Privacy Policy

Effective Date: April 18, 2025

Note: Each section of this Privacy Policy begins with a brief summary in plain English (“What this means”) to highlight key points. These summaries are provided for convenience and are not part of the official Privacy Policy. The full text of each section is the legally binding description of our privacy practices. This Privacy Policy is for informational purposes and is not legal advice.


Introduction: This Privacy Policy explains how Ulteamate (“we”, “us”, or “our”) collects, uses, stores, and shares personal information when you use our desktop application and related services (“Service”). It also describes your rights and choices regarding your personal data. By using Ulteamate, you agree to the collection and use of information as outlined in this policy.

We are committed to protecting your privacy and handling your personal data transparently and in compliance with applicable laws, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA), the Texas Data Privacy and Security Act (TDPSA), and other relevant regulations. If you have any questions or concerns about how we handle your data, you can contact us at kshayk0@gmail.com.

1. Information We Collect

What this means: We collect several types of information from you when you use Ulteamate. This includes information you provide directly (like your name, email, and any content you input such as prompts or screenshots), information we collect automatically (like device information and usage logs), and information from third parties (like payment confirmation from PayPal). In this section, we detail each category of data we collect.

We collect or receive personal information in the following ways:

A. Information You Provide Directly:

  • Account Registration Data: When you create an account for Ulteamate, we ask for basic information like your name and email address. We use this information to set up and manage your account, to authenticate you when you log in, and to communicate with you (e.g., account verification or service announcements). If you choose to provide additional profile details (though not currently required, as Ulteamate’s login is simple), we would also collect those.

  • Login Credentials: If Ulteamate uses a password system, we collect the password (hashed for security) you set. Alternatively, if we implement OAuth or other login methods in the future, we would collect tokens or identifiers needed to log you in via that method.

  • Prompts and Queries (“User Content”): When you submit a text prompt or question through Ulteamate, we collect the content of that prompt. This is necessary to send it to the AI (OpenAI’s API) and to provide you with a response. Similarly, if you use the feature to attach a screenshot, we collect that image data to process your request. This content might contain personal information (for example, a screenshot could include your filename that has your name, or your prompt might mention personal details). All such content is treated as confidential and used only for providing the Service (see Section 3 on how we use data).

  • Communications with Us: If you contact us directly (e.g., via email for support), we will collect the information you provide in that communication. This may include your contact information (email address, phone number if provided) and the contents of your message or attachments. We use this to respond to you and improve our Service (e.g., fixing issues you report).

  • Subscription and Payment Information: If you subscribe to Ulteamate’s paid plan, you will provide payment details to our payment processor (PayPal). We do not collect your credit card or bank account numbers directly, but we do receive certain information about the transaction. This includes: the fact that you subscribed, the payment amount and date, the PayPal transaction ID or subscription ID, your payment status (paid, failed, canceled, etc.), and your country (for tax purposes). We associate this with your account to know if you have an active subscription. We do not receive or store your full credit card details or PayPal login credentials; that sensitive financial information is handled by PayPal.

B. Information We Collect Automatically:
When you use Ulteamate (the app or any online components), certain information is collected automatically about your device and usage of the Service. This includes:

  • Device and Technical Information: We may collect data about the device and software you use to access Ulteamate. This can include the operating system (e.g., Windows 10, macOS 12), device model, device identifiers or hardware ID (if needed for things like licensing), app version, and IP address. We also log the times and dates you access the Service. This information is typically contained in log files.

  • Usage Logs: Our servers automatically record certain information when you use Ulteamate. These logs may include details like the features you used, the prompts you sent (possibly in anonymized form), the responses provided (possibly truncated or referenced), how long interactions took (latency), and errors or crash reports if something went wrong. For example, we might log that at a certain time your account ID requested an AI completion of X characters and that the request succeeded (or if it failed, the error code). These logs help us monitor service health, debug issues, and prevent abuse.

  • Analytics Data: We may use internal analytics or third-party analytics services to understand how users interact with Ulteamate. This could involve tracking aggregate usage patterns (e.g., which menu options are most used, overall active user counts) or diagnostics. If we use a third-party analytics tool, we would ensure it respects user privacy and, if required by law (like in the EU), we would obtain consent. Currently, Ulteamate’s primary analytics come from our own server logs and Sentry (error tracking) rather than invasive tracking.

  • Cookies and Similar Technologies: Since Ulteamate is a desktop application, it may not use cookies in the same way a website does. However, if any web-based components or in-app webviews are used (for example, for logging in or for subscription management via PayPal), those might use cookies. Our website (shayk.dev/ulteamate) might also use cookies for basic functionality (like remembering that you logged in). We do not use cookies for advertising. If any cookies are present, they are likely for session management or to remember preferences. We will detail cookie use on our site if applicable. (For completeness: if you visit our website, we may use essential cookies and possibly analytics cookies. You can control cookies through your browser settings.)

C. Information We Receive from Third Parties:
We may receive personal information about you from third-party sources in a few scenarios:

  • Payment Processor: As mentioned, PayPal provides us information about your payments (but not your financial details). For example, we receive confirmation that your subscription payment was processed successfully, or a notice if a recurring payment failed or if you canceled via PayPal. This information is used to update your subscription status.

  • Error Reporting Services: If an error occurs in the app, Sentry (our error monitoring service) might send us information that includes your user ID or device info where the error happened. Sentry could be considered a “third-party” providing data to us about an issue. This typically doesn’t include personal data beyond what was already mentioned (device, user ID, possibly a snippet of app state).

  • Authentication Providers: In the future, if we allow login via third-party OAuth (like “Sign in with Google” or similar), we would receive basic account info from those providers (e.g., your email or name as stored in your Google account, if you consent to share that). Currently, we use our own login system, so this isn’t applicable.

  • Public Sources or Social Media: We generally do not collect information about users from social media or public databases. If you mention or interact with us on social platforms (like posting on Twitter about Ulteamate and tagging us), we might see your message, but we don’t systematically collect that info into our systems. If we ever did gather publicly available info for user insights, we would update this policy accordingly.

We do not purchase data about users from data brokers or unrelated third parties.

Sensitive Personal Data: We do not intentionally collect any sensitive personal data such as race, ethnicity, health information, biometric data, etc., except if it appears incidentally in your prompts or screenshots (which we treat securely and delete quickly). We ask that you refrain from inputting highly sensitive personal data into Ulteamate to minimize any privacy risks. Ulteamate is not designed to process special categories of personal data.

Children’s Data: Ulteamate is not intended for children under 18. We do not knowingly collect personal data from anyone under 18. If you are under 18, please do not use the Service or provide any personal information. If we discover that we have inadvertently collected personal data from a minor under 18, we will delete it. If you are a parent or guardian and believe your child under 18 has provided personal information to us, please contact us at kshayk0@gmail.com so we can take appropriate action.

