Privacy Policy

  • Last Updated: November 2, 2025.
  • Changelog: Enhanced clarity on support communication practices and vault separation; updated payment data processing details; refined security practices description; implemented tiered response SLAs by request severity.

UnoLock Privacy Policy


1.1 Introduction

Techsologic Incorporated (Corporation Number 734340-0, headquartered at 150 Elgin Street, 8th Floor, Ottawa, ON K2P 1L4, Canada), provider of the UnoLock platform, including all services, features, applications, and websites (collectively, the "Services"), is committed to ensuring the privacy and security of all users ("you," "your," "user"), including those designated as LegacyLink nominees, as defined in the UnoLock Terms of Service ("Terms"), Section 3 (Services Overview). This Privacy Policy outlines our practices for collecting, using, protecting, and managing user data, emphasizing our zero-knowledge, stateless architecture to guarantee Absolute Anonymity and Payment Anonymity. This policy is incorporated into the Terms, available at https://www.unolock.com/tos.html, and aligns with our commitment to comply with Canadian and international privacy laws, including PIPEDA, GDPR, and HIPAA, where applicable, as detailed in Section 17 (Compliance with Privacy Regulations) of the Terms.

1.2 Absolute Anonymity

UnoLock's core principle is Absolute Anonymity, ensuring that your identity and activities within the Services are untraceable to personal identifiers. Our zero-knowledge architecture, as described in Section 9 (Privacy and Anonymity) of the Terms, prevents Techsologic Incorporated ("Techsologic," "we," "us," or "our") or third parties from accessing your data or linking it to your identity.


1.2.1 Implementation Tactics

  • Elimination of Personal Identifiers: No personal identifiable information (PII), such as usernames, email addresses, or phone numbers, is required to create or access a vault. Authentication relies on biometric, FIDO2, or PIN-based methods, as per Section 3.4 (Key Features) of the Terms.
  • Non-Tracking Policy: We do not track IP addresses, digital footprints, or metadata linking your activities to your identity, ensuring anonymity during vault access, messaging, or feature use.
  • Encrypted Identifiers: Secure, random identifiers (e.g., vault IDs, session keys) are used to manage user interactions, preventing traceability to real-world identities.

You are responsible for maintaining anonymity through secure practices, as outlined in Section 5.8 (User Responsibilities) of the Terms.

1.3 Payment Anonymity

Techsologic ensures Payment Anonymity to protect the privacy of financial transactions, isolating them from user identities and vault contents, as described in Section 9.4 (Payment Anonymity) of the Terms.


1.3.1 Credit Card Payments (Processed by Stripe)

When you pay by credit card, your payment is processed by Stripe, Inc., an independent third-party payment processor:

  • Data Controller: Stripe, Inc. is the data controller for all payment information. Stripe collects, processes, and stores your payment data (including card numbers, cardholder names, billing addresses, and transaction details) under Stripe's own Privacy Policy and Terms of Service.
  • UnoLock Does Not Receive Payment Details: Techsologic never receives, accesses, stores, or processes your credit card information, cardholder name, billing address, or other payment details. We receive only transaction confirmations (payment successful/failed) and anonymous transaction identifiers.
  • Stripe's Policies Apply: When you pay via Stripe, you agree to Stripe's Terms of Service (stripe.com/legal) and Privacy Policy (stripe.com/privacy). Stripe operates independently of our vault infrastructure and is certified PCI DSS Level 1 (the highest security standard for payment processors).
  • Stripe Subprocessor: Stripe, Inc. is engaged as a GDPR-compliant subprocessor with appropriate Data Processing Agreements in place covering EU data transfers via Standard Contractual Clauses.

1.3.2 Bitcoin Payments (Cryptocurrency)

Bitcoin payments are processed on the public blockchain network:

  • No Personal Information Required: Bitcoin transactions do not require names, addresses, email addresses, or other personal identifiers.
  • Blockchain Fees: Network transaction fees are determined by blockchain conditions and borne by the user.
  • Decentralized Processing: Bitcoin payments are processed on a decentralized public ledger. Techsologic receives only blockchain transaction confirmation.
  • Anonymity: Bitcoin payments use one-time session keys to maintain payment anonymity.

1.3.3 Payment Anonymity System

Critical architectural feature: Techsologic employs a payment anonymity system that prevents linking payments to specific vaults or user identities:

  • Anonymous Payment Session IDs: Payments use one-time, randomized session identifiers that cannot be traced to specific vaults.
  • No Vault Linkage: Even when we receive payment confirmation from Stripe or the Bitcoin network, our system cannot determine which vault the payment is associated with.
  • Prepaid Credit System: Paid subscriptions utilize prepaid credits that are consumed anonymously as you use the service.
  • Isolation Architecture: Payment processing infrastructure is completely isolated from vault infrastructure, as per Section 3.5 (Payment and Billing) of the Terms.

