Last updated: 20 April 2026

This Privacy Policy explains how Ungo SAS (“we”, “us”, “our”) processes personal data when you use Ungo at ungo.app and its subdomains (the “Service”). We act as data controller for customer account data and as data processor for the submissions your published sites collect from their visitors. See our DPA for the processor terms.

1. Data we collect

Account data you provide: email, name, hashed password, billing information processed by our payment provider (Stripe).

Usage data: pages visited in the dashboard, feature events (e.g., “site_published”), IP address (truncated), user agent. Used to operate and improve the Service.

Site visitor data (as processor): when a visitor loads a page you publish, we log a pageview (URL, truncated IP, user agent, referrer). No cookies are set for analytics. Form submissions collected by your sites are stored on our infrastructure and belong to you.

  • Contract (Art. 6(1)(b)): to provide the Service you signed up for.
  • Legitimate interest (Art. 6(1)(f)): to secure the Service, prevent abuse, and improve the product.
  • Consent (Art. 6(1)(a)): for optional marketing emails and non-essential cookies (you must opt in).
  • Legal obligation (Art. 6(1)(c)): for tax and invoicing records.

3. How long we keep it

  • Account data: while your account is active, plus 30 days after deletion for recovery.
  • Billing records: 10 years (legal requirement in most EU jurisdictions).
  • Site visitor data: 12 months for analytics, indefinitely for form submissions you collect (you control deletion).
  • Backups: rolling 30-day retention.

4. Who we share it with

We share data only with sub-processors necessary to run the Service:

  • Cloudflare — hosting, CDN, edge rendering (EU + global).
  • Stripe — payment processing.
  • Resend — transactional email.
  • Sentry — error monitoring (IP anonymized).

A full, versioned list is available in the DPA.

5. International transfers

Some of our sub-processors are US-based. We rely on the EU-US Data Privacy Framework and/or Standard Contractual Clauses for all transfers outside the EEA.

6. Your rights

Under GDPR, you can request:

  • Access to the data we hold about you.
  • Correction of inaccurate data.
  • Deletion of your data (right to be forgotten).
  • A portable export of your data (data portability).
  • Restriction of processing or objection to processing based on legitimate interest.

Email privacy@ungo.app (or our DPO at dpo@ungo.app) and we respond within 30 days. You may also lodge a complaint with your local data protection authority.

7. Security

TLS everywhere. Passwords hashed with Argon2id. Row-level isolation between workspaces. Encrypted backups. 2FA available on all accounts.

8. Children

Ungo is not intended for users under 16. We do not knowingly collect data from children.

9. Changes

We notify you by email at least 14 days before material changes take effect.

10. Contact

Ungo SAS, 42 rue de la République, 75011 Paris, France. Data protection contact: privacy@ungo.app. DPO: dpo@ungo.app. General support: support@ungo.app.