In summary, we collect what we need to provide and improve the Service: account details, the content you want the AI to process, technical info to make things work, and payment info for subscriptions. We try to keep data collection to a minimum and avoid extraneous data.

2. How We Use Your Information

What this means: We use the collected information to operate and provide Ulteamate’s services to you. The main purposes include: providing AI responses to your prompts, maintaining your account and subscription, processing payments, communicating with you, improving the Service (like debugging and adding features), and ensuring security/preventing misuse. We may also use data to comply with legal obligations. We explain each of these purposes in this section. We do not use your personal data for things like advertising targeting or selling to third parties.

We use personal information collected from you for the following purposes:

  • To Provide the Service: The most fundamental use of your data is to deliver Ulteamate’s functionality to you. This includes:

    • Using your prompt text and screenshots to generate AI responses (we send the content to OpenAI’s API and retrieve the answer).

    • Displaying the AI’s answer back to you in the app, along with any relevant context (like part of your prompt if needed).

    • Remembering your free prompt count or subscription status so that we enforce usage limits correctly (e.g., knowing if you have free prompts remaining or need to subscribe).

    • Authenticating you when you log in, so that only you can access your account.

    • If you request support or use a feature within the app, using your information to fulfill that request (for example, if Ulteamate had a feature to save certain preferences, we’d use your stored data to apply those preferences).

  • Account Management: We use your email (and name, if provided) to maintain your account. This can include sending verification codes or links when you register or login (if we implement email verification or multi-factor authentication). We might also use it to send important notifications about your account, such as password reset emails upon request or alerts about unusual account activity.

  • Payment Processing and Subscription Management: We use subscription-related information to manage billing. For instance:

    • Recording that you have paid for a given month and marking your account as subscribed through the end of that period.

    • Reminding you of upcoming renewals or if there’s an issue with your payment (like a failed charge, if we implement such notifications).

    • Allowing you to have continuous access to the Service by recognizing that your subscription is active. We rely on PayPal for the actual payment transaction, but we use the info PayPal provides (subscription status, transaction IDs, etc.) in our system for record-keeping and support (e.g., if you contact us about a billing question, we refer to these records).

  • Communicating with You: We may use your contact information to communicate with you about the Service. This includes:

    • Service and Account Updates: We might email you to inform you of important changes to Ulteamate, such as changes to these terms or privacy policy, security alerts, subscription reminders, or significant feature updates. For example, if we change our pricing or if we are experiencing a service outage, we may email users.

    • Customer Support: If you reach out to us with questions or issues, we will use your email and any details you provided to respond and help resolve the matter.

    • Feedback or Surveys: We might occasionally send an optional survey or ask for feedback about Ulteamate to help us improve. Participation would be voluntary.

    • We will not spam you with irrelevant communications, and we do not currently send marketing emails unrelated to Ulteamate. If in the future we decide to send any promotional emails, we will do so in compliance with applicable laws (e.g., CAN-SPAM Act) and provide an opt-out mechanism.

  • Improving and Developing the Service: We use the information we collect to understand how Ulteamate is used and how we can make it better. This may include:

    • Analyzing usage patterns to decide on new features or improvements (for example, if logs show most users ask for help with a certain type of task, we might develop additional features or guidance for that task).

    • Debugging and fixing errors or crashes. Data from error logs (including possibly parts of your prompt that triggered a bug) helps us identify and resolve technical issues.

    • Conducting internal research and analysis to optimize our AI integration (for instance, noticing if the AI is frequently giving unsatisfactory answers to certain queries and adjusting how we format prompts or provide instructions to the AI).

    • Testing out changes in a sandbox environment using data (in adherence with privacy): for example, using anonymized prompts to test a new version of the AI model before deploying it. Any use of user content for improvement is done carefully and respectfully. We are mindful that your prompts may include personal info. We do not use user data to train our own models in a way that would make your personal content available to others. (OpenAI, by default for their API, does not use API data to train their models either, as noted earlier.)

  • Ensuring Security and Preventing Abuse: We process certain data to keep Ulteamate and its users safe:

    • Monitoring for suspicious activity or misuse of the Service (e.g., detecting if a single account is making an unusually high number of requests which might indicate a bot or an attempt to scrape the AI).

    • Using IP address and other identifiers to prevent fraudulent or unauthorized login attempts.

    • If necessary, using content of prompts to prevent abuse: for example, our system or OpenAI’s content filter might scan for disallowed content (like malware code or hate speech) and we may log some info about such incidents to take action (like banning an account that repeatedly violates the content rules).

    • Protecting our rights and property and those of other users, such as investigating violations of our Terms (Section 8’s rules) and taking appropriate countermeasures.

    • These activities might involve automated algorithms that analyze usage data and flags from OpenAI’s content moderation. If an issue is flagged, our team may manually review certain logs or content snippets to decide on actions (e.g., whether a particular use was a Terms violation).

  • Compliance with Legal Obligations: We may use your information to comply with applicable laws and regulations:

    • Keeping transaction records for tax, accounting, and auditing purposes.

    • Responding to lawful requests by public authorities (such as fulfilling a subpoena or court order to disclose certain data, if such an event arises).

    • Informing you of your rights or changes in our practices, as required by law.

    • If you exercise data rights (like a request for deletion under GDPR/CPRA), using your information to verify and fulfill those requests.

  • Aggregate and Anonymized Data: We may also aggregate or anonymize personal data so that it can no longer be linked to any individual user, and use that aggregated/anonymized data for purposes such as statistical analysis, research, or improving our AI’s performance. For example, we might keep statistics like “X% of users asked for help with software installation” without any personal identifiers. This aggregated data may be used by us for any purpose, since it no longer identifies individuals and is not personal data.

We do not use your personal data for:

  • Advertising or Marketing by Third Parties: We do not sell or rent your personal information to advertisers or other third parties. We don’t serve third-party ads within Ulteamate.

  • Automated Decision Making with Legal Effects: Other than the automated content moderation to enforce rules (which does not produce legal effects so much as service-related effects like blocking a prompt), we do not subject your data to solely automated decisions that have a significant legal effect on you. Subscription renewal is automated, but that’s based on your prior consent to auto-renew and can be canceled anytime.

  • Training broad AI models: We do not feed user-identifiable data into public AI model training sets. OpenAI may use data internally for improving their services and content moderation, but as per their API policy, it’s not used to train the public models, and we have not opted in to any such use beyond necessary service improvement. (If any such use were considered, we’d update this policy or seek consent.)

Our legal bases for processing personal data (for users in jurisdictions like the EU) include:

  • Performance of a Contract: We process data to provide the Service as per our Terms (Article 6(1)(b) GDPR). For example, using your prompts to get answers is necessary to perform our Service contract with you.

