Privacy Policy

Effective Date: May 17, 2026

Last Updated: May 17, 2026

1. INTRODUCTION AND LEGAL FRAMEWORK

Welcome to Unispov ("we", "our", "us"). We operate an online e-commerce marketplace and portal connecting school students and parents ("Customers") with verified university students and gradutes ("Mentors") for informational, peer-to-peer advisory, and mentoring sessions via scheduled video calls.

We respect your privacy and are committed to protecting your personal data. This Privacy Policy outlines how we collect, use, process, store, and disclose your personal data when you visit our website, use our software platform, or book/conduct advisory sessions.

This policy is formulated to strictly comply with UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL). For cross-border protection, where applicable, this policy also aligns with standard global data protection practices, including the General Data Protection Regulation (GDPR).

By creating an account, booking a slot, or providing services as a Consultant on our platform, you explicitly consent to the data collection and processing rules set out in this policy.

2. THE DATA WE COLLECT ABOUT YOU

Personal data means any information that can directly or indirectly identify you. We collect, store, and process the following categories of personal data depending on your user role:

A. For All Users (General Site Visitors, Customers, and Mentors)

  • Identity and Authentication Data: First name, last name, email address, unique authentication identifiers generated by our identity provider, and profile photos.
  • Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting and geographical location, browser plug-in types and versions, operating system and platform, and device identifiers.
  • Usage Data: Information about how you navigate and interact with our web pages, search for universities/majors, and interact with the platform layout.

B. For Customers (Parents and School Students)

  • Academic and Structural Data: Intended major, current school year, and target universities of interest.
  • Booking and Scheduling Data: Records of availability slots selected, scheduled meeting times, and meeting statuses (e.g., confirmed, pending, cancelation).
  • Transaction and Financial Metadata: Unique payment reference codes (Payment Intent IDs), transaction amounts, and payment statuses processed via our third-party provider. We do not collect or store full credit card numbers or banking credentials directly on our databases.
  • Feedback Data: Reviews, ratings, and textual feedback submitted natively regarding your experience with mentors.

C. For Mentors (University Students & Alumni)

  • Institutional Verification Data: Attended university name, degree, major, year of graduation, and official academic documents or transcripts uploaded to confirm enrollment/alumni status.
  • Regulatory Compliance Data: Proof of a valid Ministry of Human Resources and Emiratisation (MOHRE) Work Permit / Private Tutor License or legal equivalent required to offer freelance tutoring and advisory services in the UAE.
  • Availability and Schedule Data: Custom weekly recurring schedule grids, buffer times, time-off overrides, and integrated Google Calendar appointment slots.
  • Financial and Payout Data: Wallet transaction history, hourly rates set via your dashboard, total balances owed, and bank transfer or digital wallet handles necessary to execute manual or semi-automated escrow releases.

D. Interactive Session Data (Critical Disclosure)

  • Video and Audio Recordings: Complete audiovisual recordings of 1-on-1 calls conducted through our Google Meet integration, along with associated log metadata (start times, end times, and participants).

3. HOW WE COLLECT YOUR DATA

We collect data through different methods:

  • Direct Interaction: You explicitly provide us with your Identity, Academic, Financial, and Verification data when you fill out forms, register an account, set up availability, or correspond with us.
  • Automated Technologies or Interactions: As you interact with our service, we automatically collect Technical and Usage Data.
  • Third-Party Integrations:
    • Clerk Authenticator: Provides us with your user profiles and session tokens immediately upon registration or sign-in.
    • Google OAuth 2.0: Imports calendar availability and event data to synchronize schedules, prevent calendar conflicts, and generate Google Meet dynamic web links.

4. LEGAL BASIS AND HOW WE USE YOUR INFORMATION

Under the UAE PDPL, we process your personal data under the lawful grounds of Contractual Necessity (to fulfill your requests), Consent (specifically for minors and call recordings), and Legitimate Operational Interests.

We utilize your information for the following specific purposes:

  • To Operate the Portal: Facilitate the search, booking, logic-locking of availability slots, and automatic transaction handling between Customers and Mentors.
  • To Enforce UAE Regulatory Compliance: Vetting and monitoring the validity of the mandatory MOHRE work permits for all UAE-based student consultants.
  • To Ensure Platform Safety and Moderation: Utilizing session recordings to review calls, investigate structural abuse, ensure academic integrity, and prevent unauthorized academic cheating or illegal assignment-writing which violates UAE law.
  • To Manage Financial Workflows: Maintaining an escrow-style central wallet structure, verifying payouts, tracking late cancellations, and processing 50% fee protections.
  • Internal Notifications and Diagnostics: Informing webhooks and specific administrative team channels regarding registration updates, user creation synchronization issues, or transaction bugs.

5. RECORDING OF VIDEO CALL SESSIONS

All 1-on-1 virtual sessions conducted via our platform integration are systematically monitored and may be recorded.

