UndatasIO Privacy Policy

Last Updated: [May 20th, 2025]

Welcome to UndatasIO's website, platform, API tools, and related services (collectively, the "Service"). UndatasIO ([Insert Your Legal Entity Name]) is committed to protecting your privacy. This Privacy Policy ("Policy") describes how we collect, use, disclose, and protect your personal information when you access or use our Service, engage with our marketing activities, or otherwise interact with us, whether for business, personal, family, or household purposes.

Jurisdiction-Specific Notices:

California Residents: Please see our [California Privacy Notice] section below for information about your personal information rights under California law.
Individuals in the EEA/UK/Switzerland: Please see our [Notice to European Users] section below for information about your data protection rights under European data protection laws.

If you have any questions or concerns about this Policy, please contact us at alex.zhang@undatas.io or as described in the "How to Contact Us" section below.

Scope of this Privacy Policy

This Policy applies to the personal information we collect and process through:

Your access and use of the UndatasIO website (undatas.io).
Your use of the UndatasIO platform and API tools.
Your interactions with our marketing communications and other activities.

This Policy does NOT apply to:

Customer Content Processed under Separate Enterprise Agreement:Our processing of personal information contained within your "Content" (defined below – generally, the files you upload for processing) on behalf of a customer pursuant to a separate enterprise agreement with us (as opposed to our standard [Link to your Terms of Service] for individual or standard business accounts), in which case that separate agreement's data processing terms will govern our handling of such data where UndatasIO acts as a processor. ThisPolicy applies to personal information about you as a user of the Service and your use of our platform features, regardless of whether you are an individual consumer or a business user.
Third-Party Services: The handling of personal information by third parties with whom you interact through the Service, including third-party sources and destinations of yourContent (e.g., Google Drive, Amazon S3, Slack), which is governed by those third parties' own privacy policies. We are not responsible for the privacy practices of these third parties.
Non-Personal Data: Our processing of data that does not pertain to an identifiable natural person or does not otherwise qualify as "personal information," "personal data," or information within the scope of similar terms as defined in applicable privacy laws.

Personal Information We Collect

The personal information we collect from you, either directly or indirectly, depends on how you interact with us and our Service. We generally collect personal information about you from the following sources:

1. Information You Provide to Us:

Contact Data: Your full name, email address, phone number, and potentially other contact details like a mailing address. If you are using the Service in a business capacity, this may also include your professional title and organization name.
Account Data: The data you use to establish or access yourService account (e.g., your email and password), and any other information you choose to add to your account or profile. This may include credentials or authorization details for third-partyservices you designate as sources or destinations for yourContent.
Content: The documents (PDF, DOCX, JPG, PNG, HTML, MD), audio files (MP4, MP3, M4A), video files (MP4), and other data you submit to our platform or API tools for processing (parsing, extraction, transcription, segmentation, etc.), as well as the output generated by our Service in response (e.g., structured data in JSON, CSV, Parquet, transcribed text, segmented video data). As noted in the Scope section, specific processing of Content under a separate enterprise agreement may be governed by that agreement.
Payment Data: Any payment card data, banking details, or other data provided to pay for the Service, and information about your payment transactions.
Communications Data: Information in your communications with us, including when you contact us through the Service, email, social media, support channels (like chat), events, or otherwise.
Marketing/Share Activity Data: Information related to your participation in marketing activities like "Share to Earn Credits" (e.g., sharing activity, credits earned).

2. Information Collected Automatically:

As you navigate the Service, our communications, and other onlineservices, we, our service providers, and analytics partners may automatically collect information about you, your device, and your browsing actions and use patterns:

Device Data: Information about your computer or mobile device, such as operating system type and version, manufacturer and model, browser type, screen resolution, IP address, unique device identification numbers or other identifiers, language settings, and general location information (like city, state, or geographic area).
Usage Data: How you use the Service, such as pages viewed, links clicked, features used, search terms, login information,content viewed, time spent on pages, the website you visited before browsing to the Service, navigation paths, access times and duration of access, whether you have opened our emails or clicked links within them, and technical information onService performance (diagnostics, crash logs).

