Privacy Policy

1.1 Account Information. When you create an account, we collect your email address, password (stored in hashed form), and display name. If you subscribe to a paid plan or purchase credits, we collect billing information through our payment processor (Stripe); we do not store your credit card number, expiration date, or CVC on our servers.

1.2 Conversation and Prompt Data. When you use server-backed AI model access, your prompts and responses are transmitted through our servers to third-party AI model providers. We do NOT retain or store your prompts, responses, or conversation content on our servers. All prompt and response content is discarded immediately after proxying to the upstream provider. Only the following anonymized usage metadata is retained for billing: input/output/cached token counts, cost in USD, provider and endpoint name, model name, request ID, and timestamp. This data is not used to train AI models.

1.3 Local Workspace Data. UcoWorker is designed with a local-first architecture. Files, code, and workspace data you work with remain on your device by default. The Agent processes this data locally on your machine. We do not access, collect, or store the contents of your local files unless they are included in a conversation sent to server-backed models.

1.4 Usage and Telemetry Data. We may collect anonymized usage data such as feature usage frequency, credit consumption patterns, error logs, performance metrics, and session duration. This data does not include the content of your conversations or files.

1.5 Device and Technical Information. We may collect your operating system type and version (including iOS version and device model), application version, IP address, browser type (for web dashboard), and general geographic location derived from your IP address.

1.6 iOS Mobile Application Data. The UcoWorker iOS app is a companion app that mirrors and controls the UcoWorker desktop agent. The iOS app collects: your account credentials for authentication (stored securely in the iOS Keychain); device information (iOS version, device model) for compatibility; and conversation data received from the desktop agent via our server relay. The iOS app does not run AI models, execute agent tools, or access files on your iPhone. Conversation content displayed in the iOS app is streamed in real time from your paired desktop and is not persistently stored on the iOS device beyond local cache. Uninstalling the iOS app removes all locally stored data including Keychain credentials.

1.7 Connected Channel Data. When you connect messaging platforms (Telegram, Slack, Email, etc.), we collect the minimum data necessary to operate the integration, such as bot tokens, channel identifiers, and message content routed through the Service.

1.8 Google Account Data. When you connect your Google account, the UcoWorker agent may access Gmail messages (read, search, send), Google Drive files (read, list, download), Google Calendar events (view, create, manage), Google Sheets spreadsheets (read, edit), Google Docs documents (read, create), Google Slides presentations (read, create), Google Tasks (view, manage), and Google Contacts (read) using the OAuth permissions you explicitly grant. This data is processed locally on your device by the agent to complete tasks you request.

1.9 BYOK Mode. If you use Bring Your Own Key mode, your API keys are stored locally on your device in encrypted form. We do not transmit or store your API keys on our servers. In BYOK mode, your prompts are sent directly to the third-party provider without passing through our servers.

We use the information we collect for the following purposes:

Service Operation. To authenticate you, process AI model requests, track credit usage, manage subscriptions, and provide the core functionality of the Service.

Service Improvement. To analyze anonymized usage patterns, diagnose technical issues, improve reliability and performance, and develop new features. We do not use your conversation content or files for this purpose.

Communication. To send you transactional emails (account verification, password resets, billing receipts), service announcements, and, with your consent, product updates and marketing communications.

Safety and Security. To detect and prevent fraud, abuse, security incidents, and violations of our Terms of Service.

Legal Compliance. To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

We do NOT use your Content, conversation data, or prompts to train, fine-tune, or improve any AI or machine learning models.

3.1 Third-Party AI Model Providers. When you use server-backed model access, your prompts are proxied to third-party AI model providers for processing. UcoWorker does not store or retain your prompts or responses — we act solely as a pass-through proxy. Each provider's retention, use, and privacy practices are governed by their independent policies. You are responsible for reviewing: Anthropic Privacy, OpenAI Privacy, Google Privacy. UcoWorker (AI4ALPHA INC.) bears no responsibility for how these providers handle your data after receipt.

3.2 Payment Processor. Stripe processes your payment information. We share the minimum information necessary for billing (email, subscription details). Stripe's privacy policy governs their handling of your payment data.

3.3 Connected Platform Providers. When you use channel integrations, the data necessary for those integrations is shared with the respective platform providers (Telegram, Slack, Microsoft, etc.) under their terms.

3.4 Google API Services. UcoWorker's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Google OAuth authentication and data access occur directly between the UcoWorker desktop application on your device and Google's servers — your Google credentials and data do not pass through our servers (api.ucoworker.com). The Google Workspace services accessed may include: Gmail (read, search, send), Google Drive (read, list, download), Google Calendar (view, create, manage events), Google Sheets (read, edit spreadsheets), Google Docs (read, create documents), Google Slides (read, create presentations), Google Tasks (view, manage task lists), and Google Contacts (read contact information). Specifically: (a) we only access Google user data that you explicitly authorize through the OAuth consent screen; (b) we use Google data solely to provide the features you requested (e.g., reading emails, managing files, viewing calendar events, editing spreadsheets); (c) we do not use Google user data for advertising or transfer it to third parties for unrelated purposes; (d) we do not use Google user data to train AI models; (e) a human can review your Google data only with your affirmative consent, for security purposes, or to comply with applicable law.

3.4.1 OAuth Authorization. UcoWorker uses Google OAuth 2.0 to request access to specific Google services. The authorization flow occurs directly between your device and Google's servers. You will see a Google consent screen listing the exact permissions (scopes) requested. You can grant or deny each permission. OAuth tokens are stored locally on your device and are never transmitted to our servers.

