Privacy Policy

Information we collect

We collect account information such as your name, email address, authentication identity data, and profile preferences when you create and maintain an account, and we collect operational data such as dataset metadata, execution history, forum activity, and notification events so the platform can provide reliable workflows and maintain auditability.

We also process technical data including IP related security signals, device session records, and request metadata that is required for rate limiting, fraud monitoring, troubleshooting, and incident response, while applying proportional access controls so this information is restricted to authorized operational roles.

How we use information

Information is used to authenticate users, authorize access to protected resources, provide dataset and analysis workflows, support collaboration features, and deliver account level controls such as profile settings, session management, data export, and account deactivation.

We also use platform activity signals to improve reliability and security posture through vulnerability triage, performance monitoring, abuse prevention, and release quality controls so services remain stable and trustworthy for all users.

How information is shared

We do not sell personal information, and we share information only when required to deliver platform features such as secure authentication integrations, payment processing through Stripe for subscription services, infrastructure operations, legal compliance, or explicit actions initiated by users such as sharing workspace content with other members.

When third party processors are used, data access is limited to the scope needed for service delivery and is governed by contractual obligations that require confidentiality, security controls, and lawful processing practices.

Retention and deletion

Retention periods are designed around operational need and security discipline, which means account, billing, and audit records may be retained for compliance and service integrity purposes, while collaboration data follows feature specific retention policies including chat messages and chat attachments that are kept for up to thirty days before automated cleanup.

Users can export account data from settings and can deactivate accounts through authenticated confirmation, and deletion requests are processed in line with legal obligations and backup lifecycle constraints that may require limited temporary retention before final purge.

Security measures

Uzanova applies layered safeguards that include password hashing with bcrypt, token based authentication with refresh token controls, content security policies, route level rate limiting, upload scanning for unsafe files, access control enforcement by role and ownership, and ongoing remediation informed by recurring penetration testing.

No service can guarantee absolute security in every circumstance, though we continuously maintain and test controls so risk remains managed through practical defense in depth rather than one time configuration.

Your choices and rights

You can update profile details, adjust privacy visibility, manage notification preferences, rotate credentials, revoke active sessions, export account data, and deactivate your account through built in settings flows, and these controls are available without contacting support for routine account management operations.

If your jurisdiction provides additional rights regarding access, correction, or deletion, you may submit requests through your designated account administrator or privacy contact, and we will respond in accordance with applicable law and verification requirements.

International use

If you access the service from outside the primary hosting region, your information may be processed in regions where infrastructure or processors operate, and we apply appropriate safeguards to protect data during cross region handling where legally required.

Policy updates

We may update this Privacy Policy when product capabilities, legal requirements, or operational practices change, and material updates will include a revised effective date on this page so users can review current terms before continued use.