Privacy Policy
Last updated: April 5, 2026
Unveila Ltd. ("Unveila," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our platform at unveila.io and app.unveila.io (the "Platform").
1. Data Controller
Unveila Ltd. is the data controller for the personal data processed through the Platform. For privacy inquiries, contact us at privacy@unveila.io.
2. Personal Data We Collect
2.1 Account Data
When you create an account: name, email address, organization name, job title (optional), and hashed password. We do not store passwords in plain text.
2.2 Payment Data
Payment processing is handled by our payment processor (Stripe, Inc.). We do not store your full credit card number, CVV, or banking details. We may store your Stripe customer ID, billing address, and transaction history for accounting purposes.
2.3 Usage Data
We collect data about how you use the Platform: pages viewed, features used, predictions accessed, watchlists created, alerts configured, search queries, and API calls made.
2.4 Technical Data
We automatically collect: IP address, browser type and version, operating system, device type, screen resolution, referring URL, session duration, and timestamp of access.
2.5 Communication Data
If you contact us for support or feedback, we retain the content of those communications.
3. Legal Basis for Processing (GDPR)
We process your personal data on the following legal bases:
- Contract performance (Article 6(1)(b) GDPR) — processing necessary to deliver the service you requested
- Legitimate interests (Article 6(1)(f) GDPR) — analytics to improve the Platform, fraud prevention, security monitoring
- Consent (Article 6(1)(a) GDPR) — marketing communications and non-essential cookies (you can withdraw consent at any time)
- Legal obligation (Article 6(1)(c) GDPR) — tax records, regulatory compliance, responding to lawful requests
4. How We Use Your Data
- To provide, maintain, and improve the Platform
- To manage your account and deliver platform features
- To send transactional communications (password resets, alert notifications, account updates)
- To send marketing communications (only with your consent; you can opt out at any time)
- To analyze usage patterns and improve our models and features
- To detect and prevent fraud, abuse, and security threats
- To comply with legal obligations
5. Data Sharing
We do not sell your personal data. We share data only with:
- Authentication providers (Firebase) — to enable secure sign-in via Google, GitHub, and Apple
- Email service providers (Resend/Postmark) — to deliver transactional emails
- Cloud infrastructure (hosting provider) — to host and operate the Platform
- Law enforcement — only when required by law, subpoena, or court order
We require all third-party service providers to process your data in accordance with our instructions and applicable data protection laws.
6. International Data Transfers
Your data may be processed in Israel and other countries. Israel has been recognized by the European Commission as providing an adequate level of data protection (Commission Decision 2011/61/EU). For transfers to other jurisdictions, we rely on Standard Contractual Clauses or other approved transfer mechanisms.
7. Data Retention
- Active account data: retained while your account is active plus 30 days after deletion
- Usage analytics: retained for 24 months, then anonymized
- Server logs: retained for 90 days
- Deleted accounts: personal data permanently deleted within 30 days of account deletion request
8. Your Rights
Under GDPR, CCPA/CPRA, and other applicable laws, you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your personal data ("right to be forgotten")
- Restriction — request that we limit processing of your data
- Data portability — receive your data in a structured, machine-readable format
- Object — object to processing based on legitimate interests
- Withdraw consent — withdraw previously given consent at any time
- Non-discrimination — we will not discriminate against you for exercising your rights (CCPA)
To exercise any of these rights, email privacy@unveila.io. We will respond within 30 days.
9. Cookies
We use the following categories of cookies:
- Strictly necessary: authentication, session management, security. These cannot be disabled.
- Functional: remembering your preferences and settings.
- Analytics: understanding how the Platform is used to improve it. We use privacy-respecting analytics.
We do not use marketing or advertising cookies. We do not sell data to advertisers. You can manage cookie preferences in your browser settings.
10. Security
We implement appropriate technical and organizational measures to protect your data, including: encryption in transit (TLS 1.2+), encryption at rest, access controls, regular security reviews, and secure credential storage (bcrypt hashing for passwords). However, no system is completely secure. If we become aware of a data breach affecting your personal data, we will notify you and relevant authorities as required by law.
11. California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act:
- Right to know what personal information is collected, used, and shared
- Right to delete personal information
- Right to opt-out of sale or sharing of personal information. We do not sell or share your personal information as defined under CCPA/CPRA.
- Right to correct inaccurate personal information
12. Children
The Platform is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-platform notification. The "Last updated" date at the top reflects the most recent revision.
14. Contact
For privacy questions or to exercise your rights: privacy@unveila.io