PRIVACY POLICY

The present Privacy Policy (hereinafter referred to as the “Policy”) of UNITLX Information Technology LLC (the ‘Provider’, or ‘we’) is designed to protect the rights and freedoms of individuals in connection with the processing of their personal data, including the protection of the right to privacy and the confidentiality of personal and family information. This Policy is based on generally recognised principles and standards of data protection and privacy.

Capitalised terms used in this Privacy Policy that are not otherwise defined herein shall have the meanings given to them in the Terms and Conditions.

WHAT DATA WE COLLECT
1. We automatically collect certain information when you visit, use or navigate the Website. This information may reveal your specific identity (like your name), as well as include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Website and other technical information. This information is primarily needed to maintain the security and operation of our Website and platform, as well as for our internal analytics and reporting.
2. More specifically, the data we collect may relate to:
  - Account and profile: First name, email, non-VoIP phone, password, billing country, timezone, interface language.
  - KYC (step-up only when needed): ID/passport, proof of address. We collect and process only what’s necessary and proportionate.
  - Service and security metadata: Allocation records (which Used Number was assigned to your account and when); Verification attempt metadata and logs (IP addresses, timestamps, status codes/outcomes).
3. Payments and refunds: Transaction IDs, amounts, currency, method, and result. We do not collect raw card numbers. Card/PSP providers process those.
4. Suppliers (crowdsourced / partners): Supplier KYC/KYB, proof-of-rights documents.
5. Cookies and similar tech: Essential cookies for login/session, security; Non-essential (analytics/marketing) only with your consent.

SOURCES OF DATA
1. Directly from Customers;
2. From payments/KYC vendors;
3. From our infrastructure/observability tools (security logs).

WHY WE USE YOUR DATA, WHAT DATA WE PROCESS, AND OUR LEGAL BASES

If you use our Website, we may also collect the following data for the following purposes:

Purpose	Data processed	Legal basis
Provide the Services	Account details (first name, email, phone number), Personal Account ID, Orders, Electronic virtual balance records, Used Number allocation records, Metadata	Performance of a contract
Account authentication and access control	Login credentials (password), session identifiers, IP address, device and browser information	Performance of a contract; legitimate interests: to improve the quality of the Services
Security, abuse prevention and platform integrity	IP addresses, device fingerprints, authentication logs, rate-limit counters, allocation history, attempted Brand identifiers, fraud and abuse indicators	Legitimate interests: to protect the Service, Customers, Suppliers, and partners
Compliance with Acceptable Use Policy	Allocation records, Metadata, Brand usage logs, account activity history, and investigation notes	Legitimate interests
KYC	First name, email; where required: identity document type and verification result, proof of address (we store verification results rather than full documents)	Legitimate interests; legal obligation: where required by payment providers or sanctions laws
Billing, payments and wallet operations	Transaction IDs, payment method, amount, currency, Electronic virtual balance movements, refund records, chargeback status	Performance of a contract; legal obligation
Accounting and tax compliance	Invoices, payment confirmations, transaction history, and billing country	Legal obligation
Customer support and communications	Support tickets, email correspondence, in-product messages, and issue descriptions.	Performance of a contract; Consent
Product improvement and analytics	Aggregated and anonymised usage statistics, error rates, performance metrics (no message content)	Legitimate interests
Marketing communications	Email address, communication preferences	Consent of the data subject
Legal requests and law enforcement cooperation	Account identifiers, allocation history, security logs, payment metadata	Legitimate interests: to protect the Service, Customers, Suppliers, and partners

We do not collect or store the content of SMS messages. Only metadata (time, delivery state, sender label as delivered) is processed to run the platform.

WHO WE MAY SHARE DATA WITH
1. We may process or share data with third parties in the following situations:
  - Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order (including in response to public authorities to meet national security or law enforcement requirements);
  - Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person, illegal activities, or as evidence in litigation in which we are involved.
  - With vendors, suppliers and other third-party service providers. We may share your data with third party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include: payment processing, data analysis, email delivery, hosting services, customer service and marketing efforts.
  - Affiliates. We may share your information with our affiliates, in which case we will require those affiliates to honour this Privacy Policy. Affiliates include our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us.

INTERNATIONAL DATA TRANSFER
1. Your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal information in other countries. When we do, we use all appropriate safeguards as required by applicable data protection laws.

HOW LONG WE KEEP DATA (RETENTION)
1. We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). No purpose in this Policy will require us to keep your personal information for longer than 2 years, unless a longer period is explicitly required by an applicable law.
2. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

YOUR RIGHTS
1. In some regions, you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal data, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal data; and (iv) if applicable, to data portability.
2. In certain circumstances, you may also have the right to object to the processing of your personal data. To make such a request, please use the contact details provided in the "Contacts" section of this Website. We will consider and act upon any request in accordance with applicable data protection laws.
3. If we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time. Please note, however, that this will not affect the lawfulness of the processing before its withdrawal.
4. If you are a resident of the European Union and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection authority.

DATA FROM MINORS
1. We do not knowingly collect data from or market to children under 18 years of age. By using the website, you represent that you are at least 18 years old. If we know that personal data from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records.

COOKIES
1. We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information.
2. We use strictly necessary cookies for core functions (login/session, load-balancing, security).
3. We use analytics/marketing cookies only with your consent. You can change your preferences at any time via our cookie banner.

SECURITY
1. We have implemented appropriate technical and organisational security measures designed to protect the security of any personal data we process. However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal data, transmission of personal information to and from our Website is at your own risk. You should only access the Services within a secure environment.

CONTROLS FOR DO NOT TRACK FEATURES
1. Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ('DNT') feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.

CHANGES TO THIS POLICY
1. We may update this Privacy Policy from time to time. The updated version will be indicated by an updated 'Revised' date and will be effective as soon as it is accessible. If we make material changes to this privacy policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy policy frequently to stay informed about how we protect your information. If you disagree with changes, you may close your Personal Account before they take effect.