Skip to content
🔍

Privacy Policy

Contents

Privacy Policy

We build with a privacy-first mindset. This section outlines the information we collect and how we protect it across the Unchartd portfolio.

1. Information We Collect

GigReceipt

  • OTP phone verification: Used strictly for authentication. Phone numbers are not shared with third parties.
  • Billing information: Required for subscription processing. Handled by PCI-compliant payment processors.
  • GST details & UPI IDs: Collected for compliance and tax configurations. You are solely responsible for the accuracy of tax identifiers entered.
  • Receipt metadata & business profiles: Processed to generate accurate documentation. GigReceipt is a document generation tool — not a licensed accounting or tax advisory service.

Financial Disclaimer: Receipts and invoices generated by GigReceipt are tools for record-keeping purposes only. They do not constitute certified financial documents, tax returns, or legal instruments. Users must independently verify accuracy and consult qualified accountants or tax professionals for official filings.

Labuno

  • Pathology workflows: Operational data including test orders, sample tracking, and report generation.
  • Patient information & health-related content: Protected under healthcare compliance standards including applicable provisions of HIPAA (US), DISHA (India), and equivalent regional healthcare data protection frameworks.
  • Clinical user credentials: Role-based access with audit trail logging for all data access events.

Healthcare Data Protection: Health information processed by Labuno is encrypted using AES-256 at rest and TLS 1.2+ in transit. Data is stored in geographically appropriate regions based on user jurisdiction. For US-based clinical users processing Protected Health Information (PHI), a Business Associate Agreement (BAA) is available upon request — contact support@unchartd.online. Labuno is a clinical workflow tool and does not provide medical diagnoses, treatment recommendations, or function as a regulated medical device.

Cognode

Cognode operates on a local-first architecture. Data is processed on-device whenever possible. We may optionally sync encrypted information to provide cross-device access, but encryption keys remain under user control.

AI Model Disclosure: Cognode and AI Product Auditor may utilize third-party AI models (including OpenAI, Anthropic, and similar providers) for knowledge synthesis, content generation, and analysis. Your input data is sent to these providers solely for processing — it is not used to train their models when processed through our API agreements. All AI-generated outputs are subject to our AI Disclaimer.

General Portfolio Data

Across all products, we may collect standard diagnostic and operational data including device information, analytics, crash reporting, and usage metrics to ensure reliability and continuous improvement.

Data Processing & Subprocessors

We partner with industry-leading infrastructure providers who operate as secure data processors. We explicitly state: We do not sell personal information.

  • Supabase: Provides enterprise-grade authentication, database management, and secure storage solutions.
  • Vercel: Handles edge hosting, deployment, and performance optimization.

Payments

Payments across Unchartd products may be processed through:

  • Apple App Store
  • Google Play
  • Authorized third-party payment providers (e.g., Stripe)

Unchartd does not directly store payment card details on our servers. All sensitive financial transactions are tokenized and handled by PCI-compliant partners.

How Data is Used

The data we collect is utilized strictly for the following operational purposes:

  • Account management and identity verification
  • Platform security and integrity
  • Service improvements and feature development
  • Aggregated, anonymized analytics
  • Fraud prevention and risk mitigation
  • Customer support and troubleshooting

User Rights

You maintain full control over your data. You have the right to:

  • Access: Request a copy of your personal data.
  • Deletion: Request permanent erasure of your data (see Data Deletion section).
  • Correction: Update inaccurate or incomplete information.
  • Export: Receive your data in a structured, machine-readable format.

To exercise any of these rights, please submit a contact request to our support team.

Children's Privacy

Our services are not directed at individuals under the age of 16 (or 13 in the United States under COPPA). We do not knowingly collect, solicit, or process personal data from children.

If we become aware that we have collected personal data from a child without verified parental consent, we will take immediate steps to delete that information from our servers.

If you believe that a child has provided personal information to us, please contact support@unchartd.online immediately so we can take appropriate action.

Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

  • Consent: Where you have given explicit consent for specific processing activities (e.g., marketing communications, optional analytics cookies).
  • Contract Performance: Where processing is necessary for the performance of a contract with you (e.g., account creation, service delivery, subscription management).
  • Legitimate Interest: Where processing is necessary for our legitimate business interests (e.g., fraud prevention, security monitoring, product improvement), provided these interests are not overridden by your rights.
  • Legal Obligation: Where processing is necessary to comply with applicable laws (e.g., tax reporting, financial record-keeping).

You have the right to withdraw consent at any time where consent is the basis for processing. You also have the right to lodge a complaint with your local supervisory authority.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Specific retention periods are as follows:

  • Account data: Duration of active account plus 30 days following deletion request.
  • Financial and receipt data (GigReceipt): Up to 7 years to comply with tax and financial record-keeping requirements.
  • Health-related data (Labuno): In accordance with applicable healthcare data retention laws in the user's jurisdiction.
  • Analytics and usage data: 26 months on a rolling basis, anonymized where possible.
  • Support correspondence: Up to 3 years following resolution.
  • Backup systems: Deleted data may persist in encrypted backups for up to 90 days before complete purge.

After the applicable retention period, data is securely deleted or anonymized so that it can no longer be associated with you.

Your California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal information, subject to certain legal exceptions.
  • Right to Opt-Out of Sale: We do not sell your personal information. If this practice ever changes, we will provide a clear opt-out mechanism.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
  • Right to Correct: You may request correction of inaccurate personal information.

To exercise these rights, contact us at support@unchartd.online. We will respond to verifiable requests within 45 days.

International Data Transfers

Unchartd operates infrastructure primarily in the United States. If you access our services from outside the United States, your data may be transferred to, stored, and processed in the United States or other countries where our service providers maintain facilities.

For users in the EEA, UK, or Switzerland, we implement appropriate safeguards for cross-border transfers including Standard Contractual Clauses (SCCs) approved by the European Commission. These safeguards ensure your data receives an adequate level of protection regardless of where it is processed.

Cookies & Tracking Technologies

We use cookies and similar tracking technologies to operate, maintain, and improve our services. For full details, see our dedicated Cookie Policy.

Categories of Cookies

  • Strictly Necessary: Required for core platform functionality (authentication, security, session management). Cannot be disabled.
  • Analytics: Help us understand how our products are used so we can improve them. Can be opted out of.
  • Preferences: Remember your settings and choices (e.g., theme, language). Optional.

We do not use advertising or behavioral tracking cookies. You can manage your cookie preferences at any time through your browser settings or our cookie preference controls.

Data Processing Agreement (B2B)

For enterprise, clinical, or B2B customers utilizing our products (particularly Labuno and Cognode) where Unchartd acts as a Data Processor under GDPR or a Business Associate under HIPAA, a formal Data Processing Agreement (DPA) or Business Associate Agreement (BAA) is required.

The DPA/BAA outlines our obligations regarding the processing, securing, and handling of Personal Data or Protected Health Information (PHI) on your behalf.

To request our standard DPA or BAA, or to discuss executing a custom agreement, please contact our privacy team at support@unchartd.online with the subject line "DPA/BAA Request - [Your Company Name]".