Loading Urmate
Legal

Privacy Policy

How personal data, account data, usage data, AI content, cookies, and support records are handled.

UrmateUpdated 01 July 2026Legal

1. Scope and Controller

This Privacy Policy explains how flyingdarkdev handles personal data when a user accesses Urmate, creates an account, uses AI tools, submits support requests, makes payments, or interacts with public pages. It applies to website visitors, registered users, trial users, paid users, admins, partner contacts, job applicants, and people who communicate with the business. Some data may also be handled by third-party providers that process information for hosting, authentication, payments, analytics, support, email, and AI features.

Users should read this policy together with the Terms, Cookie Policy, Data Protection & User Rights page, and any provider-specific notices shown inside the product. This policy is India-focused and should be reviewed by counsel before production use, especially if sensitive personal data, children data, enterprise data, or regulated information is processed.

2. Account and Identity Data

Account data may include name, email address, username, profile photo, OAuth identifiers, password status, verification status, role, workspace details, organization details, subscription status, support history, and login records. This information is used to create and secure accounts, personalize the dashboard, verify ownership, send service messages, prevent abuse, manage plans, and respond to support or privacy requests. Where a user signs in through a third-party account, the third party may share limited profile information based on its own settings and permissions.

Users should keep account information accurate and should not create accounts using another person's email or identity. flyingdarkdev may refuse changes where identity cannot be verified, where a request appears fraudulent, or where records must be preserved for security, billing, legal, or dispute reasons.

3. Usage, Device, and Log Data

The platform may collect usage and technical data such as IP address, approximate location, device type, browser, operating system, timestamps, pages viewed, feature activity, error logs, performance data, session identifiers, referral source, and security events. This data helps operate the website, detect bugs, prevent fraud, identify abuse patterns, troubleshoot product issues, improve user experience, measure feature reliability, and protect accounts. Some logs may be generated automatically by hosting providers, security systems, payment gateways, analytics tools, or infrastructure components.

Users can limit some browser-level tracking through settings, but essential security and service logs may still be required. Log data may be retained for a reasonable period based on security, legal, accounting, audit, fraud-prevention, and operational needs.

4. User Content and AI Data

User content may include prompts, chat messages, notes, study material, uploaded files, generated images, project text, templates, comments, support messages, and metadata connected with those actions. When a user asks an AI feature to process content, the prompt, selected context, files, and output may be transmitted to the relevant AI provider or infrastructure service so the requested feature can operate. Provider behavior may depend on model, plan, region, account type, and selected settings.

Users should avoid uploading confidential, regulated, or highly sensitive information unless the feature, plan, and provider settings are suitable for that use. flyingdarkdev may access limited content where necessary for support, abuse investigation, security, legal compliance, or feature delivery, subject to internal access controls.

5. Payment and Commercial Data

Commercial data may include plan name, subscription status, invoice ID, order ID, transaction reference, payment gateway status, coupon use, tax metadata, refund status, renewal date, billing email, and support history related to payment. Full card, UPI, wallet, or banking credentials are generally handled by payment processors and not stored directly by the website unless a future product page clearly states otherwise. Payment metadata is used to activate plans, issue invoices, handle refunds, detect duplicate charges, and comply with accounting or tax requirements.

Users should provide payment proof only when necessary and should redact unrelated sensitive information. flyingdarkdev may retain billing records for tax, accounting, legal, dispute, fraud-prevention, and audit purposes even after account closure, where permitted or required by law.

6. Communication and Support Data

When a user contacts support, submits a complaint, applies for a role, requests a partnership, or sends feedback, the business may collect the message, attachments, email address, account details, screenshots, payment proof, issue history, and response notes. This information is used to understand the request, verify identity, communicate with the user, improve support quality, investigate abuse, and maintain records of decisions. If a matter involves a payment provider, AI provider, infrastructure provider, or legal authority, limited relevant information may be shared to resolve the matter.

Users should not send passwords, OTPs, full card numbers, or unnecessary personal data. Abusive, false, threatening, or fraudulent communications may be preserved and used for safety, moderation, dispute, or legal response.

7. Cookies and Similar Technologies

Cookies, local storage, pixels, SDK identifiers, and similar technologies may be used for login sessions, security, preferences, analytics, product performance, referral tracking, and fraud prevention. Essential cookies are required for core product functions such as authentication, account security, and session management. Preference cookies remember theme, language, layout, and other settings. Analytics tools help understand traffic and improve product reliability, subject to configuration and consent requirements where applicable.

Users may control cookies through browser settings, but blocking essential cookies can break login or security features. The Cookie Policy gives more detail on cookie categories, third-party cookies, management choices, and limitations.

