UniAsset

Privacy Policy

Last updated: January 1, 2026

Effective Date: January 1, 2026

1. Introduction and Scope

This Privacy Policy describes how your data is collected, used, stored, and protected when you use our enterprise asset management platform ("Service"). We are committed to protecting the privacy and security of your information with enterprise-grade practices and transparency.

This policy applies to all users of our Service, including organization administrators, team members, and visitors to our website. By using our Service, you acknowledge that you have read and understood this Privacy Policy.

We process data as both a data controller (for account and billing information) and as a data processor (for asset data you enter into the system on behalf of your organization).

2. Information We Collect

2.1 Account and Registration Data

When you create an account or are invited to join an organization, we collect:

  • Name and email address
  • Password (stored in encrypted, hashed form only)
  • Organization name and tenant association
  • User role and permissions
  • Account creation and last login timestamps

2.2 Asset and Business Data

Your organization enters and manages asset information including:

  • Asset identifiers, names, serial numbers, and descriptions
  • Purchase information (dates, costs, vendors, warranties)
  • Location and assignment information
  • Maintenance records, costs, and schedules
  • Documents and images uploaded by your team
  • Categories, departments, and custom statuses
  • Financial data (depreciation, costs, valuations)

Important: Your organization owns this data. We process it solely to provide the Service and do not use your asset data for any other purpose.

2.3 Audit Trail and Activity Data

To support compliance and accountability, we automatically log:

  • User actions within the platform (create, update, delete operations)
  • Timestamps of all significant events
  • User attribution for changes
  • Login events and session information

2.4 Technical and Usage Data

We automatically collect technical information to operate and improve the Service:

  • Browser type and version
  • Device type and operating system
  • IP address (for security and fraud prevention)
  • Pages visited and features used
  • Performance metrics and error logs

3. How We Use Your Information

3.1 Providing the Service

  • Operating and maintaining the asset management platform
  • Authenticating users and managing access
  • Processing and storing your asset data
  • Generating reports and analytics you request
  • Sending notifications and alerts you configure

3.2 Service Improvement

  • Analyzing usage patterns to improve features
  • Identifying and fixing bugs and performance issues
  • Developing new features based on aggregated usage data

3.3 Communication

  • Sending service-related announcements and updates
  • Responding to support requests
  • Providing billing and subscription notifications

3.4 Security and Compliance

  • Protecting against unauthorized access and fraud
  • Maintaining audit trails for accountability
  • Complying with legal obligations

4. Data Storage and Security

4.1 Storage Location

Your data is stored in secure cloud infrastructure. Database services are hosted with enterprise-grade cloud providers with SOC 2 certification. Documents and files are stored in encrypted blob storage.

4.2 Security Measures

We implement comprehensive security measures including:

  • Encryption in transit: All data transmitted over TLS 1.2+
  • Encryption at rest: Database and file storage encryption
  • Access controls: Role-based access, principle of least privilege
  • Authentication: Secure password hashing, session management
  • Monitoring: Security event logging and alerting
  • Backups: Regular automated backups with encryption

4.3 Tenant Isolation

Your organization's data is logically isolated from other customers. Multi-tenant architecture ensures that users can only access data belonging to their own organization. All database queries are scoped to your tenant.

5. Data Retention

We retain your data according to the following principles:

  • Active accounts: Data is retained for as long as your subscription is active
  • After cancellation: Data is retained for 30 days to allow for reactivation, then scheduled for deletion
  • Audit logs: Retained for compliance purposes according to your plan (typically 1-7 years)
  • Backups: Maintained for disaster recovery, following the same retention schedule
  • Upon request: You may request data deletion at any time

6. Data Deletion

Upon account termination or deletion request:

  • All asset data, user data, and uploaded documents are permanently deleted
  • Deletion is completed within 30 days of request
  • Backups are purged according to retention schedule
  • We provide written confirmation of deletion upon request

Note: We may retain anonymized, aggregated data that cannot identify you or your organization for analytical purposes.

7. Third-Party Services

We use carefully selected third-party services to operate the platform:

  • Cloud infrastructure: Database hosting and compute services
  • File storage: Secure document and image storage
  • Email delivery: Transactional email services
  • Analytics: Privacy-respecting usage analytics

We ensure all third-party providers meet our security and privacy requirements through contract and due diligence.

8. Your Rights

Depending on your location, you have the following rights regarding your personal data:

  • Right to access: Request a copy of your personal data
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your personal data
  • Right to portability: Receive your data in a portable format
  • Right to object: Object to certain types of processing
  • Right to restrict processing: Request limitation of processing

To exercise any of these rights, contact us at info@uniasset.app. We respond to all requests within 30 days.

9. Data Protection & GDPR

Data protection laws, including the General Data Protection Regulation (GDPR), may apply to users located in the European Economic Area (EEA).

  • General approach: We handle personal data in the context of providing and operating the UniAsset service.
  • International processing: Depending on how the service is accessed and used, data may be processed in different locations.
  • User rights: Applicable data protection laws may grant users certain rights related to their personal data.
  • Contact: Questions related to privacy or data handling can be directed to info@uniasset.app.

10. Cookies and Tracking

We use only essential cookies required for the Service to function:

  • Session cookies: To maintain your login state
  • Preference cookies: To remember your settings
  • Security cookies: To protect against cross-site request forgery

We do not use advertising cookies or sell your data to advertisers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes:

  • We will update the "Last updated" date at the top of this policy
  • We will notify you via email for significant changes
  • We will provide 30 days notice before changes take effect

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

  • Privacy inquiries: info@uniasset.app
  • Data protection officer: info@uniasset.app
  • General inquiries: Use our contact form at /contact

We aim to respond to all privacy-related inquiries within 5 business days.