Privacy Policy

Last updated: August 5, 2025

Who we are: uAPI (“uAPI”, “we”, “us”, “our”) provides developer infrastructure and related services (the “Services”) via our websites, APIs, SDKs, documentation, and dashboards (collectively, the “Platform”).

This Privacy Policy explains how we collect, use, share, transfer, retain, and protect personal data when you visit or use the Platform, create an account, integrate our Services, or communicate with us.

If you do not agree with this Policy, please do not use the Platform.

1. Roles, scope, and applicability

• uAPI is the data controller for personal data we collect through the Platform, our websites, support channels, and our provisioning and operation of the Services.
  
  
• This Policy applies globally. Additional disclosures for EEA/UK and California residents appear in §14–15.
  
  
• Our Services are intended for business and developer use. You are responsible for ensuring you have a lawful basis to send personal data to us through your integrations.
  
  

2. Contact details

• Controller: uAPI, VoiceCraft B.V., Prins Hendrikkade 21e, 1012 TL Amsterdam, The Netherlands
  
  
• Email: contact[at]uapi.nl
  
  

3. Categories of data we collect

Depending on how you interact with us, we may collect and process the following categories of personal data. Specific elements may change over time as we adapt our systems, but will remain consistent with the purposes set out in this Policy.

1. Account & Identity Data
   Name, email address, username/handle, authentication identifiers, hashed passwords, organization or company details, role/title, country/region, and related developer or organization metadata.
   
   
2. Billing, Commercial & Payment Data
   Billing contact details, billing address, tax/VAT IDs, plan and subscription details, invoices, transaction identifiers, payment status, and related records.
   Card and bank details are processed by our payment processors. We do not store full card numbers or CVV codes. We may receive and retain limited payment information (e.g., card type, last digits, expiry month/year, transaction results) as needed for billing, refunds, fraud prevention, disputes, and legal and tax compliance.
   
   
3. Service & Usage Data (including logs, requests & outputs)
   We collect operational and technical data generated through your use of the Platform and Services, which may include:
   
   • Request and response metadata (timestamps, request IDs, endpoints, method names, routing information, performance metrics, quota/usage, error codes, authentication status).
     
     
   • Authentication and authorization metadata (key identifiers and similar data used to verify and secure access).
     
     
   • Content of requests and outputs where necessary to provide the Services, including for processing, routing, transformation, logging, security, quality assurance, abuse detection, analytics, debugging, and incident response. Depending on how you use the Services, this may include personal data you or your end users submit. You are responsible for having a lawful basis to send such data to us.
     
     
4. Device, Network & Technical Data
   IP address, approximate location inferred from IP (e.g., city/region/country), language and locale, time zone, operating system, browser or client type and version, user agent, referrer URLs, session identifiers, interaction and event data, and other technical diagnostics. We do not seek precise GPS-based geolocation.
   
   
5. Cookies, Analytics, Tracking & Advertising Data
   Data collected via cookies and similar technologies (see §8), including cookie IDs, device identifiers, session IDs, pages viewed, navigation patterns, clickstream, scrolls, session recordings where implemented, referral and campaign parameters, and online identifiers used for analytics, product improvement, personalization, and advertising of our own services in certain regions.
   
   
6. Support, Communications & Feedback
   Emails, support tickets, chat transcripts, contact forms, survey responses, feedback, and related metadata. If calls or meetings are recorded (where legally allowed), we will inform participants and may store recordings and transcripts.
   
   
7. Public, Partner & Third-Party Source Data
   Business contact and professional data obtained from public sources (e.g., company websites, public registries) or partners (e.g., referrals, resellers) in accordance with applicable law.
   
   
8. Sensitive Data & Children’s Data
   We do not intend to collect special categories of personal data (e.g., health, religion, union membership, biometric identifiers) or data from children. Please do not submit such data. The Services are for users who are 18+ (or the age of majority in their jurisdiction).
   
