This Privacy Policy applies to YUNIT SL, Urb. Borda Rutllan 7A, AD400 La Massana, Principality of Andorra, and to the public website, business portal, consumer wallet portal, consent workflows, and OAuth integrations operated under yunit.tech.
YUNIT SL is subject to the Andorran LQPD and APDA supervision. This page is also intended to support Google OAuth app verification by clearly explaining how Google user data is accessed, used, stored, shared, and protected.
Data we collect
- Contact and account data, such as name, email address, company, role, phone number, and support messages.
- Business portal data, such as tenant records, OAuth client configuration, redirect URIs, consent request metadata, deletion workflows, DPA signatures, and auditor access logs.
- Consumer wallet data, such as self-declared profile attributes, wallet token status, consent decisions, request purpose, approved scopes, and revocation or blocking preferences.
- Technical data, such as IP address, device/browser metadata, security logs, and optional Google Analytics events when analytics cookies are accepted.
- Google OAuth data, when you choose to sign in or connect through Google, such as your Google account identifier, email address, display name, profile image, and the OAuth scopes explicitly shown on the Google consent screen.
How we use Google user data
- We use Google user data only to authenticate the user, identify the account, provide the requested YUNIT functionality, secure the session, and support the integration the user explicitly approved.
- We do not use Google user data for advertising, profiling unrelated to the requested service, or resale.
- We do not sell Google user data.
- We do not transfer Google user data to third parties except where necessary to provide or secure the service, comply with law, or act on your instructions.
- Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
How we use other personal data
- To operate the YUNIT website, business portal, consumer portal, LQPD managed service, consent workflows, deletion workflows, DPA records, and support processes.
- To issue and manage customer consent requests, wallet identifiers, one-time email codes, and audit trails.
- To communicate about requests, onboarding, security events, billing, support, and service changes.
- To protect the service, prevent abuse, diagnose failures, and maintain evidence needed for compliance and audit.
Sharing and processors
YUNIT uses service providers for hosting, database infrastructure, email delivery, payment processing, analytics, and operational tooling. These providers process data only for the purposes required to deliver and secure the YUNIT service.
We may disclose data if required by applicable law, APDA supervision, court order, or necessary legal process.
Security and retention
- We use access controls, environment-separated credentials, HTTPS, audit logs, and operational security procedures to protect data.
- Sensitive secrets and signing materials are kept out of the public repository and stored in controlled deployment environments.
- We retain personal data only for as long as needed to provide the service, meet legal obligations, resolve disputes, secure the platform, and maintain audit evidence.
Your rights
Depending on the context, you may request access, correction, deletion, restriction, objection, portability, or withdrawal of consent. Consumers can also use the consumer portal to review consent history and block future business requests.
You can contact YUNIT at ingo.taraske@yunit.tech or julia.taraske@yunit.tech. You may also contact the Andorran data protection authority, APDA, where applicable.