  • Legitimate Interests: We process data for legitimate business interests such as improving Ulteamate, ensuring security, preventing fraud, and communicating with you about product updates (Article 6(1)(f) GDPR). We consider and balance any potential impact on your rights when relying on this basis.

  • Consent: Where required, we may rely on your consent. For instance, if we ever introduce a feature that sends optional marketing emails, we would only do so with your consent (Article 6(1)(a) GDPR). You can withdraw consent at any time.

  • Legal Obligation: In some cases, we process data to comply with a legal obligation (Article 6(1)(c) GDPR), such as retaining records for tax law or responding to government requests legally.

If we need to use your personal data for a purpose unrelated to those listed, we will update this Privacy Policy and/or notify you and obtain any necessary consent.

3. How We Share or Disclose Information

What this means: We do not sell your personal information. We only share your data in specific circumstances: with service providers that help run Ulteamate (like OpenAI for AI responses, PayPal for payments, Sentry for error logging), with affiliates or successors if Ulteamate’s ownership changes, or if required by law (e.g., responding to a legal request). We ensure any service providers only use your data for the intended purpose and protect it appropriately. If we ever need to share data for any other reason, we would get your consent or update this policy accordingly.

We may share your personal information with the following categories of recipients, and only under the conditions described:

A. Service Providers (Processors): We use third-party companies to support and facilitate our Service. These service providers act on our behalf and under our instructions to process your data for the purposes described in this Privacy Policy. Key service providers include:

  • OpenAI: As explained, OpenAI processes the content of your prompts and screenshots to generate the AI output. When you use Ulteamate, your relevant data (prompt text, image, and necessary context) is sent to OpenAI’s servers. OpenAI in this context is a processor of your data on our behalf (and also has certain independent obligations, e.g., to scan for abuse). OpenAI is based in the USA. They have committed to not using API data for model training without consent, and they retain API request data for a limited period (up to 30 days) for monitoring misusecommunity.openai.com. They are bound by their terms and privacy policy to protect your data. You can review OpenAI’s policies for more info (see OpenAI’s Privacy Policy and API data usage policies).

  • PayPal: If you make a payment, PayPal will process that payment. PayPal is a data controller of your payment information (since you directly provide it to them), but they also act as a service provider to us by conveying transaction info. We share with PayPal the necessary data for the transaction (like amount and your account ID or email) and receive confirmation or failure notices. PayPal may have to share some of your data with banks or card networks to process the payment. PayPal is located in multiple regions (we use their global service; data might be processed in the US or your local region). PayPal’s use of your data is governed by their Privacy Statement. They may also be subject to financial regulations requiring retention of transaction data. We do not control PayPal’s processes, but we only share with them what is necessary for billing.

  • Sentry (Functional Software, Inc.): Sentry provides error monitoring. If our app encounters an error or crash, Sentry will receive data about the error. This could include device info, app state, and possibly user identifiers or a snippet of recent actions leading to the error. Sentry acts as a processor to help us diagnose and fix issues. Sentry is based in the USA. They state that they maintain appropriate security measures and comply with privacy laws (they have GDPR terms in place as needed). We have a Data Processing Addendum with Sentry to protect user data. Sentry’s Privacy Policy details their data handling.

  • Email Service (if applicable): If we use a service to send emails (e.g., an SMTP relay or a service like SendGrid, Mailgun, AWS SES), then your email address and the content of emails (like verification codes or support responses) will pass through that service provider. We would ensure any such email provider is reputable and compliant with privacy laws.

  • Cloud Hosting and Database: Our servers (in Israel and possibly EU) might be hosted by a third-party data center or cloud provider (for instance, AWS, Azure, or similar). That means your data is stored on their infrastructure. They are not allowed to access your data except for storing and retrieving as needed to run our Service. We maintain control and encryption over the data where possible. Such providers act as processors (or sub-processors) for storage and computing. We have agreements in place to safeguard data with these providers. (E.g., if we use AWS data centers in Israel, AWS is a sub-processor that must implement strict security per our contract).

  • Analytics Tools: If we utilize an analytics service (for example, to gather usage telemetry), those services might process some personal data like user IDs or IP addresses. We currently rely on internal logging rather than any extensive external analytics, but if we integrate something like Google Analytics on our website, we will disclose that. Any analytics provider would be contractually obligated to only use data on our behalf and not for their own purposes.

In all these cases, we share only the information that is necessary for the provider to perform their function. We also require that these providers use your information only for our specified purposes and protect it in line with this Privacy Policy and applicable law (through Data Processing Agreements or similar contracts).

B. Affiliates and Corporate Transactions: If Ulteamate is ever involved in a merger, acquisition, investment, reorganization, or sale of some or all of its assets, your personal data may be transferred to the relevant successor entity or affiliate as part of that transaction. For example, if Ulteamate (the product or the business) is acquired by another company, your data would likely be one of the transferred assets. In such an event:

  • We will ensure that the new owner or merging entity continues to be bound by privacy obligations at least as strict as those in this policy.

  • We will provide notice to users (for example, via email or on our site) if a significant change in ownership occurs, along with any choices you may have regarding your data as a result. If we simply form an affiliate (say, a new company or an LLC) to operate Ulteamate, and that affiliate is under common control with the current developer, we may share data with that affiliate as necessary to run the Service. Any affiliate will honor the commitments in this Privacy Policy.

C. Legal Compliance and Protection: We may disclose personal information if necessary to:

  • Comply with a valid legal process or obligation. For example, responding to a subpoena, search warrant, court order, or other legal request for information. We will review each request to ensure it has a lawful basis and is not overly broad, and will object or seek to narrow it if appropriate. When permitted, we will try to notify you of such requests affecting your data (e.g., if a government demands your data) so you can seek legal intervention, unless legally prohibited from doing so.

  • Protect our rights, property, or safety, or that of our users or the public. This includes sharing information with law enforcement or relevant authorities if we believe doing so is necessary to prevent potential harm or illegal activity. For example, if someone is using Ulteamate to threaten violence or engage in child exploitation content, we may report that to appropriate agencies and provide relevant data.

  • Enforce our Terms of Service or investigate potential violations. If you breach the Terms (e.g., by attacking our service or infringing others’ rights), we might share data with attorneys or consultants to seek remedies, or with platforms involved (like informing OpenAI if the misuse involves their API such that they can ban your API access as well).

  • Address fraud, security, or technical issues. For instance, if we detect a malicious attack coming from a certain user, we might share data (like IP addresses, logs) with cybersecurity experts or other platforms to mitigate the threat.

We will always endeavor to balance any disclosure with the protection of our users’ privacy. We do not hand over user data to government authorities without a valid legal reason.