   

4. Why we process data (purposes) & legal bases

We process personal data only where we have a valid legal basis, including:

• Provide and operate the Services (contract)
  To register and manage accounts; authenticate users; issue and manage credentials; process and route API requests; ensure availability; enforce quotas and rate limits; provide documentation and dashboards; offer support; and otherwise deliver the Services you or your organization request.
  
  
• Security, abuse prevention & service integrity (legitimate interests / legal obligation)
  To protect accounts and keys; detect, prevent, and investigate suspicious or malicious activity; combat fraud, spam, and abuse; enforce our terms and policies; secure our infrastructure; and maintain the integrity and reliability of the Platform.
  
  
• Billing, taxation & compliance (contract / legal obligation / legitimate interests)
  To process payments; issue invoices and receipts; comply with tax, accounting, sanctions, export control, and other regulatory requirements; manage disputes and chargebacks; and maintain appropriate records.
  
  
• Analytics, product development & service improvement (legitimate interests and, where required, consent)
  To understand how our Services are used; diagnose and fix issues; improve performance, reliability, and security; and develop new features and offerings. We may use aggregated, pseudonymized, or anonymized data for these purposes. Where specific cookies or similar technologies require consent under applicable law, we only use them with your consent.
  
  
• Personalization, marketing & advertising (legitimate interests and/or consent)
  To send service and product updates, onboarding and educational content, event information, and other communications about our Services; and, in some regions, to use online identifiers and advertising tools to promote our own Services. You can opt out of marketing communications at any time via unsubscribe links or by contacting us. Where required by law, we obtain your consent before using certain tracking technologies for these purposes.
  
  
• Communications & relationship management (legitimate interests / contract)
  To respond to inquiries; provide technical and account support; send transactional and administrative messages; and manage our relationship with you and your organization.
  
  
• Consent-based processing
  Where we rely on your consent (for example, for certain cookies or recordings), you may withdraw it at any time with future effect via the tools provided or by contacting us. Withdrawal does not affect processing already carried out lawfully.
  
  

We do not use your customer content for training general-purpose models or for unrelated product development without clearly informing you and, where required, obtaining appropriate consent or entering into applicable data protection terms.

5. Third-party accounts, integrations & tools

If you sign in via a third-party identity provider or connect third-party tools (for example, incident management, ticketing, messaging, analytics, or other platforms), we receive only the data necessary to authenticate you or operate the integration as authorized by you or your organization.

Where these third parties act as our processors, they process personal data solely on our documented instructions and under contracts that require appropriate safeguards.

Where these third parties act as independent controllers (for example, payment gateways, embedded widgets, or external platforms that collect data directly from you), their processing is subject to their own terms and privacy policies. By choosing to use such services, you acknowledge that your data may be processed in accordance with their policies. We do not control and are not responsible for how independent controllers handle data they collect, and you should review their privacy terms carefully.

6. Automated decision-making

We do not make decisions about individuals based solely on automated processing, including profiling, that produce legal effects concerning them or similarly significantly affect them within the meaning of applicable data protection laws.

7. Children

The Services are not intended for or directed to individuals under 18 (or the age of majority in their jurisdiction). We do not knowingly collect personal data from such individuals. If you believe that a minor has provided personal data to us, please contact us so we can take appropriate steps to remove it.

8. Cookies and similar technologies

We use cookies and similar technologies (including local storage, SDKs, pixels, tags, beacons, and session replay tools) on our Platform.

Strictly necessary cookies and similar technologies are essential to provide the Services you request. They enable core functions such as authentication and sessions, security and fraud prevention, load balancing, and essential preferences required for the app and dashboard to function. Because the Services cannot be provided without them, they are generally used without your prior consent where permitted by law. If you block or disable them, some or all functionality of the Platform may not work.

