1) What this Policy covers
This Policy applies to our website, unepal.com, and mobile application, collectively the Services, including Profiles, Posts, Circles, Pages, Business Directory, Marketplace, Rentals, Jobs, Services, Events, Blogs, Recipes, Hamro TV, Discussions, Rewards, notifications, contact forms, and admin banners.
2) What we collect
A. You give us
- Account and profile: Name, email, phone, password, profile photo, suburb or postcode, bio, and any additional information you add.
- Auth and onboarding records: Verification data such as phone numbers, OTP request metadata, login timestamps, IP and device signals, and anti-fraud records used to secure account creation and prevent fake account abuse.
- Listings, posts, and interactions: Details and media for Marketplace, Rentals, Jobs, Services, Events, Blogs, Recipes, community Circles, and Discussions, including your comments and votes.
- Rewards and gamification: Information related to your participation in the Rewards system, including point accumulation from actions within the app.
- Pages and directory: Page name, category, logos, contact details, service area, and hours.
- Events and RSVPs: Event submissions, RSVP status, and attendance intent where you choose to mark yourself as going or interested.
- Messages and reports: Content you send to other users or to us through support and safety reports.
B. Collected automatically
- Usage and device: App actions, video view durations on Hamro TV, session duration, crash logs, IP address, model, operating system, app version, and diagnostics.
- Approximate location: Based on the network or suburb you provide to power local discovery. We do not collect precise GPS unless you deliberately include an address in a listing.
- Group and community signals: Joining local Circles, groups, Pages, or local discussions may reveal approximate demographic or suburb-level relevance to other members of that community.
- Website requests and cookies: Our hosting and delivery providers may process standard technical request data such as IP address, browser type, device information, and requested pages to serve and secure the site. We do not use Google Analytics or third-party website analytics tags on the website.
C. From service providers
- Firebase (Google): Authentication, messaging, and storage for app features, including technical identifiers, tokens, and service logs.
- Website hosting and delivery providers: Technical request processing needed to deliver, cache, and secure the website.
- Email providers: If you contact us by email or through the website contact section, your message will be handled through standard email systems used by you and by us.
- Payments (future): If added later, processors may share billing status and transaction references.
D. Sensitive information
We do not deliberately seek sensitive information. If you include it in content, you consent to us handling it under this Policy.
3) Why we use it
- Run the app: Create and manage accounts, profiles, listings, Pages, posts, messages, notifications, Rewards tracking, and saved alerts.
- Safety and moderation: Detect and prevent scams, fraud, and abuse, review reports, and enforce policies.
- Personalisation: Recommend relevant Circles, Pages, listings, videos, and events based on your interactions.
- Service improvement: Fix crashes, improve performance, and build features based on support, moderation, reliability, and product feedback.
- Legal and compliance: Handle complaints and respond to lawful requests.
- Marketing (optional): Send product updates or promotions with consent and easy opt-out.
Messaging, blocking, and moderator review
- Encryption expectations: In-app messaging is encrypted in transit, but it is not described as end-to-end encrypted unless we expressly state otherwise.
- Block and safety tools: We provide controls such as block lists, report flows, and notification settings so you can control who can interact with you.
- Review on report: If content or behaviour is reported for harassment, scams, child-safety concerns, or other policy violations, authorised moderators and global admins may review relevant chat logs, media, metadata, and account activity needed to investigate the report.
Legal bases where required by law
- Contract / providing the Services: We process account, profile, messaging, listing, and support data when needed to provide the features you request.
- Legitimate interests: We process data to keep the platform secure, prevent abuse, understand reliability issues, improve product performance, and respond to safety concerns.
- Consent: We rely on consent for optional marketing and where you choose to provide optional or sensitive information.
- Legal obligations and claims: We may process and retain information where necessary to comply with law, resolve disputes, enforce our terms, or protect people from harm.
5) Cross-border disclosure
Our providers may process or store data in the United States and other countries where their infrastructure or support teams operate. Where required by law, we rely on contractual commitments, adequacy mechanisms, or similar safeguards designed to protect transferred personal information.
6) Your choices and rights
- Access: Ask for a copy of your personal information.
- Correction: Ask us to fix inaccurate or outdated information.
- Privacy controls: Choose audiences for posts and listings, and manage alerts, push notifications, blocking, and messaging preferences.
- Marketing opt-out: Unsubscribe from emails or SMS and turn off push notifications in device settings.
- Delete account: Request deletion in-app, where available, or by email. We remove data from active systems after validation and then let remaining backup copies expire under our normal cycle unless retention is still required.
- Regional rights: Depending on where you live, you may also have rights to object to or restrict processing, withdraw consent, request data portability, or appeal decisions about your data.
To exercise a right, email hello@unepal.com with "Privacy Request" in the subject, or use our contact section.
7) Security
We use technical and organisational measures, including encryption in transit, restricted access, Firebase Authentication and App Check, logging, and monitoring. No system is 100% secure, so keep your device and credentials safe.
User-generated content safety commitments
- Blocking and filtering: We maintain mechanisms that allow users and moderators to block abusive users, report objectionable content, and filter or restrict content under review.
- 24-hour action target: We prioritise valid reports involving child safety, violent threats, severe harassment, and similar high-risk user content and aim to review and take action within 24 hours.
- Zero-tolerance CSAM response: Suspected Child Sexual Abuse Material or related exploitation activity may lead to immediate removal, permanent account and device bans, evidence preservation, and reporting to law enforcement or child-protection hotlines without prior notice.
8) Children and young people
The app is for people aged 16 and over. If you are 16 or 17, you confirm a parent or guardian has consented. If we learn that someone under 16 has an account, we will close it and delete personal information from active systems where practical.
9) Payments and premium features (future)
The app is currently free. If we introduce payments, subscriptions, or paid placements, we will:
- Use a PCI-compliant processor for billing data.
- Update this Policy and our Terms.
- Ask for any extra consents that are needed.
10) Retention
We keep different categories of personal information for different periods. Account, profile, and in-app content are generally kept while your account is active. Support enquiries, moderation reports, audit logs, and security records may be retained longer where reasonably necessary for safety, fraud prevention, legal compliance, or dispute resolution.
Phone numbers used for authentication are typically kept while the account is active and for a limited period after deletion where needed to prevent fraud, investigate abuse, or comply with legal obligations. OTP request logs, verification metadata, and related anti-fraud records may also be retained for security review windows.
11) Data breach notifications
If a data breach is likely to cause serious harm, we will assess it promptly and notify affected individuals and regulators as required by law, including any mandatory breach-notification schemes that apply.
12) Changes to this Policy
We may update this Policy if our practices or the law change. For material changes, we will give reasonable notice in-app or by email. Using the app after the new effective date means you accept the updated Policy.
13) Complaints and contact
Email: hello@unepal.com
Website: Use our contact section to send us a message directly
Copyright notices: Send infringement reports to hello@unepal.com with the subject "Copyright Notice"