D. With Your Consent: In situations other than the ones listed above, if we ever need to share your personal information with a third party for a new purpose, we will obtain your consent. For example, if we wanted to feature a user’s story or prompt for marketing purposes, we would ask for permission before doing so (and you would have every right to decline). Or if we decide to integrate with a new third-party service where you explicitly choose to share data (like exporting Q&A history to another app), we would do so only with your consent and direction.

E. Aggregate or De-Identified Data: We may share aggregated, anonymized information that cannot reasonably be used to identify you. For instance, we might publish statistics like “Ulteamate served 10,000 prompts this month” or “85% of users found their answer helpful”. Such information would not include personal data and might be shared publicly or with partners to illustrate usage or performance of the Service.

International Data Transfers: (This is about how we share across borders, but since it involves sharing outside local jurisdictions, I'll note it here.) As mentioned, our service providers (OpenAI, PayPal, Sentry) may be in the United States or elsewhere. When we share data with these parties, your data may be transferred from your country to another country (for example, from the EU to the US). We take steps to ensure adequate protection for international transfers, as detailed in Section 5 (International Data Transfers) below, typically through contractual safeguards like Standard Contractual Clauses or reliance on adequacy decisions (Israel has an adequacy decision from the EU).

No Selling of Personal Data: We do not sell your personal information. “Sell” in this context means exchanging personal data for money or other valuable consideration for the third party’s independent use, which we do not do. All third parties who handle user data do so to provide services to us (as processors) or as part of usage you have initiated (like PayPal for payments).

In summary, we share data primarily to run Ulteamate (with trusted partners under strict conditions) or if legally compelled. We do not disclose your info to random third parties without reason, and we never monetize your personal data by selling it. Your trust is important to us, and we aim to keep your data as contained as possible while still providing a fully functional service.

If you have questions about specific third parties that might have access to your data, please contact us at kshayk0@gmail.com, and we will provide you with more detailed information.

4. Data Retention

What this means: We keep your personal information only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law (or for legitimate business reasons). Different types of data have different retention periods. For example, screenshots are deleted within 10 minutes after processing. Prompt text and AI responses are generally not stored long-term (beyond transient caching and short-term logs). Account and subscription information is kept as long as your account is active (and for a period after if needed for legal or operational reasons, like record-keeping). We outline retention for each category of data, and what happens when you delete your account or when data is no longer needed.

We retain personal data for only as long as necessary to achieve the purposes described in this Privacy Policy, unless a longer retention period is required or allowed by law. Here’s how we handle retention for different categories of data:

  • Account Information: We keep your account registration info (name, email, password hash) for as long as your account exists and you use the Service. If you decide to delete your account (or request deletion), we will remove or anonymize this information from our active databases. We may retain a secure archival copy of certain data (such as your email or transaction records) for a period of time after deletion if needed for legal compliance, dispute resolution, or to enforce our agreements. Typically, routine backups that include your data will expire and be overwritten within a reasonable period (often within 30-90 days). If you simply stop using Ulteamate without formally deleting your account, we may retain your account data for a reasonable period in case you return. In general, if an account is completely inactive for a very long time (e.g., a few years) and has no subscription, we might reach out or purge the data, but we currently do not have an automatic deletion policy for inactivity (we might in future, and we will update if so).

  • Prompts and AI Outputs: We do not store your prompt text or the AI’s responses on our servers beyond what is needed to deliver and briefly cache the result. This means:

    • In-memory or ephemeral storage is used for processing the prompt and preparing the response in real time.

    • We do not maintain a history of your prompts and answers on our server tied to your account. Any chat or history feature in the app is either stored locally on your device or in short-term memory on the server that’s cleared frequently.

    • We may have short-term logs that include prompt text for debugging or monitoring (for example, a rolling log that keeps the last few hours or days of requests). These logs are for internal use and typically get overwritten or deleted continuously. We aim to purge or anonymize prompt content from logs within at most 30 days, often sooner. In many cases, prompt content is not logged at all unless it triggered an error or flag.

    • Screenshots: We treat screenshots with high sensitivity. The server deletes each screenshot image typically within 10 minutes after it has been processed by the AI. In many instances, the deletion is immediate after the AI returns an answer. We keep the short buffer (up to 10 minutes) only to allow for potential re-processing or troubleshooting if something went wrong in generating the answer. After that, the image is permanently deleted from our storage. We do not archive user screenshots. (If a screenshot caused a technical error, a reference to it might appear in an error log, but not the image itself—perhaps a file name or size. Even that kind of reference would only be kept until the issue is resolved.)

  • Usage and Log Data: We retain server logs and usage data for varying periods depending on their use:

    • Basic event logs (successful requests, timestamps, IP addresses) may be retained for security and auditing for about 90 days, unless we need them longer for a specific investigation.

    • Error logs (which might contain snippets of prompts or environment data) are generally retained until the issue is fixed plus a short period for verification. Many error logs auto-delete after 30 days or sooner.

    • Aggregate analytics (which contain no personal data) might be kept indefinitely for historical reference (e.g., number of requests per month).

  • Subscription and Payment Records: We retain records of your subscription status and payment transactions as long as necessary for financial reporting and compliance:

    • Transaction receipts and related info (like transaction ID, date, amount) are generally kept for at least 7 years as required under accounting/tax laws in many jurisdictions (for example, to comply with IRS or VAT record-keeping rules).

    • If you cancel your subscription, we still keep past transaction records, but we mark your account as no longer active in billing. Those records remain for audit trail.

    • If you delete your account, we will disconnect your personal identifiers from subscription records where possible, but we may keep the transaction records under an anonymized or generic identifier for our legitimate interests (and to comply with financial laws).

  • Communications: If you contacted support or we communicated via email, those communications may be retained for a period:

    • Support emails/tickets are typically kept for 1-2 years after resolution, in case follow-up is needed or to reference how an issue was resolved.

    • If we send mandatory notices (like changes to terms) via email, we might keep a log that we sent those communications (including to which addresses) as proof of compliance for a similar period.

  • Legal and Security-Related Retention: If we are required to preserve data due to a legal hold (e.g., if involved in litigation or received a preservation order from law enforcement), we will retain the data until we are cleared to delete it. Similarly, if we identify misuse, we might retain relevant logs until the issue is fully resolved plus any statute of limitations period in case of legal action.

Data Deletion: When your personal data is no longer required for the purposes outlined or to meet a legal requirement, we will delete, dispose of, or anonymize it in a secure manner. Deletion from active systems is prompt. However, data may persist in encrypted backups for a short duration until those backups cycle out, at which point it will be overwritten. Our backup retention is typically a rolling period (e.g., 30 days). We ensure that any retained backups are secured and not used for any active processing.

If you request deletion of your account, as noted:

  • We will remove personal identifiers and content from our active databases typically within 30 days (often sooner).

