Privacy Policy

Effective as of February 10, 2026

Introduction

Welcome to Unduit. We are committed to protecting your privacy and handling your personal information with care and transparency. This Privacy Policy explains how Unduit LLC (“Unduit,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you use our IT Asset Management platform and related services (collectively, the “Services”).

This policy applies to:

Our platform at app.unduit.com
Our mobile applications
Any related services, features, and content we provide

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

We collect information to provide, improve, and protect our Services. The types of information we collect include:

A. Information You Provide to Us

Account Information:

Company name and business details
Contact person name, email address, and phone number
Billing address and payment information
Company size and industry

Asset and Inventory Data:

Device information (serial numbers, IMEI, asset IDs, model numbers)
Hardware specifications (processor, RAM, storage, condition)
Software licenses and installations
Asset locations and assignments
Device valuations and grading information

Employee Data (for Asset Recovery and Assignment):

Names, email addresses, and phone numbers
Shipping addresses for device recovery or deployment
Employee IDs and department information
Cost center and organizational unit assignments

Support and Communications:

Support tickets, chat messages, and correspondence
Feedback, survey responses, and testimonials
Call recordings (with notice)

Integration Data:

Data imported from integrated systems (HRIS, Ticketing & MDM tools)
API credentials and authentication tokens
Synchronization preferences

B. Information We Collect Automatically

Integration Data:

Pages viewed, features used, and time spent in the platform
Search queries and filter preferences
Actions taken (orders placed, assets assigned, campaigns created)
Session duration and interaction patterns

Device and Browser Information:

IP address and geolocation data
Device type, operating system, and browser type
Screen resolution and language settings
Unique device identifiers

Cookies and Similar Technologies:

We use cookies, pixels, and similar tracking technologies to collect information about your browsing activities. See Section 8 for detailed information about our cookie practices.

C. Information from Third Parties

We may receive information about you from:

Business partners who refer you to our Services
Service providers who help us verify business information
Integrated platforms (Ticketing, MDM, HRIS) that you connect to our Services
Shipping carriers (UPS, FedEx, DHL, DPD) providing tracking and delivery updates
Data enrichment services that help us better understand and serve our customers

2. How We Use Your Information

We use the information we collect for the following purposes:

A. Providing Our Services

Creating and managing your account
Processing orders for device recovery, repair, buyback, and deployment
Managing IT asset inventory and tracking
Facilitating device shipping, returns, and logistics
Processing payments and managing billing
Generating reports and analytics dashboards
Enabling integrations with third-party platforms

B. Communicating with You

Sending order confirmations, shipping notifications, and status updates
Providing customer support and responding to inquiries
Sending account-related notifications and security alerts
Delivering educational content, product updates, and feature announcements
Requesting feedback and conducting surveys

C. Improving Our Services

Analyzing usage patterns to enhance platform functionality
Conducting research and development
Testing new features and conducting A/B tests
Identifying and fixing technical issues
Optimizing user experience and interface design

D. Marketing and Business Development

Sending promotional communications about our Services (with your consent)
Identifying and reaching potential customers
Understanding customer needs and market trends
Measuring campaign effectiveness
Retargeting advertisements across platforms

E. Security and Compliance

Detecting, preventing, and responding to fraud, abuse, or security incidents
Enforcing our Terms of Service and other policies
Complying with legal obligations and responding to legal requests
Protecting the rights, property, and safety of Unduit, our users, and others
Conducting audits and maintaining records

3. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

A. Sub-Processors (Processing Customer Personal Data)

The following service providers process Customer Personal Data on our behalf as sub-processors. They are listed in our Data Processing Agreement (DPA) and are contractually obligated to protect your information and use it only for the purposes we specify:

Infrastructure and Hosting:

DigitalOcean (cloud hosting and infrastructure — US-East/NYC)

Payment Processing:

Stripe, Inc. (payment processing and billing)

Communications:

Twilio Inc. (SMS notifications and communications)

Shipping and Logistics:

UPS (shipping and package tracking — US, CA, EU, UK)
FedEx Corporation (shipping services)
DHL Express (international shipping)
DPD (European shipping)

Product Analytics (Platform Usage):

Mixpanel, Inc. (product analytics)
PostHog Inc. (product analytics and feature flags)

B. Other Service Providers (Unduit’s Own Operations)

The following service providers support Unduit’s own business operations (such as website analytics, marketing, and internal development). These providers do not process Customer Personal Data provided through the platform. Data processed by these providers is collected directly by Unduit from visitors to unduit.com and is processed under Unduit’s own controllership:

