Universoftware logoUniversoftware
Legal

Privacy Policy

This Privacy Policy explains how Universoftware Ltd handles personal data in connection with its website, enquiry channels, consultancy services, software services, hosted services, support interactions, billing interactions, and AI-powered tools where applicable.

Who We Are

Universoftware Ltd is the operator of universoftware.ai.

  • Company number: 12780329
  • Registered office: 71-75 Shelton Street, Covent Garden, London, England, WC2H 9JQ
  • Contact email: legal@universoftware.ai

For the activities described in this policy, Universoftware Ltd is generally the data controller.

What This Policy Covers

This policy applies where we handle personal data as controller for activities such as:

  • website browsing and public interactions;
  • contact, assessment, sales, onboarding, and support communications;
  • account, workspace, authentication, and service administration where applicable;
  • consultancy, implementation, and service-delivery relationship management;
  • billing, invoicing, and payment administration where applicable; and
  • operation of AI-powered, automated, or interactive features we make available.

Where we process personal data on behalf of a customer as processor, our Data Processing Addendum applies in addition to this policy.

Personal Data We Collect

Information you provide directly

Depending on how you interact with the site, we may collect:

  • Contact form data: first name, last name, email address, message, and any information you include in your enquiry.
  • Assessment form data: company name, contact email, industry vertical, current systems description, pain points, timeline, and any optional budget or team-size information you choose to provide.
  • Direct communications: information you send to us by email or through links and forms on the site.

AI-powered feature data

If you use AI-powered or interactive features we make available, we may process:

  • the messages you send;
  • the responses returned by the assistant;
  • the page path from which the request was made;
  • a pseudonymous visitor identifier stored in your browser;
  • a hashed version of your IP address for rate-limiting and abuse prevention; and
  • classification or operational metadata used to route, review, secure, support, or improve service handling.

Please do not submit special category data, regulated personal data, secrets, passwords, or highly confidential information into AI-powered features unless the relevant service documentation or a separate secure process expressly permits it.

Information collected automatically

When you use the site, we may also collect technical and usage information such as:

  • IP address and network metadata;
  • browser type, device type, and operating system;
  • page views, navigation events, and performance signals;
  • timestamps, request logs, and security events; and
  • cookie, local storage, and similar-technology signals described in our Cookie Policy.

Some of this collection is part of core hosting, request handling, security, troubleshooting, or abuse-prevention operations. Browser-side optional analytics, performance measurement, and replay features are treated differently and, where required, depend on an applicable consent choice.

How We Use Personal Data

We use personal data to:

  • operate, secure, and maintain the website;
  • respond to enquiries and assess potential service fit;
  • review assessment submissions and prepare follow-up communications;
  • provide consultancy, implementation, hosted software, support, and related services where applicable;
  • administer accounts, workspaces, and billing relationships where applicable;
  • operate AI-powered features and return relevant responses or results;
  • prevent abuse, spam, fraud, and misuse of the site or assistant;
  • monitor performance, troubleshoot incidents, and improve reliability; and
  • comply with legal, regulatory, accounting, and record-keeping obligations.

We do not sell personal data submitted through the website.

UK GDPR / EU GDPR Legal Bases

Where UK GDPR or EU GDPR applies, we generally rely on the following legal bases:

  • Legitimate interests: operating the website, handling inbound business enquiries, securing the site, maintaining logs, and improving reliability and service quality.
  • Consent: where required for non-essential browser-side analytics, replay, or similar technologies, and where you voluntarily submit information to request contact from us.
  • Legal obligation: where we need to keep records or disclose information to comply with applicable law.
  • Contract steps at your request: where your enquiry, order, onboarding step, or service request is directed at a potential or actual service relationship.

This means browser-side optional telemetry and similar technologies may depend on consent, while server-side operational logging, security monitoring, and incident investigation may still rely on legitimate interests or legal obligation where appropriate and proportionate.

AI and Automated Assistance

Our services may include AI-powered, automated, or assisted features. Those features are not intended to make decisions with legal or similarly significant effects about you without appropriate human oversight.

  • Assistant responses may be generated using third-party AI model providers.
  • We do not intentionally use your confidential information or personal data to train proprietary models except where the applicable service documentation or a written agreement expressly permits that use.
  • Prompts and outputs may be processed by third-party AI providers to generate responses, maintain service safety, and support operation of AI-powered features, subject to those providers' operational controls and terms.
  • Assistant responses are informational only and should not be treated as legal, financial, medical, employment, or other professional advice.

Further usage rules and limitations are set out in our AI Assistant Policy and Acceptable Use Policy.

Who We Share Data With

We may share personal data with service providers that support the website and our operations, including providers in the following categories:

  • website hosting and infrastructure;
  • database and storage providers;
  • AI model and inference providers for AI-powered features;
  • bot and abuse-protection providers, such as CAPTCHA services;
  • email delivery providers used to route contact submissions;
  • analytics and performance providers, where enabled;
  • error monitoring and incident-response providers, where enabled; and
  • professional advisers, regulators, courts, law enforcement, or counterparties where disclosure is legally required or reasonably necessary.

These categories may include providers such as Vercel, OpenAI, Cloudflare, Resend, Sentry, Stripe, and infrastructure or storage providers where those services are enabled or applicable.

For more detail about cookies, local storage, consent-managed browser telemetry, and operational monitoring distinctions, see our Cookie Policy. For more detail about subprocessors and providers, see our Subprocessors.

International Transfers

Some of our providers may process personal data outside the UK or EEA, including in the United States. Where this happens, we aim to rely on an appropriate transfer mechanism under applicable law, such as adequacy regulations, the UK extension or bridge to an approved framework, or standard contractual clauses and related safeguards where applicable.

Retention

We keep personal data for no longer than reasonably necessary for the purpose for which it was collected, taking into account:

  • the nature of the enquiry or interaction;
  • whether follow-up discussions or a business relationship is ongoing;
  • security, abuse-prevention, and incident-response needs; and
  • legal, tax, accounting, and record-keeping requirements.

In practice, this means:

  • contact and assessment submissions are kept for as long as needed to review, respond, and maintain a reasonable business record;
  • AI assistant records may be kept for support, abuse prevention, internal review, and service improvement purposes; and
  • technical logs are retained for operational, security, and troubleshooting purposes.

We may delete, aggregate, or anonymise data when it is no longer needed.

Your Rights

Depending on where you are located, you may have rights to:

  • request access to your personal data;
  • request correction of inaccurate or incomplete data;
  • request deletion of personal data in certain circumstances;
  • object to or restrict certain processing;
  • request portability of data you provided to us, where applicable; and
  • withdraw consent where processing depends on consent.

To exercise these rights, contact us using the details below. We may need to verify your identity before responding.

If you are in the UK, you also have the right to complain to the Information Commissioner's Office.

Security

We use reasonable technical and organisational measures intended to protect personal data against accidental or unlawful loss, destruction, alteration, unauthorised disclosure, or access. No website, transmission method, or storage environment can be guaranteed to be completely secure.

Third-Party Sites

This site may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the website, our processing activities, legal requirements, or service providers. The updated version will be published on this page with a revised date.

Contact

If you have questions about this Privacy Policy or want to exercise your rights, contact:

Universoftware Ltd
Company number 12780329
71-75 Shelton Street, Covent Garden, London, England, WC2H 9JQ
legal@universoftware.ai