  • Some residual information (like in backups or in aggregated stats) might take a bit longer to purge, but will not be readily accessible nor used for new processing.

  • We confirm deletion to you (if requested).

  • Note: If you shared any content with us in a way that is not controlled by your account (for example, you emailed support), we will also delete those records upon request, unless we have a lawful reason to retain them (like evidence of a resolved dispute).

Anonymous or Aggregated Data: We may retain non-personal information (anonymized or aggregated data that can no longer be associated with you) indefinitely, as it does not constitute personal data and can be useful for our business (like usage statistics or AI training on generalized patterns).

In summary, we aim to retain your personal data only as long as needed. Screenshots are gone in minutes, prompt data in days (if not immediately), and core account/billing data is kept while you’re with us and for some time after as needed. When data is no longer needed, we delete it or anonymize it. If you have a specific question about retention of a certain type of data, you can contact us at kshayk0@gmail.com.

5. International Data Transfers

What this means: Ulteamate is operated from Israel and involves services (like OpenAI, PayPal, Sentry) in the United States and possibly other countries. If you are outside those countries, your data will likely be transferred across borders. For example, if you’re in the EU, your personal data will be transferred to Israel (where our servers are) and to the U.S. (for OpenAI, etc.). We take steps to ensure these transfers are lawful and protected. Israel has an EU “adequacy” decision, meaning EU law considers Israel’s data protection adequate. For transfers to the U.S. and other countries not deemed “adequate,” we rely on appropriate safeguards like Standard Contractual Clauses (SCCs) or your consent if applicable. In short, we make sure any international transfer of your data complies with applicable privacy laws and that your data is safeguarded to a similar standard as in your home country.

Ulteamate is accessible to users around the world, and the personal data we collect may be transferred to and stored on servers in countries different from your own. Specifically:

  • Our primary servers and infrastructure are located in Israel (and potentially in the European Union, depending on our hosting choices). Israel is where your data (account info, prompts during processing, etc.) is initially received and stored.

  • Some of our service providers are located in the United States (e.g., OpenAI in the US, PayPal has US operations, Sentry in the US). This means that when we share data with these providers, your data is transferred to or through the United States.

  • We (the operator of Ulteamate) are based in Israel. Israel is our main place of business.

Data Protection in Israel: The European Commission has determined that Israel’s data protection laws provide an adequate level of protection for personal data (with some exceptions regarding data transferred from the EU about Israeli nationals, which generally aren’t relevant for our user base). This “adequacy decision” (under GDPR Article 45) means that personal data can flow from the EU/EEA to Israel just as it would within the EU, without needing additional safeguards, because Israel’s law (the Protection of Privacy Law) is deemed robust. Therefore, if you are in the EU or UK, the transfer of your data to our servers in Israel is covered by this adequacy finding.

Transfers to the United States and Other Countries: For transfers to countries that do not have an adequacy decision (for example, the United States does not currently have a blanket adequacy decision for general processing*), we rely on appropriate safeguards as required by law:

  • We have entered into Standard Contractual Clauses (SCCs) with relevant service providers (like OpenAI and Sentry) when required, to contractually ensure that your personal data receives a level of protection essentially equivalent to that in the EU. These SCCs are the European Commission-approved template contracts for data transfers.

  • In some cases, our service providers may participate in frameworks like the new EU-US Data Privacy Framework (if applicable) or have Binding Corporate Rules. For instance, PayPal has Binding Corporate Rules approved for data transfers, which ensure EU data is protected within PayPal’s group.

  • We also assess these transfers to ensure that, in practice, the providers can comply with the obligations (e.g., we consider whether US law might require any access to data and ensure providers have measures to handle government requests, etc., as per the Schrems II ruling considerations). OpenAI and our other processors have commitments in place to protect data from undue government access, and the SCCs address this.

  • By using Ulteamate or by explicitly giving consent in certain contexts, you may be consenting to your data being transferred internationally for the purposes of providing the service. However, we don’t rely solely on consent; we primarily use the contractual and legal safeguards mentioned.

(*Note: There is now an EU-US Data Privacy Framework adequacy decision for companies certified under that framework. If any of our US service providers is certified under this new framework, that could be an additional legal basis for EU data transfer to them. For example, if OpenAI or Sentry joins that framework, the transfer is covered by adequacy. We’ll treat SCCs as the default safeguard for now.)

Other International Considerations: If you are accessing the service from other jurisdictions (like UK, Canada, Australia, etc.), similar principles apply:

  • For the UK, it recognizes the EU’s adequacy decisions (including Israel) and uses its own version of SCCs for other transfers. We use UK-approved international data transfer addendums with relevant parties as needed.

  • For other countries that have data localization or transfer requirements, we comply as required. For instance, if any Russia or China user base existed (we currently have no presence there), we’d handle accordingly, but as of now we anticipate users primarily from jurisdictions covered by EU/US style rules.

In summary, whenever we transfer your personal data across borders, we take steps to protect it:

  • We only transfer to countries with adequate protections or under legally enforceable agreements (like SCCs).

  • We maintain high security standards globally (encryption, access control) to protect data in transit and at rest, no matter where it is stored.

  • If a law enforcement or government request is received in a country that might conflict with your privacy rights, we will push back unless legally obliged and will inform you if possible. We have seen the changes with US Executive Order 14086 which provide additional redress for EU individuals, etc., and our providers align with those.

  • You can request more information on our transfer safeguards by contacting us at kshayk0@gmail.com. For example, we can provide a copy of the SCCs or details on any specific provider’s framework.

Your Consent and Rights: By using Ulteamate, you understand that your personal data will be transferred to and processed in Israel, the United States, and possibly other jurisdictions as necessary for the purposes described. These countries may have different data protection laws than your country. We ensure compliance with applicable transfer rules, but if you object to your data being transferred or used in this way, you should not use the Service (or you may contact us to discuss if any accommodations are possible).

Keep in mind that regardless of where your data is processed, we treat it according to the principles laid out in this Privacy Policy and with respect for your privacy and security.

If you have any questions or need more specifics about international data transfers, please reach out to us.

6. Your Rights and Choices

What this means: Depending on where you live, you have certain rights regarding your personal data. For example, if you’re in the EU, UK, or similar jurisdictions, you have the right to access a copy of your data, correct it if it’s wrong, delete it, restrict or object to certain processing, and even get a portable copy in some cases. If you’re in California, you have the right to know what data we collect, to delete it (with similar exceptions), to opt out of any “sale” of data (we don’t sell data, so that’s not applicable), and not to be discriminated against for exercising rights. Texas and other U.S. state laws similarly give rights to access, correct, and delete data. Ulteamate respects all these rights. This section tells you how you can exercise your rights (usually by contacting us at our email), and our process for verifying requests. It also tells you how you can manage certain preferences, like opting out of marketing emails (though we currently don’t send many marketing emails) or controlling cookies on our site.

