Privacy Policy

Unmatched (“Company,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our platform, website, and services (collectively, the “Service”).

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described here, please do not use the Service.

2.1 Information You Provide

• Account information: Name, email address, company name, job title, and password when you create an account
• Organization data: Employee information, organizational structure, and team data that you upload to the platform
• Survey responses: Responses to engagement surveys, pulse surveys, exit surveys, and 360-degree reviews
• Performance data: Goals, objectives, performance reviews, and feedback submitted through the platform
• Well-being data: Well-being check-in responses and related metrics
• Communications: Messages you send to us via email or contact forms
• Payment information: Billing details processed through our third-party payment processor

2.2 Information Collected Automatically

• Usage data: Pages visited, features used, actions taken, timestamps, and session duration
• Device information: Browser type, operating system, device type, and screen resolution
• Log data: IP address, access times, and referring URLs
• Cookies: We use essential cookies for authentication and session management. See Section 8 for details.

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process and analyze survey responses, feedback, and performance data
• Generate AI-powered insights, predictions, and recommendations
• Power automated workflows and AI agent actions that you configure
• Improve and personalize the Service
• Communicate with you about your account, updates, and support requests
• Process payments and manage billing
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations

We implement industry-leading security measures to protect your data:

• Encryption at rest: All data is encrypted using AES-256 encryption
• Encryption in transit: All data transmission is protected using TLS 1.3
• US-based data centers: All data is stored in SOC 2 Type II certified data centers located in the United States
• Access controls: Role-based access controls with multi-factor authentication
• Audit trails: Comprehensive logging of all data access and modifications
• Regular audits: Third-party security audits and penetration testing conducted regularly
• Automated backups: Regular encrypted backups with disaster recovery procedures
• Incident response: Documented incident response procedures with notification within 72 hours of a confirmed breach

While we implement robust security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.

We take survey anonymity seriously. By default, individual survey responses are anonymized and cannot be traced back to specific respondents by administrators. Aggregate results are only displayed when the minimum response threshold is met to prevent identification.

Organization administrators configure anonymity settings. We recommend maintaining anonymity to encourage honest feedback. When anonymity settings are changed, respondents are notified before participating.

Our AI features process your organization's data to generate insights and power automated workflows. Important details about AI data processing:

• AI processing occurs within our secure infrastructure and US-based data centers
• Your data is not used to train general-purpose AI models
• AI-generated insights are derived solely from your organization's data
• You retain full control over which AI features are enabled
• AI outputs can be reviewed and overridden by authorized users

We do not sell your personal information. We may share data:

• Service providers: With trusted third-party vendors who assist in operating the Service (hosting, payment processing, email delivery), bound by data processing agreements
• Legal requirements: When required by law, regulation, legal process, or governmental request
• Protection of rights: To enforce our Terms of Service, protect our rights and safety, or the rights and safety of others
• Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users

All third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify.

We use strictly necessary cookies for authentication and session management. We use analytics cookies to understand how the Service is used. You can control cookie preferences through your browser settings. Disabling essential cookies may affect Service functionality.

We retain your data for as long as your account is active or as needed to provide the Service. Upon account termination, you may request export of your data within 30 days. After this period, data will be securely deleted within 90 days, except where retention is required by law.

Anonymized and aggregated data that cannot be used to identify individuals may be retained indefinitely for analytics and service improvement.

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data, subject to legal retention requirements
• Portability: Request your data in a structured, commonly used, machine-readable format
• Restriction: Request restriction of processing in certain circumstances
• Objection: Object to processing of your data for certain purposes
• Withdraw consent: Withdraw consent for processing where consent is the legal basis

To exercise any of these rights, contact us at support@unmatched.io. We will respond within 30 days.

If you are in the European Economic Area, we process your data under the following legal bases: contract performance, legitimate interests, consent, and legal obligations. For data transfers outside the EEA, we use Standard Contractual Clauses approved by the European Commission.

California residents have additional rights under the CCPA, including the right to know what personal information is collected, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information.

The Service is not directed to individuals under 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will take steps to delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date. For significant changes, we will provide additional notice via email or in-app notification.

If you have questions or concerns about this Privacy Policy or our data practices, contact us at: