Privacy Policy & Cookie Policy

Last updated June 03, 2025

This Privacy Notice for Undercode Testing (“we,” “us,” or “our“), describes how and why we might access, collect, store, use, and/or share (“process“) your personal information when you use our services (“Services“), including when you:

  • Visit our website at https://undercodeTesting.com, or any website of ours that links to this Privacy Notice
  • Engage with us in other related ways, including any sales, marketing, or events

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at [email protected].

SUMMARY OF KEY POINTS

  • What personal information do we process?
    When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use.
    Learn more →
  • Do we process any sensitive personal information?
    We do not process sensitive personal information.
  • Do we collect any information from third parties?
    We do not collect any information from third parties.
  • How do we process your information?
    We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.
    Learn more →
  • In what situations and with which parties do we share personal information?
    We may share information in specific situations and with specific third parties.
    Learn more →
  • What are your rights?
    Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.
    Learn more →
  • How do you exercise your rights?
    The easiest way to exercise your rights is by submitting a data subject access request, or by contacting us at [email protected]. We will consider and act upon any request in accordance with applicable data protection laws.

TABLE OF CONTENTS

  1. WHAT INFORMATION DO WE COLLECT?
  2. HOW DO WE PROCESS YOUR INFORMATION?
  3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
  4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
  5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
  6. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?
  7. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
  8. HOW LONG DO WE KEEP YOUR INFORMATION?
  9. WHAT ARE YOUR PRIVACY RIGHTS?
  10. CONTROLS FOR DO-NOT-TRACK FEATURES
  11. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
  12. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?
  13. DO WE MAKE UPDATES TO THIS NOTICE?
  14. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
  15. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

In Short: We collect personal information that you provide to us, plus certain data automatically.

Personal information you disclose to us

  • Personal Information Provided by You. When you register, express interest, participate in activities, or otherwise contact us, you may provide:
    • Name, phone number, email, job title, username, password, billing address, payment details, etc.
  • Sensitive Information. We do not process sensitive categories (racial/ethnic origin, sexual orientation, etc.).
  • Social Media Login Data. If you sign up via Facebook, X, or another social provider, we receive basic profile data (name, email, profile picture, public info).

All personal info you provide must be true, complete, and accurate. Notify us of any changes.

Information automatically collected

  • Log & Usage Data: IP address, device/browser characteristics, pages viewed, features used, timestamps, crash reports, etc.
  • Device Data: Device identifiers, OS, hardware model, ISP/mobile carrier, system config.
  • Location Data: IP-based or GPS geolocation, if you permit; you can opt out via device/browser settings.

Like many sites, we also use cookies and similar technologies. See our Cookie Notice for details.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: To operate, improve, and secure our Services, communicate with you, and comply with law.

We process personal information for purposes such as:

  • Account Management: Create, authenticate, and manage your account.
  • Service Delivery & Improvement: Provide core features, enhance functionality, run analytics.
  • Communications: Respond to inquiries, send newsletters, marketing (with your consent).
  • Security & Fraud Prevention: Monitor for suspicious activity, protect data integrity.
  • Legal Compliance: Comply with subpoenas, law enforcement requests, regulatory requirements.

We only process data when we have a valid legal basis (see next section).

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?

In Short: Consent, contract performance, legal obligation, vital interests, legitimate interests.

  • Consent: Where you’ve agreed (e.g., marketing emails). You can withdraw at any time.
  • Contract: To fulfill our agreement (e.g., account creation, purchases).
  • Legal Obligation: To comply with laws (e.g., tax, litigation).
  • Vital Interests: To protect someone’s life or safety.
  • Legitimate Interests: Our business interests, balanced against your rights (e.g., site analytics).

If you’re in the EU/UK, Canada, or other regulated regions, additional lawful bases may apply as described in your regional section below.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: Only in limited scenarios for business operations, legal compliance, or with your consent.

  • Affiliates & Subsidiaries: Under common control, bound to this Notice.
  • Service Providers: Vendors who help deliver or improve Services (hosting, analytics, payment processing).
  • Business Transfers: Merger, acquisition, sale of assets—data may be transferred.
  • Legal & Safety: To respond to lawful requests, protect rights, enforce policies, or prevent harm.
  • With Your Consent: Any other sharing you explicitly authorize.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: Yes. We and our third-party partners use cookies, web beacons, pixels, and similar tools.

  • Purpose: Security, session management, preferences, analytics, marketing.
  • Opt-Out: You can manage or disable cookies via your browser settings, but some features may break.

For full details, see our Cookie Notice.

6. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?

In Short: Yes. We provide AI-powered features such as chatbots, automation, and predictive analytics under this Notice.

  • Data Use in AI: Any personal data used in AI features is handled per this Privacy Notice and applicable agreements.

7. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

In Short: If you choose a social login, we receive limited profile data (name, email, picture, etc.) from that provider, and use it only as described here.

We do not control the social platform’s data practices—review their privacy policies for more information.

8. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep data only as long as necessary for the purposes described, or as required by law.

  • Retention Periods:
    • Account/profile data: until account deletion + any legal holds
    • Billing & transaction records: per accounting/tax rules
    • Log data: up to 6 months (unless needed longer for security)
  • When retention ends, we delete or anonymize data, or archive it in isolated backups until deletion is possible.

9. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: You may have rights to access, correct, delete, restrict, or port your personal data—depending on your jurisdiction.

  • How to Exercise: Submit a request via email to [email protected] or use our online request portal.
  • Regions Covered: EEA, UK, Switzerland, Canada, and certain U.S. states (CA, CO, CT, DE, FL, etc.).

