This Privacy Statement explains how Impierce Technologies B.V. ("us", "we", "our" or "Impierce") handles Personal Data across our website (impierce.com), our products (UniMe, UniCore, and UniTrust), and related services (collectively, the "Services"). It outlines our processing activities in the course of our business, as well as your rights regarding the access, storage, correction, and deletion of your data.
We are committed to empowering individuals and organizations with full control over their data. In any decision around data collection, we always opt for the most privacy-friendly option, minimizing collection to the point of collecting no data at all, to return data autonomy to the individuals and organizations we serve.
Our Services may contain links to third-party websites or services whose information practices are governed by their own privacy statements. We encourage you to review the privacy policies of any third parties you interact with.
1. Privacy Statement Scope
Website Visitors: Anyone browsing impierce.com or interacting with our web-based forms.
Individuals: Individuals utilizing UniMe, our open-source Digital Identity Wallet.
Developers: Developers and organizations utilizing UniCore, our open-source Digital Identity Agent.
Customers: Organizations and their authorized users utilizing UniTrust, our Identity Trust Platform
2. Data Controller
Impierce Technologies B.V. serves as the data controller for the information described in this statement:
Impierce Technologies B.V.
Karekietweide 6, 3993 CD, Houten, the Netherlands
Registered with Chamber of Commerce (KvK) ID: 87959410
If you have any questions about how we handle your information, please contact us at: privacy@impierce.com
3. Key Definitions
Key terms used in this Privacy Statement are defined below:
UniMe
UniMe is an open-source digital identity wallet (mobile application) that enables individuals to collect, store, manage, and share verifiable credentials locally on their device. It enables trust interactions with third-party services while giving individuals full control over if, when, with whom, and what data is shared.
UniCore Agent
UniCore is an open-source identity agent you can deploy as a service, acting as a middleware connector between your existing backend systems and the EUDI Wallet ecosystem. It provides the core credential and identity logic utilized by the UniTrust Platform.
UniTrust
UniTrust is an Identity Trust Platform for managing the lifecycle of verifiable credentials and provides capabilities for ecosystem orchestration and collaboration, supporting secure B2B2C interactions through the exchange of verified data. The platform is designed to align with the proposed framework for European Business Wallets (EUBW), enabling legal entities to securely identify themselves and exchange verified information across sectors and borders.
Holder
An individual or organization that receives, stores, and manages their own verifiable credentials. An individual typically uses a mobile wallet (like UniMe), while an organization may use an enterprise platform (like UniTrust) to hold its own business credentials. The Holder has exclusive control over if, when, with whom, and what data is shared.
Issuer
An entity (usually an organization, e.g. a municipality, university, or employer) that asserts claims about a Holder. They sign a Verifiable Credential and send it to the Holder. Once issued, the Issuer has no further visibility into how or where the Holder shares that credential.
Verifier, Relying Party
An individual or organization that needs to check the validity of a credential presented by a Holder (e.g., an employer verifying skills credentials for a job application, a municipality verifying a PID credential to deliver life event services, or a physical gate verifying an access credential). The Verifier can confirm the credential’s validity and authenticity without needing to contact the original Issuer.
Verifiable Credential (VC)
A secure, tamper-proof digital version of a physical document (e.g. a driver’s license, diploma, professional certificate, or travel ticket) that can be cryptographically verified.
Decentralized Identifier (DID)
A globally unique identifier that allows individuals and organizations to prove ownership of their digital identity without relying on a central authority. DIDs are cryptographically verifiable and enable secure interactions across different platforms and ecosystems.
Distributed Ledger Technology (DLT)
A decentralized, immutable database used to anchor the Root of Trust without storing personal data. It provides a permanent, tamper-proof record of cryptographic proofs, enabling high attack resistance and instant verification of a credential's status (such as its validity or revocation status) while ensuring that no identifiable data is ever exposed on the ledger.
PII-Off-Chain
A privacy-first architecture where Personally Identifiable Information (PII) remains exclusively in the user's wallet. Only a non-identifiable cryptographic proof or hash is recorded on a distributed ledger. This ensures high attack resistance while supporting GDPR’s Right to be Forgotten, as the actual identity data can be deleted from the wallet without breaking the ledger's history.
4. Data Collection and Use (By Service)
4.1 Website (For Website Visitors)
This section describes our privacy practices regarding our website (impierce.com) and any related subdomains that link to this policy, and your direct communications with us.