Cookies and Other Tracking Technologies: We use cookies and similar technologies (like pixel tags, web beacons) to automatically collect some of the information described above, analyzeService usage, provide features, and for marketing. For more details and your choices regarding these technologies, please see our [Link to your Cookie Notice Page] (if you have one; otherwise, this section may need more detail or you should consider adding a Cookie Notice).

3. Information from Third-Party Sources:

We may obtain personal information from other sources and combine it with information we collect directly or automatically:

Connected Third-Party Services: When you connect theService to third-party services (e.g., cloud storage like Google Drive, Amazon S3, Azure Blob, or collaboration tools like Slack, Discord, Microsoft 365, Google Workplace, Confluence, Notion, Github) as data sources or destinations, those services may provide us with information according to their privacy policies and your settings within those services, in addition to theContent imported or exported.
Authentication Services: If you log into theService using your credentials from a third-partyservice (like Google, Github), that service may provide us with your name, email address, photo, and other data according to your settings in that service.
Business Partners and Contacts: We may receive information from business partners, data providers, or professional contacts (e.g., contact details for potential users).

How We Use Your Personal Information

We use your personal information for the following purposes or as otherwise described in this Policy or at the time of collection:

Providing and Operating the Service: To create, manage, and administer your account, provide core Service functionality (e.g., processing files, performing parsing, transcription, segmentation), fulfill your requests, process your transactions (including credit usage and payments), and communicate with you about the Service (including technical support and administrative messages).
Business Operations and Improvement: To administer and maintain our Service and IT systems, perform data analysis, troubleshooting, testing, and research, monitorService performance and usage trends, optimize existing features, and develop new products and features.
Research and Development: To analyze Service usage and user needs for research and development purposes, including improving the Service and our AI/ML models. As part of these activities, we may create aggregated, de-identified, or anonymized data that cannot be used to personally identify you. We may use and share this aggregated, de-identified, or anonymized data for our lawful business purposes, including to analyze, improve, and promote theService.
Marketing and Promotion: To send you marketing communications about our products, services, offers, and news via email or other channels, where permitted by law. This may include direct marketing messages.
Compliance, Security, and Protection: To comply with applicable laws, regulations, legal processes, and government requests. To protect our rights, privacy, safety, and property, and that of our users or others (including handling legal claims). To detect, prevent, and investigate fraud, cyberattacks, or other unauthorized, illegal, or unethical activity. To enforce our Terms of Service and other policies.
Account Management: If you are using an account provided or managed by an organization, your account information and usage may be accessible to and managed by that organization's administrators.

How We Share Your Personal Information

In addition to you using the Service to transfer yourContent to third-party services of your choosing, we may share your personal information with the following categories of recipients:

Your Organization Administrator (if applicable): If you are using an UndatasIO account managed by your organization, information associated with your account (including contact data, account data, and usage) may be accessible to your organization's UndatasIO administrators.
Service Providers: We may share personal information with third parties that perform services on our behalf or help us operate the Service or our business. These may include: cloud hosting and infrastructure providers, data processing services, payment processors, customer support providers, marketing and advertisingservices, analytics providers, information technologyservices, and potentially third-party AI/ML model providers used for specific processing tasks (like transcription or embedding). These service providers are only authorized to access and use your personal information as necessary to perform their services for us and are subject to confidentiality obligations. Please see our [Sub-processor List] (or link to a separate page) for our main third-party sub-processors.
Connected Third-Party Services: When you choose to connect your UndatasIO account to third-party services (e.g., to importContent from or export results to these services), we will share data with these third parties according to your instructions. These third parties' processing of your data is governed by their own privacy policies.
Authentication Services: If you use a third-partyservice (like Google, Github) to log in, thatservice will process your credentials. Please refer to thatservice's privacy policy.
Payment Processors: Third-party payment processors handle your payment transactions and will collect and process your payment data.
Advertising Partners: We may share information (often de-identified or aggregated data, or data collected via cookies) with third-party advertising partners for purposes such as displaying targeted advertisements.
Affiliates: We may share information with our parent company, subsidiaries, or other corporate affiliates under common control, for purposes consistent with this Policy.
Professional Advisors: We may disclose your personal information to professional advisors (e.g., lawyers, auditors, bankers, insurers) when necessary in the course of the professionalservices they provide to us.
Law Enforcement and Authorities: We may disclose your personal information if required by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to comply with legal obligations, respond to a court order, or cooperate with law enforcement.
Business Transfers: In connection with a corporate sale, merger, acquisition, reorganization, asset sale, or similar transaction, your personal information may be transferred to the new entity involved in the transaction.
Protecting Our Rights: We may disclose information where we believe it is necessary to protect our rights, privacy, safety, or property, or that of our users or others.

