Privacy Policy

1. Introduction

Uniworx Ltd ("we", "our", or "us") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform at uniworx.com (the "Service").

We are a data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller Contact Details

Uniworx Ltd
Email: privacy@uniworx.com
Address: [To be completed]

3. What Personal Data We Collect

3.1 Information You Provide

• Account Information: Email address, password (encrypted), name
• Profile Information: User role (Student, Supervisor, Admin, Project Provider)
• Student Data: Cohort memberships, project applications, project allocations, submission files and metadata, attendance records
• Project Provider Data: Company name, project details, contact information
• Supervisor Data: Cohort and project assignments, attendance notes, feedback

3.2 Information We Collect Automatically

• Technical Data: IP address, browser type, device information, access times
• Usage Data: Pages visited, features used, interaction patterns
• Cookies: See our Cookie Policy for details

4. Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract Performance: Processing necessary to provide our Service to you (account management, project allocation, submissions)
• Legitimate Interest: Improving our Service, ensuring security, preventing fraud
• Consent: Marketing communications, optional functional cookies
• Legal Obligation: Compliance with applicable laws and regulations

5. How We Use Your Data

• Provide and maintain our Service
• Manage user accounts and authentication
• Facilitate project allocation and student-supervisor matching
• Store and manage project submissions
• Track attendance and academic progress
• Send service-related notifications and updates
• Respond to support requests and enquiries
• Improve and optimize our platform
• Ensure security and prevent unauthorized access

6. Data Sharing and Third-Party Processors

We share your data with the following third-party processors who assist in operating our Service:

6.1 Supabase Inc.

• Purpose: Authentication, database hosting, file storage
• Data stored: All user data, submissions, files
• Location: EU/UK data centers
• Privacy Policy: supabase.com/privacy

6.2 Resend

• Purpose: Transactional email delivery
• Data shared: Email addresses, email content
• Privacy Policy: resend.com/legal/privacy-policy

We have Data Processing Agreements in place with all third-party processors to ensure they handle your data securely and in compliance with UK GDPR. We do not sell your personal data to third parties.

7. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy:

• Active Accounts: Data retained while account is active
• Inactive Guest Accounts: Deleted after 2 years of inactivity
• Project Submissions: Retained for 7 years from submission date (academic record keeping)
• Deleted Accounts: 30-day grace period, then permanently deleted with cascading deletion of related data
• Audit Logs: Retained for 2 years for security and compliance purposes

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

8.1 Right of Access

Request a copy of all personal data we hold about you.

8.2 Right to Rectification

Request correction of inaccurate or incomplete data.

8.3 Right to Erasure (Right to be Forgotten)

Request deletion of your personal data, subject to certain legal obligations.

8.4 Right to Data Portability

Receive your data in a structured, machine-readable format (JSON/CSV).

8.5 Right to Object

Object to processing based on legitimate interests.

8.6 Right to Withdraw Consent

Withdraw consent for marketing or optional data processing at any time.

To exercise any of these rights, please visit your Privacy Settings page or contact us at privacy@uniworx.com.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit (HTTPS/TLS) and at rest
• Secure password hashing using industry-standard algorithms
• Regular security audits and updates
• Access controls and role-based permissions
• Automated backups with encryption
• Row Level Security (RLS) policies in database

10. International Data Transfers

Your data is primarily stored within the UK/EU. Where we transfer data outside the UK/EU, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions.

11. Children's Privacy

Our Service is intended for users aged 18 and over. If we become aware that we have collected personal data from someone under 18 without appropriate consent, we will delete that information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through a prominent notice on our Service. The "Last updated" date at the top indicates when changes were made.

13. Complaints

If you have concerns about how we handle your personal data, please contact us first at privacy@uniworx.com. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office
Website: ico.org.uk
Helpline: 0303 123 1113

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@uniworx.com
Address: [To be completed]