Website Interactions (Contact and Inquiry Data)
When you interact with our website (for example, by filling out contact forms or booking a demo), we collect information you voluntarily provide.
Data Collected
First Name, Last Name, Email address, Company name, Phone number, the content of your inquiry, and any additional details you choose to share.
How We Use This Data
The information you provide will be used solely to respond to your inquiry and manage our interactions with you. We do not use this data for unrelated marketing or third-party purposes without your explicit consent.
Website Usage, Cookies, and Management
We strive to keep our website as privacy friendly as possible. We do not use advertising cookies, retargeting pixels, or ad network trackers that follow you across the web.
Privacy Respecting Analytics
We use Framer analytics to understand website performance. This tool is cookieless and GDPR-compliant. To count unique visitors without identifying them, it uses a daily rotating salt to anonymize IP addresses. This process resets and deletes every 24 hours, ensuring that your visits cannot be linked together over time or traced back to you personally.
Essential Cookies
We only use necessary, non-tracking cookies to ensure the basic functionality and security of our website. You can manage these at any time by configuring your browser settings to block or delete cookies.
Scheduling Management
We use a third-party scheduling tool to enable you to contact us or book a demo. When you interact with the booking widget, the provider uses its own cookies to manage the scheduling process. You can view and manage your specific preferences directly within the widget via the provider's integrated cookie management tools.
Cookie Banners
We do not use tracking or advertising cookies, therefore we do not require a site-wide cookie consent banner. Aside from the preferences managed within the scheduling widget, there are no tracking or behavioral profiles to opt-out of on our website. We invite you to verify this via Blacklight (themarkup.org).
4.2 UniMe - Digital Identity Wallet (For Individuals)
Context
UniMe is an open-source digital identity wallet (mobile application) that enables individuals to collect, store, manage, and share verifiable credentials locally on their device. It enables trust interactions with third-party services while giving individuals full control over if, when, with whom, and what data is shared.
No Data Collection
We do not collect, store, or have access to your personal data within the UniMe wallet. All data remains solely on your device. We do not have access to your wallet data and cannot track or analyze your personal interactions for our own purposes.
You are in complete control of your data. Any data sharing is initiated and managed solely by you and occurs directly between you and a third party. Because we lack access to your wallet data, we cannot track, analyze, sell, or share your identity information, data or interactions with third-parties.
Third-Party Platforms
Please be aware that third-party platforms, such as the Apple App Store or Google Play Store, may collect data related to app performance, usage, and device information independently of us. We encourage you to review your privacy settings on your device(s) and within these third-party services.
Open Source
UniMe is open source (Apache 2.0 license), meaning our code is public and open for anyone to inspect and use. This allows anyone to independently verify that UniMe does exactly what we say it does: keeping your data private and under your control. You can review our source code on GitHub.
4.3 UniCore - Digital Identity Agent (For Developers)
Context
UniCore is an open-source identity agent you can deploy as a service, acting as a middleware connector between your existing backend systems and the EUDI Wallet ecosystem. It provides the core credential and identity logic utilized by the UniTrust Platform.
No Data Collection
As a headless, self-hosted application, UniCore can be deployed in private environments. This ensures that as a developer or organization utilizing UniCore, you maintain exclusive custody of your data. Because the application runs within your own infrastructure, we have no access to your private instances or the information processed within them.
Open Source
UniCore is open source (Apache 2.0 license), meaning the core identity logic is public and open for anyone to inspect and use. Our UniTrust Platform is built directly upon UniCore, allowing for the public audit of the platform’s underlying identity logic. This structure provides technical transparency for organizations utilizing the UniTrust platform. You can review our source code on GitHub.
4.4 UniTrust - Identity Trust Platform (For Customers)
Context
UniTrust is an Identity Trust Platform for managing the lifecycle of verifiable credentials and provides capabilities for ecosystem orchestration and collaboration, supporting secure B2B2C interactions through the exchange of verified data. The platform is designed to align with the proposed framework for European Business Wallets (EUBW), enabling legal entities to securely identify themselves and exchange verified information across sectors and borders
Data Collection & Consent
Future features requiring data collection or third-party sharing beyond essential operational requirements will be strictly Opt-In. Non-essential data collection and third-party sharing are not enabled automatically or without prior, explicit consent.
eIDAS 2.0
UniTrust is aligned with the eIDAS 2.0 framework (Regulation (EU) 2024/1183) to support interoperability for digital identities and trust interactions as the framework is implemented
EU Business Wallet (EUBW)
UniTrust is designed to align with the proposed framework for European Business Wallets (COM(2025) 838), providing infrastructure for organizational identification and cross-border verified data exchange.
