Privacy Policy

Last updated: 12 April 2026

1. Introduction

Welcome to UnisphereHQ — The Ambition Network. This Privacy Policy explains how Unisphere HQ Limited ("we", "us", "our") collects, uses, shares, and protects your personal data when you use our mobile application, website, and related services.

Unisphere HQ Limited is the data controller responsible for your personal data. We are a company registered in England and Wales (No. 16068538).

We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy applies to all users of the UnisphereHQ app, regardless of location, and describes your rights under applicable data protection law.

By using UnisphereHQ, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the app.

2. Information We Collect

Information You Provide. When you create an account, we collect your email address, password (stored in hashed form — we never store plaintext passwords), full name, and avatar. During onboarding, we collect your referral source, focus goals, interest tags, country of residence, gender (used for Safe Space Mode), profile picture, and personality quiz responses (measuring traits such as extraversion, openness, conscientiousness, agreeableness, and resilience).

Profile Information. You may provide additional profile details including your username/handle, bio, headline, about me text, banner image, top skills, and verification status.

Content You Create. We collect content you post or share through the app, including posts, comments, stories (which auto-expire after 24 hours), reels, events, communities, direct and group messages, voice messages, polls, and media attachments.

Financial Information. If you subscribe to premium features or use creator monetisation, we collect your Stripe customer ID and subscription status. For creators using Stripe Connect, we store your Stripe Connect account ID. Payment card details and bank account information are collected and processed directly by Stripe — we do not store these on our servers. For identity verification, government-issued ID photos and selfie photos are processed by Stripe Identity.

Social Preferences. You can configure privacy controls including profile visibility, whether to show your email address, location, country flag, mutual connections, online status, and last seen timestamp. You can also control whether you appear in discovery, allow tagging, allow friend requests, and set gender filter preferences.

Information Collected Automatically. When you use UnisphereHQ, we automatically collect certain information about your device and usage. This includes your push notification token, platform (iOS or Android), app version, session identifiers (generated per session and stored locally), and request trace identifiers (generated per request) for diagnostics and performance monitoring. We collect usage and behavioural data such as views, clicks, likes, dislikes, shares, saves, ignores, feedback signals, engagement duration, content ratings, and session context to improve your experience.

Crash and Error Data. We use Sentry for crash and error reporting. This collects your user ID, email, username, device platform, error stack traces, and request URLs. On the native mobile app, IP addresses are stripped before transmission to Sentry, session tracking runs at periodic intervals, and breadcrumb retention is limited. On the web application, Sentry Session Replay may capture interaction data when errors occur to aid debugging — form inputs (including passwords) are masked, though general page content and media are not blocked. Replay is applied to a sample of sessions and all sessions where an error occurs.

Location and Contacts. Certain features (such as the UVA AI assistant) may request access to your device's location services or contacts, with your permission. Location data is used for local context and recommendations. Contact data is processed locally and is not stored on our servers unless you explicitly choose to share it.

Analytics. On the web application, we use Vercel Analytics to collect anonymous, aggregated page view and performance metrics. Vercel Analytics does not use cookies and does not collect personal data. We also collect first-party usage analytics (such as page views, feature usage events, device type, and session context) which are sent to our own servers to help us understand how the platform is used and improve the experience. These events are associated with your session and user ID.

Information from Third Parties. If you sign in using Apple or Google, we receive basic account information from these providers (such as your Apple ID or Google account details) to authenticate you. We also receive push notification tokens from Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM).

3. How We Use Your Information

We use your personal data for the following purposes:

To provide, maintain, and operate UnisphereHQ's core features — including your profile, feed, communities, events, messaging, stories, and reels.

To personalise your experience using AI-powered features. Our AI assistant (UVA) uses your personality profile, goals, interests, and behavioural patterns to provide personalised recommendations, conversation, and insights. We compute a user vector embedding that combines your personality traits, goals, interests, preferences, and behaviour to enable personality-based matching, content recommendations, and semantic search.

To process payments and manage subscriptions via Stripe, and to facilitate creator payouts via Stripe Connect.

To send you notifications about activity relevant to you — including messages, social interactions, events, community updates, and system announcements — via Apple Push Notification service, Firebase Cloud Messaging, and in-app notifications. You have granular control over notification categories in your settings.