Development and Collaboration:

GitLab (code repository and development)
GitHub (code repository)
ClickUp (project management)

Website Analytics and Marketing:

Google Analytics (website traffic analysis)
Microsoft Clarity (session recording and heatmaps)
Clearbit (business data enrichment and visitor identification)
RB2B (B2B account identification and visitor tracking)
Leadfeeder (website visitor identification and company tracking)
6sense/ZI WebSights (buyer intent data and account intelligence)
Primer (marketing attribution)

Advertising Platforms:

Google Ads (advertising and conversion tracking)
LinkedIn (advertising and insight tracking)
Meta/Facebook (advertising and pixel tracking)
Twitter/X (advertising and conversion tracking)
Reddit (advertising and pixel tracking)

C. Business Partners

With your consent, we may share information with:

Authorized resellers and channel partners
Technology integration partners
Co-marketing partners

D. Legal Requirements

We may disclose information when required by law or when we believe disclosure is necessary to:

Comply with legal obligations, court orders, or government requests
Enforce our Terms of Service or other agreements
Protect the rights, property, or safety of Unduit, our users, or the public
Detect, prevent, or address fraud, security, or technical issues

E. Business Transfers

If Unduit is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

F. With Your Consent

We may share information for any other purpose with your explicit consent.

4. Data Retention

We retain your information for as long as necessary to provide our Services and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Specific Retention Periods:

Account Information: Duration of active account plus 30 days after account closure
Asset and Transaction Data: 7 years from transaction date (for financial, tax, and legal compliance)
Employee Recovery Data: Duration of recovery campaign plus 90 days
Marketing Data: 2 years from last interaction or until you opt out
Support Tickets: 3 years from ticket closure
Usage Logs: 90 days to 2 years depending on log type
Session Recordings: 90 days
Financial Records: 7 years (required for tax and audit purposes)
Sub-processor data retention: Up to 90 days following termination of the Agreement for data return/deletion

When information is no longer needed, we securely delete or anonymize it. You may request deletion of your information at any time (subject to legal and contractual retention requirements) by contacting us at [email protected].

5. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

A. Access and Portability

You have the right to request access to the personal information we hold about you and to receive a copy in a portable format.

B. Correction

You have the right to request correction of inaccurate or incomplete personal information.

C. Deletion

You have the right to request deletion of your personal information, subject to legal and contractual exceptions (such as financial records we must retain for tax compliance).

D. Objection and Restriction

You have the right to object to or request restriction of certain processing activities, including direct marketing.

E. Withdraw Consent

Where we process your information based on consent, you have the right to withdraw that consent at any time.

F. Lodge a Complaint

You have the right to lodge a complaint with a data protection authority in your jurisdiction.

F. Lodge a Complaint

You have the right to lodge a complaint with a data protection authority in your jurisdiction.

To exercise these rights, contact us at:

Email: [email protected]
Phone: +1 (847) 701-4584
Mail: Unduit LLC, 5400 Patton Dr Ste 1, Lisle, IL 60532

We will respond to your request within 30 days. We may request additional information to verify your identity before processing your request.

6. Data Security

We implement appropriate technical, administrative, and physical security measures to protect your information against unauthorized access, disclosure, alteration, and destruction.

Our security measures include:

Encryption: Data is encrypted in transit (TLS/SSL) and at rest (AES-256)
Access Controls: Role-based access controls and multi-factor authentication
Network Security: Firewalls, intrusion detection, and regular security monitoring
Secure Development: Code reviews, vulnerability scanning, and penetration testing
Physical Security: Secure data centers with restricted access and 24/7 monitoring
Employee Training: Regular security awareness training for all staff
Incident Response: Documented procedures for detecting and responding to security incidents

Compliance Certifications:

SOC 2 Type II certified
ISO/IEC 27001:2022 certification in progress (target 2026)
R2 (Responsible Recycling) certified for asset disposal

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we continuously work to improve our security practices.

7. International Data Transfers

Unduit is based in the United States. Our primary production infrastructure is hosted in the US-East (NYC) region on DigitalOcean. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

These countries may have data protection laws that differ from those in your country. However, we take steps to ensure that your information receives an adequate level of protection wherever it is processed.