Qualified Electronic Ledgers
UniTrust utilizes Distributed Ledger Technology (DLT) to create a permanent record of credential status without storing personal data. This method anchors non-identifiable cryptographic proofs and aligns with technical specifications for Qualified Electronic Ledgers under Regulation (EU) 2025/2531.
PII-Off-Chain
This architecture reconciles ledger immutability with the GDPR "Right to be Forgotten". While cryptographic proofs are anchored on the ledger for validity. Personally Identifiable Information (PII) remains in the user’s wallet or secure off-chain storage. If off-chain data is deleted or decryption keys are destroyed, the remaining ledger anchor becomes anonymous.
Root of Trust (DIDs)
UniTrust utilizes Decentralized Identifiers (DIDs) as a foundational root of trust, removing reliance on central identity providers and preventing third-party tracking. A DID acts as a globally resolvable identity anchor that supports Selective Disclosure, allowing users to share specific attributes while keeping sensitive data private. Customers define how this root of trust is anchored within the UniTrust platform based on their specific security needs:
did:iota: This option leverages Decentralized Ledger Technology (DLT) to provide a tamper-proof, public anchor. Utilizing a PII-Off-Chain architecture, the ledger stores only cryptographic proofs, providing high attack resistance while guaranteeing that no personal data is stored on-chain.
did:web: Alternatively, customers can anchor the root of trust to their organization’s established web domain.This enables leveraging existing infrastructure and DNS security while maintaining full control over identity attributes.
Option A: Self-Hosted / On-Premise
When you contract with us to use the UniTrust Platform as a Self-Hosted or On-Premise solution, your organization retains full data sovereignty. We are not a Data Processor for your production data. If remote support is required, any access is strictly governed by a separate support agreement or temporary authorization.
Data We Collect:
Relationship Management Data
Legal business name, registered address, and professional contact details as well as first and last name, business email address, and job role of your designated Key Contacts (Billing contact, Agreement contact and Administrator contact). This includes financial information required for invoicing and fiscal records (bank details, VAT numbers, and billing addresses). This data is used strictly for contract administration, license verification and fulfilling our statutory tax and reporting obligations.
Support and Communications Data
We collect professional contact details, including first and last name, business email, telephone number, and role as well as the content of help requests and any messages shared during support queries.
Usage Data
Numerical metrics, such as the total number of credentials issued, re-issued, revoked, or verified, used for billing and license compliance.
Option B: Software as a Service (SaaS)
When you contract with us to use the UniTrust Platform as a Software-as-a-Service (SaaS) solution, we provide the infrastructure while you maintain control of the data. We act strictly as a Data Processor on your behalf. We process your data solely under your instructions and within the scope of the service.
Data We Collect:
Relationship Management Data
Legal business name, registered address, and professional contact details as well as first and last name, business email address, and job role of your designated Key Contacts (Billing contact, Agreement contact and Administrator contact). This includes financial information required for invoicing and fiscal records (bank details, VAT numbers, and billing addresses). This data is used strictly for contract administration, license verification and fulfilling our statutory tax and reporting obligations.
Support and Communications Data
We collect professional contact details, including first and last name, business email, telephone number, and role as well as the content of help requests and any messages shared during support queries.
Usage Data
Numerical metrics, such as the total number of credentials issued, re-issued, revoked, or verified, used for billing and license compliance.
Account and Profile Data
For Authorized Users who have been given access to the platform, we collect the first and last name and business email address, alongside specific roles and permissions assigned within the UniTrust platform for access control and account administration.
Authentication Data
Cryptographic public keys and transient session tokens used for platform access and decentralized identity verification. This data is used only during the one-time cryptographic handshake and is purged upon logout or session timeout.
Credential Content
Specific attributes and personal data submitted to the platform for processing.Credential content data is stored to enable credential lifecycle management, ensuring the availability, auditability, and persistence of credentials and is retained for the duration of the service.
Device and Technical Data
Infrastructure-level information including user agent strings (browser type, OS version, device type) and IP addresses used solely for displaying the platform correctly and monitoring for malicious traffic.
Log and Audit Data
Automatically generated technical logs containing event timestamps and HTTP status codes. Personally identifiable information is redacted from these logs.
