and information from other customers or distinct operational segments, if applicable.
  • Anti-Virus/Anti-Malware: Active Anti-Virus is in place for scoped systems, with signatures updated at least quarterly to protect against the latest vulnerabilities and malicious software.
  • Web Application Firewall (WAF): An active Web Application Firewall (WAF) or an equivalent security solution is deployed for scoped systems to protect web applications.
  • Intrusion Detection/Prevention System (IDS/IPS): An Intrusion Detection System (IDS) / Intrusion Prevention System (IPS) is in place to detect and prevent attacks and security breaches on scoped systems. (Proof of IDS/IPS dashboard/login screen is maintained internally for compliance purposes).
3.3. Vulnerability Management & Patching:
  • Vulnerability Scanning: Scoped systems are scanned for vulnerabilities at least quarterly.
  • Timely Issue Resolution: We establish and adhere to clearly defined, risk-based timelines to resolve issues identified by cybersecurity tools.
  • Validation Routines: Validation routines are run against scoped system base images at least annually to preserve software, firmware, information integrity, and ensure compliance with information security best practices.
3.4. Application Security Program:
  • We have an Application Security Program governing scoped systems that is documented, reviewed, and approved by management at least annually.
  • Static Application Security Testing (SAST): At least quarterly, and prior to production deployment of new applications, APIs, features, versions, libraries, containers, or other enhancements to scoped systems, SAST is conducted to identify vulnerabilities.
  • Dynamic Application Security Testing (DAST): At least quarterly, and prior to production deployment of new applications, APIs, features, versions, libraries, containers, or other enhancements to scoped systems, DAST is conducted to identify vulnerabilities.
  • Software Composition Analysis (SCA): At least quarterly, and prior to production deployment of new applications, APIs, features, versions, libraries, containers, or other enhancements related to scoped systems, SCA is conducted to identify vulnerabilities and monitor dependencies, open source components, and licensing compliance.
3.5. Cryptography and Key Management:
  • Key Management Program: We maintain a Key Management Program governing scoped systems that is documented, reviewed, and approved by management at least annually.
  • Unique Customer Keys: Scoped systems are configured to require unique keys for each customer (where applicable), ensuring keys are not shared across multiple customer environments.
  • Unauthorized Key Access Prevention: Mechanisms are in place to prevent unauthorized key access or duplication for scoped systems, such as logging and periodic review of key usage and access events, segregation of key management duties, and periodic key rotation/revocation.
3.6. Logging, Monitoring & Incident Response:
  • Security Information and Event Management (SIEM): A Security Information and Event Management (SIEM) system is configured to provide real-time 24x7x365 logging, monitoring, alerting, and notification for scoped systems.
  • Baseline of Normal Activity: A baseline of normal activity has been established within the SIEM to limit false positives and better identify anomalies within the scoped systems.
  • SIEM Compliance: Our SIEM for scoped systems is configured to comply with relevant industry regulations and standards, including update frequency and log retention.
  • Incident Response Plan: Incident response plans for scoped systems are tested at least annually.
  • Asset Inventory: An asset inventory for scoped systems is formally reviewed at least annually.
3.7. Change Management:
  • Documented Change Process: For changes made to scoped systems, changes are required to be documented, tested, approved, and communicated to relevant constituents prior to deployment to production.
4. Data Storage and Retention
  • Limited Direct Data Storage: As previously stated, Onceclickaway Inc does not store customer payment information or sensitive personal data from website transactions.
  • Call Recording Retention: Call recordings are securely stored for five (5) years.
  • Redaction/Masking: We maintain procedures to redact or mask sensitive data from call recordings should it be inadvertently shared, ensuring such information is not retained.
  • Secure Storage: All data retained, primarily call recordings and limited contact information for call-back purposes, is stored in secure environments with appropriate access controls and encryption.
5. Data Privacy and Customer Rights (United States Jurisdiction)

Onceclickaway Inc respects the privacy of individuals. While we do not process personal data that typically triggers comprehensive privacy laws (like CCPA or GDPR) for direct website transactions, we adhere to general privacy principles in the United States:

  • Transparency: We are transparent about our data practices through this policy and our Cookie and TCPA policies.
  • Purpose Limitation: We collect and use data only for the legitimate business purposes outlined herein (e.g., call quality, training, limited follow-up calls).
  • Data Minimization: We only collect the minimal amount of data necessary to achieve our stated purposes.
  • Security: We implement robust security measures to protect the data we do hold.
  • No Sale of Data: We do not sell any customer or caller data.
  • Carrier Responsibility for Personal Data: Customers should refer to the privacy policies of the individual internet carriers for details on how those carriers collect, use, store, and protect personal and payment data once a customer transitions to their ecosystem for order processing.
  • Information Requests: While we do not hold extensive personal data, individuals may contact us with questions about any information we might hold related to their interactions with Oneclickaway.

6. Third-Party Service Providers (Internet Carriers)

Onceclickaway Inc acts as an authorized retailer, referring customers to internet carriers. We acknowledge that these carriers will collect and process customer personal and payment data. We choose to partner with reputable carriers who are responsible for their own data security and privacy compliance (e.g., PCI DSS, relevant privacy laws).

7. Policy Violations and Reporting

Any suspected or actual violation of this Data Security, Storage, and Privacy Policy, or any information security concern, should be reported immediately to:

Email: Compliance@oneclickaway.co Phone 689-241-6305

8. Policy Review and Updates

This Data Security, Storage, and Privacy Policy will be reviewed annually and updated as necessary to reflect changes in our business operations, technological advancements, and applicable federal and state laws and regulations concerning data security, storage, and privacy in the United States.

9. Contact Information

For any questions or concerns regarding this Data Security, Storage, and Privacy Policy, please contact us:

Onceclickaway Inc SKS Building 39829 paseo padre parkway, Fremont, CA , 94538 USA

Phone: 689-241-6305 Email: Compliance@oneclickaway.co