For transfers from the European Economic Area (EEA), United Kingdom, or Switzerland:

We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for EEA transfers
We rely on the UK International Data Transfer Addendum (IDTA) for UK transfers
We implement supplementary measures to ensure data protection
We conduct transfer impact assessments where required

8. Cookies and Tracking Technologies

We use cookies, pixels, web beacons, and similar tracking technologies to collect information about your browsing activities and to improve your experience with our Services.

A. Types of Cookies We Use

Essential Cookies (Required):

These cookies are necessary for the Services to function and cannot be disabled:

Session management and authentication
Security and fraud prevention
Load balancing and performance

Functional Cookies:

These cookies enable enhanced functionality and personalization:

Remembering your preferences and settings
Saving your language selection
Remembering items in your cart

Analytics Cookies:

These cookies help us understand how visitors interact with our Services:

Google Analytics (website and platform traffic analysis)
Mixpanel (user behavior and product analytics)
PostHog (product analytics, feature flags, and session recording)
Microsoft Clarity (session recording, heatmaps, and user interaction analysis)

Marketing and Advertising Cookies:

These cookies track your online activity to help us deliver relevant advertising and measure campaign effectiveness:

Visitor Identification and Account Intelligence:

Clearbit (business data enrichment and visitor identification)
RB2B (B2B account identification and visitor tracking)
Leadfeeder (website visitor identification and company tracking)
6sense/ZI WebSights (buyer intent signals and account intelligence)
Primer (marketing attribution and visitor tracking)

Advertising Platforms:

Google Ads (conversion tracking and remarketing)
LinkedIn Insight Tag (conversion tracking and remarketing)
Meta/Facebook Pixel (conversion tracking and custom audiences)
Twitter/X Pixel (conversion tracking and tailored audiences)
Reddit Pixel (conversion tracking and audience targeting)

Third-Party Analytics and Tag Management:

Google Tag Manager (manages deployment of tracking tags)
Conversion Linker (links clicks to conversions for attribution)

B. How to Control Cookies

Browser Settings:

Most web browsers allow you to control cookies through their settings. You can set your browser to:

Block all cookies
Block third-party cookies only
Delete cookies when you close your browser
Notify you before a cookie is set

Opt-Out Tools:

You can opt out of interest-based advertising from participating companies:

Network Advertising Initiative: www.networkadvertising.org/choices
Digital Advertising Alliance: www.aboutads.info/choices
European Interactive Digital Advertising Alliance: www.youronlinechoices.eu

Platform-Specific Opt-Outs:

Google Ads: www.google.com/settings/ads
Facebook: www.facebook.com/settings/?tab=ads
LinkedIn: www.linkedin.com/psettings/guest-controls
Twitter/X: twitter.com/settings/account/personalization
Reddit: www.reddit.com/settings/privacy

Do Not Track:

Some browsers include a “Do Not Track” (DNT) feature. Our Services do not currently respond to DNT signals because there is no industry standard for how to interpret them.

Important: If you block or delete cookies, some features of our Services may not function properly, and you may need to manually adjust some preferences.

9. Children’s Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected], and we will delete such information from our systems.

10. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

A. Right to Know

You have the right to request disclosure of:

Categories of personal information we collect
Categories of sources from which we collect information
Business or commercial purposes for collecting information
Categories of third parties with whom we share information
Specific pieces of personal information we have collected about you

B. Right to Delete

You have the right to request deletion of personal information we have collected from you, subject to certain exceptions.

C. Right to Correct

You have the right to request that we correct inaccurate personal information that we maintain about you.

D. Right to Opt-Out

You have the right to opt out of the “sale” or “sharing” of your personal information. We do not sell or share your personal information as defined by the CCPA.

E. Right to Limit Use of Sensitive Personal Information

You have the right to limit the use and disclosure of sensitive personal information. We do not use or disclose sensitive personal information for purposes other than those permitted by the CCPA.

F. Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights, including by:

Denying goods or services
Charging different prices or rates
Providing a different level or quality of services

G. Authorized Agent

You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization, and we may require you to verify your identity directly.

To exercise your California privacy rights:

Email: [email protected]
Phone: +1 (847) 701-4584
Mail: Unduit LLC, 5400 Patton Dr Ste 1, Lisle, IL 60532

We will respond to verifiable requests within 45 days. If we need additional time, we will notify you of the extension and the reason.