We want you to be in control of your personal information. Subject to applicable law, you have the following rights and choices with regard to your personal data processed by Ulteamate:

A. Rights for Users in the European Economic Area (EEA), United Kingdom, Switzerland, and Other Similar Jurisdictions (GDPR and equivalent):
If you are in the EEA, UK, or a jurisdiction with similar data protection laws, you have the following rights:

  • Right of Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to receive a copy of the personal data we hold about you. This is often called a “Data Subject Access Request.” We will provide you with a copy of the information in a structured, commonly used format (unless you specifically request a different format) along with details on what data we have, how we use it, who we share it with, and how long we plan to keep it, among other information.

  • Right to Rectification: If any of your personal data that we have is inaccurate or incomplete, you have the right to request that we correct or update it. For example, if your name or email has changed or there's a typo, let us know and we will fix it.

  • Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data. We will honor such requests and erase your personal data without undue delay, except where we have a valid legal reason to retain it (for instance, ongoing legitimate business needs or legal obligations). There are exceptions to this right – for example, we might retain data needed for legal compliance or in the exercise or defense of legal claims. But generally, if you no longer want us to have your data and there's no compelling reason for us to keep it, we will delete it. Please note that deleting your personal data means we will also delete your Ulteamate account and you will lose access to the Service.

  • Right to Restrict Processing: You can ask us to limit the processing of your personal data in certain circumstances. This might apply if you contest the accuracy of your data (for the period it takes us to verify the accuracy), if you believe our processing is unlawful but you prefer a restriction to deletion, if we no longer need the data but you need us to keep it for a legal claim, or if you have objected to processing (see below) and are awaiting verification of overriding grounds.

  • Right to Object: You have the right to object to certain types of processing of your personal data. Specifically, you can object to processing carried out on the basis of our legitimate interests or for direct marketing purposes.

    • If we use legitimate interest as a basis (see Section 2 for where we do, such as improvement and security), you can object on grounds relating to your particular situation. We will then re-evaluate our reasons for processing and either stop processing or explain why we have compelling legitimate grounds that override your interests, rights, and freedoms.

    • If we were to do any direct marketing (like promotional emails), you can object at any time and we will stop using your data for that purpose immediately. (As noted, we currently don’t send promotional emails beyond service-related communications.)

  • Right to Data Portability: In certain scenarios, you have the right to receive the personal data you’ve provided to us in a structured, commonly used, and machine-readable format, and to have that data transmitted to another controller where technically feasible. This applies when processing is based on your consent or a contract and carried out by automated means. For example, you might request a copy of all your prompt/response history (if it was stored) to port to another service. We will facilitate such requests to the extent possible.

  • Right to Withdraw Consent: Where we rely on your consent to process data (e.g., if we ever ask for your consent for a specific optional feature or for marketing), you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing conducted prior to withdrawal, and it won’t affect processing under other bases (like contract or legal obligation), but we will cease the processing that was based on consent.

B. Rights for Users in California (CCPA/CPRA):
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to Know: You can request that we disclose to you the categories and specific pieces of personal information we have collected about you, as well as information about our data practices (such as the categories of sources from which we collected the data, the purpose for collecting it, and the categories of third parties with whom we share it). Essentially, this is similar to the access right: you can ask “what do you know about me and how do you use it and with whom do you share it?”

  • Right to Delete: You can request that we delete personal information we have collected from you (with similar exceptions as under GDPR, such as if we need the information for providing the service you requested, to comply with a legal obligation, to detect security incidents, etc.). As with GDPR, deleting your info means we’ll likely delete your account to fulfill the request.

  • Right to Correct: You can request that we correct inaccurate personal information that we maintain about you.

  • Right to Opt-Out of Sale or Sharing: The CPRA gives you the right to opt-out of the “sale” or “sharing” of your personal information. However, Ulteamate does not sell personal information (we don’t exchange your data for money or other valuable consideration with third parties for their own use). We also do not “share” personal information as defined as disclosing it for cross-context behavioral advertising. Therefore, there is no need for you to opt out, as we don’t engage in those practices. We also do not use or disclose sensitive personal information for purposes other than those allowed by CPRA (like providing the service you requested or preventing fraud).

  • Right to Limit Use of Sensitive PI: If we collected any “sensitive personal information” as defined by CPRA (e.g., account login with password, which is considered sensitive), you have the right to limit its use to what’s necessary. We already limit sensitive data usage to the necessary service purposes. For instance, we only use your password for authentication. We don’t use sensitive info for secondary purposes like marketing.

  • Right of Non-Discrimination: We will not discriminate against you for exercising any of your rights. That means if you request deletion or opt-out of data use, we won’t deny you the Service or provide a lower quality service just because you exercised your privacy rights. (However, note that deletion of data necessary for the Service might make it impossible for us to continue providing it – e.g., if you ask us to delete all your account data, we can’t keep providing your account. That’s not discrimination, that’s just a consequence of the request.)

  • Authorized Agent: California residents may use an authorized agent to make requests on their behalf. If you choose to do that, we will take steps to verify that the agent is authorized (e.g., by requiring a written permission from you or a power of attorney, and verifying your identity with us directly).

C. Rights for Users in Other U.S. States (Virginia, Colorado, Connecticut, Utah, Texas, etc.):
New state privacy laws (like the Virginia Consumer Data Protection Act, Colorado Privacy Act, Connecticut’s Act Concerning Personal Data Privacy, Utah Consumer Privacy Act, and Texas Data Privacy and Security Act) provide similar rights to those above (access, deletion, correction, opt-out of certain processing). Ulteamate’s stance is to extend the core privacy rights to all users as applicable:

  • Access: You can request to confirm if we process your data and get a copy of that data.

  • Deletion: You can request deletion of your data we have.

  • Correction: You can request corrections to inaccurate data.

  • Opt-Out: If applicable, you can opt out of targeted advertising (we don’t do targeted advertising), sales of data (we don’t sell data), or profiling that produces legal effects (we don’t do that).

  • Appeal: Some state laws (like Colorado, Connecticut, Virginia) allow you to appeal if you disagree with our decision on your privacy request. We will provide a method to appeal (for example, if we say we cannot comply with a deletion request and you believe we should, you can appeal and we will have a second look, typically by a higher-level reviewer). If after appeal we still deny, those laws allow you to contact your state Attorney General.

  • We will not discriminate (e.g., no denying service or changing price) because you exercise your rights, consistent with those laws.

D. Exercising Your Rights / How to Make a Request:
Regardless of jurisdiction, if you want to exercise any of these rights, you can contact us by:

  • Emailing us at kshayk0@gmail.com with your request and the specifics of what you want (e.g., “I’d like a copy of my data” or “Please delete my account and data” or “Please correct my name to X”).

