PRIVACY POLICY OF UPGINI

Effective date: 11 November 2025

1. What is a privacy policy?

This Privacy Policy ("Privacy Policy" or "Privacy Notice") describes how the website ("Site") of Upgini FZCO ("Upgini", "We", "Company", "Controller") manages the processing of personal data of users who consult Upgini web pages and who use the Company’s data platform ("Platform").
This information is provided only for the Site and the Upgini Platform and not for other websites that the user may consult through external links or for third‑party platforms that provide services similar to Upgini. Following consultation of this Site and use of the Platform, personal data relating to identified or identifiable persons (“Personal Data”) may be processed.
This Privacy Policy is made in compliance with Regulation (EU) 2016/679 (“Regulation” or“GDPR”) and Directive 2002/58/EC (“ePrivacy Directive”).

2. Who is theData Controller?

Controller: Upgini FZCO ("Upgini").
Contact: support@upgini.com, DWTC, 19th floor, Sheikh Rashid Tower, Dubai, United Arab Emirates.

3. What kind of personal data do we collect?

Through the Website and the Platform, we collect and process Personal Data in different ways:
• Personal information voluntarily provided by the user: when the user contacts us or signs up for the Platform (email‑based sign‑up), or books a demo.
• Personal data collected through the use of the Website/Platform: we automatically collect certain data during navigation and use of our Website/Platform by the user.
• Personal data collected through the Platform: access logs and technical events.

3.1. What type of Personal Data do we process?
• Contact and profile information: email address when the user signs up for or logs into our Platform; name and email address when the user contacts us via the Site; free‑text message in the contact form.
• Location data: we may approximate a user’s location based on IP address.
• Technical and usage data: device information (browser/OS/screen resolution), referral source, timestamps, interaction data, and server log information.

3.2. Information collected by default
When the user uses our Website and/or Platform or otherwise interacts with us through acomputer or mobile device, we and our third‑party partners may automatically collect information about how the user accesses and uses the Website and Platform, as well as information about the device used to access the Website and Platform. We use this information to improve and personalize the user’s experience, to monitor and improve our Website, and for other internal purposes.
We generally collect this information through a variety of tracking technologies, including cookies, location identification technologies, and similar technologies(collectively, "Tracking Technologies"). The user can accept or reject these technologies by changing privacy preference settings in the browser profile settings and, where applicable, via our cookie banner. The information we automatically collect may be combined with other personal information we collect directly from users.

4. What personal data we do not collect?

We do not intentionally collect the following categories of data via the Site/Platform:
• racial or ethnic origin;
• political opinions;
• religion or philosophical beliefs;
• health or medical conditions;
• criminal background;
• trade‑union membership;
• genetic or biometric data;
• sex life or sexual orientation.

Please do not send us, or disclose, any of the above personal information through the Site or directly to our contacts. We do not knowingly process personal data of minors.

5. Why do we process Personal Data?

a) Providing email‑based access to the Upgini Platform — to allow the user to create an account and use the Platform by signing up with an email address (and generating authentication tokens). Legal basis: performance of a contract /steps prior to entering into a contract (Art. 6(1)(b)).

b) Booking a demo — to allow the user to request a demo and receive information about our services. We may ask the user to provide an email address for contact. Legal basis: pre‑contractual steps (Art. 6(1)(b)).

c) Answering questions and processing user requests — to respond to enquiries, complaints and suggestions regarding our Website, Platform and services. Legal basis: our legitimate interests in managing and responding to user requests (Art.6(1)(f)); where the user requests a quote or bespoke services, pre‑contractual steps (Art. 6(1)(b)).

d) Ensuring the technical operation of the Site and Platform — to technically administer andensure proper functioning. Legal basis: our legitimate interests (Art.6(1)(f)).

e) Informing users about changes to terms and providing this Privacy Policy — Legal basis:our legitimate interests and/or legal obligations (Art. 6(1)(c)/(f)).

f) Compliance with legal obligations — including responding to orders from publicauthorities. Legal basis: compliance with legal obligations (Art. 6(1)(c)).

g) Data analysis to obtain trends and improve the Site/Platform — to better understand users and improve our services. Legal basis: our legitimate interests (Art.6(1)(f)); where Tracking Technologies are non‑essential, we rely on consent via the cookie banner.i) Fraud and abuse protection — to detect and prevent fraud or abuse. Legal basis: our legitimate interests (Art. 6(1)(f)).

h) Protection of our legal interests — to enforce our contractual terms, protect business operations, rights, privacy, safety or property, and pursue/defend legal claims. Legal basis: our legitimate interests (Art. 6(1)(f)).

