Uvio Business Privacy Policy

1. General Provisions

1.1. This Uvio Business Privacy Policy describes how Uvio processes personal data of company representatives, employees, administrators, owners, and other authorized persons, together with related company information, when they use the Uvio platform, the company dashboard, integration APIs, and other business functions.

1.2. This Policy applies to company registration, sign-in and renewed sign-in through one-time codes, team management, use of the company dashboard, integration keys, billing, analytics, geozones, publication of materials, and other functions available to the company in Uvio.

1.3. This Policy is intended to reflect applicable privacy and security requirements, including the GDPR where it applies. It operates together with the Uvio Business Terms of Service, the Uvio Business Sign In With Uvio Rules, the Uvio Business Data Processing Terms, the Uvio Business Advertising Policy, the Uvio Visitor Data Policy, and the Uvio Cookie Notice.

1.4. This Policy does not replace separate documents governing processing of end-user data in distinct Uvio scenarios. If the company uploads user data to Uvio, receives user data through dedicated flows, or uses advertising and sign-in scenarios, the relevant specialized Uvio documents also apply.

2. Controller Information and Contacts

The personal data controller and the person providing services under the name "Uvio" is an individual entrepreneur Sultanbekov Artur Timerhanovich.

INN (Tax ID): 021101196690.

OGRNIP (Registration No.): 318028000111955.

Privacy inquiries: privacy@uvio.chat.

Legal inquiries: legal@uvio.chat.

3. What Data This Policy Covers

3.1. This Policy covers both personal data of individuals acting on behalf of the company and information about the company itself where that information is processed together with personal data in Uvio business contexts.

3.2. If the company uses Uvio as a sole proprietor or another natural person carrying on business, some company information may also be personal data of that person. In that case, this Policy applies to that information in full.

3.3. This Policy is not limited to information entered manually. It also covers data generated automatically when Uvio is used, including access logs, session information, API-key information, billing information, analytics events, and security events.

4. Categories of Data Uvio May Process

4.1. Depending on the scenario, Uvio may process the following categories of data:

• Company information: legal name, public name, company identifier, public page path, description, logo, website, contact email address, phone number, company status, plan, quotas, document language, enabled features, and other information the company provides for profile or service setup.
• Registration and verification information: identifiers used to confirm that a person may act on behalf of the company, information about the company's owner within Uvio, records of accepted required documents, and, where necessary, tax or other business-identification data requested for verification, billing, or compliance.
• Representative and team data: first name, last name, email address, phone number, job title or role, department, internal notes, company-dashboard access level, access status, dates of joining or removal, and internal Uvio user identifiers.
• Authentication and legally significant action data: information about sending and verifying one-time codes, records of registration and repeated document acceptance, document versions, date and time of acceptance, IP address, browser details and identifier, session information, and other logs confirming electronic actions.
• Company dashboard and web-session data: sign-in and sign-out data, session duration and extension data, cookies and other browser technical data, IP address, device type, operating system, interface language, action logs, error events, and security events.
• Integration-key and API data: key name, key prefix, permissions, limits, expiration time, status, creation date, revocation date, last-use date, service logs of API calls, and other technical information related to the company's integration use.
• Content and activity data: texts of notifications, events, posts, and other materials, media files, geozone settings, enabled feature lists, publication statistics, delivery information, and other operational information generated in the company's use of Uvio.
• Billing and payment data: plan information, packages and add-ons, subscription status, amounts and currencies, payment descriptions, transaction identifiers, payment status, limited stored-payment-method information supplied by a payment provider, and billing history.
• Support and request data: the contents of company requests, communications on legal, privacy, technical, or billing issues, and information needed to identify the requester and handle the matter.

4.2. Uvio does not ask companies or their representatives to provide special categories of personal data through ordinary business flows unless that is expressly required by law or by a specialized scenario handled separately.

5. Sources of Data

5.1. Uvio receives data directly from the company and its representatives when they register, fill in a profile, manage the team, connect an integration, configure geozones, publish materials, use billing functions, accept documents, or send requests.

5.2. Some data may come from existing Uvio accounts where a person confirms sign-in, registration, or authority through Uvio and then becomes a company owner, team member, or another authorized business user.

5.3. Some data is generated automatically when Uvio is used, including access logs, session data, browser and device parameters, API-call statuses, security events, and billing events.

5.4. For billing and payment purposes, some information may come from payment providers and other payment participants to the extent needed for payment confirmation, stored-method handling, refunds, recurring charges, dispute resolution, and compliance.

6. Purposes and Legal Bases of Processing

6.1. Uvio processes the data described in this Policy for the following purposes:

• registering the company and creating and maintaining the company account;
• identifying company representatives, authenticating them with one-time codes, creating and protecting sessions, confirming authority, and managing access roles;
• providing the company dashboard, integration APIs, and other Uvio platform functions;
• publishing company materials, delivering notifications, and providing statistics, analytics, quotas, and other operational information;
• issuing and administering integration keys, logging API calls, and preventing unauthorized use;
• handling billing, plans, packages, add-ons, payments, refunds, and related billing operations;
• keeping records of acceptance of required legal documents, confirming legally significant actions, and meeting Uvio internal compliance needs;
• ensuring information security, monitoring incidents, preventing abuse, fraud, and circumvention of restrictions;
• supporting business users and handling requests, complaints, and disputes;
• complying with legal obligations and protecting the rights and legitimate interests of Uvio, the company, Uvio users, and third parties.

6.2. Depending on the scenario, the legal bases may include consent where law requires it, performance of a contract or steps taken at the company's request, compliance with legal obligations, and Uvio's or a third party's legitimate interests where those interests are not overridden by the data subject's rights and freedoms.