To improve and develop our services by analysing usage patterns, behavioural signals, and engagement metrics. We use machine learning to understand content affinity and preferences over time.

To ensure safety and security — including rate limiting, authentication, content moderation, user blocking and reporting, and detecting abuse or fraud.

To comply with legal obligations under UK law, including the Online Safety Act 2023 and applicable data protection legislation.

4. Legal Bases for Processing

Under the UK GDPR, we rely on the following legal bases to process your personal data:

Contract Performance. Processing necessary to provide you with the UnisphereHQ service, including account creation, profile management, content delivery, messaging, events, community features, and payment processing. This is the primary basis for most of our data processing.

Legitimate Interests. Processing necessary for our legitimate interests, where those interests are not overridden by your rights. This includes improving our services, analysing usage patterns, providing personalised content recommendations, ensuring platform security, preventing abuse, and maintaining system performance.

Consent. Where required, we obtain your consent before processing — for example, for optional AI-powered features, personality profiling, push notifications, and certain data sharing. You may withdraw consent at any time through your app settings or by contacting us, without affecting the lawfulness of processing carried out before withdrawal.

Legal Obligation. Processing necessary to comply with our legal obligations under UK law, including the Data Protection Act 2018, the UK GDPR, and the Online Safety Act 2023.

Vital Interests. In rare circumstances, we may process your data where necessary to protect your vital interests or those of another person — for example, in an emergency situation.

5. How We Share Your Information

We do not sell your personal data. We share information with the following categories of recipients for the purposes described below:

Supabase (PostgreSQL, Auth, Storage, Realtime) — our primary infrastructure provider. Supabase processes all user data, authentication tokens, and uploaded media files across multiple storage buckets (such as profile pictures, feed media, story media, messaging attachments, community media, and event images).

Stripe — processes your email, payment information, subscription status, and Stripe customer ID for payment processing. For creators, Stripe Connect processes creator email, bank and financial details (via Stripe-hosted onboarding), and Stripe Connect account ID. Stripe Identity processes government-issued ID photos and selfie photos for verification purposes.

RevenueCat — receives your app user ID, purchase events, country code, currency, subscription status, and platform to manage in-app subscriptions and entitlements.

Ably — receives your user ID and message content to provide real-time messaging infrastructure. Messages are transmitted via Ably's global edge network and are subject to Ably's data processing policies.

OpenRouter, OpenAI, and Anthropic — receive user messages sent to AI features, user context (personality profile, goals, interests), conversation history, and text for computing embeddings. AI requests may be routed through OpenRouter or the Vercel AI Gateway to various model providers (including OpenAI, Anthropic, and others) based on task complexity. This data powers UVA, personalised recommendations, semantic search, and content affinity learning.

Sentry — receives your user ID, email, username, device platform, error stack traces, and request URLs for crash and error reporting. On the native app, IP addresses are stripped before transmission. On the web app, Sentry Session Replay may capture anonymised interaction data when errors occur.

Jitsi Meet — receives your user ID, name, email, and avatar URL (embedded in a JWT token) for video conferencing and live room participation.

Expo Push Notifications — our push notification delivery is handled via the Expo push notification service, which routes notifications to Apple Push Notification service (APNs) on iOS and Firebase Cloud Messaging (FCM) on Android. Expo receives your push token, device platform, and notification content.

Apple and Google — receive authentication-related data when you use Sign in with Apple or Sign in with Google. Apple receives APNs tokens; Google/Firebase receives FCM tokens for push notification delivery.

Resend — our transactional email provider. Resend receives your email address and email content when we send you account-related communications.

Vercel — hosts our web application and provides anonymous analytics (page views, performance metrics) via Vercel Analytics. Vercel does not receive personally identifiable information through analytics.

UploadThing — assists with file upload routing for media attachments. UploadThing processes upload metadata; files are stored on our own infrastructure (Supabase Storage).

Other Users. Content you share publicly (posts, comments, reels, community contributions, event participation) is visible to other users in accordance with your privacy settings. Direct messages are visible to the recipients. Your profile information is visible according to your configured visibility preferences.

Legal Requirements. We may disclose your information if required by law, regulation, legal process, or governmental request, including to comply with a court order, subpoena, or similar legal procedure.

Business Transfers. In the event of a merger, acquisition, reorganisation, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your data.

