Privacy Policy
Last updated: May 8, 2026 · Effective: May 8, 2026
This Privacy Policy describes how UBASE LLC (a Wyoming limited liability company, EIN 37-2181816, registered at 1600 Van Lennen Ave, Ste 101, Cheyenne, WY 82001, United States; "UBASE", "we", "us") collects, uses, discloses, and protects information when you visit ubase.dev or use any of the software products operated by UBASE LLC, including FactNet, DealBase, and zpace (collectively, the "Services").
Local operators. Some Services are commercially operated in specific countries by affiliated entities. FactNet is operated in Peru by FactNet E.I.R.L., an affiliate of UBASE LLC, which acts as the local data controller for Peruvian customer billing and contractual data. UBASE LLC remains the publisher of the FactNet mobile applications and the controller of cross-product data described in this policy.
1. Information we collect
1.1 Information you provide
- Account data: name, email address, phone number, business name, tax ID (RUC, EIN, or equivalent), country, and password (stored as a salted hash).
- Billing data: billing address, payment method metadata. Card numbers are never stored on our servers — they are tokenized by our payment processors (Mercado Pago, Stripe).
- Customer-managed data: data you upload to the Services, such as customer records, invoices, conversation history, products, and files. You retain ownership of this data; we process it on your behalf.
- Communications: messages you send to support or via contact forms.
1.2 Information collected automatically
- Device and log data: IP address, browser type, operating system, referring page, pages visited, timestamps, and crash reports.
- Usage data: features used, actions taken within the Services, and aggregate usage metrics.
- Cookies and similar technologies: session tokens, authentication cookies, and analytics identifiers (see Section 6).
1.3 Information from third parties
- Authentication providers (Google, Apple) when you sign in with single sign-on.
- Messaging platforms (WhatsApp Business Platform via Meta) for products that integrate with WhatsApp, including DealBase. Message metadata and content sent through your connected accounts pass through our infrastructure to deliver the Service.
- Tax authorities and electronic invoicing providers (SUNAT via QPse for FactNet) for status and validation of issued documents.
2. How we use information
- Provide, maintain, and improve the Services.
- Authenticate users and protect accounts from unauthorized access.
- Process payments and issue receipts or tax documents.
- Communicate with you about your account, security alerts, and product updates.
- Provide customer support.
- Detect, prevent, and respond to fraud, abuse, and security incidents.
- Comply with legal obligations, including tax and electronic invoicing regulations in Peru and other jurisdictions where our Services operate.
- Aggregate or anonymize data for analytics and product research.
3. Legal bases (for users in jurisdictions with applicable laws)
We process personal data on the following bases: performance of a contract (to provide the Services you signed up for), legitimate interests (to keep our platform secure and improve it), consent (for optional features such as marketing communications), and legal obligation (for tax records, electronic invoicing, and regulatory cooperation).
4. How we share information
We do not sell personal data. We share information only in the following circumstances:
- Service providers who process data on our behalf under contract: cloud hosting (Vercel, Supabase, AWS), payment processors (Mercado Pago, Stripe), email infrastructure (Resend, Cloudflare), analytics, and customer support tools.
- Affiliated operating entities (e.g., FactNet E.I.R.L. for FactNet customers in Peru) for the purposes of operating the Services in the local market.
- Tax and regulatory authorities when required for electronic invoicing (e.g., SUNAT for Peruvian invoicing, via the PSE intermediary QPse).
- Messaging and platform providers (e.g., Meta for WhatsApp Business Platform) when you use integrations that depend on them.
- In connection with legal requirements: court orders, subpoenas, government requests, or to protect rights, safety, and property.
- In a corporate transaction: in the event of a merger, acquisition, or sale of all or substantially all of our assets, with notice to affected users.
5. International transfers
UBASE LLC is based in the United States. Data may be processed in the United States, the European Union, and Latin America (Peru, Mexico, Colombia, Brazil) by our service providers. Where applicable, we rely on standard contractual clauses or equivalent safeguards for cross-border transfers.
6. Cookies and tracking
We use cookies and similar technologies for authentication, session management, security, preferences, and basic analytics. You can control cookies through your browser settings; disabling certain cookies may limit functionality.
7. Data retention
We retain personal data for as long as your account is active and as necessary to provide the Services. Specific retention applies as follows:
| Data type | Retention |
|---|---|
| Account credentials and basic profile | Until account deletion |
| Issued electronic invoices (FactNet) | 5 years (Peruvian tax law minimum) |
| Payment and billing records | 7 years (US/local tax law minimum) |
| Conversation history (DealBase) | Until you delete it or close your account |
| Server logs and security events | 90 days, longer if related to a security incident |
| Backup snapshots | 30 days rolling |
8. Your rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your data (see our Data Deletion page).
- Object to or restrict certain processing.
- Receive a portable copy of your data.
- Withdraw consent where processing is based on consent.
- Lodge a complaint with a supervisory authority (e.g., the Autoridad Nacional de Protección de Datos Personales of Peru, or the data protection authority in your country).
To exercise these rights, email hello@ubase.dev. We will respond within 30 days.
9. Security
We implement industry-standard technical and organizational measures to protect personal data, including encryption in transit (TLS 1.2+) and at rest, role-based access control, audit logging, and routine security reviews. No system is perfectly secure; we will notify affected users of any incident as required by applicable law.
10. Children
The Services are intended for businesses and adults aged 18 or older. We do not knowingly collect personal data from children under 18. If you believe a child has provided us data, contact hello@ubase.dev.
11. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the latest revision. We will notify users of material changes by email or in-product notice.
12. Contact
UBASE LLC
1600 Van Lennen Ave, Ste 101
Cheyenne, WY 82001, United States
Email: hello@ubase.dev