8. Purpose of Processing

Personal data is processed to provide the service, authenticate users, secure accounts, operate AI and study tools, process payments, respond to support, personalize features, improve reliability, enforce policies, prevent abuse, and comply with law. Processing may also support product analytics, debugging, fraud detection, customer communication, partner management, legal notices, tax and accounting, dispute resolution, security monitoring, and business continuity. The exact purpose depends on the user's relationship with the website and the feature used.

Users should understand that some processing is necessary to operate the service and cannot be disabled without affecting access. flyingdarkdev aims to collect only what is reasonably required for these purposes, but users are responsible for limiting unnecessary personal data in files, prompts, screenshots, and support messages.

10. Sharing with Service Providers

The website may share limited data with service providers that help operate the product, including hosting, database, AI models, analytics, email, support, payment, fraud prevention, monitoring, storage, and security vendors. Providers are expected to process data only for service delivery and under applicable contractual, technical, and operational controls. However, each provider may also have its own legal obligations, infrastructure locations, and security practices. Data shared depends on the feature used and the provider involved.

Users should review connected providers and avoid submitting content that should not be processed by third-party systems. flyingdarkdev is not responsible for user-initiated sharing with external websites, public links, integrations, or third-party accounts outside its control.

12. Data Retention

Personal data is retained only for as long as reasonably necessary for product operation, account management, support, legal compliance, tax, accounting, security, backups, audit, dispute resolution, and legitimate business needs. Different data types may have different retention periods. For example, account records may remain while the account is active, billing records may be retained for statutory periods, security logs may be retained for investigation windows, and deleted content may remain in backups until backup cycles expire.

Users may request deletion where available, but deletion may not be immediate for all systems. Certain records may be retained even after account closure where required or permitted for legal, accounting, fraud-prevention, security, or dispute purposes.

13. Security Measures

The website uses reasonable technical and organizational measures such as access controls, session controls, secure hosting practices, encryption in transit where supported, backups, logging, internal restrictions, and monitoring. No online system can guarantee absolute security. Risks may arise from user devices, weak passwords, browser extensions, phishing, malware, shared accounts, third-party providers, misconfigured integrations, or network attacks. Security is a shared responsibility between the website, providers, and users.

Users should use strong passwords, protect email accounts, avoid sharing OTPs, review connected providers, and report suspicious access quickly. flyingdarkdev may force logout, reset credentials, restrict features, or preserve records when suspicious activity or account compromise is suspected.

14. International Transfers

Data may be processed in India and other countries where service providers, AI providers, payment processors, hosting vendors, analytics tools, or infrastructure partners operate. International processing may be necessary because cloud services, AI models, and payment systems often run across multiple regions. Where required, contractual, technical, or operational safeguards may be used to protect data. Availability of specific regions may depend on the user's plan and provider settings.

Users with strict data residency obligations should confirm whether the selected features and providers match their requirements before uploading regulated content. flyingdarkdev cannot guarantee that every third-party provider will process data only in India unless a specific written arrangement says so.

15. User Rights

Depending on applicable law, users may request access, correction, deletion, grievance review, consent withdrawal, information about processing, or other rights available under Indian data protection requirements and other applicable rules. The business may ask for identity verification before responding, especially where a request affects account access, billing records, legal records, another user's data, workspace content, or security logs. Some requests may be denied or limited where law allows retention or where compliance would harm security or other users.

Users should send privacy requests from the registered email whenever possible. Privacy and data rights requests can be sent to grievance@urmate.tech with the account email, request type, and enough information to process the request safely.

16. Children and Institutional Use

Urmate is not designed for unsupervised use by children below the age required by applicable law. If a school, parent, guardian, coaching institute, employer, or organization uses the service with younger users, that responsible party should obtain necessary permissions, configure safe usage, supervise content, and ensure that uploaded material is appropriate. The platform may not be able to independently verify every user's age.

If a parent or guardian believes a child has submitted personal data without proper permission, they should contact support. flyingdarkdev may delete or restrict accounts where underage use, unsafe content, or lack of required consent is reasonably suspected.

17. Changes to Privacy Practices

This Privacy Policy may be updated when the product changes, providers change, law changes, security practices improve, or business processes are revised. The Last Updated date will indicate the latest version. Material changes may be announced in the product, by email, or through website notice where practical. Continued use after an update may mean the user accepts the changed policy where applicable law allows.

Users should review the policy periodically, especially before submitting sensitive content or connecting third-party providers. Older versions may be preserved internally for compliance and dispute history, but the latest published policy controls future use unless a separate written agreement states otherwise.

18. Contact for Privacy Matters

For privacy requests, data questions, account deletion, consent withdrawal, or grievance review, contact grievance@urmate.tech. Include the registered email, request type, country, and enough detail for verification.

These policies are provided for general business transparency and user information. They should be reviewed by a qualified legal professional before production use.

Useful official resources

These are external official resources. Urmate is not responsible for their content, process, uptime, or availability.