1. What this policy covers
This policy explains how Unio collects, uses, stores, and shares personal information when you use the platform. We handle personal information in line with the Australian Privacy Principles under the Privacy Act 1988 (Cth).
2. What we collect
We collect the following categories of information:
- Account data — your email address, optional display name, avatar, sign-in events, and the approval state of your access request.
- Authentication data — passkey public-key credentials (never your biometrics, which stay on your device) and short-lived email sign-in codes.
- Financial records you enter — holdings, transactions, contributions, decisions, votes, theses, and documents you or your collective import (including broker CSV files and forwarded broker confirmation emails).
- Connection credentials — API keys for third-party exchange or brokerage connections you add, stored encrypted (AES-256-GCM).
- Product telemetry — server logs, error journals, and security events needed to run and protect the service. We may introduce product usage analytics (which screens and features are used) to improve the product; if we do, it will be covered by this policy and used only in aggregate.
- Support communications — messages you send us.
3. How we use it
We use personal information to:
- operate the product — display your collective's positions, tally votes, generate briefings, and keep members in sync;
- secure the service — rate limiting, abuse detection, audit trails of security-relevant events;
- communicate — sign-in codes, membership and governance notifications, and (if you opt in or your collective mandates them) scheduled portfolio briefings, each carrying working unsubscribe controls;
- improve the product — aggregate, de-identified analysis of how features perform.
4. AI processing
Unio's AI features send relevant context — which can include your collective's holdings, decision drafts, and market data — to third-party large-language-model providers (via our AI infrastructure) to generate research answers, intake assistance, and briefings. We send what the feature needs, not your whole account.
Where you configure your own AI provider key, requests for those features are billed to and processed under your provider account and that provider's privacy terms.
5. Who sees your data
Inside the product: members of your collective see the collective's shared records according to the product's roles and rules (for example, votes can be anonymised per the collective's settings). Unio staff access production data only when needed to operate or support the service.
Service providers we use to run Unio process data on our behalf, including: cloud hosting and databases, email delivery, inbound-email processing and object storage, AI model providers, payment processing (if billing applies to you), and market-data sources. We do not sell personal information.
We may disclose information where the law requires it, or to protect the safety and integrity of the service.
6. Cookies and sessions
Unio uses first-party cookies for sign-in sessions, security (cross-site request protection), and remembering interface preferences such as theme and your active collective. We do not use third-party advertising cookies.
7. Storage, security, and retention
Data is stored in managed cloud infrastructure which may be located outside Australia. We protect it with encryption in transit, encryption of connection credentials at rest, access controls, and audit logging.
We keep your records while your account is active because they are your collective's books. Some operational data expires automatically (for example, transient market-news reads). If you close your account, contact us to request deletion of your personal information; note that a collective's shared governance records (contracts signed, votes cast) may need to be retained for the other members' legitimate record-keeping.
8. Your choices and rights
You can access and correct your profile inside the app, control briefing emails via settings and the unsubscribe link in every email, and request a copy or deletion of your personal information by contacting us. If you believe we have mishandled your information, contact us first; you can also complain to the Office of the Australian Information Commissioner (OAIC).
9. Changes and contact
When this policy changes substantively, we bump the revision date and ask you to accept the new version before continuing.
Privacy questions and requests: support@unio.fund.