Last Updated: 7 February, 2023
This Privacy Policy explains how we at WithUno, Inc. (“Uno,” “we,” “our,” “us”) collect, use, and disclose information through our websites (including www.uno.app, our other online products and services that link to this Privacy Policy (collectively, the “Services”), or when you otherwise interact with us.
We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of the policy and, in some cases, we may provide you with additional notice (such as adding a statement to our homepage or sending you a notification). We encourage you to review the Privacy Policy whenever you access the Services or otherwise interact with us to stay informed about our information practices and the choices available to you.
Section 1. Privacy & Security Services in the Uno App
Uno App is a suite of software components (application) comprising an iOS app, macOS app, and browser extensions that helps you protect your online security.
By using the Uno App, you are asking the Uno App to make changes to your privacy settings and/or personal data. This is what we call “processing of your personal data”.
Before using the Uno App, please read this privacy policy carefully and agree to its terms to continue using the Uno App. If you do not agree with this privacy policy, please do not use the Uno App.
The Uno app locally and privately collects information about your internet accounts, including usernames, passwords, MFA codes, addresses, and credit card information, so that it can aid you as you use your identity online. The Uno app will never change anything in your accounts without your prior authorization. Uno only processes your data because you have consented to it and/or because we are performing a service you have requested from us.
(iii) Transfer and storage of your personal content
Login credentials for any of the accounts you choose to store with Uno for protection, i.e., usernames and passwords, 2nd factor auth codes, service names, addresses, and credit card details, only ever appear in plain text locally on your device or browser. Before this data is transmitted to Uno's cloud for backup and synchronization, it is encrypted using a key stored locally on your device that Uno's cloud services do not have access to.
In no event will the private contents of your secure vault ever be transmitted to Uno in a form that Uno can decipher. The same guarantee holds true for your Uno account identity keys.
Outside of the context of your secure vault, Uno attempts to collect as little personally identifiable information (PII) about you as possible. Uno collects your email address, if you provide it, in order to communicate with you and in order to help you access the correct secure vault when logging in. Uno collects your phone number so that other users may communicate with you, and you with them, when using the app for the purposes of creating shared credential groups and to support the social account recovery feature. The only information the Uno cloud service has access to in plaintext is your email, phone, and a public cryptographic identifier associated with your account.
Any collection of application analytics, metrics, and debugging and troubleshooting information is anonymized in a way that Uno cannot link to your PII. If you consent, the app will associate your email with this information so that we may communicate with you to troubleshoot issues. If you are part of the Uno beta program, as part of the program terms, you additionally consent to have this information automatically associated with the email address you provide when signing up so that we may engage you for feedback if necessary.
If you explicitly grant consent, and only thereafter, the Uno browser extension will display relevant recent emails from your Gmail inbox contextually within your browsing experience. To do so, the app requests the “read” permission. The browser extension also allows you to quickly archive emails once you have finished with them from the same interface used to display them. To do so, the app requests the “modify” permission.
All parts of the OAuth2 credential exchange, all Google API queries, and any processing of the resulting data, happens locally on your device, and never on our servers. Furthermore, the data obtained from your inbox is never shared with anybody, including Uno, and any vendors, consultants, and/or other service providers.
The use of information received from Google APIs fully adheres to the Google API Services User Data Policy, including the Limited Use requirements.