Uvio Business Sign In With Uvio Rules

1. General Provisions

1.1. These Uvio Business Sign In With Uvio Rules govern the use by companies of a feature where a user confirms sign-in or registration on the company's external site or app through a one-time code sent through Uvio.

1.2. These Rules apply in addition to the Uvio Business Terms of Service, the Uvio Business Privacy Policy, and the Uvio Business Data Processing Terms. Unless these Rules expressly provide otherwise, those documents continue to apply to the extent they do not conflict with this document.

1.3. By using Sign In With Uvio, the company agrees to comply with these Rules in full.

2. Controller Information and Contacts

The personal data controller and the person providing services under the name "Uvio" is an individual entrepreneur Sultanbekov Artur Timerhanovich.

INN (Tax ID): 021101196690.

OGRNIP (Registration No.): 318028000111955.

Privacy inquiries: privacy@uvio.chat.

Legal inquiries: legal@uvio.chat.

3. How the Sign In With Uvio Scenario Works

3.1. The company may use Sign In With Uvio only for external sites, services, and apps that belong to the company or are lawfully used by the company.

3.2. In this scenario, the company initiates delivery of a one-time code to a Uvio user, the user enters the code in the company's interface, and, after successful verification, Uvio returns to the company the limited data set described in these Rules and in the official integration documentation.

3.3. Sign In With Uvio is intended to verify a user's identity, create or link an account on the company's side, and create a user session on the company's side.

4. What Data the Company Receives After Successful Verification

4.1. As of the version date of these Rules, after successful one-time-code verification the company receives the following user data:

• the user's unique Uvio identifier;
• the user's email address;
• the user's first name;
• the user's last name, if provided in the Uvio account.

4.2. By default, this scenario does not transfer the user's Uvio sign-in name, password, Uvio session tokens, subscription history, location data, push tokens, advertising preferences, or other data that is not necessary for sign-in or registration purposes.

4.3. The company must not demand from Uvio, or attempt to obtain through this scenario, additional data not provided for in the official documentation or the parties' agreed integration model.

5. Company Obligations Before and After Requesting the One-Time Code

5.1. Before sending a one-time code to the user, the company must present a clear and accessible notice in its own interface explaining that, if the code is entered successfully, the company will receive the data listed in section 4 for sign-in, registration, or session-creation purposes.

5.2. If the company intends to use the received data for purposes beyond sign-in, registration, session creation, or account maintenance, the company must have a separate lawful basis for that further processing under applicable law before beginning that use.

5.3. The company must ensure that its interface, privacy documentation, and other mandatory notices accurately reflect the actual logic of its integration with Uvio.

5.4. The company must use Sign In With Uvio fairly, must not mislead users about the role of Uvio, and must not create the false impression that Uvio assumes the company's obligations for downstream data processing on the company's side.

6. Automatic Subscription to the Company and User Notice

6.1. If the product logic for a specific Sign In With Uvio flow provides that a user's subscription to the company will be created or reactivated automatically after successful one-time-code verification, the company must state this directly and unambiguously before the code is entered.

6.2. The company must also tell the user where and how the user can later unsubscribe from the company, limit communications, or change related settings in Uvio where those functions are available.

6.3. The company must not hide those consequences, present them as purely technical authentication, or use interface patterns that make it unreasonably difficult for the user to understand the possible subscription result.

7. Prohibited Uses of Data Received Through Sign In With Uvio

7.1. The company must not use data received through Sign In With Uvio:

• to send advertising, marketing messages, or other communications unrelated to the user's sign-in without a separate lawful basis and compliance with applicable direct-marketing rules;
• to sell, exchange, transfer, or otherwise disclose the data to unauthorized third parties;
• for profiling, enrichment of third-party databases, or creation of user segments beyond the declared purpose of sign-in or registration;
• for discriminatory treatment, circumvention of Uvio restrictions, mass data collection, or other bad-faith practices.

7.2. The company must not use Sign In With Uvio as a hidden way to pressure the user into subscription, advertising, or another later processing step that is not obvious at the moment the code is entered.

8. Security and Retention on the Company's Side

8.1. The company must apply appropriate legal, organizational, and technical measures to protect the data received through Sign In With Uvio against unauthorized or accidental access, destruction, alteration, blocking, copying, disclosure, distribution, or other unlawful acts.

8.2. Access to that data must be limited to persons who genuinely need it for sign-in, registration, account support, or performance of the company's lawful obligations.

8.3. The company must not keep the received data longer than necessary for the purposes for which it was received unless a longer retention period is required by law or reasonably necessary to protect the company's rights in lawful procedures.

8.4. Once the company no longer needs the received data, it must delete or anonymize it unless law requires otherwise.

9. Allocation of Roles and Responsibility

9.1. Uvio is responsible for processing data within its own platform and within its own one-time-code delivery and verification flow.

9.2. For the data that the company receives from Uvio and then uses on the company's own side for the company's own purposes and with the company's own means, the company independently determines the lawfulness, scope, retention, and other conditions of that processing and bears its own responsibility under applicable law.

9.3. The company represents to Uvio that it has all rights, notices, and legal bases needed to use Sign In With Uvio in its own interface and user journeys.

9.4. The company must indemnify Uvio for documented losses, penalties, expenses, and claims arising from the company's breach of these Rules, privacy laws, advertising laws, consumer-protection rules, or third-party rights in connection with Sign In With Uvio.

10. Uvio's Rights in Case of Violations

10.1. Uvio may request information and materials from the company reasonably needed to verify lawful use of Sign In With Uvio, adequacy of user notices, and the existence of lawful bases for the company's downstream processing.

10.2. If Uvio has indications of a violation, Uvio may limit, suspend, or terminate the company's access to Sign In With Uvio, revoke API credentials, limit related platform functions, or require the company to cure the violation within a period determined by Uvio.

10.3. Uvio may also refuse initial connection or continued use of the scenario if the company's integration creates an elevated risk of violation of user rights, applicable law, or Uvio's legitimate reputational and compliance interests.

11. Final Provisions

11.1. These Rules are governed by applicable law and any separate written agreement between Uvio and the company, without prejudice to mandatory legal requirements that cannot be excluded.

11.2. Uvio may update these Rules when law, the set of transferred data, integration logic, security mechanisms, or the product model for Sign In With Uvio changes.

11.3. The current version of these Rules is published in Uvio's legal documents section. Continued use of Sign In With Uvio after a new version takes effect means that the company agrees to that version unless applicable law requires another implementation method.