Privacy Policy — UnoPim Demo

1. Who we are

Webkul Software Private Limited ("Webkul", "we", "us") publishes UnoPim, an open-source Product Information Management (PIM) platform, and operates this public demo at demo.unopim.com. For privacy queries contact support@webkul.com.

2. What we collect

• Email address (required, to deliver the verification code and demo confirmation).
• Selected UnoPim version (which Docker image to spin up for you).
• IP address, country (geo-IP), user-agent (security, abuse prevention, analytics aggregates).
• Consent flags: Terms acceptance, optional marketing opt-in.
• Timestamps of consent, OTP issue/verify, demo launch.

We do not collect names, phone numbers, addresses, or payment information on this demo.

3. Lawful basis (GDPR Article 6)

• Legitimate interest: OTP delivery, demo provisioning, fraud and abuse prevention.
• Explicit consent: marketing communications (only if the optional checkbox is ticked).
• Contractual necessity: providing the demo environment you requested.

4. How we use the data

• Send you a one-time verification code.
• Provision a private 60-minute UnoPim sandbox.
• Notify our sales/support team (after a 30-minute cooling-off period) so we can answer questions about UnoPim, Webkul services, or PIM in general.
• Detect abuse (rate limiting, disposable-email rejection).
• Send product updates, tutorials, and release news — only if you opt in.

5. Sub-processors

• Cloudflare Turnstile — anti-bot challenge.
• GitHub — read-only metadata for available UnoPim versions.
• Docker Hub — read-only metadata for available UnoPim images.
• SMTP provider — outbound email delivery for OTP and product communications.

6. Cookies

This demo uses only strictly necessary cookies (session, CSRF, language, post-verification token, Cloudflare Turnstile challenge). We do not load advertising, profiling, or analytics cookies on this page, so no consent banner is required under ePrivacy Article 5(3).

7. Retention

• OTP records: deleted within 24 hours of verification or expiry.
• Lead records without marketing consent: 30 days, then permanently deleted.
• Lead records with marketing consent: retained until you withdraw consent.
• Consent audit log: 7 years (legal proof of consent under GDPR / CASL / CAN-SPAM).

8. International transfers

Webkul is headquartered in India. Data may be processed in India and other regions where our sub-processors operate (e.g. Cloudflare's global edge, SMTP provider). We rely on Standard Contractual Clauses where applicable.

9. Your rights

Under GDPR / UK GDPR / CCPA / CPRA / LGPD / PDPA / CASL you have rights of access, rectification, erasure, portability, restriction, objection, and withdrawal of consent. Email support@webkul.com — we respond within 30 days (GDPR Art. 12(3)).

10. Security

Verification codes are bcrypt-hashed; HMAC-signed session tokens are HttpOnly+Secure+SameSite=Strict; traffic is HTTPS-only with HSTS preload; SQL access uses prepared statements; outbound shell invocations are escaped. Demo containers run with read-only filesystems, dropped Linux capabilities, memory/CPU/PID limits, and no-new-privileges.

11. Contact

Webkul Software Private Limited
H-28, 2nd floor, ARV Park, Sector 63, Noida, Uttar Pradesh 201301, India
Privacy: support@webkul.com · Support: support@webkul.com

EU Representative (GDPR Art. 27): contact support@webkul.com to request the current EU representative.