Back

Legal

Privacy Policy

What Unio collects, how it is used, where it goes, and the choices you have.

Revision 2026-07-10

Draft — pending legal review. This document was prepared in-house and has not yet been reviewed by counsel. It states our honest intent and current practice.

1. What this policy covers

This policy explains how Unio collects, uses, stores, and shares personal information when you use the platform. We handle personal information in line with the Australian Privacy Principles under the Privacy Act 1988 (Cth).

2. What we collect

We collect the following categories of information:

  • Account data — your email address, optional display name, avatar, sign-in events, and the approval state of your access request.
  • Authentication data — passkey public-key credentials (never your biometrics, which stay on your device) and short-lived email sign-in codes.
  • Financial records you enter — holdings, transactions, contributions, decisions, votes, theses, and documents you or your collective import (including broker CSV files and forwarded broker confirmation emails).
  • Connection credentials — API keys for third-party exchange or brokerage connections you add, stored encrypted (AES-256-GCM).
  • Product telemetry — server logs, error journals, and security events needed to run and protect the service. We may introduce product usage analytics (which screens and features are used) to improve the product; if we do, it will be covered by this policy and used only in aggregate.
  • Support communications — messages you send us.

3. How we use it

We use personal information to:

  • operate the product — display your collective's positions, tally votes, generate briefings, and keep members in sync;
  • secure the service — rate limiting, abuse detection, audit trails of security-relevant events;
  • communicate — sign-in codes, membership and governance notifications, and (if you opt in or your collective mandates them) scheduled portfolio briefings, each carrying working unsubscribe controls;
  • improve the product — aggregate, de-identified analysis of how features perform.

4. AI processing

Unio's AI features send relevant context — which can include your collective's holdings, decision drafts, and market data — to third-party large-language-model providers (via our AI infrastructure) to generate research answers, intake assistance, and briefings. We send what the feature needs, not your whole account.

Where you configure your own AI provider key, requests for those features are billed to and processed under your provider account and that provider's privacy terms.

5. Who sees your data

Inside the product: members of your collective see the collective's shared records according to the product's roles and rules (for example, votes can be anonymised per the collective's settings). Unio staff access production data only when needed to operate or support the service.

Service providers we use to run Unio process data on our behalf, including: cloud hosting and databases, email delivery, inbound-email processing and object storage, AI model providers, payment processing (if billing applies to you), and market-data sources. We do not sell personal information.

We may disclose information where the law requires it, or to protect the safety and integrity of the service.

6. Cookies and sessions

Unio uses first-party cookies for sign-in sessions, security (cross-site request protection), and remembering interface preferences such as theme and your active collective. We do not use third-party advertising cookies.

7. Storage, security, and retention

Data is stored in managed cloud infrastructure which may be located outside Australia. We protect it with encryption in transit, encryption of connection credentials at rest, access controls, and audit logging.

We keep your records while your account is active because they are your collective's books. Some operational data expires automatically (for example, transient market-news reads). If you close your account, contact us to request deletion of your personal information; note that a collective's shared governance records (contracts signed, votes cast) may need to be retained for the other members' legitimate record-keeping.

8. Your choices and rights

You can access and correct your profile inside the app, control briefing emails via settings and the unsubscribe link in every email, and request a copy or deletion of your personal information by contacting us. If you believe we have mishandled your information, contact us first; you can also complain to the Office of the Australian Information Commissioner (OAIC).

9. Changes and contact

When this policy changes substantively, we bump the revision date and ask you to accept the new version before continuing.

Privacy questions and requests: support@unio.fund.