This means:

  • Stripe cannot identify your vault (they only see a payment to "Techsologic Incorporated")
  • Techsologic cannot link a payment confirmation to a specific vault
  • Your financial information remains separated from your vault activity
  • No payment profiling or financial tracking is possible

1.3.4 Data Collection Regarding Payments

What Techsologic DOES Collect:

  • Transaction confirmation status (successful/failed)
  • Subscription tier level activated
  • Transaction timestamp
  • Anonymous payment session identifier
  • Prepaid credit balance (for tracking service usage)

What Techsologic Does NOT Collect:

  • Cardholder names
  • Credit card numbers or payment details
  • Billing addresses
  • Email addresses (unless separately provided for support)
  • IP addresses linked to payment activity
  • Any data that could link a payment to a vault or user identity

1.3.5 Key Benefits of Payment Anonymity

  • Enhances financial privacy by preventing linkage between transactions and vault usage
  • Mitigates risks of financial profiling based on payment data
  • Ensures payment processors cannot identify your vault contents or activity
  • Fosters trust in Techsologic's commitment to privacy across all subscription tiers
  • Maintains zero-knowledge architecture even for paid subscriptions

1.3.6 User Responsibilities

You are responsible for ensuring your chosen payment methods comply with applicable laws, as per Section 5.5 (Compliance with Laws) of the Terms. You acknowledge that:

  • Stripe's privacy practices are governed by Stripe's policies, not Techsologic's
  • Bitcoin transactions are publicly visible on the blockchain
  • You must maintain valid payment information to avoid service interruption
  • Techsologic cannot recover or refund payments if you lose access to your payment method

1.4 Communication Data Management

While UnoLock's zero-knowledge architecture minimizes data collection, communication with Techsologic (e.g., via email or support channels) may involve limited PII, handled with stringent privacy measures.


1.4.1 Support Communication (Voluntary and Separate from Vault)

Your UnoLock vault operates with complete anonymity - no email address or personal information is required to create, access, or use your vault. This anonymity is absolute and fundamental to our architecture.

However, if you choose to contact our support team (support@unolock.com or via our support channels), this communication is voluntary and separate from your vault. When you contact support, we collect:

  • Your email address (if contacting via email)
  • Your message content and any information you voluntarily provide
  • Any technical information you share to help us resolve your inquiry

Purpose of Collection:

This information is collected and used exclusively to:

  • Respond to your support inquiry, feedback, or feature request
  • Troubleshoot technical issues you report
  • Improve our support processes and service quality
  • Comply with legal obligations if required

Important Clarifications:

  • Support communications are NOT linked to your vault or vault contents
  • We do not use support email addresses for marketing purposes
  • You control what information you share - provide only what's necessary for your inquiry
  • Support is optional - your vault functions fully without ever contacting us

Retention: Support correspondence is retained as business records for as long as necessary to resolve your inquiry and maintain service records, in accordance with our Data Retention Policy.

Deletion: You may request deletion of your support correspondence at any time by emailing support@unolock.com with subject line "Delete Support Records". We will delete your correspondence within 30 days, except where retention is required by law.

Legal Basis (GDPR): Legitimate interest in providing customer support and maintaining business records.


1.4.2 Use of Communication Data

Communication data collected through support channels is used exclusively for:

  1. Responding to your specific inquiry, support request, or feedback
  2. Improving our support processes and identifying common user issues
  3. Maintaining business records and ensuring accountability
  4. Complying with legal obligations where required

We do NOT use support communication data for:

  • Marketing or promotional purposes
  • Linking your identity to your anonymous vault
  • Tracking or profiling your behavior
  • Sharing with third parties (except as required by law)

Your support communications remain confidential and separate from your vault activity.


1.4.3 Retention and Deletion

Communication data is retained only as long as necessary to fulfill its purpose - typically as long as needed to resolve your inquiry plus a reasonable period for business record-keeping.

  • Retention Period: Communication data is retained only as long as necessary to fulfill its purpose (e.g., resolving a support issue) or meet legal requirements, per the Data Retention Policy at https://www.unolock.com/policies.
  • Secure Deletion: Data is securely deleted or anonymized once no longer needed, using industry-standard methods to prevent recovery.
  • Zero-Knowledge Limitation: Techsologic cannot access or retain vault-related data, ensuring communication data remains isolated, as per Section 9.2 (Zero-Knowledge Architecture) of the Terms.

You are responsible for minimizing PII shared in communications, as per Section 5.8 (User Responsibilities for Privacy) of the Terms.


1.4.4 Separation of Support Data from Vault Data

To emphasize: Your vault and your support communications are completely separate systems:

  • Vault System: Anonymous, zero-knowledge, no email required, cannot be linked to your identity
  • Support System: Voluntary, requires contact information only if you choose to reach out

At no point do we link support correspondence to specific vaults. Even if you email us about a vault issue, we cannot identify which vault belongs to you unless you explicitly provide your vault identifier for troubleshooting purposes.

This separation ensures your vault privacy remains intact even if you choose to contact support.

1.5 Data Security

Techsologic implements robust security measures to protect any data under our custody, aligning with Section 6 (Data Security and Encryption) of the Terms.

