Unito and Global Privacy Laws (GDPR, CCPA, Loi 25)

Learn how Unito complies with global privacy regulations, rules and how that can affect our platform.

In this article:

Compliance with Data Protection Regulations

Many countries and regions are enacting stricter regulations to protect user privacy. This article explains how Unito complies with these global privacy laws, including:

  • General Data Protection Regulation (GDPR): Applies to the European Union (EU) and the European Economic Area (EEA).
  • California Consumer Privacy Act (CCPA): Applies to California residents.
  • Act Respecting the Protection of Personal Information in the Private Sector (Loi 25): Applies to the province of Quebec, Canada.

Unito's Role under Global Privacy Laws

Depending on how you use Unito, we may act as both a "data processor" and a "data controller" under these global privacy laws.

  • Data Processor: When Unito downloads and transforms personal data contained in synced tasks, cards, and issues, we act as a data processor. This personal data may include assignee or commenter names and email addresses. Unito processes this data according to your instructions and the terms of service of your connected tools (e.g., ClickUp, monday.com).
  • Data Controller: Unito also acts as a data controller for the information we collect directly from you. This customer information includes things like your name, contact details, and any data associated with your Unito account. We use this information to provide our services, offer customer support, and improve our platform.

Our Commitment to Global Privacy

We stand committed to transparency and uphold the highest standards for data security and privacy. We routinely conduct comprehensive reviews of our operations and implement robust security practices to ensure compliance with each of the above-listed global privacy regulations.

We have also updated our Terms of Use and Data Privacy Policy to reflect these legal requirements.

What personal data does Unito collect?

Unito collects and stores data that you voluntarily provide when using our services. This may include:

  • Contact information (name, email address): We collect this data when you sign up for Unito or request support.
  • OAuth tokens: These tokens are necessary to connect Unito to your other project management tools. We encrypt these tokens to ensure the highest level of security.

Unito does not:

  • Permanently store the content of your synced tasks.
  • Retain your data beyond what's necessary to provide our services.

International Data Transfers

Unito utilizes Amazon Web Services (AWS) for data hosting, with servers located in the United States. Additionally, our customer support operations are based in Canada, which is recognized by the EU as providing an "adequate level of protection".

While the EU-US Privacy Shield is no longer a valid mechanism for transferring data, both the US and Canada have mechanisms in place to ensure adequate protection for personal data transferred from the EU.

Unito leverages Standard Contractual Clauses (SCCs) with our own sub-processors to ensure compliance with global privacy laws. We enriched our own DPA with the SCCs, which outline specific data protection commitments. We have also reviewed and strengthened our own technical and organizational measures to safeguard user data.

Who should I contact if I have questions regarding GDPR or my personal data?

If you have any questions regarding global privacy laws or your personal data, please don't hesitate to contact us for more information.

Disclaimer: This document is for informational purposes only and does not constitute legal advice. It is recommended that you consult with a qualified professional for any legal questions you may have regarding data privacy laws.