Your Choices

You have choices regarding the personal information we hold about you:

Access or Update Your Information: You can typically review and update certain account information in your Service account settings.
Opt-out of Marketing Communications: You can opt-out of receiving marketing emails by following the unsubscribe instructions in the emails or by contacting us. Please note that you may still receive service-related and other non-marketing communications (e.g., account notifications, security alerts).
Control Cookies and Tracking Technologies: You can manage your preferences for cookies and other tracking technologies through your browser settings or potentially via a [Link to your Cookie Consent Management Tool] on our website. See our [Link to your Cookie Notice] for more details.
Do Not Track: Some browsers offer a "Do Not Track" feature. We do not currently respond to "Do Not Track" signals.
Third-Party Authentication: If you use a third-partyservice (like Google, Github) to sign in, you may be able to limit the information shared with us through that service's settings. Please refer to that service's privacy policy.

Other Sites and Services

Our Service may contain links to or integrations with third-party websites or services. These third parties operate under their own privacy policies, and we are not responsible for their content, privacy practices, or services. We encourage you to review the privacy policies of any third-party websites or services you use.

Security and Retention

We implement commercially reasonable physical, technical, and organizational security measures designed to protect the personal information we process. However, no security measure is completely foolproof, and we cannot guarantee the absolute security of your personal information.

We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for the compliance and protection purposes described above. Factors determining the appropriate retention period include the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it, and applicable legal requirements.

[Include specifics about retention based on plan:]

For example, for users on the Free plan, uploaded files may be automatically deleted after 30 days, and analysis results may be automatically deleted. For users on paid plans, uploaded files and parsed results are retained according to the terms of your subscription, typically until you choose to delete them, unless otherwise specified in your plan details or a separate agreement.

When your personal information is no longer required, we will securely delete, anonymize, or aggregate it in accordance with applicable law.

International Data Transfers

UndatasIO is headquartered in [Insert Your Headquarters Location, e.g., the United States]. We may use service providers located in the United States and other countries. This means your personal information may be transferred to and processed in locations outside of your country or region. These countries may have data protection laws that are different from, and potentially less protective than, the laws in your location.

When transferring personal information from Europe (EEA/UK/Switzerland) to countries not deemed to provide an adequate level of data protection by the European Commission or UK Secretary of State, we implement appropriate safeguards, such as approved standard contractual clauses or other lawful mechanisms, to ensure your personal information remains protected in accordance with applicable data protection laws.

Children

The UndatasIO Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe we may have collected personal information from a child, please contact us immediately at [Insert Your Privacy Contact Email]. If we become aware that we have inadvertently collected personal information from a child, we will take steps to delete the information as soon as possible and comply with any applicable legal requirements.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service features. We will indicate the "Last Updated" date at the top of this Policy. If we make material changes, we may provide additional notice, such as posting a notice on the Service or sending you an email.

Any modifications to this Policy will be effective upon our posting the modified version, unless otherwise indicated. Your continued use of the Service after the effective date of any modifiedPolicy indicates your acknowledgment that the modifiedPolicy applies to your interactions with the Service and our business.

How to Contact Us

If you have questions or concerns about this Privacy Policy or our data processing practices, please contact us at:

UndatasIO (undatasio, ltd)
Email: alex.zhang@undatas.io

California Privacy Notice

This notice supplements the information in our Privacy Policy and applies only to California residents. It describes our collection, use, and disclosure of personal information of California residents as a "business" under the California Consumer Privacy Act ("CCPA"), and their rights with respect to their personal information. "Personal information" in this notice has the meaning given in the CCPA but does not include information exempt from the CCPA.