6. International Data Transfers

Unisphere HQ Limited is based in the United Kingdom. However, some of our service providers process data outside the UK, including in the United States and other jurisdictions.

Our key service providers — including Supabase, Stripe, OpenAI, OpenRouter, Anthropic, Sentry, Ably, RevenueCat, Jitsi, Expo, Firebase, Apple, Google, Vercel, Resend, and UploadThing — may transfer and process your data in countries that may not offer the same level of data protection as the UK.

Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place in accordance with the UK GDPR. These may include UK International Data Transfer Agreements (IDTAs), Standard Contractual Clauses (SCCs) approved by the Information Commissioner's Office (ICO), adequacy decisions recognising that a country provides an adequate level of data protection, or other lawful transfer mechanisms.

You may contact us for more information about the specific safeguards applied to any particular transfer.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

Account Data: Retained for as long as your account remains active. If you delete your account, your data enters a 30-day grace period during which you can restore your account. After 30 days, your data is permanently deleted, including cleanup of associated Stripe subscriptions, messaging data, and stored media.

Stories: Stories automatically expire after 24 hours and are no longer visible to other users. Expired story data may take up to 30 days to be fully removed from our systems, including backups.

Deleted Content: When you delete content such as posts or comments, it is no longer visible to other users. It may take up to 30 days for deleted content to be fully removed from our active systems. Residual copies in backups may persist for up to an additional 90 days (see Backup and Disaster Recovery below). Soft-deleted communities and groups are permanently purged after up to 30 days.

Conference Transcriptions: Automatically deleted after up to 90 days.

Cached Data: Server-side caches are ephemeral and typically purged within minutes to hours.

Financial Data: Stripe retains payment and financial data in accordance with their own retention policies and applicable financial regulations.

Messaging Data: Messages are stored on our servers and retained for as long as your account is active. When you delete your account, your messaging data is removed as part of the account deletion process.

AI Conversation Data: Your conversations with UVA (our AI assistant) are retained for as long as your account is active. You can delete individual conversations at any time via the app. Deleted conversations are removed from our active systems within 30 days. De-identified or aggregated insights derived from conversations may be retained to improve our AI features.

Device Storage: Authentication tokens are stored in secure device storage (leveraging your device's keychain or secure enclave) and are cleared on sign-out. Onboarding progress, session IDs, UI preferences, and search history are stored in local app storage and cleared on sign-out or account deletion.

Content Shared with Others. If you delete your account or specific content, copies that have been shared with or sent to other users (such as messages in conversations, posts shared within communities, or content forwarded by recipients) may continue to be visible to those users for the continuity of the service. We cannot control content that other users may have copied, screenshotted, or shared outside of UnisphereHQ.

Third-Party Service Data. Third-party service providers we integrate with (such as Stripe, Sentry, Ably, and others listed in Section 5) maintain their own data retention policies. Data shared with these providers is subject to their respective privacy policies and retention schedules, which may differ from ours.

Aggregated Data. We may retain aggregated or anonymised data that can no longer be used to identify you for analytical purposes, service improvement, and research. Such data is not subject to the retention periods above.

Backup and Disaster Recovery. Following deletion from our active systems, residual copies of your data may persist in our backup and disaster recovery systems for up to 90 days before being automatically purged.

Notwithstanding the above, we may retain certain data for longer periods where required by law, to resolve disputes, enforce our agreements, for legitimate business purposes, or to protect the safety and security of our users and platform. Data retained for these purposes is kept only for as long as reasonably necessary.

8. Your Rights

Under the UK GDPR, you have the following rights in relation to your personal data:

Right of Access. You have the right to request a copy of the personal data we hold about you. You can export your data via Settings > Privacy in the mobile app. If you use the web application, you may request a data export by contacting us at support@unispherehq.co.uk.

Right to Rectification. You can update and correct your personal data at any time through your profile and settings within the app.

Right to Erasure. You have the right to request deletion of your personal data. You can delete your account via Settings > Security, which initiates a 30-day grace period before permanent deletion.

Right to Restrict Processing. You have the right to request that we restrict the processing of your personal data in certain circumstances.

Right to Data Portability. You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can export your data as JSON via Settings > Privacy in the mobile app, or by contacting support@unispherehq.co.uk.

Right to Object. You have the right to object to processing based on legitimate interests, including profiling. You can manage many aspects of how your data is used through Settings > Privacy and Settings > UVA Settings.

