Privacy Policy
Uevar Inc. Effective Date: May 13, 2026 Last Updated: May 13, 2026
1. Who We Are
Uevar Inc. is a Delaware corporation and the "business" for purposes of the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"). Uevar determines the purposes and means of processing your personal information.
- Mailing Address: Uevar Inc., 447 Broadway, 2nd Floor Suite #3453, New York, NY 10013, United States
- Privacy Contact: privacy@uevar.com
- Support Email: support@uevar.com
2. Scope
This Privacy Policy applies to personal information collected through the Uevar mobile application, website, and related services (collectively, the "Services"). It applies to residents of California and all other US states. Uevar does not target users outside the United States.
This Policy does not apply to third-party websites or services linked from our Services.
3. Notice at Collection — Personal Information We Collect
The table below maps each category of data we currently collect to its CCPA category and the purpose for collection. We collect only what is described below.
| Field | CCPA Category | Purpose |
|---|---|---|
| Identifiers | Account creation, communications, authentication | |
| Phone number | Identifiers | SMS communications, two-factor authentication |
| First name | Identifiers | Personalization, account display |
| Last name | Identifiers | Personalization, account display |
| Display name | Identifiers | Account display |
| Referral code | Identifiers | Referral program tracking |
| Referral source | Identifiers | Attribution of referral source |
| Points balance | Commercial Information | Loyalty points balance tracking |
| Subscription status | Commercial Information | Subscription status tracking |
| Email unsubscribe timestamp | Commercial Information | Suppression list / opt-out compliance |
| SMS unsubscribe timestamp | Commercial Information | Suppression list / opt-out compliance |
| Last check-in timestamp | Internet/Network Activity | Feature engagement, points eligibility |
| Profile bonus award timestamp | Commercial Information | Points award audit trail |
| Launch notification timestamp | Commercial Information | Notification delivery tracking |
| Last seen timestamp | Internet/Network Activity | Session activity, fraud prevention |
| Account creation timestamp | Internet/Network Activity | Account lifecycle management |
| SMS consent record | Identifiers | TCPA consent record |
| Marketing consent record | Identifiers | CAN-SPAM / marketing consent record |
| Intent / onboarding goal | Inferences / Preferences | Personalization of onboarding experience |
| Acquisition source | Internet/Network Activity | Attribution and marketing analytics |
| Preferred language | Identifiers / Preferences | Language localization |
| Account deletion timestamp | Identifiers | Account closure tracking |
| Avatar emoji | Identifiers | Profile personalization |
| Profile completion percent | Commercial Information | Engagement tracking, points eligibility |
| Profile level | Commercial Information | Gamification, feature gating |
Sensitive Personal Information: Phone numbers may qualify as sensitive personal information under CPRA. We collect phone numbers solely for authentication and communications purposes. We do not use phone numbers to infer characteristics about you beyond what is necessary for those purposes. We do not sell or share sensitive personal information.
We do not collect: Social Security numbers, government ID numbers, financial account numbers, precise geolocation, biometric information, or health information.
4. How We Use Personal Information
We use your personal information for the following business and commercial purposes:
- Account services: Creating, authenticating, and maintaining your account.
- Communications: Sending transactional emails (password resets, account alerts), marketing emails (with consent), and SMS messages (with TCPA-compliant consent).
- Referral and loyalty program: Tracking referrals and awarding points in accordance with the Points Policy.
- Educational features: Powering the AI Coach feature (educational, not investment advice).
- Portfolio and market features: Displaying simulated portfolio data and educational market information. No real trades are executed at this time.
- Security and fraud prevention: Detecting abuse, unauthorized access, and fraudulent activity.
- Product improvement: Understanding how users interact with the Services (analytics).
- Legal compliance: Meeting our obligations under applicable law.
5. Categories of Third Parties — Service Providers
We use a limited number of third-party service providers to operate the Services. Each is contractually restricted from using personal information for their own purposes. Categories include:
- Hosting and database infrastructure (account data, application traffic logs, IP addresses).
- Email delivery (email address, name, email consent records).
- Markets and portfolio data providers (used to display market information; no personal financial account data is transmitted).
- AI assistant providers (queries submitted through the AI Coach feature; no financial account data).
We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not disclose personal information to data brokers.