Purpose: Recordings are exclusively captured to protect the safety of minors, enforce our consultant code of conduct, maintain quality assurance, and provide an objective record for dispute resolution (e.g., failed connections, escrow refund complaints).

Access and Security: Recordings are stored in highly secure, encrypted object storage environments. Access is strictly compartmentalized and restricted solely to authorized platform administrators. Recordings will never be sold, shared with marketing agencies, or made public.

Retention: Unless flagged for active dispute analysis, safety reviews, or legal preservation under UAE regulatory requirements, these recordings are automatically purged or anonymized after a standard operational retention cycle of 60 days.

6. MINORS AND PARENTAL CONSENT

Our platform targets high school students who may be under the age of 18 ("Minors").

Strict Policy: Minors are not permitted to register an account or book paid calls without the explicit involvement and consent of a parent or legal guardian.

Consent Mechanism: If you are a student under 18, your parent or guardian must review this Privacy Policy and our Terms of Service, create or authorize the account profile, and explicitly consent to the collection of your data and the recording of your video call sessions.

Account Termination: If we discover or are notified that we have collected personal data from a minor under 18 without verified parental guidance, we reserve the right to immediately terminate the account and purge the corresponding data from our production tables.

7. DATA SHARING AND THIRD-PARTY DISCLOSURES

We do not sell your personal data. To provide a high-performance web application stack and process secure transactions, we disclose your data to the following trusted third-party cloud infrastructure and tool vendors:

Service ProviderCategory/PurposeData Disclosed
ClerkAuthentication & User ManagementNames, emails, system IDs, user metadata profiles.
Google Cloud Scheduling & Video InfrastructureGoogle Meet metadata.
Cloud Hosting and Database ProvidersCore Production Database StorageVetted documents, MOHRE license parameters, user records, slots, and application state.
High availability Infrastructure providersApplication Cloud Hosting & DeploymentTechnical logging parameters, routing state, network request configurations.
Payment ProvidersPayment Gateway & Escrow ProcessingBilling context, checkout metadata, currency intent figures, payment tokens.
Email Communication ServicesAutomated Email CommunicationsBooking confirmations, invoice routing, security warnings, receipt payloads.
Error MonitoringReal-time Error Diagnostics & MonitoringStack traces, broken API transaction logs, system failures, runtime error telemetry.

We may also disclose your personal information to judicial, regulatory, or law enforcement authorities in the United Arab Emirates if requested to comply with legal mandates, protect public safety, or defend our platform's intellectual and operational rights.

8. DATA TRANSFERS OUTSIDE THE UAE

Because we utilize global, cloud-native tech infrastructure, your data may be processed and stored on servers located outside the United Arab Emirates. We ensure that all integrated cloud vendors maintain top-tier industry security credentials (e.g., SOC 2 compliance) and leverage strict encryption protocols to safeguard cross-border transfers in compliance with UAE data protection rules.

9. DATA SECURITY AND RETENTION

Security Measures: We use advanced security methods, including token identity validation derived directly from signed session claims (preventing URL manipulation flaws), database row-level isolation policies, and server-side encryption arrays for sensitive access keys. However, no internet-facing application can ever claim 100% absolute invulnerability. We explicitly advise users that while we take reasonable, professional steps to mitigate risk, data transmission occurs at your own risk.

Data Retention: We retain your personal data only as long as necessary to fulfill the purposes for which it was originally gathered, including satisfying legal, audit, operational, or statutory reporting requirements under UAE laws.

10. YOUR LEGAL RIGHTS UNDER UAE PDPL

Subject to specific limitations under the law, users operating within the UAE possess the following rights regarding their personal data:

  • Right to Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Correction/Rectification: You have the right to request that we correct inaccurate or outdated information in your profile dashboard.
  • Right to Erasure ("Right to be Forgotten"): You can request the destruction or complete deletion of your records from our databases, provided it does not conflict with active contractual duties or UAE accounting laws.
  • Right to Restrict Processing: You can object to or limit specific processing profiles of your personal attributes.
  • Right to Withdraw Consent: Where data processing relies entirely on your consent (such as call recordings or optional reviews), you have the right to withdraw that consent at any point without impacting previous data collections.

To exercise any of these processing rights, please submit an official request to our data operations team at: legal@unispov.com.

11. CHANGES TO THIS PRIVACY POLICY

We reserve the complete right to modify or adjust this Privacy Policy dynamically to accommodate codebase features, pricing modifications, or statutory changes issued by the UAE authorities. Any updates will be pushed natively to this public link, accompanied by a revised "Effective Date". Your continued usage of our services following an update constitutes full acknowledgement of the modified terms.

12. CONTACT DETAILS

If you have any compliance questions, technical inquiries regarding data integrity, or wish to invoke your rights under the UAE Personal Data Protection Law, please reach out to us at:

Email: legal@unispov.com

© 2026 Unispov. All rights reserved.