3.4.2 Google Data Storage. Google API data (emails, files, tokens) is stored exclusively on your local device. OAuth tokens are stored in encrypted local storage. No Google user data is uploaded to, stored on, or transmitted through UcoWorker's servers (api.ucoworker.com).

3.4.3 Google Data Retention. Google OAuth tokens are retained on your device until you disconnect the integration or revoke access. When you revoke access via Google Account settings (myaccount.google.com/permissions), all locally stored tokens are invalidated. Any cached Google Workspace data (Gmail, Drive, Calendar, Sheets, Docs, Slides, Tasks, Contacts) is stored only in your local agent memory and can be cleared at any time.

3.4.4 Revoking Google Access. You can disconnect Google services at any time by: (a) revoking access in your Google Account at myaccount.google.com/permissions, (b) removing the connection in UcoWorker's desktop settings, or (c) deleting your UcoWorker account. Upon disconnection, all locally stored Google OAuth tokens are invalidated.

3.5 Service Providers. We may share information with service providers who assist us in operating the Service, such as cloud hosting providers, analytics services, and customer support tools. These providers are contractually required to protect your information and use it only for the services they provide to us.

3.6 Legal Requirements. We may disclose your information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

3.7 Business Transfers. In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

We do not sell your personal information to third parties.

Account Data. We retain your account information for as long as your account is active. If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal or regulatory purposes.

Conversation Data. Server-side conversation logs are retained for the duration of your account. You may delete individual conversations through the Service. Deleted conversations are purged from our systems within 30 days.

Local Data (Desktop/CLI). Files and workspace data on your computer are entirely under your control. Uninstalling the desktop application does not automatically delete local data; you may manually remove application data directories.

Local Data (iOS). The iOS app stores authentication tokens in the iOS Keychain and conversation cache in local storage. Uninstalling the iOS app automatically removes all locally stored data. No user files or workspace data are stored on the iOS device.

Usage Data. Anonymized usage and telemetry data may be retained indefinitely for analytical purposes.

Billing Records. We retain billing and transaction records for a minimum of 7 years as required by Canadian tax law.

We implement reasonable technical and organizational measures to protect your personal information, including: encryption of data in transit (TLS) and at rest; hashed password storage; access controls limiting employee access to personal information on a need-to-know basis; regular security assessments; and monitoring for unauthorized access attempts.

However, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the security of your account credentials, API keys, and any sensitive information in your workspace.

In the event of a data breach affecting your personal information, we will notify you and applicable regulatory authorities as required by law, including within the timeframes mandated by PIPEDA and provincial privacy legislation.

6.1 Rights Under PIPEDA (Canada). As a Canadian company, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Alberta Personal Information Protection Act (PIPA). You have the right to: access the personal information we hold about you; request correction of inaccurate information; withdraw consent for the collection, use, or disclosure of your information (subject to legal or contractual restrictions); and file a complaint with the Office of the Privacy Commissioner of Canada.

6.2 Rights Under GDPR (European Economic Area). If you are located in the EEA, you may have additional rights under the General Data Protection Regulation, including the right to access, rectification, erasure, data portability, restriction of processing, and objection to processing. Our legal basis for processing is typically consent or the performance of our contract with you. To exercise these rights, contact us at contact@ucoworker.com.

6.3 Rights Under CCPA/CPRA (California). If you are a California resident, you have the right to: know what personal information we collect, use, and disclose; request deletion of your personal information; opt out of the sale of personal information (we do not sell personal information); and not be discriminated against for exercising your privacy rights.

6.4 Exercising Your Rights. To exercise any of your privacy rights, please contact us at contact@ucoworker.com. We will respond to your request within 30 days (or sooner if required by applicable law). We may need to verify your identity before processing your request.

UcoWorker (AI4ALPHA INC.) is based in Alberta, Canada. Your information may be processed in Canada and in other countries where our service providers and third-party AI model providers operate, including the United States.

Canada has been recognized by the European Commission as providing an adequate level of data protection. For transfers to countries without an adequacy determination, we rely on appropriate safeguards such as standard contractual clauses or the recipient's participation in recognized data protection frameworks.

By using the Service, you acknowledge that your information may be transferred to and processed in jurisdictions outside your country of residence, which may have different data protection laws. We take steps to ensure that your information receives an adequate level of protection wherever it is processed.

Web Dashboard. The ucoworker.com web dashboard may use cookies and similar technologies for: authentication and session management (essential cookies); remembering your preferences and settings (functional cookies); and understanding how you use the dashboard to improve the experience (analytics cookies).

Desktop and CLI. The desktop application and CLI do not use browser cookies. Local preferences and settings are stored in application configuration files on your device.

iOS. The iOS app does not use cookies, web tracking, advertising identifiers, or fingerprinting. The app does not participate in cross-app tracking and does not request App Tracking Transparency (ATT) permission. No data is shared with third-party advertising or analytics services.

Your Choices. You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the web dashboard. We do not use cookies for third-party advertising.

The Service is not directed to individuals under the age of 18 (or the age of majority in their jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided personal information to us, please contact us at contact@ucoworker.com.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email or through the Service and update the "Last updated" date.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the revised Privacy Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

UcoWorker (operated by AI4ALPHA INC.)
Edmonton, Alberta, Canada
Email: contact@ucoworker.com
Website: ucoworker.com

You may also file a complaint with the Office of the Privacy Commissioner of Canada (www.priv.gc.ca) or the Office of the Information and Privacy Commissioner of Alberta (www.oipc.ab.ca) if you believe your privacy rights have been violated.