DemoBook a technical call
Legal

Privacy Policy

Version 1.0 · Last updated 20 April 2026

This Privacy Policy explains how UnifyVerse B.V. ("UnifyVerse", "we", "us") collects and processes personal data in connection with our website, developer portal, and cross-chain routing API (the "Services"). We are a private limited company incorporated in the Netherlands, with registered office at Vinkenburgstraat 2-A, 3512 AB, Utrecht.

For the purposes of the EU General Data Protection Regulation (Regulation (EU) 2016/679, the "GDPR"), UnifyVerse acts as the data controller for personal data processed through the Services.

1. What we collect

We collect only what we need to provide, secure, and improve the Services. Categories include:

  • Account and contact data — name, business email address, company, role, and the content of your communications with us.
  • Developer data — API keys, rate-limit counters, environment tags, and usage metadata tied to your account.
  • Request metadata — source and destination chains and assets, amounts, preference vectors, response times, and the selected route for each call. We do not require, and do not attempt to collect, end-user personal data through the API.
  • Technical data — IP address, user-agent, timestamps, and cryptographic signatures sufficient to authenticate requests and produce audit logs.
  • Site analytics — aggregated, privacy-first analytics on our marketing pages (page views, referrers, device class).

2. Why we process it

  • To provide, operate, and secure the Services;
  • To produce audit-ready routing and request logs required by customer contracts and applicable law;
  • To prevent fraud, abuse, and sanctions-regime violations;
  • To improve routing quality, latency, and failover behaviour;
  • To communicate with you about service-operational matters, including incidents and material changes;
  • With your consent, to send product updates and technical content.

3. Legal bases

We rely on the following legal bases under Article 6 GDPR:

  • Contract (Art. 6(1)(b)) — to perform our agreement with you and provide the Services you request;
  • Legitimate interests (Art. 6(1)(f)) — for security, abuse prevention, service improvement, and business operations, balanced against your rights and expectations;
  • Legal obligations (Art. 6(1)(c)) — where retention, reporting, or cooperation is required by applicable law;
  • Consent (Art. 6(1)(a)) — for optional communications such as our newsletter, which you can withdraw at any time.

4. Sharing and sub-processors

We share personal data only with carefully selected providers that act as processors on our behalf — including cloud hosting, logging, error monitoring, transactional email, and web analytics — bound by written agreements that include GDPR-compliant data-processing terms. An up-to-date list of sub-processors is available on request.

5. International transfers

Our primary processing occurs in the European Economic Area. Where a sub-processor necessarily processes personal data outside the EEA, we rely on the European Commission's Standard Contractual Clauses and, where appropriate, supplementary measures consistent with the Schrems II judgment.

6. Retention

We retain personal data only as long as necessary for the purposes described in this policy, to comply with legal obligations, or to resolve disputes. Request-metadata audit logs are retained for the period specified in the applicable Order Form, and otherwise for no longer than required for security and operational integrity.

7. Your rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you;
  • Request rectification of inaccurate data;
  • Request erasure, where one of the grounds in Article 17 applies;
  • Restrict or object to processing based on legitimate interests;
  • Receive your data in a portable, machine-readable format;
  • Withdraw any consent you have given, without affecting the lawfulness of processing based on consent before its withdrawal;
  • Lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl) or another competent supervisory authority.

To exercise these rights, email privacy@unifyverse.exchange. We will respond within one month, extendable by up to two further months where the request is complex, as permitted by Article 12(3) GDPR.

8. Cookies

We use strictly necessary cookies to operate the site, and may use privacy-first analytics to understand aggregate usage. We do not use advertising or cross-site tracking cookies. Where consent is required, we collect it before any non-essential cookie is set.

9. Security

We apply technical and organisational measures appropriate to the risk — encryption in transit and at rest, principle-of- least-privilege access, continuous monitoring, and periodic review of our controls. We will notify affected customers and, where required, the supervisory authority in the event of a personal-data breach within the timelines required by Article 33 GDPR.

10. Children

The Services are intended for business users. We do not knowingly collect personal data from children under the age at which consent may be given under Article 8 GDPR in the relevant jurisdiction.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version and revise the "Last updated" date at the top of this page. Material changes will be communicated in advance where reasonably practicable.

12. Contact

For privacy questions, requests, or responsible-disclosure reports: