Privacy Policy

1. Introduction

This Privacy Policy explains how Ubiquitous, LLC (�we,� �us,� or �our�) collects, uses, and discloses information when you use our software and services (the �App�) that connect commerce platforms and accounting/ERP systems.

2. Information We Collect

We collect only what�s needed to operate the App and provide support. Depending on the integrations you enable, we may collect:

• Platform identifiers (e.g., store domain/ID, organization/account IDs), app configuration and settings
• Authentication artifacts required to perform the services (e.g., OAuth tokens), stored securely
• Operational logs and minimal transaction metadata needed to ensure successful syncs (e.g., order or document IDs, totals, statuses) � configured to exclude end-customer PII
• Support communications you send us (e.g., email, tickets)

Importantly, the App does not persist end-customer personal information (e.g., customer names, emails, addresses). Order/transaction payloads may be processed transiently in memory solely to create accounting entries or synchronize records, then discarded.

When testing or debugging the App, we may use only redacted, de-identified, or synthetic merchant data that excludes any end-customer personal information.

3. How We Use Your Information

• To operate, maintain, and improve the App and its features
• To authenticate and interact with the platforms you authorize (e.g., commerce, accounting/ERP, payment, fulfillment)
• To provide support, troubleshoot issues, and communicate about the App
• To monitor reliability, prevent abuse, and maintain security
• To comply with legal obligations and enforce our terms

We do not sell your data or use it for advertising.

4. Information Sharing and Disclosure

We may share information in the following situations:

• Service providers: cloud hosting, databases, logging/monitoring, and similar vendors who process data under contract and only on our instructions
• Connected services you authorize: for example, accounting/ERP systems (e.g., QuickBooks Online, Xero), commerce platforms (e.g., Shopify, WooCommerce, BigCommerce, Wix), or other integrations you connect
• Legal: when required by law, regulation, or to protect rights, safety, and the integrity of the App
• Business transfers: in connection with a merger, acquisition, or sale of assets

5. Data Retention

We retain shop/account configuration, tokens, and operational records only as long as the App is in use and as needed to deliver the services or comply with law.

• Uninstall / account disconnect: When you disconnect or uninstall the App, we initiate deletion of integration-scoped data and complete it within 30 days.
• Event-driven deletion requests: We honor platform-specific privacy events (for example, commerce platform customer or shop/account redact events). Because we do not persist end-customer PII, these are recorded for audit and otherwise require no deletion of customer records from our systems. Shop/account-level data (e.g., tokens, settings, operational logs) is purged when we receive a platform �account/shop redact� or equivalent event, or upon uninstall/disconnect.
• Backups: Backups (which exclude end-customer PII by design) are rotated and deleted on a rolling basis, typically within 30 days.

6. Security

We implement reasonable technical and organizational measures to protect data, including encryption in transit, restricted access, least-privilege credentials, and monitoring. No system is perfectly secure; please contact us if you suspect an issue.

7. Changes to This Privacy Policy

We may update this Policy from time to time. Material changes will be posted here with an updated �Last Updated� date.

8. Contact Us

Questions or concerns? Contact us at support@ubiquitous.llc.

9. Your Rights (GDPR/CCPA)

Depending on your location, you may have certain rights regarding your personal information:

• Access and Portability: request a copy of information we hold about you.
• Correction: request that we correct inaccurate or incomplete information.
• Deletion: request that we delete information, subject to legal/contractual requirements.
• Restriction/Objection (GDPR): object to or request restriction of certain processing.
• Opt-Out of �Sale�/�Sharing� (CCPA/CPRA): we do not sell or share personal information for cross-context behavioral advertising.
• Non-Discrimination: we will not discriminate against you for exercising your rights.

To exercise rights, email support@ubiquitous.llc. We may need to verify your request and, where permitted, accept requests through an authorized agent.

10. International Transfers

We are a U.S.-based provider and may process information in the United States and other countries. When transferring personal information internationally, we use appropriate safeguards such as standard contractual clauses or other legally recognized transfer mechanisms, as applicable.

• Data roles: We typically act as a processor to the Merchant/account owner for platform-connected data, and as a controller for our own account, billing, and support records.
• Contracts and safeguards: We require service providers to process data only on our instructions and to implement suitable security measures.
• Regional specifics: If you are located in the EEA, UK, or Switzerland, transfers outside your region are made pursuant to lawful transfer mechanisms. Contact us for details.

Last Updated: October 14, 2025