We may disclose personal information to courts, law enforcement, or government authorities when required by law, in response to valid legal process, or to protect the safety of our users.
6. Retention Policy
We retain personal information for as long as your account is active and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce our agreements.
| Category | Retention Period |
|---|---|
| Account identifiers (email, phone, name) | Duration of account + 3 years after deletion or 7 years if required by law |
| Consent records | 5 years from consent date (TCPA best practice) |
| Activity logs | 2 years rolling |
| Points and transaction records | Duration of account + 3 years |
| Suppression records (email or SMS unsubscribe) | Indefinite (required to honor opt-out) |
Account Deletion: When you request deletion of your account, we begin a deletion process. Within 45 days of a verified deletion request, we will delete or de-identify your personal information, subject to legal holds and the suppression record exception above. Suppression records may be retained to prevent future unsolicited contact.
7. Your California Privacy Rights
If you are a California resident, you have the following rights under CCPA/CPRA:
7.1 Right to Know
You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources, purposes, and categories of third parties with whom we share it.
7.2 Right to Delete
You may request that we delete personal information we have collected from you, subject to certain exceptions (e.g., completing transactions, security, legal obligations).
7.3 Right to Correct
You may request that we correct inaccurate personal information we maintain about you.
7.4 Right to Opt Out of Sale or Sharing
We do not sell or share personal information. You may nonetheless submit an opt-out signal (see Section 9 on GPC).
7.5 Right to Limit Use and Disclosure of Sensitive Personal Information
We do not use sensitive personal information beyond what is necessary to provide Services. No further limitation is required, but you may contact us to request limitation.
7.6 Right to Non-Discrimination
We will not discriminate against you for exercising any CCPA/CPRA right. We will not deny goods or services, charge different prices, or provide a different quality of service based solely on the exercise of privacy rights.
8. How to Exercise Your Rights
Verified Consumer Requests: To submit a privacy request, email us at support@uevar.com with the subject line "California Privacy Request." We will acknowledge your request within 10 business days and respond within 45 calendar days (with one 45-day extension if necessary).
We will verify your identity by confirming information you provide against records on file (e.g., your email address and account details). We will not require you to create an account to submit a request, but we may need to verify your identity before processing a deletion or correction request.
Authorized Agents: A California resident may designate an authorized agent to submit a request on their behalf. We will require written proof of authorization and may still verify the consumer's identity directly.
9. Do Not Sell or Share My Personal Information — GPC Signal
We honor the Global Privacy Control ("GPC") browser signal. If your browser transmits a GPC signal to our website, we will treat it as a request to opt out of the sale or sharing of your personal information. Because we do not currently sell or share personal information, GPC signals are honored but have no additional effect at this time. We will maintain this commitment as our business grows.
10. Cookies and Analytics
We may use cookies, local storage, and similar technologies for authentication, session management, and basic analytics. We do not currently use third-party advertising cookies or cross-site tracking technologies.
If you disable cookies in your browser, certain features of the Services may not function correctly.
11. Children's Privacy
The Services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete it promptly.
For users between the ages of 13 and 16, we will not sell or share their personal information without affirmative opt-in consent, consistent with CCPA/CPRA requirements.
12. Security
We implement and maintain reasonable security procedures and practices appropriate to the nature of the personal information we collect and the risks of unauthorized access, destruction, use, modification, or disclosure, consistent with California Civil Code §1798.81.5. Our security measures include encrypted data transmission (TLS), access controls, and use of SOC 2-compliant infrastructure providers.
No security measure is perfect. In the event of a security breach that materially affects your rights, we will notify you as required by California law.
13. International Transfers
Uevar's Services are operated in the United States. All personal information is stored and processed in the United States. We do not transfer personal information outside the United States. If this changes, we will update this Policy and implement appropriate safeguards.
14. Changes to This Policy
We may update this Policy from time to time. Material changes will be communicated by email or by a prominent notice in the application at least 30 days before the change takes effect. The "Last Updated" date at the top of this page will reflect the most recent revision.
15. Contact
For privacy questions, consumer rights requests, or concerns:
Uevar Inc. Attn: Privacy 447 Broadway, 2nd Floor Suite #3453, New York, NY 10013, United States Email: support@uevar.com Privacy Contact: privacy@uevar.com