unLAP

Last updated: March 8, 2026

Privacy Policy

Last updated: March 8, 2026

This Privacy Policy explains how Unlap Corporation (“we,” “us,” or “our”) collects, uses, discloses, and protects personal information in connection with unlap.ai, console.unlap.ai, and any other website, application, or service that links to this Privacy Policy (collectively, the “Services”).

If you have questions or want to exercise a privacy right, contact us at privacy@unlap.ai.

1. Scope

This Privacy Policy applies to:

  • visitors to unlap.ai
  • users of console.unlap.ai
  • people who join our waitlist, request access, or otherwise contact us

This Privacy Policy applies to the hosted Services and any other website, application, or service that links to it. It does not, by itself, govern purely local use of separately licensed open-source software that does not communicate with our hosted Services.

Customer Content

“Customer Content” means queries, SQL, connected-system data, configuration data, files, and related metadata that a user or customer submits to the Services or causes the Services to access on their behalf.

When We Act as Controller or Processor

We generally act as the controller for website, waitlist, account, billing, support, security, product-development, and direct business relationship data.

We process Customer Content on behalf of the customer that submits it to the Services or directs us to access it.

Service telemetry, diagnostic data, security data, performance data, and aggregated or de-identified usage information are not treated as Customer Content and may be processed by us for our own operational, security, and product-improvement purposes, as described in this Privacy Policy.

If you use the Services directly, you may contact us directly about your personal information. If you use the Services through a customer, requests relating to Customer Content generally must be directed to that customer, and we will assist as required by applicable law or contract.

This Privacy Policy does not govern the independent privacy practices of third-party services that you choose to connect to the Services or visit from our Services. Those third parties have their own terms and privacy policies.

2. Information We Collect

We collect personal information from the following sources:

Information you provide directly

Depending on how you use the Services, we may collect information you choose to provide, such as:

  • your work email address and other contact details
  • your name and any company, team, or role information you choose to provide
  • account, login, and authentication information
  • waitlist, contact, support, and other communications you send us
  • service inputs, configuration details, and other content you submit through the Services

If you purchase paid Services from us, Stripe may collect billing and payment information during checkout. We do not store full payment card numbers.

Depending on the context, this information may include information about you, your organization, or the customer you represent, including information submitted for processing through the Services.

Information we collect automatically

When you use the Services, we may automatically collect:

  • IP address
  • browser, device, and operating system information
  • pages or screens viewed, timestamps, referring URLs, and similar usage data
  • application, diagnostic, error, and performance information
  • approximate location information derived from network or device signals, such as country or region

Information we receive from third parties

We may receive information from:

  • identity and authentication providers, such as Google, GitHub, and Supabase Auth, when you sign in through them
  • third-party platforms you choose to connect to the Services, such as BigQuery, Snowflake, or Amazon Redshift
  • payment providers, such as Stripe, if you purchase or subscribe to a paid offering

The Services are not designed for intentional submission of sensitive personal information through standard account, waitlist, support, or AI-assisted feature inputs. Unless a separate agreement expressly permits it, do not submit sensitive personal information through those inputs. If Customer Content from connected systems or other supported product workflows nevertheless includes sensitive personal information, we process it only as needed to provide and secure the Services, comply with law, and fulfill our obligations under our agreements.

3. How We Use Information

We use personal information to:

  • provide, operate, maintain, and secure the Services
  • create and manage accounts, authenticate users, and support sign-in flows
  • connect to third-party systems that you authorize us to access
  • analyze service usage and improve product quality, reliability, and performance
  • operate AI-assisted automation features within the Services
  • communicate with you about account access, support, security, billing, and other service-related matters
  • send product news, launch announcements, and other marketing communications where permitted by law and consistent with your preferences
  • detect, investigate, and prevent fraud, abuse, security incidents, and other harmful activity
  • comply with legal obligations and enforce our terms, policies, and other rights

If you purchase paid Services from us, we may also use personal information to administer subscriptions, process billing, and manage transactions.

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.

4. AI-Assisted Features

unLAP includes AI-assisted features that help automate parts of our query optimization workflows. To support those features, we may process Customer Content, including query-related text and related metadata, needed to generate automation results.

We may use third-party AI service providers, including Google Cloud AI and Fireworks AI, to process Customer Content and related metadata on our behalf.

We do not currently use Customer Content to train generalized models or improve AI-assisted features.

If we change this practice, we will update this Privacy Policy and provide any additional notice or obtain any consent required by applicable law or contract. Different commitments may apply under the applicable customer terms or a separate agreement.