  • In the future, we may offer in-app controls or forms on our website for certain requests (like a “Delete Account” button or a web form to request data). Currently, email is the best contact method.

To protect your privacy, we will need to verify your identity before fulfilling certain requests (especially access, deletion, and correction requests) to ensure that the person making the request is you (or an authorized agent). Verification steps may include:

  • Responding from the email associated with your Ulteamate account (which suggests control of that email).

  • Providing information that only the account owner would know (like details of last prompts or subscription info).

  • In some cases, we might ask for a government ID or other verification if email is insufficient and the data is sensitive (though we try to avoid collecting more info for verification). For access or deletion of extremely sensitive data, stronger verification is used.

Once verified, we will respond to your request within the timeframe required by law:

  • For GDPR (EU/UK): Typically within one month (and can extend to two months for complex requests, but we’ll inform you of any delay).

  • For CCPA (California) and similar: Typically within 45 days (with a possible 45-day extension, total 90 days, if necessary).

  • For other state laws: similar ~45-day timeline (with possible extension). We’ll usually respond much faster than the maximum allowed.

If we cannot fulfill your request (like an exception applies), we will explain why. For example, if you request deletion but we must retain certain information for legal reasons, we’ll let you know what we cannot delete and why (e.g., “we cannot delete your transaction records for tax compliance”).

E. Managing Your Information and Preferences:

  • Review and Update: You can update certain account information (like your email, if we allow that change) by contacting support. In the future, we might have an account settings page to edit info.

  • Marketing Communications: If we send any marketing or promotional emails (currently we do not, beyond service updates), each such email will have an “unsubscribe” link or instructions. You can click that or reply with a request to opt out. You can also email us to opt out of marketing. Service-related communications (like important notices about your account, security, or terms changes) may not have an opt-out as they are necessary, but we try to keep those infrequent.

  • Cookies and Tracking: For any web-based component, you can set your browser to refuse cookies or to alert you when cookies are being used. Our website might have a cookie notice if needed. Disabling cookies might affect site functionality (for instance, staying logged in).

  • Do Not Track: Our website doesn’t respond to “Do Not Track” signals specifically, because no personalized tracking is done. But we treat all users’ data with the same care, and you have other opt-out rights as described.

  • Authorized Agents (for California or others): As mentioned, if you want to use an authorized agent to exercise rights on your behalf, we will require proof of authorization and verification of identity from you (unless you have given a power of attorney recognized by law, in which case just verifying the agent may suffice).

  • Complaints: If you have concerns about how we handle your data, you have the right to complain to a supervisory authority. For EU users, this is usually your local Data Protection Authority. For UK, the ICO. For Canada, the OPC. For California, you can contact the California Attorney General, etc. We encourage you to contact us first so we can try to resolve your issue directly.

We will not charge a fee for fulfilling a reasonable, non-repetitive request. If a request is manifestly unfounded or excessive, we may either charge a reasonable fee (based on administrative costs) or refuse to act on it, but we’ll explain why and what options you have.

Your privacy and control over your personal data is important to us. We will facilitate your rights to the best of our ability and in compliance with law.

If you have any questions about your rights or how to exercise them, please contact us at kshayk0@gmail.com.

7. Security Measures

What this means: We take security seriously and implement measures to protect your personal data from unauthorized access, use, or disclosure. This includes using encryption (HTTPS/TLS) for data in transit, encryption at rest for sensitive data, limiting access to personal data to only those who need it, and maintaining firewalls and monitoring for intrusions. However, no system is 100% secure, so we cannot guarantee absolute security of data. We do not currently meet specific standards like FIPS 140-2, so if you require a government-certified level of encryption, be aware we use industry-standard encryption but not FIPS-certified modules. We recommend you also use good practices (like not sharing your password, and keeping your app updated) to help protect your own data. If we ever experience a data breach affecting your information, we will notify you and relevant authorities as required by law.

We employ a variety of technical and organizational security measures to safeguard your personal data against unauthorized access, disclosure, alteration, and destruction. Here are some key aspects of our security program:

  • Encryption in Transit: All communication between the Ulteamate app and our servers (and between our servers and OpenAI’s API) is encrypted using HTTPS/TLS. This means that when you submit a prompt or log in, the data is encrypted while traveling over the internet, making it very difficult for an unauthorized party to intercept and read it.

  • Encryption at Rest: We encrypt sensitive data at rest in our databases and storage. For example, passwords are stored as salted cryptographic hashes (not in plain text) so that even if our database were accessed, the actual passwords would not be readily obtained. Any other particularly sensitive fields (if we stored any, like perhaps API keys or tokens) are also encrypted or hashed. For general stored data that is not highly sensitive, our servers are on encrypted disks or in secure data centers.

  • Access Controls: We restrict access to personal data to personnel and service providers who need that information to operate, develop, or support the Service. For example, our development team may access aggregated logs for debugging but not users’ plain prompts unless needed for a specific support case and after user permission if feasible. Any staff with access to personal data are bound by confidentiality obligations and undergo training on data protection.

  • Authentication Security: When you log in, we have protections in place like hashing of passwords as mentioned. We encourage you to use a strong, unique password for Ulteamate. We may implement additional security features like two-factor authentication (2FA) in the future. Internally, admin access to systems requires strong authentication (e.g., SSH keys, 2FA for dashboards).

  • Network Security: Our servers are protected by firewalls and network segmentation. We limit the ports and services exposed to the internet to only those necessary (like the Ulteamate API endpoint). Internal systems are isolated on private networks. We keep our software and dependencies updated with security patches to minimize vulnerabilities.

  • Monitoring and Logging: We monitor our systems for potential security events and have logging in place for actions (like login attempts, unusual API usage patterns) which can alert us to suspicious activity. For instance, repeated failed logins could trigger alerts or temporary account lockouts to mitigate brute force attacks.

  • Regular Audits and Testing: We periodically review our security procedures and may conduct penetration testing or code reviews to identify and fix potential weaknesses. We also keep up with best practices in application security and incorporate improvements continually.

  • Data Minimization: As described, we minimize how long we keep certain data (like not storing screenshots, etc.), which inherently limits exposure. If data isn’t stored, it can’t be compromised.

  • Contractual Safeguards: With all our subprocessors (OpenAI, etc.), we ensure via contracts that they also implement security appropriate to the risk of the data they handle. For example, OpenAI and Sentry are known to take security seriously as part of their enterprise offerings.

  • Not FIPS-compliant: We want to note explicitly (since it's mentioned) that while we use strong encryption (TLS 1.2+/AES-256/etc.), our encryption modules are not certified under U.S. government standards like FIPS 140-2. This means if you require a certain certified level of encryption (for example, for a US government use case or similar), Ulteamate’s current cryptographic implementations may not meet that strict certification, even though practically they are very secure. For the average user, industry-standard encryption is sufficient and effectively protects data, but we want to be transparent that it is not formally validated under FIPS or similar schemes.