We also use non-essential cookies and similar technologies for analytics, performance monitoring, product improvement, personalization, and, in some regions, advertising or retargeting for our own Services. These may involve tools operated by us and by our third-party service providers.

Where required by law (such as in the EEA/UK), we will not activate non-essential cookies or similar identifiers until you have provided consent via our consent interface. You can manage or withdraw your preferences at any time through that interface; if you do so, certain features may no longer function as intended.

In other jurisdictions, we may rely on our legitimate interests to use certain analytics and tracking technologies, subject to any applicable opt-out rights. In all cases, we do not sell personal information, and we do not authorize our providers to sell personal information collected on our behalf.

9. How we share data

We do not sell personal information. We do not share personal information for cross-context behavioral advertising as defined under the California Consumer Privacy Act as amended by the CPRA.

We may share personal data as follows:

• Service Providers / Processors: With trusted vendors that provide services such as infrastructure and hosting, storage, content delivery networks, email and messaging, logging and monitoring, analytics (subject to applicable consent), security, payment processing, customer support tools, and professional services (legal, accounting). These parties act on our behalf, are bound by contracts, and may only process personal data in accordance with our instructions.
  
  
• Third-Party Services (Independent Controllers): With third-party services you choose to use or connect (e.g., payment gateways, identity providers, collaboration or analytics tools controlled by you or your organization). These parties have their own privacy policies and may process personal data they receive or collect as independent controllers. We do not grant them permission to sell personal information on our behalf, but we cannot fully control their independent practices. By using such services, you agree that data may be transferred to them in accordance with their terms.
  
  
• Corporate Transactions: In connection with a merger, acquisition, reorganization, financing, or sale of all or part of our business or assets, personal data may be disclosed to relevant participants under appropriate safeguards and will remain subject to this Policy or a similar policy that provides at least a comparable level of protection.
  
  
• Legal & Safety: Where required by law, regulation, or legal process; in response to valid requests by public authorities; or when we believe in good faith that disclosure is reasonably necessary to protect our rights, users, or the public; to detect, prevent, or address fraud, abuse, or security incidents; or to enforce our agreements and policies.
  
  

Information about our core processors and material changes to them is available upon request where required by law or our contracts.

10. Data retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to provide the Services, comply with legal and regulatory obligations, maintain business records, resolve disputes, enforce agreements, and secure our systems.

Retention periods may vary depending on the type of data and context of processing. Illustrative examples include:

• Account, contract, and billing information: kept for the duration of the account relationship and for additional periods required or permitted by tax, accounting, and commercial laws.
  
  
• Security and operational logs, including certain request and response data: kept for periods appropriate to support security, abuse detection, reliability, incident investigation, and compliance, after which they may be deleted, aggregated, or anonymized.
  
  
• Support and communication records: kept for a reasonable period to manage our relationship, improve support quality, and handle potential disputes.
  
  
• Backups and archives: retained for limited durations consistent with business continuity and disaster recovery practices, and then overwritten or deleted on a fixed lifecycle.
  
  

When personal data is no longer needed for any permitted purpose, we delete it or irreversibly anonymize it. Residual copies may persist for a limited time in backup systems subject to appropriate safeguards.

11. International data transfers

We may process and store personal data in countries other than your own. Where we transfer personal data from the EEA, UK, or Switzerland to a country that has not been deemed to provide an adequate level of protection, we rely on appropriate safeguards such as the EU Standard Contractual Clauses and the UK Addendum (as applicable), and we implement supplementary measures (encryption, access controls, data minimization) to protect the data.

Where relevant, we may also rely on recognized transfer frameworks or certifications of certain service providers. You may contact us for further information about applicable transfer mechanisms.

12. Security

We implement appropriate technical and organizational measures designed to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage. These measures include, as appropriate, encryption in transit and at rest, key management, strict access controls and least-privilege principles, multi-factor authentication for administrative access, network segmentation, secure software development practices, vulnerability management, logging and monitoring, incident response procedures, employee confidentiality and security training, vendor due diligence, and business continuity and disaster recovery planning.

