Privacy Policy

Last Updated: February 27, 2026 • Effective Date: February 27, 2026

Key Commitment

We are committed to protecting your privacy and handling your data with transparency and security. We do not sell your personal information, and we only use your data to provide and improve our Service.

1. Introduction

Welcome to Unifybase, operated by Avena Technologies Limited ("we," "our," or "us"), a company registered in England and Wales under company number 17004284, with registered address at 82a James Carter Road, Mildenhall, Bury St. Edmunds, England, IP28 7DE.

We operate the Unifybase knowledge management platform at unifybase.io (the "Service"). Unifybase is a trading name of Avena Technologies Limited.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By accessing or using the Service, you agree to this Privacy Policy.

2. Information We Collect

We collect information in three ways:

2.1 Information You Provide to Us

  • Account Information: Email, name, password (hashed with bcrypt), team/organization name
  • Content You Upload: Documents (PDF, Word, text, images), audio files, chat messages
  • Communications: Support requests, feedback, and correspondence

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, search queries, API usage metrics
  • Device Information: IP address, browser type, operating system, device identifiers
  • Performance Analytics: Service uptime, performance metrics, feature usage patterns

2.3 Information from Third Parties

  • OAuth Providers: Google account email, name, profile picture (with your permission)
  • Google Drive: Files you explicitly authorize us to access

3. How We Use Your Information

  • Core Service: Account management, document processing, AI features, storage, collaboration
  • Service Improvement: Analytics, feature development, performance optimization
  • Communication: Service updates, support, administrative messages, marketing (opt-in only)
  • Security: Fraud prevention, access control, legal compliance, policy enforcement

4. How We Share Your Information

We do not sell your personal information.

We share your information only in these limited circumstances:

4.1 Third-Party Service Providers

  • OpenAI: AI processing for document analysis, chat, and embeddings. Data retained up to 30 days by OpenAI, not used for model training. OpenAI Privacy Policy
  • Google: OAuth authentication and Google Drive integration. Google Privacy Policy

4.2 Other Circumstances

  • Legal Requirements: When required by law, regulation, or legal process
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified)

5. Data Retention

We retain your data only as long as necessary for the purposes described in this Policy:

  • Account Data: Retained while your account is active. Deleted within 30 days of account deletion.
  • Uploaded Files & Documents: Retained while your account is active. You can delete files at any time. All files are removed within 30 days of account deletion.
  • Chat History: Retained while your account is active. Deleted with your account.
  • AI-Generated Content: Retained while your account is active. Deleted with your account.
  • Usage Logs & Analytics: Retained for up to 12 months, then automatically purged.
  • Backups: Maintained on a 30-day rolling basis. After data deletion, residual copies in backups are overwritten within 30 days.

We may retain certain data longer where required by law (e.g., financial records, fraud prevention).

6. Data Security

We implement industry-standard security measures:

  • Encryption: TLS 1.2+ for data in transit, AES-256 for data at rest
  • Authentication: Bcrypt password hashing (10+ rounds), JWT session tokens
  • Access Controls: Role-based access control (RBAC), rate limiting, firewall protection
  • Infrastructure: Regular security updates, database backups, audit logging

7. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: View your data through your account dashboard
  • Portability: Export your data in machine-readable formats
  • Correction: Update your account information anytime
  • Deletion: Request account and data deletion (30-day process)
  • Marketing Opt-Out: Unsubscribe from promotional emails anytime

To exercise your rights, contact us at support@unifybase.io. We will respond within 30 days.

8. International Data Transfers

Avena Technologies Limited is based in the United Kingdom. Your information may be transferred to and processed in countries outside the UK, including the United States (where our AI service providers operate). We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection law.

9. Cookies and Tracking

Essential Storage

We use browser local storage (not cookies) to keep you logged in and store your session token. This is essential for the Service to function and cannot be disabled.

Analytics (Optional)

We may use third-party analytics services to understand how the Service is used. When enabled, these services may set their own cookies:

  • PostHog: Product analytics and usage patterns
  • Google Analytics: Traffic and usage statistics

Analytics providers are only active when explicitly configured. You can block analytics cookies through your browser settings without affecting core functionality.

10. Children's Privacy

The Service is not intended for anyone under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at support@unifybase.io and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this page and, where appropriate, by email or in-app notification.

Your continued use of the Service after changes take effect constitutes acceptance of the revised Policy. We encourage you to review this page periodically.

12. GDPR Compliance (EU/EEA/UK Users)

As a UK-based company, we comply with the UK GDPR and the Data Protection Act 2018. If you're in the EU/EEA/UK, we process your data based on:

  • Contract Performance: Providing the Service
  • Legitimate Interests: Analytics, fraud prevention, security
  • Consent: Marketing, optional features
  • Legal Obligations: Compliance with laws

You have rights to access, rectification, erasure, restriction, portability, objection, and complaint to the UK Information Commissioner's Office (ICO) or your local Data Protection Authority.

Data Controller: Avena Technologies Limited, 82a James Carter Road, Mildenhall, Bury St. Edmunds, England, IP28 7DE. Contact: support@unifybase.io

13. CCPA/CPRA Compliance (California Users)

California residents have additional rights:

  • Right to Know: Request categories and specific pieces of data collected
  • Right to Delete: Request deletion of your data
  • Right to Correct: Request correction of inaccurate data
  • Right to Non-Discrimination: We won't discriminate for exercising rights

We do not sell or share your personal information for advertising.

14. Contact Us

Questions about this Privacy Policy? Contact us:

  • Company: Avena Technologies Limited (trading as Unifybase)
  • Company Number: 17004284 (registered in England and Wales)
  • Address: 82a James Carter Road, Mildenhall, Bury St. Edmunds, England, IP28 7DE
  • Email: support@unifybase.io
  • Response Time: Within 30 days

This Privacy Policy was last reviewed on February 27, 2026. It is provided for informational purposes and does not constitute legal advice.