11. European and UK Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have specific rights under the General Data Protection Regulation (GDPR) and, for UK residents, the UK GDPR:

A. Legal Basis for Processing

We process your personal information based on the following legal grounds:

Contract Performance:

Creating and managing your account
Providing the Services you requested
Processing orders and transactions

Legitimate Interests:

Improving and developing our Services
Marketing our Services to businesses
Detecting and preventing fraud
Network and information security

Legal Compliance:

Complying with legal obligations
Responding to legal requests
Maintaining financial records

Consent:

Sending marketing communications (where required)
Using certain cookies and tracking technologies
Processing special categories of data (if applicable)

You have the right to withdraw consent at any time where we rely on consent as the legal basis.

B. Your GDPR Rights

You have the right to:

Access: Obtain confirmation of whether we process your data and request a copy
Rectification: Correct inaccurate or incomplete personal data
Erasure: Request deletion of your personal data (“right to be forgotten”)
Restriction: Restrict processing of your personal data in certain circumstances
Data Portability: Receive your data in a structured, machine-readable format
Object: Object to processing based on legitimate interests or for direct marketing
Automated Decision-Making: Not be subject to decisions based solely on automated processing

C. Data Protection Contact

For questions about data protection or to exercise your rights, contact us at:

Email: [email protected]
Phone: +1 (847) 701-4584
Mail: Unduit LLC, 5400 Patton Dr Ste 1, Lisle, IL 60532

D. Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not complied with applicable data protection laws. For UK residents, the relevant authority is the Information Commissioner’s Office (ICO).

12. Third-Party Services and Links

Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by Unduit. This Privacy Policy does not apply to those third-party services.

When you access third-party services, you do so at your own risk. We encourage you to review the privacy policies of any third-party service before providing your information.

Integrated Services: If you connect third-party services (such as ServiceNow, HRIS systems, or MDM tools) to our platform, information will be shared according to your integration settings. We are not responsible for how those third parties use your information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

Posting a notice on our website
Sending an email to the address associated with your account
Displaying a prominent notice within our Services

The “Effective Date” at the top of this policy indicates when it was last updated. Your continued use of our Services after the effective date constitutes acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

14. Information for Specific Services

A. Asset Recovery Services

When you use our asset recovery services (Recover, Refresh Buy, Refresh Go):

Employee Data Collection: We collect employee names, addresses, phone numbers, and email addresses to facilitate device returns. This information is provided by you (the employer) and is used solely to coordinate logistics for device recovery.

Employee Consent: You are responsible for obtaining any necessary consent from your employees before providing their information to us. You represent and warrant that you have the legal right to share employee information with us for recovery purposes.

Data Processing Role: For employee recovery data, you are the data controller and we are the data processor. We process this data only on your instructions and in accordance with applicable data protection laws.

Our Data Processing Agreement (DPA) is available to all enterprise customers and those processing personal data through our Services. The DPA covers the categories of personal data processed, sub-processors engaged, technical and organizational security measures, and your rights as a data controller. To request or execute a DPA, please contact [email protected] or your account manager.

B. Physical Asset Handling

When we physically handle your IT assets:

Chain of Custody: We maintain detailed records of asset movement, including tracking numbers, receipt confirmations, and status updates.

Asset Valuation: Any valuations provided are estimates based on current market conditions and device condition assessments. Actual values may vary.

Data Destruction: While we offer data destruction services and provide certificates of destruction, you remain responsible for ensuring devices are properly wiped before shipment. We recommend performing your own data erasure before sending devices to us.

Liability Limits: Our liability for lost, damaged, or misidentified assets during processing is limited as described in our Terms of Service.

C. Buyback and Marketplace Services

When you use our buyback or device marketplace services:

Asset Information: We collect detailed device specifications, condition reports, and valuation data to facilitate transactions.

Financial Transactions: Payment information is processed through Stripe. We do not store complete payment card details on our servers.

Inventory Updates: Asset status changes and transactions are automatically reflected in your connected ITAM systems (if integrated).

15. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Unduit LLC
5400 Patton Dr Ste 1
Lisle, IL 60532
Email: [email protected]
Phone: +1 (847) 701-4584

For support-related inquiries, please contact: [email protected]

By using our Services, you signify your acceptance of this Privacy Policy. If you do not agree to this Privacy Policy, you should not use our Services. Continued use of the Services following the posting of changes to this Privacy Policy that do not significantly affect the use or disclosure of your personally identifiable information will mean that you accept those changes.

Interested in boosting your IT ROI and Security?

Talk to our experts and see how Unduit protects data and boosts ROI

Interested in boosting your IT ROI and Security?

Talk to our experts and see how Unduit protects data and boosts ROI