Privacy Policy

This Privacy Policy (“Policy”) explains how Upvista Digital (“we”, “us”, “our”) collects, processes, stores, protects, and shares personal data in connection with our global software development, artificial intelligence systems, cloud integration, web development, graphics design, and related consulting services (collectively, “Services”). The Policy applies to individuals interacting with our websites, digital platforms, communications, and Service delivery.

By accessing our Services or providing personal data, you acknowledge that you have read and understood this Policy and agree to the practices described herein.

Upvista Digital is the data controller for personal data collected through our Services unless otherwise specified in a Statement of Work (“SOW”) or Data Processing Agreement (“DPA”). For certain engagements, Upvista Digital may act as a data processor on behalf of its Clients. When we act as a processor, we process data strictly in accordance with the Client’s documented instructions.

We may collect the following categories of personal data depending on your interaction with our Services:

• Identification data (full name, job title, employer, country).
• Contact information (email address, phone number, communication preferences).
• Account and authentication data (usernames, hashed passwords, security tokens).
• Service-specific data (project requirements, technical specifications, design assets).
• Financial data (billing information, transaction history, tax identifiers as required).
• Usage data (log files, device identifiers, browser information, IP addresses, geolocation).
• Marketing data (preferences, engagement metrics, survey responses).

We do not intentionally collect sensitive personal data unless explicitly required by an engagement and accompanied by appropriate safeguards and client instructions.

We process personal data for the following purposes:

• Delivering and managing our Services, projects, and client engagements.
• Responding to inquiries, proposals, and support requests.
• Authenticating users and securing accounts.
• Improving our platforms, user experience, and Service quality.
• Conducting research, analytics, and performance monitoring.
• Meeting contractual commitments and regulatory obligations.
• Marketing our Services, subject to your communication preferences.

We rely on the following legal bases for processing personal data:

• Performance of a contract or to take steps at your request prior to entering a contract.
• Legitimate interests in operating and expanding our Services.
• Compliance with legal or regulatory obligations.
• Consent, where required by applicable law.
• Protection of vital interests in exceptional circumstances.

We may share personal data with trusted third parties, including:

• Service providers assisting with hosting, analytics, communications, payments, or security.
• Professional advisors (legal, tax, auditing) under confidentiality obligations.
• Regulators or authorities when required by law.
• Business partners and affiliates for client engagements with your consent.

Personal data may be transferred to jurisdictions outside of your country of residence. When transferring data internationally, we implement appropriate safeguards such as Standard Contractual Clauses, data transfer impact assessments, and encryption controls.

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Policy, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods differ based on data type, engagement context, and regulatory requirements.

Upon request or contract termination, we will delete or anonymize personal data unless retention is required by law or legitimate business purposes (e.g., accounting, legal defense).

Depending on your jurisdiction, you may have the right to:

• Access your personal data and obtain a copy.
• Rectify inaccurate or incomplete data.
• Request deletion (“right to be forgotten”).
• Restrict or object to processing under certain circumstances.
• Receive data in a portable format.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with a supervisory authority.

Requests can be submitted via the contact information in Section 11. We will respond within applicable legal timelines and may require verification of your identity.

We implement administrative, technical, and physical safeguards aligned with industry standards and certifications (including ISO/IEC 27001 practices) to protect personal data. Measures include encryption, access controls, network monitoring, vulnerability management, employee training, and incident response protocols.

Despite our efforts, no system can guarantee absolute security. We encourage clients and users to implement complementary security measures on their systems and platforms.

Our websites and applications may use cookies, analytics scripts, and similar technologies to enhance user experience, analyze performance, and personalize content. You can control cookie preferences through your browser settings or via the consent tools available on our platforms.

Our Services are not directed to children under sixteen (16) years of age, and we do not knowingly collect personal data from children. If we learn that we have collected data from a child without appropriate consent, we will promptly delete such data.

We may update this Policy from time to time to reflect changes in legal requirements, industry practices, or our operational needs. Material changes will be communicated via email or posted on our website with an updated “Last Updated” date. Continued use of our Services constitutes acceptance of the revised Policy.