Privacy Policy
Last updated: 2026-07-08
This Privacy Policy describes how uCinema, LLC ("uCinema," "we," "us," or "our"), a limited liability company organized under the laws of Puerto Rico, United States, collects, uses, shares, and protects personal information in connection with the uCinema platform, available at ucinema.com and app.ucinema.com (the "Platform").
uCinema is a multi-tenant software-as-a-service (SaaS) platform that allows businesses ("Merchants" or "Tenants") to create and operate online stores, accept payments, manage shipping, communicate with their customers over WhatsApp, and publish organic content and paid advertising on Meta (Facebook and Instagram), Google, and TikTok.
If you have questions about this policy or how we handle your data, contact us at support@ucinema.com or by mail at uCinema, LLC, Bo. Llanos Adentro Carr. 725 km 2.9, Aibonito, PR 00705, Puerto Rico.
1. Who this policy covers
This policy applies to:
- Visitors of ucinema.com and our marketing pages.
- Prospective Merchants who request a demo store or contact us.
- Merchants who create an account and operate a store on the Platform.
- End Customers of Merchants, whose data we process on behalf of the Merchant when they browse a Merchant's store, place an order, or message the Merchant on WhatsApp.
For End Customer data, the Merchant is the data controller and uCinema acts as a processor/service provider that processes data according to the Merchant's instructions and this policy.
2. Information we collect
2.1 Information you provide directly
- Account and demo requests: name, email address, phone number, business name, business categories, style and color preferences, and any other details you submit in our forms.
- Merchant account data: login credentials, store configuration, legal business information, support contact details, and billing information.
- Support communications: messages, attachments, and contact details you send to support@ucinema.com or through our support channels.
2.2 Information collected when operating a store
- Store content: products, images, videos, prices, categories, pages, and policies created by the Merchant.
- Orders and End Customer data: names, email addresses, phone numbers, shipping addresses, order contents, order customizations, and delivery preferences of a Merchant's End Customers.
- Payment data: payments are processed by Stripe and/or ATH Móvil (Evertec). We do not store full card numbers or bank credentials. We receive limited transaction metadata (amounts, status, last four digits, payment method type) needed to display orders and provide support.
- Shipping data: recipient names, addresses, parcel details, and tracking numbers shared with our shipping label provider (Shippo) to purchase and print labels.
2.3 Information from connected third-party accounts
When a Merchant connects third-party accounts to the Platform, we receive and store data authorized through each provider's OAuth or connection flow:
- Meta (Facebook, Instagram, WhatsApp Business): access tokens; Page and Instagram account identifiers and names; WhatsApp Business Account (WABA) identifiers and phone numbers; content published through the Platform; message threads between the Merchant and its End Customers on WhatsApp (including media attachments); ad account identifiers, campaign settings, and performance metrics (impressions, clicks, spend, conversions).
- Google Ads: OAuth access and refresh tokens, customer account identifiers, campaign settings created through the Platform, and reporting metrics. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. We do not sell Google user data, and we do not use it for purposes unrelated to providing and improving the advertising features the Merchant requested.
- TikTok: OAuth tokens, advertiser and account identifiers, content published through the Platform, and ad performance metrics.
- Stripe: connected account identifiers and onboarding status for Stripe Connect.
- Shippo: API credentials or connected account identifiers configured by the Merchant.
OAuth access tokens and refresh tokens are stored encrypted and are used solely to perform the actions the Merchant has requested (for example, publishing a post, creating an ad campaign, sending a WhatsApp message, or fetching performance reports).
2.4 Information collected automatically
- Usage and device data: IP address, browser type, operating system, referring pages, pages viewed, and timestamps.
- Cookies and similar technologies: we use strictly necessary cookies (session, security, language preference) and, on our marketing pages, advertising measurement cookies such as the Meta Pixel to measure the performance of our own ad campaigns. Merchants may enable analytics or pixels on their own stores, for which the Merchant is responsible.
3. How we use information
We use the information described above to:
- Provide, operate, secure, and maintain the Platform.
- Create and deliver demo stores and onboard new Merchants.
- Process subscriptions, activation fees, and renewals.