No system is completely secure. If we become aware of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and/or the relevant authorities in accordance with applicable legal requirements.

13. Your rights

Subject to applicable law and certain limitations, you may have rights in relation to your personal data, which may include the rights to:

• Access your personal data and obtain a copy.
  
  
• Request correction of inaccurate or incomplete data.
  
  
• Request deletion of your personal data (right to be forgotten).
  
  
• Request restriction of or object to certain processing, including processing based on our legitimate interests or for direct marketing.
  
  
• Request portability of data you provided to us, in a structured, commonly used, machine-readable format, and to have that data transmitted to another controller where technically feasible.
  
  
• Withdraw consent where processing is based on consent, without affecting the lawfulness of processing based on consent before its withdrawal.
  
  
• Lodge a complaint with your local supervisory authority.
  
  

To exercise your rights, contact us at contact[at]uapi.nl. We may need to verify your identity and your relationship with us. Some rights may be limited where we have compelling legitimate grounds to continue processing or where we are legally required to retain certain data (for example for tax, accounting, or security purposes).

14. EEA/UK specific disclosures

• Controller: uAPI, VoiceCraft B.V. (see §2).
  
  
• Legal bases: As described in §4 (performance of a contract, compliance with legal obligations, legitimate interests, and consent where applicable).
  
  
• Legitimate interests: Include providing and improving the Services, ensuring security and fraud prevention, managing our relationship with customers and prospects, and promoting our Services in a proportionate manner.
  
  
• International transfers: As described in §11, based on Standard Contractual Clauses and other safeguards as applicable.
  
  
• Supervisory authorities: You have the right to lodge a complaint with your local Data Protection Authority. In the Netherlands, this is the Autoriteit Persoonsgegevens; in the UK, the Information Commissioner’s Office (ICO). We encourage you to contact us first so we can address your concerns.
  
  

15. California (CPRA) disclosures

• No Sale/Share: We do not sell personal information and do not share personal information for cross-context behavioral advertising as defined by the CPRA.
  
  
• Categories collected: We collect identifiers (e.g., name, email, IP, account IDs), commercial information (e.g., transactions, billing data), internet/network activity (e.g., logs, usage data), and professional information (e.g., company, role), as described in §3.
  
  
• Sources: Personal information is collected directly from you, from your use of the Platform and Services, from your organization, from our service providers and partners, and from public sources as described in §3.
  
  
• Purposes: Personal information is used for the business purposes described in §4, including providing and improving the Services, security, debugging, internal research, quality assurance, and communications.
  
  
• Retention: We retain personal information in line with the criteria in §10.
  
  
• Your CPRA rights: You may have the rights to know/access, correct, delete, and obtain information about our data practices, and to not be retaliated against for exercising your rights. You may submit requests to contact[at]uapi.nl and may use an authorized agent in accordance with CPRA requirements. Where applicable, we honor browser or device-based preference signals (such as Global Privacy Control) for covered opt-out choices.
  
  

16. Third-party sites and services

Our Platform may contain links to or integrations with third-party sites, services, or applications. Their privacy practices are governed by their own policies, not this one. We are not responsible for the content, security, or privacy practices of those third parties. You should review their privacy policies before providing them with your personal data or using their services.

17. Changes to this Policy

We may update this Policy from time to time. When we do, we will revise the “Last updated” date above. If we make material changes, we will provide additional notice where appropriate (for example, via email or in-product notification). Your continued use of the Platform or Services after the effective date of the updated Policy constitutes your acceptance of the changes.

18. How to contact us

Questions or requests regarding this Policy or our handling of personal data can be directed to:

Email: contact[at]uapi.nl
Postal: uAPI, VoiceCraft B.V., Prins Hendrikkade 21e, 1012 TL Amsterdam, The Netherlands