10. CONTROLS FOR DO-NOT-TRACK FEATURES

We currently do not respond to browser “Do-Not-Track” signals, as no universal standard exists. We will update this Notice if changes occur.

11. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: Yes. California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia residents have rights to:

  • Know what data we collect/share
  • Access, correct, delete personal data
  • Opt out of sale/sharing for targeted advertising
  • Non-discrimination for exercising rights

For details and state-specific categories, see section 11 in the full notice.

12. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: Yes.

  • Australia: Governed by Privacy Act 1988; you can complain to the Office of the Australian Information Commissioner.
  • EU/UK: GDPR/UK GDPR rights (access, rectification, erasure, portability, objection).
  • Canada: PIPEDA & provincial laws (access, correction, withdrawal of consent).
  • Other Regions: As required by local law.

13. DO WE MAKE UPDATES TO THIS NOTICE?

Yes. We will revise this Notice with a new “Last updated” date. If we make material changes, we may notify you by posting a prominent notice or sending you a direct communication.

14. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

15. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Submit a data subject request or email [email protected]. We’ll verify your identity and respond as required by applicable laws.

Thank you for trusting Undercode Testing with your data. We’re committed to protecting your privacy.

16. WE DO NOT SELL YOUR INFORMATION

We do not sell, trade, or otherwise transfer your personal information to third parties for their own commercial use. Any disclosure of your data is limited to the scenarios described in Section 4 (“When and with whom do we share your personal information?”), and always under the strict controls outlined in this Notice.

17. CHILDREN’S PRIVACY

In Short: We do not knowingly collect or process data from children under 13 (or under 16 in jurisdictions like the EU/UK) without appropriate consent.

We do not knowingly collect personal information from children under the age of 13 (or under 16 where applicable by law, such as under the GDPR). If we become aware that we have collected personal data from a child without verified parental or guardian consent, we will take reasonable steps to delete such data as soon as possible.

If you believe we may have collected information from or about a child in violation of this policy, please contact us immediately at [email protected].

18. INTERNATIONAL DATA TRANSFERS

In Short: We may transfer your personal information across borders, and we ensure your data is protected.

Your personal data may be processed or stored in countries outside of your own, including the United States, Qatar, Australia, or other jurisdictions where our partners or service providers operate. When we transfer data internationally, we implement appropriate safeguards to protect your information, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data processing agreements with third parties
  • Technical and organizational measures to ensure data integrity and security

By using our Services, you consent to such transfers, provided they are in accordance with this Privacy Notice and applicable law.

19. DO BRAZIL RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: Yes. If you are located in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD).

Brazilian data subjects may:

  • Confirm whether we process their data
  • Access, correct, or delete their data
  • Request anonymization or data portability
  • Revoke consent at any time
  • File complaints with Brazil’s data protection authority (ANPD)

To exercise any of your LGPD rights, email us at [email protected] with the subject line: “Brazil Data Request.”

20. DO INDIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: Yes. The Digital Personal Data Protection Act (DPDPA 2023) grants rights to Indian residents.

As an Indian user, you have the right to:

  • Be informed of how your data is processed
  • Access your personal data
  • Correct or delete data
  • Withdraw consent
  • File a grievance if your request is not fulfilled

We are committed to protecting your personal data under the DPDPA. To make a request, please email [email protected] with the subject line: “India Privacy Request.”

21. DO SOUTH AFRICA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: Yes. If you are a South African resident, your data is protected by the Protection of Personal Information Act (POPIA).

Under POPIA, you may:

  • Request access to the personal data we hold about you
  • Request corrections, deletions, or restrictions
  • Object to certain types of processing (e.g., direct marketing)
  • Lodge a complaint with the Information Regulator of South Africa

You can exercise your rights by contacting us at [email protected] and referencing “South Africa POPIA Request.”

22. GLOBAL DATA PROTECTION LAW COMPLIANCE (ADDITIONAL JURISDICTIONS)

In Short: Undercode respects all applicable international privacy laws. Below are key protections for jurisdictions not explicitly detailed elsewhere in this Notice.

A. Asia-Pacific Region

  1. China (PIPL)
    • Explicit consent required for processing sensitive personal data.
    • Cross-border data transfers subject to security assessments.
  2. Japan (APPI) & South Korea (PIPA)
    • Mandatory 72-hour breach notification (APPI).
    • Prior consent for international data transfers (PIPA).
  3. Thailand (PDPA) & Indonesia (PDP Law)
    • Data localization requirements for certain categories.

B. Middle East & North Africa

  1. Saudi Arabia (PDPL) & UAE (DIFC/ADGM Laws)
    • Registration with regulatory authorities may apply.
    • Data localization for government-related processing.
  2. Israel (Privacy Protection Law)
    • Right to access/deletion of database records.

C. Enhanced EU/UK Requirements

  • Data Protection Officer (DPO): Appointed where required under GDPR Article 37.
  • Legitimate Interest Assessments (LIAs): Documented for relevant processing activities.

D. U.S. State-Specific Clarifications

  • Targeted Advertising Opt-Out: Compliant mechanisms for Colorado (CPA), Connecticut (CTDPA), et al.
  • Florida (FDBR): Exemptions for certain business-to-business data.

E. Operational Commitments

  • Cookie Management: Prior consent for non-essential cookies (EU/Canada).
  • Breach Notifications:
    • GDPR: 72 hours
    • Australia: 30 days
  • Automated Decision-Making: Opt-out available where profiling produces legal effects (GDPR Art. 22, LGPD Art. 20).

How to Exercise Rights
Contact [email protected] with:

Proof of identity and jurisdiction.

Subject line: [Jurisdiction] Privacy Request