  • Encryption: All data, including communication data, is encrypted using AES-256-GCM (client-side) and TLS 1.3 (transmission), with post-quantum cryptography (ML-KEM-1024, ML-DSA Dilithium) for future-proof security.
  • Storage Security: Data stored on servers (e.g., AWS S3) is encrypted with dual-layer AES-256, ensuring protection at rest.
  • Security Practices: We implement enterprise-grade security controls built on industry best practices, including continuous monitoring, regular security assessments, and vulnerability management. We are actively working toward formal third-party security certifications.

You must use secure devices and practices to prevent unauthorized access, as per Section 5.9 (Shared Security Responsibility) of the Terms. Techsologic is not liable for breaches due to user errors, as per Section 10 (Limitations of Liability) of the Terms.

1.6 Minimal Logging Practices

Techsologic maintains minimal, anonymized server logs for operational purposes, as per Section 9.5 (Minimal Logging Practices) of the Terms.

  • Log Content: Logs contain only non-identifiable technical data (e.g., error codes, performance metrics), with no PII or metadata linking to user activities.
  • Retention: Logs are purged every 72 hours to minimize retention risks.
  • No Activity Tracking: No logs track user actions (e.g., vault access, messaging), preserving anonymity.

1.7 Your Privacy Rights and Choices

While UnoLock's zero-knowledge model eliminates traditional PII collection, you retain rights over any PII shared via communication (e.g., email):

  • Access and Correction: You may request access to or correction of communication data by contacting support@unolock.com.
  • Deletion: You may request deletion of communication data, subject to legal retention requirements, as per the Data Retention Policy.
  • GDPR Rights: EU users may exercise GDPR rights (e.g., data portability, objection to processing), though vault data access is limited by our zero-knowledge architecture.
  • HIPAA Compliance: Users storing protected health information (PHI) may request a Business Associate Agreement (BAA) via support@unolock.com, as per Section 17.4 (Compliance with HIPAA) of the Terms.

Requests are processed according to the following response timeframes based on severity:

  • Critical Requests (account lockout, security breach, emergency access): Within 24 hours
  • High Priority Requests (data access, deletion, privacy concerns): Within 72 hours
  • Medium Priority Requests (policy questions, general privacy inquiries): Within 7 days
  • Low Priority Requests (informational requests, feedback): Within 14 days

Techsologic commits to meeting these response timeframes for all requests. In exceptional circumstances where delays are unavoidable, we will notify you of the delay and provide an estimated resolution timeframe.

You acknowledge that vault data cannot be accessed or recovered by Techsologic, as per Section 9.2 (Zero-Knowledge Architecture) of the Terms.

1.8 Compliance with Privacy Regulations

Techsologic's practices comply with applicable privacy regulations, as detailed in Section 17 (Compliance with Privacy Regulations) of the Terms:

  • PIPEDA: Governs incidental PII handling, ensuring transparency and security under Canadian law.
  • GDPR: Supports data minimization, user rights, and secure processing for EU users.
  • HIPAA: Enables secure PHI storage with encryption and optional BAAs.
  • Other Laws: Complies with equivalent privacy laws (e.g., CCPA) where applicable.

You are responsible for ensuring your use complies with these regulations, as per Section 5.5 (Compliance with Laws) of the Terms. Techsologic is not liable for your non-compliance, as per Section 10 (Limitations of Liability).

1.9 Modifications to the Privacy Policy

Techsologic may revise this Privacy Policy to reflect changes in practices, technology, or legal requirements, as per Section 14 (Modifications to Terms) of the Terms. Material changes will be notified via email, the support portal at https://www.unolock.com/support.html, or platform announcements, with at least 30 days' notice where feasible. Continued use of the Services after the effective date constitutes acceptance. Your sole remedy for disagreement is to cease using the Services, as per Section 13.1 (User-Initiated Termination) of the Terms.

1.10 Contact Information

For questions, concerns, or notices regarding this Privacy Policy or the Services, contact:

  • Mail: Techsologic Incorporated, 150 Elgin Street, 8th Floor, Ottawa, ON K2P 1L4, Canada
  • Email: support@unolock.com
  • Security Reports: https://www.unolock.com/support.html
  • Support Portal: https://www.unolock.com/support.html

Techsologic will respond to all inquiries according to priority level as outlined in Section 1.7 (Your Privacy Rights and Choices). Critical requests receive responses within 24 hours, high priority requests within 72 hours, and routine inquiries within 7-14 days.

For social media engagement, follow us at https://www.youtube.com/@UnoLock, https://www.instagram.com/unolock, or other platforms listed in Section 19.4 (Social Media and Public Presence) of the Terms.

1.11 User Acknowledgment

By using the Services, you acknowledge and agree that:

  • Techsologic's zero-knowledge architecture ensures your data and identity remain private, as per Section 9 (Privacy and Anonymity) of the Terms.
  • No PII is collected unless required for communications or payments, and such data is isolated and securely handled.
  • You are responsible for maintaining anonymity and complying with privacy laws, as per Section 5 (User Responsibilities) of the Terms.
  • Techsologic is not liable for privacy breaches due to your actions, as per Section 10 (Limitations of Liability) of the Terms.

Your engagement with UnoLock signifies trust in our commitment to unparalleled privacy and security.