Privacy Policy

1. Introduction

UCTS ("Universal Context Transfer System", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our software, website, and services (collectively, the "Service").

This policy complies with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, name, and authentication credentials when you register
• Payment Information: Billing details processed through our payment provider (we do not store full payment card details)
• Support Communications: Information you provide when contacting support
• User Content: Conversation files and code you choose to process through our cloud services

2.2 Automatically Collected Information

• Usage Data: Features used, session duration, and interaction patterns
• Device Information: Operating system, browser type, and IP address
• Log Data: Access times, error logs, and diagnostic information
• Cookies: Session cookies and analytics cookies (see our Cookie Policy)

2.3 Local Processing

Important: By default, UCTS processes all conversation data locally on your device. Your code and conversation content is NOT transmitted to our servers unless you explicitly opt into cloud features. Local CLI usage does not require an account and collects no personal information.

3. How We Use Your Information

We use collected information for the following purposes:

• To provide, maintain, and improve the Service
• To process transactions and send related information
• To send technical notices, updates, and security alerts
• To respond to your comments, questions, and support requests
• To monitor and analyze usage patterns and trends
• To detect, prevent, and address technical issues and fraud
• To comply with legal obligations

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process personal data based on:

• Contract Performance: Processing necessary to provide the Service you requested
• Legitimate Interests: Improving our services, security, and fraud prevention
• Legal Compliance: Processing required by applicable laws
• Consent: Where you have given explicit consent for specific processing

5. Data Sharing and Disclosure

We do not sell your personal information. We may share information with:

• Service Providers: Third parties who perform services on our behalf (hosting, payment processing, analytics)
• Authentication Providers: Authentik or other SSO providers you use to log in
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you explicitly authorize sharing

6. Data Retention

We retain personal information for as long as necessary to:

• Provide the Service and maintain your account
• Comply with legal obligations (tax, audit requirements)
• Resolve disputes and enforce agreements

Account data is retained for the duration of your account plus 30 days after deletion. Usage analytics are anonymized after 24 months. Backup data is purged within 90 days of deletion.

7. Your Rights

7.1 All Users

• Access your personal information
• Correct inaccurate information
• Delete your account and associated data
• Export your data in a portable format
• Opt out of marketing communications

7.2 EU/EEA Residents (GDPR)

• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

7.3 California Residents (CCPA)

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt out of the sale of personal information (we do not sell data)
• Right to non-discrimination for exercising privacy rights

7.4 Australian Residents

Under the Privacy Act 1988, you have the right to access and correct your personal information. To make a request or complaint, contact our Privacy Officer at privacy@ucts.dev.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses approved by the European Commission
• Compliance with the Australian Privacy Principles for cross-border disclosure
• Data Processing Agreements with all third-party processors

9. Data Security

We implement appropriate technical and organizational measures to protect your information:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Regular security assessments and penetration testing
• Access controls and authentication requirements
• Incident response procedures
• Employee security training

See our Security Policy for more details.

10. Children's Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice (such as email notification or in-app alert). Your continued use of the Service after changes constitutes acceptance of the updated policy.