Privacy Policy

2. How we use your information (purposes & legal bases)

We process personal data for the purposes below. Legal bases apply cumulatively and vary by jurisdiction:

1. Responding to enquiries & providing updates (contact forms, waitlist, demo requests). Bases: consent; performance of pre‑contractual steps; legitimate interests (operate and grow the business).
2. Evaluating seller interest & onboarding readiness (for prospective stores). Bases: pre‑contractual steps; legitimate interests.
3. Operating, securing, and improving the Site (troubleshooting, analytics, A/B tests, preventing fraud/abuse). Bases: legitimate interests; for non‑essential cookies, consent.
4. Marketing communications (newsletters, product updates, events) if you opt in or where permitted. Bases: consent; legitimate interests (B2B direct marketing, where allowed). Opt‑out anytime.
5. Legal compliance & enforcement (e.g., responding to lawful requests; enforcing terms; protecting rights). Bases: legal obligation; legitimate interests.

3. No sale of personal data

We do not sell your personal information. If we use the term “share” it refers to disclosures described in §5 and, in California, does not include a sale under the CCPA/CPRA. If we ever engage in cross‑context behavioral advertising on the Site, we will present a clear “Do Not Sell or Share My Personal Information” link and honor opt‑out signals where required.

4. Retention

We keep data only as long as needed for the purposes in §2 or as required by law:

• Lead/contact records: up to 24 months after last interaction (or earlier upon request).
• Analytics/telemetry logs: typically 12–26 months (provider settings).
• Security logs/abuse prevention: up to 36 months where necessary.
• Email marketing consents: retained to document preferences unless you request deletion.

5. How we share information

We share personal data only with:

• Service providers/Processors: hosting/CDN, security (e.g., WAF/anti‑bot), analytics, email delivery, form processing, CRM. These providers process data under contract and only as instructed by us.
• Business partners (optional): if you ask us to connect you (e.g., incubators, pilot partners).
• Corporate transactions: in a merger, acquisition, or asset sale, subject to confidentiality and continued protection.
• Legal & safety: to comply with laws, respond to lawful requests, or protect rights, safety, and property.

We maintain a record of our key sub‑processors and will provide it on request. You can contact us (see §15/§16) to learn more.

6. Cookies and similar technologies

• Strictly necessary cookies enable core site functionality and security; they cannot be switched off.
• Analytics cookies help us understand aggregate usage and improve content.
• Marketing/advertising cookies may be used to show relevant UniToko ads on other sites (remarketing) only if you consent.

Your choices: Use our cookie banner to accept/reject non‑essential cookies; adjust browser settings; or use platform tools (e.g., Google’s Ad Settings). If you clear cookies, your preferences may reset.

7. International data transfers

We may process data in countries outside your own (e.g., hosting, support). When we transfer personal data internationally, we rely on appropriate safeguards, such as Standard Contractual Clauses, and implement technical/organizational measures (encryption in transit, access controls). For India residents, cross‑border transfers are performed in accordance with the Digital Personal Data Protection Act, 2023 (DPDP).

8. Security

We use reasonable and appropriate safeguards to protect personal data, including HTTPS/TLS, access controls, role‑based access, and least‑privilege policies. No system is 100% secure; please notify us immediately if you suspect a security issue at security@unitoko.com.

9. Your rights & choices

Your privacy rights depend on your location. Subject to exceptions, you may request to:

• Access a copy of your personal data.
• Correct inaccurate or incomplete data.
• Delete your data.
• Port your data in a machine‑readable format.
• Object to or restrict certain processing (e.g., direct marketing).
• Withdraw consent where processing is based on consent.

We may need to verify your identity before fulfilling a request. Contact us via §15 or the India grievance channel in §16.

10. Region‑specific disclosures

A. India (DPDP Act, 2023)

• Data Fiduciary: UniToko Ai Tech Private Limited
• Data Principals’ rights: access, correction, erasure, grievance redressal, and nomination rights.
• Consent: We rely on your consent for non‑essential cookies/marketing and permissible purposes for security and lawful processing.
• Grievance redressal: See §16 to contact our Grievance Officer. You may also escalate to the Data Protection Board of India once operational/where applicable.

B. EEA/UK (GDPR/UK GDPR)

• Controller: UniToko Ai Tech Private Limited
• Legal bases: consent, contract, legitimate interests, legal obligation (see §2).
• Representative/DPO (if applicable): [Details if appointed].
• Complaints: You may lodge a complaint with your local Data Protection Authority; UK residents may contact the ICO.

C. California (CCPA/CPRA)

• Categories collected: identifiers (name, email, IP), commercial information (form interest), internet activity (analytics), geolocation (approximate), inferences (basic interest segments).
• Purposes: as described in §2; no sale of personal information.
• Rights: know/access, correct, delete, opt‑out of sale/sharing (if applicable), limit sensitive data (not collected).
• Non‑discrimination: we will not discriminate for exercising your rights.

11. Children’s privacy

The Site is intended for individuals 18 years and older. We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us to delete it.

12. Third‑party links

Our Site may link to third‑party websites/services. Their privacy practices are governed by their own policies. Please review those policies before providing information.

13. Automated decision‑making

We do not use automated decision‑making that produces legal or similarly significant effects about you on the Site.

14. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top indicates the most recent revision. Material changes will be highlighted on the Site or via email (if appropriate).

15. Contact us (global)

16. India grievance redressal (IT Rules & DPDP)

17. Additional details & examples (informative)

• Forms: When you submit a pre‑registration form, we store your details in our CRM to contact you about availability, onboarding steps, and pilot programs.
• Email marketing: If you tick “subscribe”, we’ll send periodic product updates. Every message includes an unsubscribe link.
• Analytics: We use aggregated reports to learn which pages are most helpful and where users drop off, so we can improve navigation and content.
• Security: We may use a CDN/WAF to filter malicious requests; IP data can be processed transiently for this purpose.

18. Your controls (how‑to)

• Unsubscribe: Click the link in any marketing email or write to privacy@unitoko.com.
• Cookie preferences: Use the cookie banner or your browser’s settings.
• Access/Deletion/Correction requests: Email privacy@unitoko.com with the subject line Privacy Request – [Access/Delete/Correct] and include enough information to identify your records (e.g., email used on the form).

Note: This template is provided for convenience and does not constitute legal advice. Consult counsel to tailor jurisdictional disclosures (e.g., appointing a GDPR representative/DPO, finalizing the grievance officer details, and confirming your exact service providers and cookie categories).