My Account is a service operated by Universal Computers (“Universal Computers”, “we”, “us”, “our”). This Privacy Policy (“Policy”) describes how we collect, use, disclose, store, and protect information when you access or use My Account, including chat, messaging, file sharing, voice notes, and transaction approval features (collectively, the “Service”).

1. Data Controller / Who we are

2. Definitions

• Personal Data: information relating to an identified or identifiable person.
• Content: messages, voice notes, attachments (images/PDF/files), and other materials you submit through chat or the Service.
• Processing: any operation performed on data (collection, storage, use, disclosure, deletion, etc.).

3. Information we collect

3.1 Account & identity data

• Name, mobile number and/or email, login credentials (password is stored in hashed form), preferred language, and basic profile settings.

3.2 Service/transactional data

• Records you create in the Service (e.g., ledgers, accounts, categories, transactions, settings, and related metadata).

3.3 Chat & communications data (Text, Voice, Images, PDFs)

• Message content: text messages, approvals, and system notifications you send/receive.
• Voice messages: audio recordings you send through chat or approval flows.
• Files & attachments: images and documents (including PDF) you upload or receive.
• Metadata: timestamps, delivery/read status (if enabled), sender/receiver identifiers, device/app identifiers, file size/type, and message IDs needed to operate chat and approvals.
• Safety & audit: report/flag actions, moderation outcomes, and audit logs to prevent abuse, support dispute resolution, and meet legal/security requirements.

3.4 Technical & log data

• Device information, IP address (where available), browser/app version, crash logs, diagnostic logs, and security events.

3.5 Cookies / analytics

• We may use cookies or similar technologies on our web properties for session integrity, security, and analytics (e.g., Google Analytics).

4. How we use information

• Provide, operate, and maintain the Service (including chat delivery, file/voice handling, and storage).
• Authenticate users, manage accounts, and enforce access controls.
• Deliver approval requests/notifications for transaction authorization and record the approval outcome.
• Maintain an audit trail of approvals to protect users, prevent fraud, and support dispute handling.
• Improve reliability, performance, UI/UX, and feature development.
• Detect, prevent, investigate, and remediate fraud, abuse, harassment, and security incidents (including chat abuse).
• Comply with applicable laws, respond to lawful requests, and protect rights, property, and safety.
• Provide customer support and communicate operational/service notices.

5. Legal basis

We process data under one or more of the following bases (as applicable):

• Contract: to provide the Service you request (including chat and approvals).
• Legitimate interests: security, fraud prevention, service quality, and business operations.
• Legal obligation: to comply with applicable laws and lawful government requests.
• Consent: where required (e.g., optional communications or certain cookie/analytics settings, depending on jurisdiction).

6. Sharing & disclosure

We do not sell your personal data. We may share information in the following cases:

• Service providers / processors (confidentiality-bound) to host, operate, secure, analyze, or support the Service.
• Legal: to comply with law, regulation, court order, or lawful request.
• Safety: to protect users and the Service (e.g., addressing abuse, threats, fraud, or security incidents).
• Business operations: if we restructure, merge, or transfer assets (subject to appropriate safeguards).

6.1 Third-party services (examples)

7. Chat safety, moderation, and acceptable use

Where chat features are enabled, you are responsible for the Content you submit. We may implement safety controls such as reporting/flagging, rate limiting, and audit logging. We may review Content when (a) you report it, (b) abuse/security signals indicate potential violations, or (c) we are required to do so by law. We may take action including restricting accounts, removing Content, or preserving records when necessary for legal compliance or safety.

8. Transaction Approval Messaging & Shared-Mobile Account Access (NEW)

The Service may include an Approval Messaging feature for transactions. In certain cases, a mobile number may be used by more than one user profile (for example, when one person manages an account on behalf of another). When this occurs, the Service may send an approval request or notification to the user profile associated with that mobile number.

8.1 How the approval feature works

• User M may initiate a transaction affecting user P (e.g., “add amount X”).
• The Service will deliver an approval request message to P (or the profile mapped to P’s registered mobile number), asking to confirm or reject the request.
• If approved, the transaction may be recorded in the relevant ledgers/accounts as designed by the Service. If rejected or not approved, the transaction will not be finalized.

8.2 Data processed for approvals

• Initiator and recipient identifiers, registered mobile number mapping, transaction summary (amount X, description/reference), timestamps, and approval decision (approve/reject).
• Audit logs required to demonstrate authorization, prevent fraud, and resolve disputes.

8.3 Purpose and legal basis

• Purpose: confirm authorization, prevent unauthorized posting, reduce fraud, and provide accountable records.
• Legal basis: performance of contract (providing the feature), legitimate interests (security/fraud prevention), and legal obligations where applicable.

8.4 Important notice about shared mobile numbers

9. Data retention

• Account & service data: retained while your account is active and as necessary to provide the Service.
• Chat data: retained to provide conversation history and for security/audit purposes; you may request deletion where applicable.
• Approval records: we may retain approval requests, decisions, and audit logs for accounting integrity, dispute resolution, fraud prevention, and compliance.
• Logs & security records: retained for a limited period for troubleshooting, fraud prevention, and compliance.
• Backups: copies may persist for a limited time due to backup rotation and disaster recovery.

Retention may be extended where required by law, to resolve disputes, enforce agreements, or protect the Service.

10. Security

• Passwords are stored using hashing (not plain text).
• We use access controls and least-privilege where feasible.
• We apply reasonable safeguards (e.g., encryption in transit via HTTPS where configured).

No method of transmission or storage is 100% secure. Please use strong passwords and keep them confidential.

11. International transfers

Depending on hosting/service providers, data may be processed in locations outside Bangladesh. We take reasonable measures to ensure appropriate safeguards are in place consistent with this Policy.

12. Your rights & choices

• Access, correct, or update certain information via your account settings.
• Request export (where available) or deletion of your data (subject to legal/operational constraints).
• Object to or restrict certain processing where applicable.
• Manage cookies/analytics preferences where relevant (depending on your jurisdiction/tools).

13. Children

The Service is not directed to children under the age required by local law to provide valid consent. If you believe a child has provided personal data, contact us to request deletion.

14. Changes to this Policy

We may update this Policy periodically. We will update the “Last updated” date above and, where appropriate, provide notice within the Service.

15. Contact

For privacy requests or questions, contact Universal Computers using the address above or via our website contact channel.