UnderKey Logo

Privacy Policy

Last updated: April 15, 2025

Welcome to UnderKey (underkey.io). Your privacy is important to us. This Privacy Policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

1. Who We Are

UnderKey is a SaaS (Software as a Service) platform that allows users to generate AI-powered responses for external chats. Our website address is: www.underkey.io.

2. What Data We Collect

We collect and process the following personal data:

  • Account Information: Your email address or Google account ID used to register.
  • User-Generated Content: Chat history, notes, and chat profiles created by you within the app.
  • Cookies and Sessions: Used for basic app functionality and authentication.
  • Analytics Data: Technical information such as browser type, usage patterns, and device data, collected via Vercel and PostHog.

We do not sell or share your data with third parties for advertising purposes.

3. How We Use Your Data

We use your personal data for the following purposes:

  • To provide and maintain the UnderKey service
  • To manage your user account and authentication
  • To enable chat features and save your generated content
  • To analyze usage and improve the performance and experience of the app
  • To send you transactional emails (e.g., account confirmation, billing notifications)

4. Legal Basis for Processing

Under the GDPR, we process your data based on the following legal grounds:

  • Contractual necessity: To provide the services you signed up for
  • Legitimate interests: To improve our product and understand how users interact with it
  • Consent: Given by using the service and accepting our Terms of Service and Privacy Policy

5. Use of Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain user sessions
  • Manage login status
  • Track analytics events (via PostHog and Vercel)

You can control your cookie preferences through your browser settings.

6. Third-Party Services

We work with trusted third parties that process data on our behalf:

ServicePurposeLocation
SupabaseAuthentication & data storageUnited States
VercelHosting and analyticsUnited States
PostHogAnalyticsUnited States
ResendTransactional email deliveryUnited States
OpenAIAI-generated chat featuresUnited States
GoogleOptional login providerGlobal
StripePayment processingUnited States

Each provider complies with industry-standard security practices and may process your data on servers outside the EU.

7. How We Store and Protect Your Data

We take data security seriously. Measures we use include:

  • SSL encryption across all data transfers
  • Server-side processing and secure architecture
  • Supabase Row Level Security (RLS) policies to restrict unauthorized data access

Only authorized personnel can access user data.

8. Data Retention

We retain your personal data:

  • For as long as your account is active
  • Until you delete your account or request deletion

Deleted user data is permanently removed from Supabase and cannot be recovered.

9. Your Rights Under GDPR

As a user in the European Economic Area (EEA), you have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Ask us to fix incorrect or incomplete data
  • Deletion: Request deletion of your data (“right to be forgotten”)
  • Objection: Object to processing in certain situations
  • Portability: Request to transfer your data to another service

To exercise these rights, contact our support team at hello@underkey.io.

10. International Data Transfers

Your data may be stored or processed in the United States through our service providers. We ensure that these providers use adequate safeguards such as Standard Contractual Clauses (SCCs) to protect your data.

11. Payments and Stripe

Payments for UnderKey’s PRO plan are processed by Stripe. We do not store your payment information.

Stripe may collect:

  • Payment method details
  • Billing information
  • Subscription status

We use Stripe webhooks to sync your subscription with our system and assign features accordingly. Stripe’s privacy policy can be found at https://stripe.com/privacy.

No refunds are provided, as credits are linked to third-party services (OpenAI) and consumed upon use.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we’ll post a notice on our website. We encourage users to review this page regularly.

13. How to Contact Us

If you have any questions or privacy requests, please contact:

UnderKey Support Team
✉️ hello@underkey.io 🌐 www.underkey.io