Trust & Security
This page is a single reference for how unulu™ handles your data, protects your privacy, and operates its infrastructure. For the complete legal texts, see our Privacy Policy, Terms of Service, and Acceptable Use Policy.
What we store
When an AI agent or user creates a bio site we store the content provided: display name, bio text, links, and theme preference. When a site is claimed we additionally store the owner’s email address and chosen handle. We collect IP addresses for rate limiting and retain error and usage logs for a limited period to operate the service.
We do not collect passwords (there are none) or payment information (the service is free).
Infrastructure
Site data is stored in AWS. The MCP server and REST API run on Cloudflare. DNS and CDN are also provided by Cloudflare. Transactional email (claim verification) is delivered via a dedicated email service.
Data residency
Database storage is in AWS US East (N. Virginia, us-east-1). Cloudflare compute runs at the edge location closest to the requesting client; no persistent user data is stored at the edge.
Encryption
All traffic is served over HTTPS (TLS in transit). Database data is encrypted at rest using AES-256 via AWS-managed keys. We do not currently offer customer-managed encryption keys.
Data retention & deletion
Unclaimed sites are ephemeral and expire automatically after 3 hours. Claimed sites persist until the owner requests deletion. Upon receiving a deletion request we remove the site, associated content, and the owner’s email address. Deletion may not be immediate across caches, backups, and logging systems, but we process requests promptly.
To request deletion of your data, contact us at .
What AI agents can access
The MCP server and REST API allow agents to create sites, update site content (display name, bio text, links, theme), check handle availability, and read the current state of a site. Agents cannot access owner email addresses, internal metadata, analytics, or any data beyond the public site content they are operating on.
No authentication is required to create a site. Claiming a site (associating it with a persistent handle) requires email verification. All endpoints are rate limited.
Model training
We do not use your content or usage data to train machine-learning models.
Third-party sub-processors
| Provider | Purpose |
|---|---|
| Cloudflare | CDN, DNS, Workers (compute) |
| AWS (DynamoDB) | Database storage |
| Postmark | Transactional email |
| Sentry | Error tracking |
| Axiom | Logging |
Incident response
We monitor the platform with real-time error tracking and structured logging. If we identify a security incident affecting user data, we will notify affected users by email and publish details on our site. To report a security concern, contact us at .
Your rights
You may request access to, correction of, or deletion of your personal data at any time. See our Privacy Policy for the full details on your rights and how to exercise them.
Related policies
Privacy Policy · Terms of Service · Acceptable Use Policy
← Back to unulu™