uetr.ai

Privacy Policy

Last updated: 23 May 2026

This policy explains what data uetr.ai (the "Service") collects, how it is used, and your rights. The Service is operated by Sempre Relevante - Unipessoal Lda, a private limited company incorporated in Portugal (the "Seller", "we", "us"), trading as uetr.ai. For privacy enquiries contact privacy@uetr.ai.

0. Controller

Sempre Relevante - Unipessoal Lda, trading as uetr.ai, acts as the data controllerfor personal data processed through the Service and decides the purposes and means of that processing. For payments, Stripe (Stripe Payments Europe, Limited and its affiliates) acts as merchant of record and as an independent data controller for billing and fraud-prevention data — see Stripe's privacy policy. See also our merchant-of-record disclosure.

1. Data we collect

  • Tracking input: UETR, payment amount, currency, payment date, optional sender / beneficiary BIC and reference.
  • Contact: email address (required to send status alerts and account communications).
  • Account: if you sign in, your authentication identifier and basic profile.
  • Billing: processed by our payment processor (Stripe); we receive transaction metadata but not full card details.
  • Technical: standard request logs (IP, user agent, timestamps) for security and abuse prevention.

2. How we use it

  • To query supported transfer-status sources for the UETR and payment details you provide and present available results to you.
  • To send transactional emails (status changes, account, billing).
  • To operate, secure and improve the Service.
  • To meet legal, accounting and regulatory obligations.

2a. Legal basis for processing

  • Performance of a contract (GDPR Art. 6(1)(b)) — to provide the Service you have requested: looking up the UETR, running monitoring, sending status emails, providing access to your account.
  • Legitimate interests (GDPR Art. 6(1)(f)) — securing the Service, preventing abuse and fraud, keeping minimal request logs, and improving the product. We balance this against your rights and only process what is necessary.
  • Legal obligation (GDPR Art. 6(1)(c)) — to keep accounting records and respond to lawful requests from authorities.
  • Consent (GDPR Art. 6(1)(a)) — where you opt in to optional communications. You may withdraw consent at any time.

3. What we do not do

  • We do not sell your personal data.
  • We do not share UETRs or transfer details with third parties for their own marketing or advertising. To perform the lookup you request, we may submit the UETR and related lookup details you provide to supported publicly available tracker endpoints.

4. Storage and retention

Data is stored on Lovable Cloud infrastructure (hosted on Supabase / Cloudflare). Concrete retention schedule:

  • Tracking requests & events — 24 months after last activity.
  • Consent log — 5 years (GDPR Art. 7 proof obligation).
  • Account & authentication logs — 12 months.
  • Suppressed-email list — retained indefinitely to honour unsubscribes.
  • Billing data — held by Stripe under its own retention policy.
  • Accounting records — 10 years where required by Portuguese tax law.

You may request earlier deletion at any time, subject to legal-retention obligations.

4a. Recipients and sub-processors

We share personal data only with the categories of recipients listed below, strictly to operate the Service:

  • Hosting and database — Supabase (database, auth) and Cloudflare (edge runtime, CDN).
  • Payment processor / merchant of record — Stripe Payments Europe, Limited and its affiliates (checkout, card processing, tax calculation and remittance where supported, invoicing, fraud screening, transaction support, dispute resolution).
  • Transactional email — our email delivery provider, used to send account, status-alert and billing emails.
  • Supported tracker sources — publicly available bank or payment-status tracker endpoints queried only to provide the lookup or monitoring you requested.
  • Authorities — where we are required to disclose by law, court order or to respond to a lawful request from a competent authority.

We do not share personal data with advertisers or data brokers.

5. Your rights

Subject to applicable law (including GDPR and UK GDPR where relevant) you may request access, correction, deletion, portability, restriction, or object to processing of your personal data, and you may withdraw consent at any time, by emailing privacy@uetr.ai. We respond within one month of receiving a valid request unless applicable law permits an extension. You also have the right to lodge a complaint with your local data-protection supervisory authority. In Portugal that is the Comissão Nacional de Proteção de Dados (CNPD) www.cnpd.pt.

5c. Automated decision-making

We do not carry out automated decision-making producing legal or similarly significant effects on you (GDPR Art. 22).

5d. Children

The Service is not directed at, and we do not knowingly collect personal data from, children under 16.

5a. International transfers

Our infrastructure providers may process data outside your country, including in the EEA, the UK and the United States. Where data leaves the UK/EEA we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum.

5b. Security

We apply appropriate technical and organisational measures to protect personal data, including encryption in transit (HTTPS), access controls, audit logging, and row-level security on our database. No method of transmission or storage is 100% secure; if you believe your account has been compromised, contact us immediately at privacy@uetr.ai.

6. Cookies

We use strictly necessary cookies plus, with your consent, analytics and marketing cookies. See our Cookie Policy for the full list and to change your preferences.

7. Contact

Sempre Relevante - Unipessoal Lda, trading as uetr.ai — privacy@uetr.ai