Privacy Policy
How UniversalContext collects, uses, and protects your information.
Last Updated: February 23, 2026
This Privacy Policy describes how UniversalContext LLC ("UniversalContext," "UC," "we," "us," or "our") collects, uses, discloses, and protects information in connection with our hosted software platform, APIs, and related services (collectively, the "Service").
This Policy applies to:
- Customers — organizations that enter into an agreement with UC.
- Authorized Users — employees, contractors, or agents authorized by a Customer to access the Service.
Important: UniversalContext acts as a data processor with respect to Customer Data and as a data controller with respect to Account Data and certain Operational Data. A Data Processing Addendum ("DPA") is available to Customers and forms part of the customer agreement where applicable.
1. Definitions
Account Data — Information provided to create or administer accounts (e.g., name, work email address, job title, organization name, billing information).
Customer Data — Data, content, files, documents, and other materials submitted to the Service by or on behalf of a Customer or Authorized Users, including any personal data chosen by the Customer.
Operational Data — Technical and usage information automatically collected about how the Service is accessed and used.
Output — Results or content generated by the Service based on Customer Data.
2. Information We Collect
2.1 Account Data
We collect:
- Name
- Work email address
- Organization name
- Job title
- Billing and invoicing information
- Account preferences and settings
2.2 Customer Data
Customer Data is processed strictly on behalf of and at the direction of the Customer. UniversalContext does not control the content of Customer Data and processes it only to provide the Service and comply with legal obligations.
2.3 Operational Data
We automatically collect:
- IP address and approximate geolocation (country/region)
- Device, browser, and operating system information
- Authentication and session information
- API logs, timestamps, feature interactions
- Performance and diagnostic data
Operational monitoring tools may include:
- Cloud infrastructure observability tools
- Error tracking systems
- Distributed tracing systems
- Application logging and metrics platforms
Operational Data is used solely for security, performance monitoring, troubleshooting, and service improvement.
2.4 Communications Data
If you contact us, we collect the content of communications and associated contact details.
2.5 Cookies and Similar Technologies
We use cookies and similar technologies to:
- Authenticate sessions
- Maintain security
- Store user preferences
- Support service analytics
We do not use advertising cookies or cross-site tracking technologies. We do not sell data.
3. How We Use Information
| Category | Purpose |
|---|---|
| Account Data | Account provisioning, billing, authentication, service communications, customer support |
| Customer Data | Providing and operating the Service; executing AI and analytical features at Customer direction; maintaining security; complying with legal obligations |
| Operational Data | Reliability, performance monitoring, fraud detection, abuse prevention, and aggregate analytics |
| Communications Data | Responding to inquiries and improving support services |
4. AI Transparency and Automated Processing
The Service includes AI-powered functionality that generates Output based on Customer Data.
- AI features operate only at Customer direction.
- UniversalContext does not make legally binding decisions about individuals unless configured by the Customer.
- AI-generated Output may be probabilistic and may contain inaccuracies or inferred content.
- Customers are responsible for reviewing and validating Output where appropriate.
UniversalContext does not use Customer Data or Output to train or improve generalized machine learning models without prior written Customer authorization.
Where third-party AI infrastructure providers are used, contractual agreements prohibit retention or use of Customer Data for independent model training, except as required by law.
5. Sharing and Disclosure
5.1 Subprocessors
We engage third-party subprocessors to provide infrastructure, AI services, and operational support.
All subprocessors:
- Are bound by written agreements
- Must maintain confidentiality
- Must implement appropriate security safeguards
- Process Customer Data only on documented instructions
UniversalContext maintains an up-to-date list of subprocessors upon request.
Customers will receive at least 30 days' prior notice before the addition of any new subprocessor that processes Customer Data and may object on reasonable data protection grounds.
5.2 Business Transfers
In the event of a merger, acquisition, or asset transfer, information may be transferred subject to equivalent protections.
5.3 Legal Disclosure
We may disclose information when required by law or legal process. Where legally permitted, we will provide reasonable advance notice to the Customer.
5.4 No Sale of Data
We do not sell, rent, or trade Customer Data or Account Data.
