PRIVACY POLICY (UniDrive)

Last Updated: 2025/11/25

UniDrive ("we," "us," "our") respects your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Services. By using UniDrive, you agree to this Policy.

1. Information We Collect

1.1 Information You Provide

  • Account details (email, password, name)
  • Uploaded files and documents
  • Tags, highlights, annotations, metadata
  • Chat inputs, search queries, and interactions
  • Feedback and support messages

1.2 Automatically Collected Data

  • Device information (OS, browser, app version)
  • Log data and error reports
  • IP address and approximate location
  • Usage analytics (features used, click behavior)
  • Browser extension actions (downloads, file paths)

1.3 Payment Information

Payment details are processed by third parties (e.g., Stripe). We do not store full payment card numbers.

2. How We Use Your Information

We use your data to:

  • Provide and maintain file organization, tagging, and search
  • Generate embeddings, tags, and highlights
  • Operate AI features such as chat, semantic search, and RAG
  • Sync data across your devices
  • Improve model quality and service performance
  • Prevent fraud and ensure security
  • Provide customer support
  • Comply with legal obligations

We do not sell personal data. We do not use your files to train models without explicit opt-in.

2.1 Legal Bases for Processing (EEA/UK users)

If you are located in the European Economic Area (EEA), the United Kingdom, or in a jurisdiction with similar data protection laws, we process your personal data only when we have a valid legal basis. Depending on the context, this may include:

  • Performance of a contract: to provide and operate the Services you request, such as syncing your files, running searches, or delivering AI-assisted features.
  • Legitimate interests: to secure and improve our Services, understand usage patterns, prevent fraud and abuse, and develop new features, where these interests are not overridden by your rights and interests.
  • Consent: where required by law, for example for certain types of analytics, marketing communications, or optional experimental features. You can withdraw your consent at any time, without affecting the lawfulness of processing before withdrawal.
  • Legal obligations: to comply with laws, regulations, court orders, or requests from competent authorities.

3. AI and Model Usage

UniDrive may send content to AI models (ours or third-party) only for operations you request, such as:

  • semantic search
  • summarization
  • autocomplete
  • chat-based answers
  • tag generation
  • RAG retrieval
  • document analysis

3.1 External Models

If third-party AI APIs are used, we send only the content necessary to perform the operation you requested (for example, text excerpts, prompts, or embeddings). In these cases:

  • Content is transmitted securely using industry-standard encryption
  • Providers are contractually required not to train their models on your personal data or file contents, unless you have explicitly opted in where such an option is offered
  • Providers may temporarily store data for short-term processing (for example, to complete your request, handle abuse detection, or maintain service reliability) but are not permitted to use it for unrelated purposes

As of the date of this policy, our third-party AI providers may include, for example, OpenAI, Anthropic, Jina AI, Perplexity, and OpenRouter (which may in turn route to additional model providers such as Meta Llama, Google Gemini, and others). We maintain an up-to-date list of AI providers and models on our website.

4. Sharing Your Information

We may share information only with:

Service Providers

  • AI model providers
  • Analytics and telemetry tools (PostHog)
  • Billing providers (Stripe)
  • Customer support tools

Legal Compliance

We may disclose information if required by law, subpoena, or court order.

Business Transfers

If UniDrive undergoes a merger or acquisition, your information may transfer as part of the transaction.

We never sell your personal data.

5. Data Storage and Security

5.1 Storage

Your data may be stored in:

  • U.S.-based data centers
  • Regional servers as required for performance or compliance

5.2 Security Measures

We use industry-standard protections:

  • Encryption in transit (TLS 1.2+)
  • Encryption at rest (AES-256)
  • Strict access-control and credential management
  • Periodic security audits

No system is perfectly secure, but we take reasonable steps to protect your information.

5.3 Local vs. Cloud Processing

UniDrive is designed as a local-first product. In practice, this means:

  • Local storage and processing: your files (including .uni documents), tags, and local indexes are stored on your device by default, and many operations such as browsing, editing, and certain search functions can run entirely on your device.
  • Optional cloud sync: if you enable cloud sync, certain file metadata, content, tags, and embeddings may be uploaded to our cloud services so that you can access them across devices and benefit from cloud search and backup. You can control whether individual files are synced by using per-file processing settings (for example, toggling options such as "Allow Cloud Sync" or "Exclude from Sync" in the app). Files that are excluded from sync will not be uploaded to our cloud storage.
  • AI processing controls: you can control whether a given file may be used for AI operations (such as tagging or summarization) via per-file settings like "Allow AI Processing". When this is disabled, we do not send that file's content to third-party AI providers. For certain AI chat and assistant features, we may store conversation history and related metadata in our cloud database so that you can resume conversations across sessions; where supported, you may clear or delete these histories from within the product.

