Vai al contenuto

Privacy Policy

Last updated: 24 March 2026

1. Data controller

The data controller is Uelt S.r.l., with registered office at Via Archimede 43, Pisticci (MT), Italy.

For any privacy-related request you can contact privacy@uelt.ai.

2. Data we process

Depending on how you use the service, we may process:

  • account and identity data, such as name, email address, and login credentials
  • financial data entered by you or imported through open banking
  • data relating to budgets, goals, categories, and simulations
  • prompts, interactions, and feedback relating to AI features
  • technical and usage data, such as IP address, logs, device, sessions, and visited pages
  • subscription and payment data processed via Stripe

3. Purposes of processing

We process data to:

  • create and manage your account
  • provide platform features
  • connect accounts and display financial data
  • generate AI-powered insights, categorizations, simulations, and responses
  • manage subscriptions, payments, and support
  • ensure security, fraud prevention, and service reliability
  • comply with legal obligations

4. Legal bases

The main legal bases are:

  • performance of a contract, to provide the service you request
  • consent, for non-essential cookies and any promotional communications
  • legitimate interests, for security, abuse prevention, service improvement, and defence of legal claims
  • legal obligation, for tax, accounting, and regulatory compliance

5. Open banking

If you choose to connect your accounts through open banking, Uelt processes the data required to display and organise the information made available by the authorised provider.

The connection is based on your request and the permissions granted in the provider flow.

6. AI and data used for outputs

AI features may use data in your account, the prompts you submit, and other contextual information needed to generate responses and insights.

AI outputs are not intended to produce solely automated decisions with legal or similarly significant effects within the meaning of Article 22 GDPR.

7. Data recipients

We may share data with parties acting on our behalf or necessary to the service, including:

  • Microsoft Azure for infrastructure and hosting
  • Stripe for payment processing
  • open banking providers, when activated on your account
  • technical providers and analytics tools that are strictly necessary or activated with consent, where applicable

We do not sell your personal data.

8. International transfers

We seek to store and process data within the European Economic Area. If some providers involve international transfers, we rely on the legal bases and safeguards required by the GDPR, including standard contractual clauses where necessary.

9. Data retention

We retain data for as long as necessary to provide the service and comply with legal obligations.

As a general rule:

  • account data is kept until account closure, unless a longer period is needed for security or legal defence
  • financial data is kept until deletion or disconnection, unless law or technical necessity requires otherwise
  • accounting and tax records are retained for the period required by applicable law
  • logs and technical data are retained for a period proportionate to security and reliability purposes

10. Cookies and similar technologies

Uelt uses essential cookies and, subject to consent, analytics cookies. Any additional categories will only be activated in accordance with applicable law and your preferences.

For more information, see the Cookie Policy.

11. Your rights

You have the right to:

  • access your data
  • request rectification
  • request erasure where applicable
  • obtain restriction of processing
  • object to processing based on legitimate interests
  • receive data in a portable format where applicable
  • withdraw consent at any time where processing is based on consent

To exercise your rights, contact privacy@uelt.ai.

12. Complaint to a supervisory authority

If you believe that the processing of your personal data infringes the GDPR, you may lodge a complaint with the competent supervisory authority, including the Italian Data Protection Authority where relevant.

13. Security

We implement technical and organisational measures appropriate to the nature of the data processed, including protections made available through Azure infrastructure, access controls, encryption in transit, and other reasonable safeguards.

14. Changes to this notice

We may update this Privacy Policy over time. If changes are material, we will use reasonable means to inform you.