Service State Storage & Event Streams
UniTrust retains only the technical identifiers (e.g., internal UUIDs and Schema IDs), configuration metadata, and event streams required to maintain account state and platform stability. Event streams record lifecycle milestones such as Connection Added, Credential Created, or Revoked to ensure auditability.
5. How We Collect Data
We collect personal data through the following channels:
Directly From You (Website Visitors)
Communication
When you contact us via website forms or direct email, we collect the info provided in your inquiry (such as your first and last name, email address, and any additional information shared) to respond to your inquiry.
Engagement
When you book a product demo via our website, we collect your contact details (such as your first and last name, email address, and any additional information shared) through the third-party scheduling widget on our website to calendarize the meeting.
From Customers (UniTrust)
Authorized Platform Access (SaaS Only)
When an administrator adds Authorized Users to the UniTrust Platform (such as first and last name, business email addresses) to provide decentralized platform access.
Relationship Management
When your organization designates you as a Key Contact (such as a Billing, Agreement, or Administrator contact), your professional contact details (such as your business email, telephone number, and job role) and company financial identifiers (such as VAT numbers, bank account details, and billing addresses) are used to administer our contract, facilitate billing, and manage our business partnership.
Technical Integration
When you share specific data points required for API request metadata, system configuration, or requested technical support.
Automatically via our Infrastructure (UniTrust)
Authentication Handshakes
We process authentication data such as cryptographic public keys and ephemeral session tokens during the secure handshakes required to verify identity, issue credentials, or validate the status and claims of a credential.
Log and Audit Data Generation
We automatically generate operational logs for health monitoring and security purposes. These logs capture technical data such as event timestamps and HTTP status codes. Personally identifiable information is redacted from these logs.
Usage Metrics
We automatically aggregate high-level usage data, such as the total count of credentials issued, re-issued, revoked, or verified, for billing and license compliance.
Performance Monitoring
We use tools to ensure platform stability and the technical health of our infrastructure, capturing metrics such as system latency and error logs.
Service State Storage
We store technical identifiers required to maintain account state, including Internal UUIDs (non-sequential, random identifiers), non-PII Schema IDs, and Credential Status Codes, within an encrypted application database.
Device Recognition
We recognize user agent strings and IP addresses at the infrastructure level to optimize platform display and detect fraudulent or unauthorized access attempts.
From Third Parties
Platform Providers
Such as App Stores (Apple App Store, Google Play Store), which share aggregated, non-identifiable usage and performance statistics related to the UniMe Wallet (such as install counts and crash reports) in accordance with their own policies.
6. Data Ownership and Roles
For Individuals (UniMe Wallet)
All digital credentials and any information stored or entered in your UniMe wallet belong solely to you. Your data is encrypted with keys stored only on your device. We cannot access or recover your data if your device is lost. As the sole Data Controller of your personal wallet, you maintain full control and decide if, when, with whom, and what data is shared during any interaction with third-party service providers.For Developers (UniCore Agent)
You retain full ownership and exclusive custody of all data processed within your private UniCore instances. You maintain Independent authority as the Data Controller for all information managed by your UniCore deployment. Because UniCore is self-hosted or deployed in your own private environment, we have no access to your data or transaction logs.
For Customers (UniTrust Platform)
Your organization maintains full ownership of all data provided to, processed within, or generated by the platform. This ownership extends to configurations, audit logs, and any derived datasets, aggregated service metrics or analytics generated through your use of the platform. We make no claim to your generated content, Special Categories & Protected Records, or any other sensitive data managed by your organization. In your Data Controller Role, your organization maintains full authority over user access and data utilization.
For Self-Hosted deployments, we are not a Data Processor, your organization maintains full sovereignty over the environment and data.
For SaaS deployments, we act as a Data Processor, handling platform operational data strictly under your instructions.
7. Purpose Limitation and Data Minimization
We ensure that your data is never re-purposed for activities you did not authorize.
Purpose Limitation
We process personal data only for the specific, legitimate purposes described in this Privacy Statement. We do not use your data for unrelated activities such as third-party marketing, advertising, or profiling.
Service Integrity & Safety
We may process data for essential compatible purposes, including:
Maintaining the security, uptime, and stability of our platform.
Identifying and fixing technical errors (debugging).
Protecting against fraudulent, unauthorized, or illegal activity.
Legal Obligations
We process personal data to comply with valid legal orders, statutory tax requirements, or legitimate requests from public authorities where there is an exceptional need to protect the public interest (e.g., responding to public emergencies).