We may add new in-product settings over time and will update this Policy to describe any material changes.

6. Your Rights

Depending on where you live, you may have certain rights over your personal information. These rights can vary by jurisdiction and may include the rights described below.

You can exercise your rights by contacting us at [email protected]. We may need to verify your identity before responding to your request. We will respond within the time frames required by applicable law. You may opt out of usage analytics by contacting us at [email protected]. Note that opting out may limit our ability to diagnose issues or improve your experience.

6.1 Rights under GDPR (EEA/UK)

If you are located in the European Economic Area (EEA), the United Kingdom, or in a jurisdiction with similar data protection laws, you may have the following rights, subject to applicable limitations:

  • Right of access: to obtain confirmation of whether we process your personal data and to receive a copy of it.
  • Right to rectification: to request that we correct inaccurate or incomplete personal data.
  • Right to erasure ("right to be forgotten"): to request that we delete your personal data in certain circumstances (for example, when it is no longer needed or you withdraw consent).
  • Right to restriction of processing: to request that we restrict processing in certain circumstances (for example, while we verify the accuracy of data you contest).
  • Right to data portability: to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller where technically feasible.
  • Right to object: to object to processing based on our legitimate interests, including profiling, and we will stop processing unless we have compelling legitimate grounds.
  • Right to withdraw consent: where we rely on consent, you may withdraw it at any time, without affecting processing that has already occurred.
  • Right not to be subject to a decision based solely on automated processing: where such decisions produce legal or similarly significant effects on you, subject to certain exceptions.

You also have the right to lodge a complaint with your local data protection authority.

6.2 Rights under CCPA/CPRA (California)

If you are a resident of California, you may have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), subject to applicable limitations:

  • Right to know: to request that we disclose the categories and specific pieces of personal information we have collected about you, as well as the categories of sources, purposes of use, and categories of third parties with whom we share it.
  • Right to delete: to request deletion of personal information we have collected from you, subject to certain exceptions.
  • Right to correct: to request that we correct inaccurate personal information that we maintain about you.
  • Right to opt-out of sale or sharing: to direct us not to "sell" or "share" your personal information as those terms are defined under the CCPA/CPRA.
  • Right to limit use of sensitive personal information: where applicable, to limit our use and disclosure of sensitive personal information.
  • Right to non-discrimination: we will not discriminate against you for exercising any of your CCPA/CPRA rights.

At this time, we do not "sell" or "share" your personal information as those terms are defined under CCPA/CPRA. If this changes in the future, we will update this Policy and provide you with a way to opt out.

7. Data Retention

We retain personal data only for as long as reasonably necessary to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements.

In general:

  • Account data (such as your profile, settings, and subscription information) is kept for as long as your account is active.
  • If you request deletion of your account, we will delete or anonymize your account data, files, and associated embeddings from our active systems within approximately 30 days, unless we are legally required to retain certain information for a longer period (for example, for tax or accounting purposes).
  • Logs and backups that may contain personal data are preserved only for limited periods and are rotated or deleted on a regular schedule (typically within 90 days), after which your data will no longer be recoverable from those backups.
  • Certain aggregated or de-identified data that does not identify you may be retained for longer for analytics, service improvement, and security purposes.

We may adjust these retention periods from time to time to reflect changes in our Services, infrastructure, or legal obligations, and will update this Policy as needed.

8. Children's Privacy

We do not knowingly collect information from children under 13. If you believe a child has provided us data, contact us.

9. International Data Transfers

If you access UniDrive outside the U.S., we may transfer data across borders in compliance with applicable laws.

10. Changes to This Policy

We may update this Policy occasionally. We will notify users of material changes through email or in-app notices.

11. Contact Us

OrinTech Inc. (UniDrive)
Email: [email protected]
Website: https://unidrive.ai

12. Cookies and Similar Technologies

We use cookies and similar technologies to operate and secure our Services.

  • Essential cookies: we use certain cookies (or similar browser storage) that are necessary for authentication, security, and basic functionality—for example, to keep you signed in to the app or to validate OAuth login flows. These cookies are typically set as HttpOnly and use appropriate SameSite and secure attributes where supported by your browser.
  • Analytics and performance: We use PostHog to collect usage analytics. PostHog may set cookies (such as `ph_phc_*` or similar identifiers) to distinguish users and track feature usage across sessions. These cookies help us understand which features are used and how to improve our Services.
  • Your choices: you can configure your browser to refuse cookies or to alert you when cookies are being set. Some parts of the Services may not function properly if you disable cookies that are strictly necessary.

If we introduce additional categories of cookies (for example, for marketing or personalization), we will update this Policy and, where required, provide a separate Cookie Policy or consent banner describing those cookies in more detail.