Rights Related to Automated Decision-Making. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. See Section 10 for more details.

Right to Withdraw Consent. Where we rely on consent as our legal basis, you may withdraw your consent at any time through your app settings or by contacting us. Withdrawal does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, you can use the relevant controls within the app settings or contact us at support@unispherehq.co.uk. We will respond to your request within one month, as required by the UK GDPR. For complex or numerous requests, this period may be extended by up to two further months, in which case we will inform you of the extension and the reasons within the first month.

9. Age Requirement

UnisphereHQ is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If we become aware that we have collected personal data from a person under 18, we will take steps to delete that information and terminate the associated account promptly.

If you believe that someone under 18 has created an account on UnisphereHQ, please contact us at support@unispherehq.co.uk so we can take appropriate action.

10. Automated Decision-Making & Profiling

UnisphereHQ uses automated processing in the following ways:

Content Recommendations. We use your engagement patterns, content affinity scores, and behavioural signals to personalise your feed and suggest relevant content.

Personality-Based Matching. Your personality traits (from the onboarding quiz) are combined with your goals, interests, and behaviour into a mathematical representation (user vector). This vector is used to find and suggest compatible connections through similarity search.

User Vector Computation. We compute embeddings using AI models, combining personality, goals, interests, preferences, and behavioural data. These vectors enable fast similarity search and are recomputed when your data changes.

Content Moderation. We use automated systems to help identify content that may violate our community guidelines or terms of service.

None of these automated processes produce decisions with legal effects or similarly significant effects on you. They are used to enhance your experience and can be influenced through your privacy settings.

You have the right to request human review of any automated decision that significantly affects you. You can manage AI features through Settings > UVA Settings, and you may contact us at support@unispherehq.co.uk for any concerns about automated processing.

11. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it.

All data transmitted between your device and our servers is encrypted in transit using HTTPS/TLS. Authentication tokens are stored in secure device storage, leveraging your device's secure enclave or keychain for encrypted storage.

Our database enforces access controls that ensure users can only access data they are authorised to view. We implement rate limiting to prevent abuse, authentication timeouts to protect sessions, and IP stripping from error reports to minimise unnecessary personal data exposure.

We conduct regular security reviews and follow industry best practices for application security. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, as required by the UK GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

12. Cookies & Tracking Technologies

Mobile App. The UnisphereHQ native mobile application does not use cookies. Session persistence is maintained via a session ID stored in local app storage on your device, which is sent to our servers for request correlation. Authentication tokens are stored securely using your device's keychain or secure enclave. We make required declarations in our Apple Privacy Manifest as required by Apple's guidelines.

Web Application. The UnisphereHQ web application at unispherehq.com uses essential cookies for authentication (Supabase sb-* tokens) and payment fraud prevention (Stripe cookies). We use Vercel Analytics for anonymous, aggregated page view metrics — Vercel Analytics does not use cookies for tracking. We also use browser local storage and session storage for authentication state, theme preferences, UI state, and messaging caches. For full details, see our Cookie & Tracking Policy.

General. We do not use advertising identifiers (IDFA or GAID) or cross-app tracking. We do not engage in any form of tracking for advertising purposes.

Crash and error reporting is handled by Sentry with PII minimisation measures. On the native app, IP addresses are stripped before transmission and breadcrumb retention is limited. On the web, Sentry Session Replay captures interaction data for error reproduction (sampled for a proportion of sessions, and all sessions where an error occurs) with form inputs masked for privacy.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law.

If we make material changes, we will notify you through the app or via email before the changes take effect. We encourage you to review this policy periodically.

Your continued use of UnisphereHQ after any changes to this Privacy Policy constitutes your acceptance of the updated policy. Previous versions of this policy are available on request by contacting us at support@unispherehq.co.uk.

14. Contact Us & Complaints

Unisphere HQ Limited is registered in England and Wales (No. 16068538). 2805 Cortland at Colliers Yard, 5 Bankside Blvd, Salford M3 7HD

For data protection enquiries, to exercise your rights, or for any questions about this Privacy Policy, please contact us at: support@unispherehq.co.uk

For general support, you can reach us at: support@unispherehq.co.uk or via our website at https://unispherehq.com

If you are not satisfied with our response to your data protection concern, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO). You can contact the ICO at ico.org.uk or by post at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom.