Privacy Policy

We collect information you provide directly when you create an account, including your name, email address, organization name, and billing information. When you use the Service, we also collect usage data such as API request metadata, gateway configurations, and policy settings.

We automatically collect technical data including your IP address, browser type, operating system, device identifiers, and referring URLs. Our servers log request timestamps, response codes, and latency metrics to maintain Service reliability and performance.

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and understand how you interact with the Service. See the Cookies section below for more details on the specific cookies we use.

We use the information we collect to provide, maintain, and improve the Service. This includes processing your requests through the AI gateway, enforcing your configured policies, generating audit logs, and providing analytics dashboards. Your data enables us to deliver the core functionality you expect from the platform.

We also use your information to communicate with you about your account, respond to support requests, send service-related notices, and inform you about new features or changes to the Service. You can opt out of non-essential communications at any time through your account settings.

We may use aggregated, anonymized data for research, analytics, and improving our products. This data cannot be used to identify individual users. We may also use your information to comply with legal obligations, enforce our Terms of Service, and protect the rights, safety, and security of Unyform and our users.

We do not sell your personal information to third parties. We do not share your data with advertisers or data brokers. Your trust is fundamental to our business, and we treat your data with the highest level of care and responsibility.

We may share your information with trusted service providers who assist us in operating the Service, such as payment processors, email delivery services, and infrastructure providers. These providers are contractually obligated to protect your data and may only use it to perform services on our behalf.

We may disclose your information if required by law, regulation, legal process, or governmental request. We may also disclose information in connection with a merger, acquisition, or sale of assets, in which case we will notify you before your data is transferred and becomes subject to a different privacy policy.

We retain your account information for as long as your account is active or as needed to provide the Service. Audit logs are retained according to your subscription plan: 7 days for Community, 90 days for Team, and 365 days for Enterprise plans. After these periods, audit data is automatically purged.

When you delete your account, we initiate a 30-day data export period during which you can download your data. After this period, we will delete your personal information from our active systems within 90 days. Some data may be retained in encrypted backups for up to 180 days before being permanently deleted.

We may retain certain information as required by law, for legitimate business purposes such as fraud prevention, or to resolve disputes. Any retained data will be stored securely and accessed only when necessary for these purposes.

We implement industry-standard security measures to protect your data. All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3. API keys and sensitive credentials are stored using one-way cryptographic hashing with Argon2id.

Access to production systems is restricted to authorized personnel through role-based access controls, multi-factor authentication, and VPN-secured connections. We conduct regular security audits and penetration testing to identify and address vulnerabilities.

In the event of a security incident, we maintain an incident response plan that includes prompt notification to affected users as required by applicable law. We commit to transparency in our security practices and will communicate the nature and scope of any breach, the data affected, and the remedial steps taken.

Depending on your jurisdiction, you may have certain rights regarding your personal data. Under the GDPR, EU residents have the right to access, rectify, erase, restrict processing, object to processing, and port their data. Under the CCPA, California residents have the right to know what data is collected, request deletion, and opt out of data sales.

To exercise any of these rights, contact us at privacy@unyform.ai or use the data management tools available in your account settings. We will respond to verified requests within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing certain requests.

You will not be discriminated against for exercising your privacy rights. If you believe your rights have been violated, you have the right to lodge a complaint with your local data protection authority. Our Data Protection Officer can be reached at dpo@unyform.ai.

We use essential cookies that are strictly necessary for the Service to function. These include session cookies to maintain your authentication state and CSRF protection tokens. These cookies cannot be disabled without breaking core functionality.

We use analytics cookies to understand how users interact with the Service, including page views, feature usage, and navigation patterns. This data helps us improve the user experience. Analytics data is aggregated and does not identify individual users. You can opt out of analytics cookies through your browser settings.

We use preference cookies to remember your settings, such as your preferred theme, timezone, and dashboard layout. These cookies enhance your experience but are not required for the Service to function. You can manage cookie preferences in your account settings or through your browser.

We use Stripe for payment processing. When you provide payment information, it is sent directly to Stripe and is subject to Stripe’s privacy policy. We do not store your full credit card number on our servers. Stripe receives your name, email, billing address, and payment card details.

We use SendGrid for transactional email delivery, including account verification, password resets, and service notifications. SendGrid receives your email address and the content of transactional messages. We use HubSpot for managing sales inquiries and lead tracking. HubSpot receives contact information you provide through our sales and contact forms.

Each third-party service has its own privacy policy governing how they handle your data. We select providers that maintain strong privacy and security standards. We encourage you to review the privacy policies of these third-party services for more information about their data practices.

The Service is not directed at children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to delete that information promptly.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@unyform.ai so we can take appropriate action. We comply with the Children’s Online Privacy Protection Act (COPPA) and similar regulations in other jurisdictions.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. For material changes, we will provide notice via email to the address associated with your account or through a prominent notice on the Service at least 30 days before the changes take effect.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the changes, you should discontinue use of the Service and delete your account. Previous versions of this policy are available upon request.

The “Last updated” date at the top of this page indicates when this Privacy Policy was most recently revised. We encourage you to periodically review this page for the latest information on our privacy practices.

For privacy inquiries, data access requests, or questions about this Privacy Policy, please contact us at:

privacy@unyform.ai

Unyform, Inc.
Wilmington, Delaware, United States

Data Protection Officer: dpo@unyform.ai