6. Who are Personal Data disclosed to?

Personal Data may be communicated to Upgini staff on a need‑to‑know basis for the purposes of providing services and responding to user requests. For communications (e.g., newsletters) and platform operations we may use external service providers under written agreements that include confidentiality and security obligations.
Analytics provider: we use Google Analytics on our website to measure visits and usage trends. Google Analytics may set cookies and collect aggregated usage statistics (e.g., page views, sessions). You can opt out via the GoogleAnalytics Opt‑out Browser Add‑on (https://tools.google.com/dlpage/gaoptout) and withdraw consent at any time via our cookie banner.

7. What are the user’s rights and how can they be exercised?

Subject to applicable law, data subjects have the right to:
• Access — obtain access to personal data and certain related information (Art. 15).
• Data portability — receive personal data in a commonly used format and have it transmitted to another controller (Art. 20).
• Rectification — obtain rectification of inaccurate or incomplete data (Art. 16).
• Erasure — obtain erasure in certain circumstances (Art. 17).
• Restriction — obtain restriction of processing in specific circumstances (Art. 18).
• Objection — object, on grounds relating to your particular situation, to processing; and object to processing for direct marketing (Art. 21).We will assess and respond without undue delay and in any event within one month of receipt (extendable by two further months where necessary, taking into account the complexity and number of requests). The exercise of rights is, in principle, free of charge, but a reasonable fee may be charged for manifestly unfounded, excessive or repetitive requests.

8. How long do we store Personal Data?

• Website contact form: retained for up to 24 months from the last communication, or deleted earlier upon request where applicable.
• Platform registration (email‑based sign‑up): retained for the lifetime of the account; deleted or anonymised within a reasonable period after account closure.Back‑ups may persist for a limited time strictly necessary for disaster recovery.

9. What kind of data transfers can we carry out?

For some processing operations we may use providers located outside the EEA. In these circumstances, transfers are carried out in accordance with applicable law,including the use of the European Commission’s Standard Contractual Clauses(SCCs) and, where required, transfer impact assessments.

10. How do we protect Personal Data?

We implement appropriate technical and organisational security measures (GDPR Art. 32), including secure transport (TLS) for data in transit, access control (least privilege), encryption at rest where appropriate, logging/monitoring, incident response and periodic testing. No security system is infallible; where a breach occurs, we will act in accordance with applicable law.

11. Unsubscribing services

To opt‑out of marketing emails, use the unsubscribe link in the email footer or contact us at support@upgini.com.

12. Cookies and tracking technologies

We use cookies and similar technologies on the Site and Platform. We may store strictly necessary cookies without consent. For other types (e.g., preferences, statistics/analytics, marketing), we request consent via our cookie banner. You can change or withdraw your consent at any time in the banner or your browser settings.

GoogleAnalytics: we use Google Analytics to analyze how visitors use our website. Google Analytics sets cookies to collect information and report site usage statistics without personally identifying individual visitors. For more information and choices, see https://policies.google.com/technologies/partner-sites and the Google AnalyticsOpt‑out Browser Add‑on: https://tools.google.com/dlpage/gaoptout.

13. Applicable law

This Privacy Policy is governed by the GDPR, and, where applicable, other mandatory laws in relevant jurisdictions.

14. Complaint to the Supervisory Authority

You may lodge a complaint with your local EU data protection authority. A list of EU supervisory authorities is available on the European Data Protection Board website.

Use cases
Fraud preventionMarketing and CRMDemand forecastProduct managementPersonalizationRisk managementLead scoring
Resources
DocsTutorials & PublicationsPricingContact usPrivacy Policy
aicpa soc
SOC 2
© 2022-2025 Upgini  ·  Designed in UAE, build worldwide