Uniformly ("we", "us", or "our") operates the uniformly.io website, the static marketing pages, and the Uniformly cloud-based uniform management SaaS platform. We are committed to protecting the privacy, confidentiality, and security of all personal data we process. This Privacy Policy describes how we collect, use, store, disclose, and secure your personal and organizational information in connection with our services.
1. Information We Collect
We collect information only where we have a lawful basis to do so, primarily to provide, improve, and secure our hospitality operations platform:
- User Profile Data: First name, last name, work email address, job title, and password when you register or join a workspace via a team invite.
- Tenant & Organizational Data: Company name, postal address, city, country, postal code, and property specifications. This includes structural records uploaded by workspace admins (e.g. employee names, uniform sizes, department assignments, and stock listings).
- Payment and Billing Information: For paid subscriptions, billing is handled securely by our payment processor, Stripe. We collect and transmit billing email and company contact details to Stripe, but we do not store full credit card numbers, CVVs, or bank details on our servers.
- Usage & Telemetry Data: Information about how you interact with our marketing pages and web application. This includes page views, feature interactions, and performance metrics collected via Google Tag Manager and Google Analytics.
- Security Audit Logs: To maintain secure row-level isolation and platform integrity, our database automatically records system actions, including IP addresses, login timestamps, file exports, and user role updates.
2. How We Use Your Information
We process personal and tenant data strictly for operational, support, and legal compliance purposes:
- Core Service Delivery: To operate the dashboard, manage stock levels, record physical assignments, track laundry logistics, and generate operations reports.
- Billing and Subscriptions: To process payments, manage monthly metered headcount billing, and facilitate subscription upgrades.
- Account Support & Communication: To send critical transaction emails (password resets, invitation links, and threshold alerts) and respond to administrative and support enquiries.
- CRM and Customer Success: To securely sync payment metadata and registration status to our customer success pipeline in HubSpot to optimize support and renewal cycles.
- Security & Compliance: To audit user roles, enforce acceptable use, protect database tenant isolation, prevent malicious activity, and comply with standard auditing audits.
3. Subprocessors and Data Sharing
We never sell, rent, or trade your personal or organizational data to third parties. We share data only with trusted third-party service providers (subprocessors) who assist us in hosting, securing, and maintaining the Uniformly platform:
- Stripe: Payment processing, customer portal, and billing operations.
- HubSpot: Customer relationship management (CRM) and customer success analytics.
- Transactional Email Services: Secure delivery of invitation links, welcome guides, and password reset instructions.
- Google Analytics & GTM: Static website analytics and user experience telemetry.
All subprocessors are strictly bound by comprehensive data processing agreements (DPAs) requiring them to maintain strict security standards matching or exceeding our own.
4. Cookies and Analytical Tracking
We use functional cookies to maintain active login sessions and keep you authenticated as you navigate through the platform. We also use analytical cookies on our marketing website to understand traffic flow. You can adjust your browser settings to decline cookies; however, disabling functional cookies will prevent you from logging in and using the Uniformly web application.
5. Data Security & Tenant Isolation
We employ enterprise-grade security protocols to protect your personal and tenant data:
- Encryption: All data is encrypted in transit using industry-standard TLS 1.3/HTTPS, and database storage is encrypted at rest using AES-256 protocols.
- Tenant Isolation: We enforce strict row-level security constraints at the database level. Every single database query is explicitly scoped to the specific organization and property ID, ensuring complete isolation of tenant data.
- Password Security: User credentials are securely hashed using the industry-proven bcrypt algorithm before storage.
6. Data Retention and Deletion
We retain your personal and tenant data only as long as your workspace account remains active or as needed to provide our services. You can request complete erasure of your data at any time. Upon receiving an account deletion request, we completely purge all company details, staff rosters, inventory lists, and user records from our production database within 30 days. Backup logs are systematically overwritten and permanently purged on a 14-day rolling cycle.
7. Your Rights and Global Compliance
We align our operations with global data privacy frameworks, including the GDPR, California Consumer Privacy Act (CCPA), and Australian Privacy Principles (APPs). Regardless of your location, you have the following rights:
- Right of Access & Portability: You can download CSV exports of your staff rosters, inventory logs, and assignments directly from your Settings tab at any time.
- Right to Rectification: You can update your profile details and company address instantly through the Settings panel.
- Right to Erasure (The "Right to be Forgotten"): You can request complete deletion of your workspace by emailing our support desk.
8. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, your data rights, or standard compliance, please reach out to our privacy officer at [email protected].