6.3. If a particular scenario requires a separate notice or separate consent, Uvio handles that scenario separately and does not treat this Policy as a substitute for such separate step.

7. Sign-In, Integration Keys, and Legally Significant Actions

7.1. To authenticate company representatives in the company dashboard, Uvio may use one-time codes, web sessions, cookies, and other technical means of access confirmation supported by the current product model.

7.2. To protect integration APIs, Uvio may create dedicated access keys for the company. The full value of a key may be shown only at creation or reissue, after which Uvio may store only a hashed value, key prefix, and the service attributes needed to identify, verify, and manage access.

7.3. Uvio keeps records of acceptance of required legal documents, renewed acceptance of updated documents, creation and revocation of keys, material access changes, billing actions, and other actions that have legal or significant technical importance for platform operation.

7.4. Uvio may use those records to confirm that an action took place, investigate incidents, resolve disputes, comply with law, and protect Uvio's rights.

8. Public Company Information and the Boundary of This Policy

8.1. Some company information, such as a public name, public page identifier, description, logo, website, events, and other materials, may be published in Uvio public interfaces or used to deliver content to users in accordance with company settings and the Uvio product model.

8.2. If the company provides end-user data to Uvio, receives subscriber data, uses Sign In With Uvio on its own site or app, or launches advertising or geo-based campaigns, processing of that data is governed not only by this Policy but also by the specialized Uvio documents for the relevant scenario.

8.3. This Policy is primarily intended to explain how Uvio processes data of the company itself and its representatives. It does not replace the company's own duty to have a lawful basis and appropriate notices for the processing it carries out on its own side.

9. Sharing and Transfers

9.1. Uvio does not sell personal data of company representatives.

9.2. The data described in this Policy may be shared with:

• service providers acting on Uvio's behalf for hosting, computing infrastructure, data storage, information security, media handling, technical message delivery, billing support, and other technically necessary functions;
• payment providers and other payment participants to the extent needed to initiate, confirm, complete, refund, or dispute a payment;
• authorized persons within the company according to the access roles and settings chosen by the company;
• public authorities, courts, and other authorized parties where and to the extent required by applicable law;
• other parties in connection with reorganization, transfer of business, assignment of rights, or another corporate transaction involving Uvio where that transfer is permitted by law and subject to appropriate safeguards.

9.3. If the company independently uses a third-party service through Uvio, such as an external payment service or external resource, further processing on that service's side is governed by that service's own rules and is outside Uvio's control unless law or contract expressly provides otherwise.

9.4. Cross-border transfers take place only where permitted by applicable law and where the required safeguards, procedures, or contractual measures are in place for the relevant scenario.

10. Retention and Localization

10.1. Uvio keeps data no longer than necessary for the stated purposes of processing unless a longer period is required by law, accounting or tax rules, information security needs, dispute handling, or protection of Uvio's rights.

10.2. Company data and representative data are usually retained for the period of using Uvio and then for the time reasonably needed to complete contractual, accounting, archival, dispute, or claim procedures.

10.3. One-time-code data, registration and sign-in session data, access logs, and other technical security data are retained for limited periods appropriate to the scenario, security requirements, and incident-investigation needs.

10.4. Billing, payment, and legally significant action data may be retained longer than ordinary operational data where necessary for compliance, transaction confirmation, disputes, refunds, or tax and accounting purposes.

10.5. Uvio does not promise storage in a particular country or region unless that is stated separately or required by applicable law. Where law requires local storage, restricted hosting, or specific transfer safeguards, Uvio applies those requirements to the relevant data and processing operations.

11. Security Measures

11.1. Uvio applies appropriate legal, organizational, and technical measures to protect personal data against unauthorized or accidental access, destruction, alteration, blocking, copying, disclosure, distribution, or other unlawful acts.

11.2. Those measures may include access controls, session and key protection, action logging, secure communication channels, backups, incident monitoring, access-revocation procedures, limits on storage of exposed secrets, and other safeguards reflected in Uvio internal rules and technical architecture.

11.3. Even with such measures, internet transmission and information-system storage cannot be considered absolutely secure, so Uvio cannot guarantee elimination of all risks beyond its reasonable control.

12. Data Subject Rights and Requests

12.1. A data subject may request information about the processing of personal data, request correction, blocking, or deletion of inaccurate, outdated, unlawfully processed, or unnecessary data, and exercise other rights granted by applicable law.

12.2. Where processing is based on consent, the data subject may withdraw that consent in whole or in part. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal was received.

12.3. Where the GDPR applies, the data subject may also have rights of access, rectification, erasure, restriction of processing, portability, objection, and complaint to a supervisory authority.

12.4. The company may also contact Uvio regarding updates to company information, access management, handling of requests, interpretation of applicable documents, and exercise of rights to the extent such rights arise from the contract, applicable law, and the company's role in the relevant scenario.

12.5. Requests may be sent to privacy@uvio.chat. Uvio may request information needed to verify the requester's identity, authority, and relationship to the relevant company.

13. Related Documents and Changes to This Policy

13.1. This Policy applies together with the Uvio Business Terms of Service, the Uvio Business Sign In With Uvio Rules, the Uvio Business Data Processing Terms, the Uvio Business Advertising Policy, the Uvio Visitor Data Policy, and the Uvio Cookie Notice.

13.2. Uvio may update this Policy when required by changes in law, business functions, processing methods, authentication model, billing, integrations, security, or the organizational model of processing.

13.3. The current version of this Policy is published in Uvio's legal documents section together with its version date. If continued use of Uvio requires renewed confirmation of an updated document set, Uvio may ask an authorized representative to confirm the new version separately.