Article 1 - Personal Data Protection The UPLI SaaS software solution is published by AGENCE OVB (RCS of Villefranche-sur-Saône, France, number: 899 970 891), which acts as the Data Controller under the following conditions.

1.1 Collection of Personal Data The personal data collected on the UPLI platform are as follows:

• Account Creation: When creating a user account on our SaaS application, the user's last name, first name, email address, phone number, and company name are requested. To operate the automation service, login credentials, passwords, and/or recovery codes (or connection tokens) related to their Instagram account will also be securely requested.

• Profile: Using the software allows users to fill in a profile, which may include targeting information and business-related data.

• Payment: For the payment of subscriptions offered on UPLI, the platform records financial data related to the user's bank account or credit card via its secure payment provider.

• Cookies: Cookies are used while browsing the Site and Application. Their use is detailed in Article 2.

• 
  

1.2 Purposes of Personal Data Use The primary purpose of collecting personal data from users is to provide the automated SaaS service, improve it, and maintain a secure environment. Specifically:

• Creation and management of an autonomous user account;

• Execution of automations and targeting on the client's Instagram account;

• Billing and subscription management (via our Chargebee tool);

• Verification, identification, and authentication of transmitted data;

• Provision of technical assistance (user support);

• Prevention and detection of fraud, malware, and security incident management;

• Management of potential disputes;

• Sending commercial and technical information related to software updates.

• 
  

1.3 Data Retention Period Data belonging to an active user (client) is kept for the entire duration of their SaaS subscription. In the event of unsubscription or account deletion, data linked to the Instagram account is deleted. Billing data is retained according to applicable legal durations (generally 10 years for accounting records in France). Data relating to a non-client prospect may be kept for 3 years from the last contact.

1.4 Sharing Personal Data with Third Parties To operate its SaaS, UPLI relies on trusted sub-processors. Data may be shared in the following cases:

• Database and Infrastructure: User data is hosted and structured via Supabase.

• Payment and Subscription Management: Billing information is managed by Chargebee.

• Legal Obligations: If required by law, UPLI may transmit data to respond to claims or comply with legal proceedings.
  
  

1.5 Transfer of Personal Data (Outside the EU) Due to UPLI's SaaS architecture, some data may be transferred, stored, and processed on servers located outside the European Union (notably in the United States or Singapore via our providers Supabase and Chargebee). AGENCE OVB ensures that these transfers are framed by appropriate safeguards compliant with the GDPR, notably through Standard Contractual Clauses (SCCs) of the European Commission or these providers' adherence to the Data Privacy Framework (EU-US data protection framework).

1.6 Security and Confidentiality Data is stored securely. UPLI implements organizational, technical, software, and physical measures (password encryption, restricted access) to protect personal data and Instagram access from alteration, destruction, and unauthorized access. However, as the internet is not a completely secure environment, UPLI cannot guarantee the absolute security of transmissions.

1.7 Implementation of User Rights Under the GDPR and the French Data Protection Act, users have the following rights:

• Update or Deletion: They can modify their information or cancel their subscription directly from their UPLI account settings.

• Right of Access, Rectification, and Erasure: Users can exercise these rights by emailing: team@upli.ai. Proof of identity may be requested.

• Objection: They can object to the processing of their data for direct marketing purposes.

Users also have the right to lodge a complaint with the French Data Protection Authority (CNIL - www.cnil.fr).

1.8 Changes to this Policy UPLI reserves the right to modify this privacy policy at any time. The new version will be published on the website. Active users will be informed of major changes via email. If a user disagrees with the new terms, they have the option to delete their account and cancel their subscription.

Article 2 - Cookies 2.1 What is a cookie? A cookie is a file stored on your device's hard drive (computer, tablet, or smartphone) during your browsing.

2.2 What are cookies used for? UPLI uses cookies to ensure the proper functioning of the SaaS application (keeping the user session logged in) and to analyze traffic on the presentation website.

2.3 What cookies are used?

• Functional and Session Cookies (Strictly necessary): Essential for logging into your UPLI SaaS workspace and keeping your session securely active.

• Audience Measurement Cookies (Analytics): They anonymously collect traffic data to optimize the user experience.

  
  

2.4 How to configure your internet browser? You can configure your browser to reject cookies. However, disabling functional cookies will prevent you from logging into and using the UPLI SaaS software.

Article 3 - Contact Us For any questions or information regarding the management of your data and privacy, you can contact our team at the following address: team@upli.ai