6. Customer Data Processing Commitments
With respect to Customer Data, UniversalContext:
- Processes data only on documented Customer instructions
- Does not access Customer Data except as necessary to provide the Service
- Assists Customers in responding to data subject requests
- Notifies Customers if an instruction violates applicable law
- Implements appropriate technical and organizational safeguards
A Data Processing Addendum is available and incorporates applicable transfer safeguards (see Section 8).
7. Data Retention
| Data Type | Retention |
|---|---|
| Account Data | Retained for the duration of the subscription and deleted or de-identified within 90 days after closure (subject to legal retention requirements) |
| Customer Data (active subscription) | Retained while subscription is active |
| Customer Data (post-termination) | Available for export for 30 days, then deleted or de-identified from production systems within 30 days thereafter |
| Backup Data | Retained in encrypted backups per rotation schedules; restored only for disaster recovery |
| Operational Data | Retained up to 12 months in identifiable form; may be retained longer in aggregated or de-identified form |
| Communications Data | Retained up to 3 years |
Deletion is performed using industry-standard practices (e.g., logical deletion and cryptographic erasure). Certification of deletion is available upon request.
8. Security
UniversalContext maintains a documented information security program that includes:
- Encryption in transit (TLS 1.2+)
- Encryption at rest
- Least-privilege access controls
- Multi-factor authentication for administrative access
- Vulnerability scanning and remediation
- Audit logging
- Secure software development practices
- Incident response procedures
8.1 Tenant Isolation and Per-Organization Encryption
The Service employs a multi-tenant architecture with logical and cryptographic isolation between Customer organizations:
- Each Customer organization's data is encrypted at rest using a dedicated, Customer-specific encryption key managed through a cloud key management service.
- Shared platform infrastructure uses a separate platform-managed encryption key.
- Row-level security policies enforce data separation at the database layer, scoped to both the organization and user level, ensuring that one Customer's data is never accessible to another.
- Customer documents are stored in organization-specific storage locations with access controls restricting access to the owning organization.
8.2 Security Incidents
In the event of a confirmed unauthorized access to Customer Data ("Security Incident"), UC will notify the Customer without undue delay and, where feasible, within 72 hours of confirmation.
Notification will include:
- Nature and scope of the incident
- Categories of affected data (if known)
- Remediation steps taken or planned
- Contact information for follow-up
9. International Data Transfers
UniversalContext processes data in the United States.
Where Customer Data originates from the EEA, UK, or Switzerland, UniversalContext relies on legally recognized safeguards, including:
- EU Standard Contractual Clauses (2021/914)
- UK International Data Transfer Addendum
- Swiss-recognized transfer mechanisms
Where required, UniversalContext implements supplementary measures and conducts transfer risk assessments.
10. Individual Rights
10.1 Where UC Acts as Processor
Data subject requests relating to Customer Data must be directed to the relevant Customer. We assist Customers in fulfilling such requests.
10.2 Where UC Acts as Controller
For Account Data and certain Operational Data, individuals may have rights including:
- Access
- Correction
- Deletion
- Restriction
- Portability
- Objection
Requests may be submitted to: info@universalcontext.ai
We respond within legally required timeframes (generally 30 days).
11. California Privacy Rights (CCPA/CPRA)
For California Authorized Users:
We collect the following categories of personal information:
- Identifiers (name, email, IP address)
- Professional information
- Internet activity information (usage data)
We do not:
- Sell personal information
- Share for cross-context behavioral advertising
- Use sensitive personal information beyond permitted business purposes
California residents may submit rights requests to info@universalcontext.ai. We do not discriminate for exercising privacy rights.
12. European Union / UK Data Protection
Where required under GDPR or UK GDPR, UC processes personal data under the following legal bases:
- Contract performance
- Legal obligations
- Legitimate interests (service security, fraud prevention, analytics)
A legitimate interest balancing assessment has been conducted where applicable.
Individuals may lodge complaints with their relevant supervisory authority.
13. Children
The Service is not directed to individuals under 18. We do not knowingly collect data from minors.
14. Changes to this Policy
We may update this Policy periodically. Material changes will be communicated via the Service or by notifying Customer account administrators.
Continued use of the Service after the effective date constitutes acceptance.
15. Contact
UniversalContext LLC Email: info@universalcontext.ai
For data protection inquiries, security matters, or requests under applicable law, please contact us at the address above.