GDPR Policy

  • Last Updated: June 21, 2025.

UnoLock GDPR Compliance Policy


1.1 Introduction

Techsologic Incorporated (Corporation Number 734340-0, headquartered at 150 Elgin Street, 8th Floor, Ottawa, ON K2P 1L4, Canada), provider of the UnoLock platform, including all services, features, applications, and websites (collectively, the "Services"), is committed to complying with the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA) and those subject to GDPR. This GDPR Compliance Policy governs the processing of personal data, emphasizing Absolute Anonymity and minimal data collection, as aligned with the UnoLock Terms of Service ("Terms"), Section 9 (Privacy and Anonymity), and the Privacy Policy at https://www.unolock.com/policies. Techsologic Incorporated ("Techsologic," "we," "us," or "our") ensures GDPR compliance while maintaining our zero-knowledge, stateless architecture for all users, including LegacyLink nominees, as defined in Section 3 (Services Overview) of the Terms.

1.2 Scope and Commitment

This policy applies to any personal data processed by Techsologic in connection with the Services for EEA users. UnoLock's zero-knowledge architecture minimizes data collection, collecting no personal identifiable information (PII) unless voluntarily provided for feedback or support, as per Section 9.3 (No PII Collection) of the Terms. Third-party payment processors (e.g., Stripe, PayPal) handle financial data under their own GDPR-compliant frameworks, as per Section 9.4 (Payment Anonymity) of the Terms. We are committed to protecting user privacy and ensuring GDPR rights are upheld where applicable.

1.3 GDPR Principles

UnoLock's minimal data processing aligns with GDPR principles, tailored to our zero-knowledge model:

  • Lawfulness, Fairness, and Transparency: Any personal data (e.g., email addresses for support) is processed with user consent, transparently communicated via this policy and the support portal at https://www.unolock.com/support.
  • Data Minimization: No PII is collected unless voluntarily provided for feedback or support, and only necessary data is processed, as per Section 9.3 of the Terms.
  • Purpose Limitation: Data is used solely for addressing inquiries, improving services, or complying with legal obligations, as per Section 1.4 (Communication Data Management) of the Privacy Policy.
  • Accuracy: Users may correct inaccurate data by contacting support@unolock.com.
  • Storage Limitation: Data is retained only as long as necessary, per the Data Retention Policy at https://www.unolock.com/policies.
  • Integrity and Confidentiality: Data is protected with AES-256-GCM encryption, TLS 1.3, and post-quantum cryptography, as per Section 6 (Data Security and Encryption) of the Terms.

You must ensure lawful use of the Services, as per Section 5.5 (Compliance with Laws) of the Terms.

1.4 Rights of Data Subjects

EEA users have the following GDPR rights over personal data provided to Techsologic (e.g., via support inquiries):

  • Access: Request access to your data.
  • Rectification: Correct inaccurate data.
  • Erasure: Request deletion, subject to legal retention requirements.
  • Restriction: Restrict processing in certain cases.
  • Data Portability: Receive data in a structured, machine-readable format, where feasible.
  • Objection: Object to processing for specific purposes.

Requests can be made to the Data Protection Officer at support@unolock.com. Due to our zero-knowledge architecture, vault data cannot be accessed or provided, as per Section 9.2 (Zero-Knowledge Architecture) of the Terms. Responses will be provided within 30 days, where feasible.

1.5 Data Protection Officer

Techsologic has appointed a Data Protection Officer (DPO) to oversee GDPR compliance and address data privacy concerns. Contact the DPO at:

  • Email: support@unolock.com
  • Mail: Techsologic Incorporated, 150 Elgin Street, 8th Floor, Ottawa, ON K2P 1L4, Canada

The DPO ensures protection of any personal data and compliance with GDPR requirements.

1.6 Data Breaches

In the event of a personal data breach, Techsologic will:

  • Notify relevant EEA supervisory authorities within 72 hours, as required by GDPR.
  • Inform affected users promptly via email or https://www.unolock.com/support.html, where feasible, detailing the breach and mitigation steps.
  • Leverage our zero-knowledge architecture to ensure vault data remains secure, as per Section 6 (Data Security and Encryption) of the Terms.

Techsologic is not liable for breaches due to user actions, as per Section 10 (Limitations of Liability) of the Terms.

1.7 Third-Party Processors

Third-party processors (e.g., Stripe and PayPal for payments, AWS S3 for storage) comply with GDPR requirements. Their data processing is isolated from vault contents, and Techsologic ensures contractual safeguards, as per Section 8 (Third-Party Systems) of the Terms. You must comply with third-party processor policies, as per Section 5.6 (User Responsibilities) of the Terms.

1.8 Data Transfers

Personal data provided to Techsologic (e.g., support emails) may be transferred outside the EEA (e.g., to Canada), where adequate protection is ensured under PIPEDA, recognized by the EU as equivalent. Vault data remains encrypted and inaccessible, as per Section 9.2 of the Terms, ensuring GDPR-compliant transfers.

1.9 Policy Modifications

Techsologic may revise this policy, as per Section 14 (Modifications to Terms) of the Terms. Material changes will be notified via https://www.unolock.com/support.html with 30 days' notice, where feasible. Continued use constitutes acceptance, as per Section 14.5 of the Terms.

1.10 Contact Information

For GDPR-related inquiries or to exercise your rights, contact:

  • Mail: Techsologic Incorporated, 150 Elgin Street, 8th Floor, Ottawa, ON K2P 1L4, Canada
  • Email: support@unolock.com
  • Security Reports: https://www.unolock.com/support.html
  • Support Portal: https://www.unolock.com/support.html