Data Minimization
We limit data collection to what is strictly necessary to operate the service. Our technical framework is built on Privacy by Design principles, such as utilizing PII-Off-Chain anchoring and enabling Selective Disclosure to prevent the handling of unnecessary data during trust interactions.
8. Legal Bases for Processing (GDPR and Similar Laws)
We process personal data on the following legal grounds:
Performance of a Contract
We process Contract, Identity, and Billing Data (for Self-Hosted) and Account and Profile Data (for SaaS) to fulfill our obligations to you or your organization. This includes providing access to the UniTrust platform, managing your license, and facilitating the Authentication Data required for cryptographic handshakes.
Legitimate Interests
We process data to maintain the security and integrity of our services. This includes utilizing Usage Data for license compliance, processing Support and Communications Data to fix technical errors, and monitoring Device and Technical Data to protect against fraudulent or malicious activity. We only act under this basis when our interests do not override your fundamental rights and privacy.
Consent
Should you choose to proactively opt-in for communications, such as newsletters or product updates, or activate any platform features that require data collection, we will request your informed consent at the point of activation. You maintain the right to withdraw your consent or unsubscribe at any time via your configuration settings or an "unsubscribe" link in our communications.
Legal Obligations
We process Relationship Management Data when necessary to comply with statutory requirements, specifically fulfilling fiscal retention obligations and tax reporting.
9. Data Retention and Deletion
We retain personal data only for as long as necessary to maintain your account, comply with applicable laws, or address outstanding contractual matters. Once data is no longer required for these purposes, we delete or irreversibly anonymize it.
UniMe
Because we do not collect or store your identity data, Impierce has no retention of UniMe content. Your data remains on your device until you choose to delete it.
Website Contact Data
Retained for the duration necessary to respond to your inquiry and for up to 12 months for record-keeping.
UniTrust Account and Service Data
Retained for the duration of a Customer’s contract. Upon contract termination, primary data is deleted or irreversibly anonymized within a maximum of 60 days. This period includes any time used to facilitate account recovery or transition, unless earlier deletion is contractually agreed upon or requested.
This includes:
Account and Profile Data: Authorized User details and permissions.
Customer Content: Identity attributes and credential data
Service State Storage & Event Streams: Technical identifiers (such as internal UUIDs and Schema IDs), template structures, and event streams.
Relationship Management Data
Retained for 7 years following the end of the fiscal year to comply with Dutch statutory fiscal retention obligations. This includes professional contact details of key contacts and financial identifiers (VAT numbers and billing records).
Support and Communications Data
Retained for the duration of our professional relationship to provide ongoing support. Following the end of the relationship, records are retained for at least 12 months to facilitate transitional support and record-keeping.
Backup Data
Backups follow the same 60-day post-termination retention period and deletion process described above for UniTrust Account and Service Data to ensure consistent data erasure across our utilized hosting environment.
10. Your Privacy Rights
Your privacy rights may differ depending on your location, your role and the legal framework that applies to your data.
Rights Under GDPR and Similar Laws
If you are located in the European Economic Area (EEA), the United Kingdom, or a jurisdiction with similar protections, you have the right to:
Right of Access: Request access to the personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure: Request deletion of your personal data under certain conditions.
Right to Restrict Processing: Request limitation of our processing of your data.
Right to Portability: Request to receive your data in a commonly used format.
Right to Object: Object to the processing of your personal data.
Right to Withdraw Consent: Withdraw consent at any time where we rely on it.
Right to Lodge a Complaint: File a complaint with a supervisory authority.
Rights Under U.S. Privacy Laws
If you are located in the United States, regardless of your state of residence, you have the right to:
Right to Know: Request disclosure of the personal data we collected about you.
Right to Delete: Request the deletion of your personal data, subject to legal exceptions.
Right to Correct: Request that we fix inaccuracies in the personal data we maintain.
Right to Portability: Request a copy of your information in a portable and usable format.
Right to Opt-Out: Object to the sale of data or its use for targeted advertising and profiling.
Right to Non-Discrimination: We will never penalize you for exercising your privacy rights.
Exercising Your Rights
You may request the deletion or return of your data at any time. To exercise your rights, please contact us at privacy@impierce.com and let us know the nature of your request (e.g., access, deletion, or correction) and which product or service you are using. To protect your information, we will verify your identity before fulfilling any request. We aim to respond to all valid requests within 30 days.