Information Collection and Disclosure

In the preceding 12 months and as of the effective date of thisPolicy, we may have collected and disclosed for a business purpose the following categories of personal information:

CCPA Category	Examples of Personal Information We Collect (Corresponds to " Personal Information We Collect " section above)	Categories of Third Parties to Whom We Disclose for a Business Purpose
Identifiers	Contact data, Account data, Content (certain identifiers within), Communications data, Device data, Usage data	Affiliates, Service providers, Payment processors, Authentication services, Your Service account administrator (if applicable)
California Customer Records (as defined in Cal. Civ. Code §1798.80)	Contact data, Account data, Payment data, Communications data, Device data, Usage data	Affiliates, Service providers, Payment processors, Authentication services, Your Service account administrator (if applicable)
Commercial Information	Payment data, Account data, Usage data (related toservice use, e.g., subscription level, transaction history)	Affiliates, Service providers, Payment processors, Your Service account administrator (if applicable)
Internet or Network Activity Information	Device data, Usage data	Affiliates, Service providers, Authentication services, Advertising partners
Sensitive Personal Information	Account data (e.g., third-party login credentials if used), Payment data	Affiliates, Service providers, Payment processors, Authentication services, Your Service account administrator (if applicable)
Inferences	May be derived from the above categories to create a profile about your preferences and characteristics (e.g., service usage patterns, product interest)	Affiliates, Service providers

Additionally, we may disclose personal information to professional advisors, law enforcement and government authorities, and business transferees as described in the "How We Share Your Personal Information" section above.

Sensitive Personal Information

We do not use or disclose sensitive personal information for purposes that would give California residents the right to limit its use or disclosure under California privacy law.

Sale or Sharing of Personal Information

Under the CCPA, certain transfers of personal information for valuable consideration (even if not money) are considered "sales," and transfers for cross-context behavioral advertising are considered "sharing." Our use of certain third-party advertisingservices described in the "Marketing and Promotion" section above may constitute the "sale" or "sharing" of personal information for cross-context behavioral advertising purposes.

Your Privacy Rights

As a California resident, you have the following rights regarding your personal information under the CCPA:

Right to Know: Request information about the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, the business or commercial purpose for collecting, sharing, and/or selling it, the categories of third parties to whom we disclose personal information, and the categories of personal information that we have sold or shared and the categories of third parties to whom it was sold or shared.
Right to Access: Request a copy of certain personal information that we have collected about you in a portable format.
Right to Deletion: Ask us to delete certain personal information that we have collected from you.
Right to Correction: Ask us to correct inaccurate personal information that we have collected about you.
Right to Opt-out of Sale/Sharing: Opt-out of the sale or sharing of your personal information.
Right to Limit Use and Disclosure of Sensitive Personal Information:While we do not use or disclose sensitive personal information for purposes giving rise to this right, California residents have this right regarding sensitive personal information.
Right to Non-Discrimination: You are entitled to exercise the rights described above free from discrimination as prohibited by theCCPA.

How to Exercise Your Rights

To Exercise Your Right to Know, Access, Deletion, or Correction: You may submit requests by contacting us at [Insert Your Privacy Contact Email] or through [Provide any other designated method, e.g., a web form link] .
To Exercise Your Right to Opt-out of Sale/Sharing: You may request to opt-out of this activity where enabled by cookies and other web technologies on the Service by:
- Clicking the link in the footer of our website or this Policy (if provided) and following the instructions.
- Transmitting your opt-out request through the Global Privacy Control (GPC) or another universal opt-out mechanism or preference signal recognized by State Privacy Laws, which we will recognize to the extent required by law. For more info visit . Please note, this opt-out typically applies only to the browser and device from which you submit the request.
- If you wish to opt-out of any offline or other sharing/sales resulting from our activities, please contact us at [Insert Your Privacy Contact Email] .

Verification of Identity: We need to verify your identity and California residency to process your requests. We may require you to log into your Service account (if you have one), verify your email address, provide personal identifiers we can match against information we may have collected previously, or provide other information or documentation as permitted by law.

Authorized Agents: Your authorized agent may make a request on your behalf upon verifying the agent's identity and providing proof that you have authorized them to act on your behalf (e.g., a valid power of attorney).