We may use service telemetry, diagnostic data, security data, performance data, and aggregated or de-identified usage information to operate, secure, troubleshoot, and improve the Services, including AI-assisted features.

5. How We Share Information

We may disclose personal information to the following categories of recipients:

  • service providers that help us host, secure, operate, and improve the Services
  • identity and authentication providers
  • AI service providers used to power AI-assisted features
  • communications and support providers
  • payment processors, if you purchase a paid offering
  • third-party platforms you choose to connect to the Services
  • legal, regulatory, law enforcement, or similar authorities when required by law or necessary to protect rights, safety, or the Services
  • parties involved in an actual or proposed financing, merger, acquisition, asset sale, reorganization, or similar transaction

Our current service-provider stack may include:

  • Cloudflare Pages and Cloudflare Web Analytics
  • Google Cloud Platform and Google Cloud AI
  • Fireworks AI
  • Hetzner
  • Supabase Auth
  • Google Sign-In and GitHub OAuth
  • MongoDB Atlas
  • Zoho Mail
  • Stripe, if you purchase a paid offering

Third-party platforms you may direct us to connect to can include:

  • BigQuery
  • Snowflake
  • Amazon Redshift

6. Cookies and Similar Technologies

We use cookies and similar technologies for limited operational purposes, including:

  • session and authentication handling
  • security and fraud prevention
  • basic service functionality
  • analytics and performance measurement

For example, we may use cookies or similar storage mechanisms to maintain signed-in sessions and secure the Services. We also use Cloudflare Web Analytics or similar beacon-based analytics tools to understand site traffic and usage. We do not use advertising cookies, retargeting cookies, or social media tracking pixels.

You can control cookies through your browser settings, but blocking strictly necessary cookies may prevent parts of the Services from working properly.

7. Data Retention

We keep personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, comply with law, resolve disputes, and enforce our agreements.

In general:

  • account and authentication information is retained while your account is active and for a limited period afterward to support security, fraud prevention, account recovery, and legal compliance
  • waitlist and marketing records are retained until you unsubscribe, request deletion, or they are no longer needed for the purposes described in this Privacy Policy, subject to legal retention obligations
  • support records are retained for as long as reasonably necessary to support the Services, resolve disputes, improve support operations, and meet legal or operational requirements
  • billing and transaction records are retained as required for legal, tax, accounting, and audit purposes
  • Customer Content is retained for as long as needed to provide the Services and in accordance with the applicable customer terms or service configuration. After the end of the relevant service relationship, we delete Customer Content or, where reasonably feasible using standard Service functionality or otherwise agreed in writing, return Customer Content in accordance with the applicable customer terms or service configuration, except to the extent retention is required by applicable law

8. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information. However, no internet transmission or storage system is completely secure, and we cannot guarantee absolute security.

9. Children’s Privacy

The Services are intended for business users and are not directed to children under 18. We do not knowingly collect personal information from children under 18.

10. Requests Relating to Customer Content

If your request relates to account, contact, billing, support, or other data that we control directly, you may contact us directly.

If you use the Services through an organization or another customer, and your request relates to Customer Content submitted to unLAP on that customer’s behalf, your request generally must be directed to that customer, and we will assist as required by applicable law or contract.

11. U.S. Privacy Rights

Residents of certain U.S. states may have privacy rights under applicable law, including rights to:

  • know whether we process their personal information
  • access personal information
  • correct inaccurate personal information
  • delete personal information
  • receive a copy of certain personal information
  • appeal a denial of a privacy-rights request
  • opt out of certain profiling and, where applicable, targeted advertising or sale of personal information

We do not sell personal information or share personal information for targeted advertising. We do not disclose personal information to third parties for their own direct marketing purposes.

Categories of personal information we may collect and disclose

Depending on how you use the Services, we may collect and disclose the following categories of personal information:

  • identifiers and account information, such as name, email address, account identifiers, and IP address
  • customer record information, such as name or billing contact information, if you provide it or purchase a paid offering
  • commercial information, such as subscription or transaction records, if you purchase a paid offering
  • internet or other electronic network activity information
  • approximate geolocation information
  • professional or employment-related information, if you choose to provide company or role details

We do not seek to collect sensitive personal information, biometric information, protected classification characteristics, or education records through our standard account, waitlist, support, or AI-assisted feature inputs. If any such information is included in Customer Content, we handle it as described in Section 2 and as permitted by applicable law and our agreements.

How to exercise your rights

To make a privacy request, email us at privacy@unlap.ai or use our contact form at https://unlap.ai/contact.

If applicable law gives you a right to appeal a decision on your request, you may use the same email address to submit the appeal.