How you manage your data depends on how you interact with us:
Website Visitors
You can contact us directly to access, update, or delete the information you provided through our website contact forms.UniMe Wallet Users (Self-Sovereign)
UniMe stores your data only on your device. We have no access to your profile or credentials and only you can manage, backup, or delete your data directly from within the UniMe app.UniCore Developers
You or your organization acts as the Data Controller and maintains exclusive custody of all data. As UniCore is designed to run in your own private environment, we have no access to your servers, instances, or logs.UniTrust Customers (SaaS Only)
If you access the UniTrust SaaS platform as an Authorized User within your organization, please direct your privacy requests to your contract administrator. We will assist in responding to your request in accordance with our contractual obligations.
11. Sale, Sharing, and Targeted Advertising
We do not sell or share personal data with third parties for monetary or other valuable consideration. We are committed to these non-commercialization standards as a core principle of our business. Should we ever change our practices, we will update this Privacy Statement and provide a clear, accessible way for you to opt-out, ensuring you always maintain full control over your information.
No Sale or Sharing of Personal Data
We do not sell or share your personal data with third parties for monetary or other valuable consideration.
No Third-Party Advertising
We do not display third-party advertisements or allow ad networks to serve content within our Services or on our website.
No Targeted Advertising
Personal data is not used for targeted or cross-context behavioral advertising, and we do not track user activity across different websites to serve ads.
No Third-Party Ad Networks
We do not permit third-party advertising networks or data brokers to collect data via our Services or our website.
12. Use of Artificial Intelligence (AI)
We utilize generative AI tools to support internal business operations and software development.
Data Isolation
We use non-public AI instances contractually prohibited from using our internal data, source code, or customer information (including personal data) to train their models.
Augmented Development
While AI may be used to assist in drafting code or documentation, all outputs are treated as untrusted until they undergo our peer-review process. No code is merged or deployed without formal internal verification and approval.
No Automated Decisions
AI is not used for autonomous decision-making. Any process affecting the legal rights or service access of individuals is overseen and finalized by a person.
13. Security Measures
We use industry-standard encryption (both at rest and in transit), follow secure development practices, and undergo regular independent penetration tests. Our services run on infrastructure certified to ISO 27001 and SOC 2 Type II standards. For UniTrust, we’ve built in passwordless, cryptographic authentication via the UniMe wallet.
You can explore an overview of our technical and organizational measures here
14. Sub-Processors
To provide our Services, we work with third-party sub-processors.
We only engage partners that offer data protection guarantees equivalent to those required by the GDPR.
Data Location
Your data is primarily hosted within the European Economic Area (EEA). For any processing outside the EEA, we implement Standard Contractual Clauses (SCCs) to maintain a consistent level of protection.
Updates and Notice
As our services evolve, we may update our sub-processor list. We will provide 30 days' advance notice of any material changes via email and by updating our Sub-processor page.
All sub-processors are contractually bound to:
Limited Use: Process data only to provide services to Impierce.
Security Standards: Maintain technical and organizational measures that meet or exceed our own.
No Commercialization: Never sell data or use it for independent marketing.
Compliance Support: Fulfill all data subject rights, including access and deletion.
Data Disposal: Return or securely delete all data once our engagement ends.
Confidentiality: Maintain strict privacy standards and full confidentiality.
You can find our current list of sub-processors here
15. International Data Transfers
We prioritize processing your data within the European Economic Area (EEA), where our core infrastructure is localized. If we work with service providers that process data outside the EEA, we ensure a level of protection equivalent to the GDPR by relying on Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms as defined in Chapter V of the GDPR.
16. User Responsibilities
We cannot be held responsible for the security of your personal device, your operating environment, or data loss resulting from unauthorized access to your device or account
For Individuals (UniMe)
Secure Your Device: You are responsible for the physical and digital security of your device, including the use of biometrics or strong passcodes.
Manage Your Recovery: Because UniMe is zero-access, we cannot recover your wallet if your device is lost or damaged. Recovery currently requires you to request the re-issuance of credentials from your original issuers.
For Customers (UniTrust)
Manage Admin Access: You control which business identities are authorized to access your organization’s account. You must ensure that access is provided only to authorized personnel and promptly revoked when no longer required.
AI Compliance: If you integrate third-party AI tools, you act as the "Deployer" and are exclusively responsible for ensuring compliance with any applicable AI regulations.