Appeals: If we deny your privacy rights request, you can appeal the denial by contacting us through the same mechanism you used to submit the original request.

Notice to European Users

This notice applies to individuals located in the United Kingdom ("UK"), the European Economic Area ("EEA"), and Switzerland (collectively referred to as "Europe").

The personal information we collect is described in the section above.

Data Controller: UndatasIO ([Insert Your Legal Entity Name]) is the controller of your personal information described in thisPolicy. See the How to Contact Us section above for contact details.

Legal Bases for Processing:

Under European data protection law (like GDPR and UK GDPR), we must have a valid legal basis for processing your personal information. The legal bases we rely on depend on the purpose of the processing:

Contractual Necessity: The processing is necessary to perform a contract we have with you or to take steps at your request before entering into a contract (e.g., providing the Service you signed up for).
Legitimate Interests: The processing is necessary for our legitimate business interests or those of a third party, provided your fundamental rights and freedoms do not override those interests (e.g., improving the Service, fraud prevention, business operations).
Compliance with Legal Obligation: The processing is necessary for compliance with a legal obligation to which we are subject (e.g., tax reporting, responding to lawful requests).
Consent: You have given specific consent to the processing for one or more specific purposes (e.g., sending direct marketing emails where required).

The table below summarizes some of the main purposes and legal bases:

Processing Purpose	Examples of Personal Information Processed	Legal Basis
Providing and Operating Service	Contact data, Account data, Content, Payment data, Communications data, Device data, Usage data	Contractual Necessity or Legitimate Interests (if no contract)
Business Operations and Improvement	Contact data, Account data, Communications data, Device data, Usage data	Legitimate Interests
Research and Development	Contact data, Account data, Communications data, Device data, Usage data	Legitimate Interests
Marketing and Promotion	Contact data, Account data, Communications data, Device data, Usage data	Legitimate Interests or Consent (where required, especially for consumer marketing)
Compliance, Security, and Protection	All data relevant in the circumstances	Compliance with Legal Obligation or Legitimate Interests

Use for New Purposes:

We may use your personal information for reasons not described in thisPolicy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your information for an unrelated purpose, we will notify you and explain the applicable legal basis.

Sensitive Personal Information:

We do not require sensitive personal information (e.g., related to racial origin, political opinions, health, etc.) and request that you do not provide such information.

Your Rights:

European data protection laws grant individuals in Europe the following rights regarding their personal information:

Right of Access: Obtain information about our processing and access your personal information.
Right to Rectification: Have inaccurate or incomplete personal information corrected.
Right to Erasure (Right to be Forgotten): Request deletion of your personal information in certain circumstances.
Right to Restrict Processing: Ask us to suspend the processing of your personal information in certain situations.
Right to Object: Object to our processing based on legitimate interests or for direct marketing purposes.
Right to Data Portability: Receive your personal information in a structured, commonly used, machine-readable format and transmit it to another controller, where technically feasible and based on certain legal grounds (processing based on consent or contractual necessity).
Right to Withdraw Consent: Withdraw your consent at any time where processing is based on consent. This does not affect the lawfulness of processing before withdrawal.

Exercising Your Rights:

Some rights may be limited if we have an overriding interest or legal obligation to continue processing the data, or if certain exemptions apply. To exercise any of these rights, please contact us at [Insert Your Privacy Contact Email] . We may request specific information to confirm your identity.

Right to Lodge a Complaint:

If you are not satisfied with our response or how we process your personal information, you have the right to lodge a complaint with the data protection regulator in your habitual place of residence.

EEA Regulators:https://edpb.europa.eu/about-edpb/board/members_en
UK Regulator (ICO):https://ico.org.uk/make-a-complaint/
Swiss Regulator:www.edoeb.admin.ch

International Data Transfers:

As noted, we may transfer your personal information outside ofEurope (including to the United States). When transferring to countries not deemed adequate by the European Commission or UK Secretary of State, we implement appropriate safeguards, such as the European Commission's Standard Contractual Clauses or the UK International Data Transfer Addendum (as applicable), to ensure your personal information remains protected in accordance with applicable data protection laws. A copy of our data transfer mechanism can be provided on request via [Insert Your Privacy Contact Email] .