We may need to verify your identity or authority before acting on a request. Authorized agents may make requests on behalf of users where permitted by law.

If your request involves Customer Content, see Section 10.

12. Additional Information for Individuals in the EEA and UK

If you are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”), this section provides additional information about how we process personal information subject to the GDPR or UK GDPR.

When we process Customer Content on behalf of a customer, that customer is generally responsible for determining the lawful basis for that processing.

Lawful bases for processing

For personal information for which we act as controller, we rely on the following lawful bases depending on the purpose involved:

  • Performance of a contract: to create and manage accounts, authenticate users, provide the Services, connect authorized third-party systems, and administer subscriptions or transactions
  • Legal obligation: to comply with applicable laws, regulations, tax and accounting requirements, legal process, or enforceable governmental requests
  • Legitimate interests: to secure, monitor, maintain, troubleshoot, and improve the Services; prevent fraud and abuse; understand usage trends; and communicate with business users about service-related matters
  • Consent: to send marketing communications or carry out other optional processing where consent is required
  • Vital interests: where necessary to protect someone from serious harm

Where we rely on consent, you may withdraw it at any time. Withdrawal does not affect processing that occurred before the withdrawal.

When personal information is required

Some personal information is required to create and maintain an account, authenticate users, connect authorized third-party systems, provide the Services, process billing, or respond to requests. If you do not provide the personal information needed for those purposes, we may be unable to create or maintain your account, provide the requested Services, complete a transaction, or respond to your request. Other information, including most marketing preferences and optional communications, is voluntary.

Your EEA and UK privacy rights

Subject to applicable law, you may have the right to:

  • request access to your personal information
  • request correction of inaccurate or incomplete personal information
  • request deletion of your personal information
  • request restriction of processing
  • object to certain processing, including certain processing based on legitimate interests
  • object to direct marketing at any time
  • request data portability
  • withdraw consent where processing is based on consent
  • lodge a complaint with your local supervisory authority or, in the UK, the Information Commissioner’s Office

To exercise these rights, contact us at privacy@unlap.ai or use https://unlap.ai/contact.

You have an absolute right to object to direct marketing at any time. You can do so by using the unsubscribe link in our marketing messages or by contacting us at privacy@unlap.ai.

If your request involves Customer Content, see Section 10.

International transfers

We and our service providers may process or store personal information in multiple jurisdictions, including the United States, Finland, and other jurisdictions in which our service providers operate. When personal information is transferred outside the EEA or UK, we use appropriate safeguards where required by applicable law, such as contractual protections based on approved standard contractual clauses or other lawful transfer mechanisms.

To request information about applicable transfer safeguards, contact privacy@unlap.ai.

Automated decision-making

We do not engage in solely automated decision-making that produces legal or similarly significant effects on individuals without meaningful human involvement.

13. Additional Information for Individuals in Canada

If you are located in Canada, this section provides additional information about how we handle personal information subject to Canadian privacy laws, including PIPEDA.

Accountability and purposes

We are responsible for personal information under our control and for maintaining policies and practices designed to protect that information.

We collect, use, and disclose personal information for the purposes described in this Privacy Policy, including to provide and improve the Services, authenticate users, connect requested third-party systems, communicate with users, support business relationships, maintain security, and comply with legal obligations.

We generally collect, use, and disclose personal information with consent or as otherwise permitted or required by applicable law. In some cases, consent may be express or implied depending on the nature of the information and the context. You may withdraw consent to certain processing, subject to legal, contractual, and operational restrictions and reasonable notice.

We limit our collection, use, disclosure, and retention of personal information to what is reasonably necessary for the purposes identified in this Privacy Policy or as otherwise permitted by law.

Access, correction, and complaints

Subject to applicable law, you may request access to the personal information we hold about you and request corrections if that information is inaccurate or incomplete. You may also ask questions about our privacy practices or challenge our compliance with applicable privacy laws by contacting us at privacy@unlap.ai.

If your request involves Customer Content, see Section 10.

Cross-border processing

We and our service providers may process, store, or access personal information outside Canada, including in the United States, Finland, and other jurisdictions in which our service providers operate. As a result, personal information may be subject to the laws of those jurisdictions and may be accessible to courts, law enforcement, or national security authorities in those jurisdictions.

14. Do Not Track

Some browsers offer a “Do Not Track” setting. Because there is no uniform standard for how to interpret or respond to those signals, we do not currently respond to them.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice.

16. Contact Us

If you have questions about this Privacy Policy or want to exercise a privacy right, contact us at:

privacy@unlap.ai