UniChat by UniStart
Demo
Legal

Privacy Policy

Last updated: April 2026

1. Introduction

UniChat by UniStart ("we", "our", "us") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the UniChat platform for dissertation supervision.

UniChat is designed for use by higher education institutions. We process personal data on behalf of institutions under data processing agreements that comply with the UK GDPR and the Data Protection Act 2018.

2. Information We Collect

Account Information

When your institution creates an account for you via an invitation, we collect:

  • Full name and institutional email address
  • Role within the platform (Student, Professor, or Administrator)
  • Institution and department affiliation

Platform Data

During your use of UniChat, we store:

  • Dissertation supervision communications (chat messages)
  • Uploaded documents and their version history
  • Meeting records (titles, agendas, dates, links)
  • Audit events (an immutable log of platform activity)
  • Document review comments and feedback

Technical Data

We automatically collect standard technical data including IP addresses, browser type, device information, and usage analytics to maintain and improve the service.

3. How We Use Your Information

We use your information exclusively for:

  • Providing the dissertation supervision platform and its features
  • Authenticating users and enforcing role-based access controls
  • Maintaining the immutable audit trail for institutional compliance
  • Sending platform notifications related to your supervision activities
  • Ensuring security, preventing fraud, and investigating potential abuse
  • Improving and maintaining the platform's performance and reliability

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Data Storage and Security

All data is stored securely using Supabase infrastructure with the following protections:

  • Encryption at rest and in transit (TLS 1.3)
  • Row-Level Security (RLS) policies ensuring multi-tenant data isolation
  • Institution-scoped access — users can only access data from their own institution
  • Password hashing using industry-standard bcrypt algorithms
  • Invitation tokens stored as SHA-256 hashes with automatic expiry
  • Append-only audit trail that cannot be modified or deleted

5. Data Retention

We retain your data for the duration of your institution's subscription and in accordance with your institution's data retention policies. Upon termination, institutional data will be securely deleted within 90 days unless legally required to retain it.

Audit events are retained for the full retention period as they constitute the institutional compliance record.

6. Your Rights

Under the UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate personal data
  • Request deletion of your personal data (subject to legal retention requirements)
  • Object to or restrict the processing of your data
  • Request data portability in a machine-readable format
  • Withdraw consent at any time where consent is the legal basis

To exercise any of these rights, contact your institution's data protection officer or reach out to us at privacy@unistart.co.uk.

7. Third-Party Services

UniChat uses the following third-party services:

  • Supabase — Database, authentication, file storage, and real-time messaging
  • Resend — Transactional email delivery (invitation emails only)
  • Vercel — Web application hosting and CDN

Each provider maintains their own privacy policies and data processing agreements. We ensure all sub-processors comply with UK GDPR requirements.

8. Contact

For privacy-related inquiries:

UniStart Ltd
Email: privacy@unistart.co.uk