- Enable Merchant-requested actions on connected platforms: publishing organic posts, creating and managing ad campaigns, retrieving performance reports, and sending or receiving WhatsApp messages.
- Power the AI sales assistant: incoming WhatsApp messages from End Customers may be processed by AI language-model providers to generate suggested or automated replies on behalf of the Merchant. AI outputs are also used for ad copy suggestions and campaign optimization when the Merchant uses the Marketing Hub.
- Provide customer support and respond to inquiries.
- Send transactional notifications (order confirmations, escalation alerts, billing notices).
- Monitor for fraud, abuse, and violations of our Terms of Service.
- Comply with legal obligations.
We do not use data obtained from Meta, Google, or TikTok APIs to build advertising profiles unrelated to the Merchant's own accounts, and we do not sell such data.
4. How we share information
We share personal information only as described below:
- Service providers (subprocessors): hosting and infrastructure (including Cloudflare and our cloud hosting providers), payment processing (Stripe; ATH Móvil/Evertec), shipping labels (Shippo), email delivery (transactional email providers such as Resend), WhatsApp message transport (Meta WhatsApp Cloud API and/or authorized business solution providers), social publishing infrastructure, and AI language-model providers used for the sales assistant and marketing copy. Each provider is bound by contractual obligations to protect data and use it only to provide services to us.
- Connected platforms at the Merchant's direction: when a Merchant publishes content or creates ads, the relevant data is sent to Meta, Google, or TikTok under those platforms' own terms and privacy policies.
- Between Merchant and End Customer: order and messaging data is shared with the relevant Merchant, who is responsible for its own privacy practices.
- Legal requirements: when required by law, subpoena, or court order, or to protect the rights, safety, or property of uCinema, our Merchants, or the public.
- Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this policy.
We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.
5. Tenant isolation
The Platform is multi-tenant. Each Merchant's data — products, orders, End Customer records, OAuth tokens, message threads, and ad data — is logically segregated by tenant identifier and is not accessible to other Merchants.
6. Data retention
- Account and billing records are retained for as long as the account is active and as required for tax, accounting, and legal purposes (typically up to 7 years for financial records).
- OAuth tokens are retained until the Merchant disconnects the integration, the token expires, or the account is closed, at which point they are deleted or invalidated.
- WhatsApp message threads and media are retained while the Merchant account is active, to provide conversation history, and are deleted upon verified deletion request or account closure, subject to legal holds.
- Demo request data is retained for up to 24 months from the last interaction, then deleted or anonymized.
- Backups are purged on a rolling basis within 90 days of data deletion.
7. Security
We use industry-standard measures to protect data, including encryption in transit (TLS), encryption of stored credentials and OAuth tokens, role-based access controls, tenant-level data segregation, and logging of administrative access. No system is perfectly secure; we will notify affected parties of a data breach as required by applicable law.
8. Your rights
Depending on your location, you may have rights under laws such as the EU/UK General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA/CPRA), including the right to access, correct, delete, restrict, or port your personal information, the right to object to certain processing, and the right not to be discriminated against for exercising these rights.
- Merchants and visitors: contact support@ucinema.com to exercise these rights. We will verify your identity and respond within the timeframe required by applicable law (generally 30 days, or 45 days under CCPA).
- End Customers: because your data is controlled by the Merchant you purchased from or messaged, please contact that Merchant first. If you contact us, we will forward your request to the Merchant and assist them in fulfilling it.
You can also disconnect any third-party integration at any time from the Platform dashboard, which stops further data collection from that provider, and revoke uCinema's access directly in your Facebook, Google, or TikTok account security settings. See our Data Deletion page for step-by-step instructions.
9. International transfers
We are based in Puerto Rico, United States, and process data in the United States. If you access the Platform from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction. Where required, we rely on appropriate safeguards such as standard contractual clauses.
10. Children
The Platform is a business tool and is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact support@ucinema.com and we will delete it.
11. Changes to this policy
We may update this policy from time to time. We will post the updated version on this page with a revised "last updated" date and, for material changes, notify Merchants by email or in-app notice before the changes take effect.
12. Contact
uCinema, LLC Bo. Llanos Adentro Carr. 725 km 2.9, Aibonito, PR 00705, Puerto Rico Email: support@ucinema.com