  • No Absolute Guarantee: Despite all these measures, no system can be guaranteed 100% secure. There is always some residual risk. Cyber threats evolve, and there’s always a possibility of a breach due to unforeseen vulnerabilities or human error. We continuously strive to protect your data, but we cannot warrant or guarantee its absolute security.

  • Your Security Practices: We also urge you to take steps to protect yourself. For instance, keep your Ulteamate login credentials confidential. Do not share your password with others. Use a unique password for this account (so that a breach of another service doesn’t affect your Ulteamate account). If you suspect any unauthorized access to your account, let us know immediately at kshayk0@gmail.com. Also be cautious with the information you include in screenshots or prompts; avoid including sensitive personal identifiers if not necessary.

  • Breach Notification: In the unlikely event of a data breach that affects your personal data, we will notify you and the relevant supervisory authorities as required by law. We have an incident response plan in place to handle such situations, which includes identifying the scope of the breach, containing it, notifying affected parties, and taking steps to prevent future incidents.

In summary, we use recognized security practices to keep your data safe: encryption, limited access, secure development, and vigilant monitoring. We treat user data security as a top priority. However, if you ever have questions about our security measures or suspect a vulnerability, please contact us — user feedback is an important part of maintaining security.

8. Children's Privacy

What this means: Ulteamate is not meant for anyone under 18. We do not knowingly collect personal data from children under 18. If you are under 18, do not use the Service. If we learn we have a user under 18, we'll delete their data and account. If you're a parent/guardian and believe your child under 18 has provided personal data to us, please inform us so we can take appropriate action.

Ulteamate is intended for use by adults. We do not knowingly allow children to use our Service, and we do not knowingly collect personal information from children. Specifically:

  • No Users Under 18: You must be at least 18 years old (or the age of majority in your jurisdiction if that is higher) to create an account and use Ulteamate. The Service is not directed to or intended for children.

  • No Data Collected from Children: We do not knowingly collect personal data from anyone under the age of 18. We do not target or market to children, and our content (AI answers) is aimed at general audiences (with filters to avoid inappropriate content).

  • Parental Supervision: If an individual between 13 and 17 years old (a minor teenager) wishes to use Ulteamate, they should do so only with the involvement and consent of a parent or guardian. However, our Terms strictly require the user to be 18 or older to create an account, so in practice we are not allowing even teenagers to have their own accounts at this time.

  • If We Learn of Underage Users: If we discover that we have inadvertently collected personal information from a child under 18, or that a user under 18 is using Ulteamate:

    • We will take immediate steps to delete their personal information from our records.

    • We will terminate the child’s account (if any).

    • If deletion is not immediately possible (e.g., because of legal obligations or technical constraints), we will segregate and secure the data and ensure it is not used until deletion is possible.

  • Parents/Guardians: If you are a parent or guardian and you become aware that your child under 18 has created an Ulteamate account or otherwise provided us with personal information, please contact us at kshayk0@gmail.com. We will verify your identity (to ensure you are the parent/guardian) and then work with you to remove and cease any processing of the child’s information. We appreciate proactive outreach from parents to help us enforce this policy.

  • COPPA (Children’s Online Privacy Protection Act): Although Ulteamate is not directed to children under 13 and we do not knowingly collect information from them, we

  • COPPA (Children’s Online Privacy Protection Act): Although Ulteamate is not directed to children under 13 and we do not knowingly collect information from them, we are aware of COPPA requirements. We do not solicit or collect personal information from children under 13. If we somehow receive personal data from a child under 13, we will delete it as soon as we discover it.

By using Ulteamate, you represent that you are not under 18. If you are under 18, do not use this Service or provide any personal information to us.

9. Changes to this Privacy Policy

What this means: We may update this Privacy Policy from time to time. If we do, we will change the "Effective Date" at the top and, if the changes are significant, we will notify you (for example, by email or via a notice in the app). We encourage you to review the Privacy Policy periodically. Your continued use of Ulteamate after any changes indicates your acceptance of the updated Policy.

We may revise or update this Privacy Policy as needed to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will:

  • Update the Effective Date: The "Effective Date" at the top of this policy will be updated to the date the changes go into effect.

  • Notify You of Material Changes: If we make any material changes to how we collect or use personal data, or changes that significantly affect your rights or obligations, we will provide a prominent notice. We may notify you by email (sent to the address associated with your account) and/or by posting a notice within the Ulteamate application or on our website. For example, if we were to change the types of data we collect or introduce new purposes for processing, we would inform you in advance.

  • Opportunity to Review: We encourage you to review the Privacy Policy whenever we notify you of changes or whenever you use Ulteamate, to stay informed about our information practices. If required by applicable law, we will obtain your consent for any new uses of personal data that we plan to implement (for instance, if we were to start collecting additional data for a new purpose).

If you continue to use Ulteamate after a revised Privacy Policy has been posted and becomes effective, it means you accept the updated terms of the Privacy Policy. If you do not agree with the changes, you should discontinue use of the Service and may request that we delete your personal data (as described above).

We always indicate the date of the latest revision at the top of the Privacy Policy so you can tell what version is current. If you have any questions about any changes, feel free to reach out to us.

10. Contact Us

What this means: If you have any questions, concerns, or requests regarding your privacy or this Privacy Policy, you can reach out to us at the contact information provided below. We are here to help and address any issues relating to your personal data or the use of our Service.

If you have any questions or comments about this Privacy Policy, or if you would like to exercise any of your rights regarding your personal data, please contact us:

  • By Email: kshayk0@gmail.com

Email is the best way to reach us for privacy-related inquiries or requests (such as data access or deletion requests). Please include in your email your name, the email associated with your Ulteamate account (if different), and a detailed description of your question or request. We may need to verify your identity before fulfilling certain requests, as described in Section 6.

We will respond to your inquiry as promptly as possible, generally within 30 days or sooner if required by law.

If you prefer to contact us by mail, or need to reach a specific privacy/data protection officer, you may request a mailing address via email and we will provide a suitable contact address. (As a small operation, we primarily use email for correspondence to ensure a timely response.)

Data Controller: For the purposes of data protection law (like the GDPR), the “data controller” of your personal information is the developer/operator of Ulteamate, Shay K. Because Ulteamate is offered from Israel, Shay K (located in Israel) is the party determining the means and purposes of processing personal data collected through the Service.

If you are in the EU/EEA or UK and need to contact a representative or have any concerns about our data handling, please reach out via the contact above. You also have the right to lodge a complaint with your local Data Protection Authority or the Israeli Privacy Protection Authority, as applicable.