Privacy & Security

Unite by Statfinity

Effective date:
September 5, 2025
Who we are:
Unite is an ETL/ELT platform by Statfinity (“we,” “us”).
Contact:
shantanu@statfinity.com
Statfinity Private Limited
794, Sch no 114, Part 2, Indore, 452010 MP India

Scopes & roles

Customer Data in Unite:
You’re the controller/business. We’re your processor/service provider.
Our own data (website, accounts, billing, support, telemetry):
We’re the controller.

What we collect

Customer Data (processor)
Data you choose to sync (e.g., CRM, calls/meetings, analytics, ads, website events, CSVs), including identifiers and event/campaign metadata—only per your configuration
Our controller data
  • Account & billing: name, email, company, workspace settings; billing via our payment provider.
  • Telemetry: job status, connector health, errors, device/browser info, coarse IP.
  • Support & comms: tickets, attachments, optional recordings (with notice).
  • Website & marketing: cookie preferences, analytics, demo forms.

How we use controller data
(and legal bases)

  • Provide and secure Unite; authenticate users; process payments; send service notices; troubleshoot and improve reliability; comply with law.
  • EEA/UK legal bases: contract, legitimate interests, consent (for non-essential cookies), legal obligation.

What we don’t do

  • No sale of personal information.
  • No “sharing” for cross-context behavioral advertising.
  • No advertising/profiling on Customer Data.

Data Protection and Retention

Access controls: Only employees who need Customer Data to perform their duties may access systems that contain personal data. Each user has an individual account (no shared logins), and access is authenticated and logged.
Storage & security: Customer Data is stored in databases protected by firewalls, strong authentication, and other technical safeguards. Primary databases and encrypted backups are hosted in secure data centers; physical access is restricted to pre-designated, authorized personnel.
Retention: We retain personal data only for as long as necessary for the purposes described in this Policy. Personal data in our Customer, Stakeholder, and Marketing records is deleted after the applicable claim/limitation period for the relevant relationship has elapsed—typically ten (10) years.

Security

  • Access & auth: RBAC (least-privilege), quarterly reviews, SSO + MFA; secrets in AWS/GCP Secret Manager with rotation.
  • Data protection: TLS 1.2+ in transit; AES-256 at rest; keys via AWS/GCP KMS with enforced rotation.
  • Infra/network: Private VPCs, subnet segmentation, firewalls/WAF/DDoS; hardened & patched hosts; physical controls inherited from AWS/GCP.
  • App/API: Secure SDLC, peer reviews, dependency scanning; OAuth least scope; tenant isolation and strong session/token hygiene.
  • Monitoring: Centralized logs (auth/admin/jobs/config), real-time alerts; default retention ~30 days (configurable).
  • Incidents: IR runbooks; notify admins of personal-data breaches without undue delay (target 24–48h); RCA & remediation.
  • Resilience: Encrypted daily backups, restore tests; multi-AZ; targets RPO ≤ 24h, RTO ≤ 24h (tighter for enterprise tiers).

Your choices

  • Admin controls: Pick sources/destinations, include/exclude fields, set filters & sync cadence; configure retention/caching.
  • Access & security: Enforce SSO + MFA, manage RBAC roles, rotate/revoke API keys, enable IP allow-listing, review audit logs.
  • Data location: Choose a hosting region (where offered, e.g., EU/US) and keep data in your own destinations (e.g., BigQuery/Snowflake).
  • Export & deletion: Export from your destinations; request data return/deletion; disable connectors or close the workspace to trigger deletion per the DPA.
  • Cookies: Manage non-essential cookies via our banner/browser; essential cookies are required for the service.
  • Marketing: Unsubscribe anytime; transactional/service emails will still be sent.
  • Telemetry & signals: Adjust in-product telemetry (where offered); we honor legally required signals (e.g., GPC) where applicable.

Your rights

  • Scope: Rights vary by law (GDPR/UK GDPR, India DPDP, CPRA, etc.). If your request concerns Customer Data we process for a client, we’ll route it to that controller and assist.
  • You can request: access/copy, rectification, erasure, portability (where applicable), and restriction/objection (including profiling based on legitimate interests—state your specific reasons).
  • Consent: You may withdraw consent at any time; past processing remains lawful.
  • How: Email shantanu@statfinity.in We may verify identity/jurisdiction. We aim to respond within 30 days (extendable where allowed).
  • Regulators: EU/EEA—contact your local authority; UK—ICO; India—our Grievance Officer (below) or the Data Protection Board of India.
  • Grievance Officer (India): Shipika Jain, Statfinity Pvt Ltd, 794, Sch no 114, Part 2, Indore, 452010 MP India, shipika@statfinity.in

Changes to this Security & Privacy Policy

  • We may update this Policy from time to time. When we do, we’ll post the updated version on this page with a new “Last updated” date.
  • If a change is material, we’ll provide additional notice (e.g., email to workspace owners or in-product/banner notice) and, where required by law, seek your consent. We encourage you to review this page periodically.

LET’S BUILD SMARTER DATA PIPELINES — TOGETHER.

Whether you're migrating from another ETL platform or starting fresh, Unite helps your team launch reliable data pipelines fast. Need a demo, drop us a message below:

unite Faq image