Privacy Policy

Welcome to UnifiedTalk. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains what information we collect, why we collect it, how it is used, and the choices you have regarding your data.

By accessing or using any UnifiedTalk service — including our website, desktop application, mobile app, or API — you agree to the practices described in this policy. If you do not agree, please discontinue use of our services.

UnifiedTalk operates as a unified communications platform that connects WhatsApp, Facebook Messenger, website chat, mobile app messaging, and SMS in a single AI-powered inbox. We act as both a data controller (for account and product data) and a data processor (for content you store and transmit through our services on behalf of your organisation).

We collect information in three ways: information you provide directly, information collected automatically, and information received from third-party services you connect.

We do not sell your personal data to third parties. We do not collect sensitive information such as racial origin, health data, or political opinions unless required for a specific service you opt into.

Your data is used only for legitimate purposes that support the delivery and improvement of our services:

• Provide, operate, and maintain the UnifiedTalk platform
• Authenticate your identity and manage your account securely
• Process payments and manage subscriptions
• Send transactional emails such as receipts, password resets, and security alerts
• Improve platform performance through aggregated, anonymised analytics
• Detect and prevent fraud, abuse, and security threats
• Respond to your support requests and feedback
• Comply with applicable legal obligations and lawful requests

We rely on one or more of the following legal bases: contract performance, legitimate interest, legal obligation, or your explicit consent where required.

We do not share your personal data except in the following limited circumstances:

• Service providers: Trusted vendors who help operate our infrastructure (cloud hosting, payment processors) under strict data processing agreements.
• Connected channels: When you link WhatsApp, Facebook, or another channel, data exchanges are governed by that platform's API terms as well as this policy.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may transfer as part of that transaction.
• Legal requirements: When required by law, court order, or government authority, or to protect the rights, property, or safety of UnifiedTalk, our users, or the public.
• With your consent: We will share data with third parties only when you have explicitly authorised us to do so.

All third-party service providers are contractually required to keep your information confidential and to use it only for the purpose we specify.

We use cookies and similar technologies to deliver and improve our services. You can manage your preferences at any time through your browser settings or our cookie consent manager.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

• Active accounts: Data is retained for the lifetime of your account.
• Closed accounts: Account data is deleted or anonymised within 90 days of account closure.
• Communications content: Removed from our servers within 30 days of deletion, unless a legal hold applies.
• Billing records: Retained for 7 years to comply with tax and financial regulations.
• Security logs: Retained for up to 12 months for fraud detection and incident response.

We take the security of your data seriously. Our technical and organisational measures include:

• End-to-end encryption for all messages and calls (AES-256 / TLS 1.3)
• Zero-knowledge architecture for stored content — we cannot read your messages
• Multi-factor authentication (MFA) available on all accounts
• Annual third-party penetration testing and SOC 2 Type II certification
• Role-based access controls and least-privilege principles for staff
• Automated anomaly detection and incident response procedures

Despite our efforts, no transmission over the internet is 100% secure. If you believe your account has been compromised, contact us immediately at security@unifiedtalk.com.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

To exercise any of these rights, visit your account settings under Privacy & Data, or email privacy@unifiedtalk.com. We will respond within 30 days.

If you are in the European Economic Area, you have the right to lodge a complaint with your local Data Protection Authority (DPA). If you are in Saudi Arabia, you may lodge a complaint with the National Data Management Office (NDMO) at ndmo.gov.sa.

UnifiedTalk services are intended for users aged 16 and older (or 13 in the United States). We do not knowingly collect personal data from children under this age.

If we learn that we have collected personal information from a child without verifiable parental consent, we will delete it promptly. Please contact us at privacy@unifiedtalk.com if you believe we may have inadvertently collected such data.

We may update this Privacy Policy from time to time. When we make material changes we will notify you by:

• Posting a prominent notice on our website and within the application
• Sending an email notification to the address on file for your account
• Updating the "Last Updated" date at the top of this page

Continued use of our services after a change takes effect constitutes acceptance of the revised policy.

UnifiedTalk is committed to complying with the Saudi Personal Data Protection Law (PDPL) — Royal Decree No. M/19 dated 9/2/1443H — effective 14 September 2023, and its implementing regulations issued by the National Data Management Office (NDMO).

• Legal basis: We process personal data of Saudi residents on the bases of contract performance, legitimate interest, legal obligation, or explicit consent as defined under PDPL Article 7.
• Sensitive data: Data classified as sensitive under PDPL (health, financial, biometric, or data relating to minors) is only collected with your explicit consent or as required by law.
• Cross-border transfers: Any transfer of personal data outside Saudi Arabia is conducted only where adequate protection exists or with your consent, in compliance with PDPL Article 29.
• Data breach notification: In the event of a breach affecting Saudi residents, we will notify the NDMO within 72 hours of becoming aware of the incident, and notify affected individuals without undue delay.
• Retention: Personal data of Saudi residents is not retained beyond the period necessary for the purpose for which it was collected, in line with PDPL Article 18.
• Your PDPL rights: Saudi residents may exercise rights of access, correction, deletion, and withdrawal of consent by contacting privacy@unifiedtalk.com. Complaints may be lodged with the NDMO at ndmo.gov.sa.

For SMS and messaging services delivered in Saudi Arabia, UnifiedTalk and its customers must comply with the regulations of the Communications, Space and Technology Commission (CST), including obtaining valid recipient consent and registering sender IDs where required.

For questions, requests, or concerns about this Privacy Policy or your personal data, reach our privacy team directly: