Privacy Policy

Arkgeniq Private Limited (referred to as "Uniify", "we", "us", or "our") is a company incorporated under the laws of India, with its registered office at 6th Floor, Block B, Tecci Park, Sholinganallur, Chennai, Tamil Nadu, India. We have developed the mobile and web-based Uniify Platform ("Platform") to help registered organisations and their employees enhance engagement, wellbeing, and overall workplace experience ("Services"). By accessing or using the Platform, you consent to this Privacy Policy and our Terms of Service. If you do not agree with these terms, you should discontinue use of the Platform.

This Privacy Policy explains how and why Uniify collects, uses, stores, shares, and protects the information you provide or generate while using our Services. It applies to all users, clients, and visitors globally. As a B2B platform, Uniify processes employee data on behalf of client organisations. The organisation (our client) acts as the Data Controller and determines what personal data is uploaded to the platform. Uniify acts as the Data Processor.

We use the information collected to:

• Deliver, maintain, and personalise the Services
• Generate aggregated and anonymised insights and analytics for clients
• Enable wellbeing, recognition, and engagement features
• Communicate platform updates, insights, and reports
• Ensure compliance with contractual and regulatory obligations
• Detect and prevent fraud, misuse, or security incidents
• Provide customer support and resolve technical issues

We do not sell personal information. All data is processed solely to enhance user and organisational experience.

Uniify processes data in accordance with Article 6 of the GDPR and applicable Indian law, based on:

• Contractual necessity: to deliver services to our client organisations
• Legitimate interest: to improve experience, analytics, and security (where not overridden by individual rights)
• Consent: for wellbeing tracking, optional engagement features, or marketing communications
• Legal compliance: to meet legal or regulatory obligations under the IT Act 2000, SPDI Rules 2011, GDPR, CCPA, and other applicable laws

Uniify acts as a Data Processor, and client organisations act as Data Controllers. Clients own their employee data, while Uniify processes it on their behalf under written agreements. For details, refer to our Data Processing Addendum (DPA), available on request from privacy@uniifyapp.com.

If you connect Uniify with external services (e.g. Google Fit, Apple HealthKit, Google Sign-In, Apple Sign-In), we follow strict compliance with their respective policies.

• We only request the data necessary to provide features you opt into
• You must grant explicit consent before any data is accessed
• You can revoke permissions at any time

If you revoke access, Uniify stops all data synchronisation and can delete previously retrieved data upon request.

We implement industry-leading technical and organisational measures, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Role-based access controls and audit logging
• Regular vulnerability assessments and penetration testing
• Multi-factor authentication for platform administrators
• 24/7 monitoring and rapid breach response

In accordance with Articles 33 and 34 of the GDPR, Uniify will notify affected controllers and supervisory authorities of any personal data breach within 72 hours of becoming aware.

Under the GDPR and applicable data protection laws, you have the right to:

• Access: request a copy of the personal data we hold about you
• Rectification: request correction of inaccurate or incomplete data
• Erasure: request deletion of your personal data ("Right to be Forgotten")
• Restriction: request that we restrict processing in certain circumstances
• Portability: receive your data in a structured, machine-readable format
• Object: object to processing based on legitimate interests
• Withdraw consent: where processing is based on consent, withdraw it at any time
• Automated decisions: not be subject to solely automated decision-making with legal or significant effect

To exercise these rights, contact privacy@uniifyapp.com. As Uniify processes most employee data as a Data Processor, rights requests relating to employment data should be directed to your employer (the Data Controller) in the first instance. EU/UK residents may lodge a complaint with their national supervisory authority or the European Data Protection Board (EDPB). Indian residents may contact the relevant authority under applicable Indian data protection law.

Uniify uses cookies and similar technologies for essential operations, analytics, and personalisation.

• Essential cookies: required for the platform to function (cannot be disabled)
• Analytics cookies: help us understand page visits and user behaviour (privacy-friendly, no personal identifiers)
• Marketing cookies: used to understand campaign performance (only with your consent)

You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect functionality. Our platform does not use third-party advertising cookies.

Uniify operates primarily in India with data residency in India. Where personal data is processed outside India (for example, by sub-processors located in other countries), we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) or equivalent data transfer mechanisms
• Sub-processor agreements requiring equivalent data protection standards
• Assessments of the data protection laws of the destination country

We apply safeguards under GDPR, CCPA, and other applicable data protection laws for all cross-border transfers.

Our Services are designed for professional use and are not intended for individuals under 16 years of age. We do not knowingly collect personal data from minors. If we become aware that a minor's data has been collected without appropriate consent, we will delete it promptly.

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors.

• We will update the "Last updated" date at the top of this page
• Significant changes will be communicated via email or in-platform notifications at least 30 days before taking effect
• Continued use of the Services after the effective date constitutes acceptance of the updated Policy

We have appointed a Data Protection Officer to oversee privacy and compliance matters. For GDPR-specific or data protection enquiries, you may reach our DPO at:

For questions, concerns, or requests regarding this Privacy Policy or the handling of personal data, please contact us:

We aim to respond to all privacy-related requests within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.