Privacy Policy

Updated: 2026-06-19

1. General provisions and data controller

This privacy policy sets out how personal data is processed when using the uvis.pro website and the UVIS accounting and CRM system (the System).

Data controller:

MB „Didysis Uvis"
Legal entity code: 306171356
Address: Giraičių k. 2-5, Molėtų r., Lithuania
Email: info@uvis.pro

2. What data we process

  • Account and company data: name, surname, email, company name, code, company type, password hash.
  • Usage and technical data: IP address, browser information, login and activity logs (audit log) – for security and operation of the Service.
  • Accounting content: data you enter into the System – invoices, bank transactions, documents. This content may contain personal data of your clients, partners or employees that you provide.
  • Payment data: when choosing a paid plan – via the payment provider (Stripe). We do not store full payment card details.
  • Communication data: your messages and enquiries.

3. Controller and processor roles

For your account data and website visitors' data we act as the data controller. For third-party personal data (your clients, employees) contained in the accounting content, you are the data controller and we are the data processor, processing data on your instructions. The terms of such processing are set out in the Data Processing Agreement (DPA).

4. Purposes and legal bases

  • Provision of the Service (account management, accounting functions) – performance of a contract (GDPR Art. 6(1)(b)).
  • Payment administration and accounting – performance of a contract and legal obligation (Art. 6(1)(b) and (c)).
  • Security, fraud prevention, service improvement – legitimate interest (Art. 6(1)(f)).
  • Compliance with legal obligations – legal obligation (Art. 6(1)(c)).
  • Direct marketing (if any) – your consent (Art. 6(1)(a)).

5. Processors and recipients

To provide the Service we use trusted processors that process data only on our instructions:

  • Stripe – payment processing (when choosing a paid plan).
  • Google – optional, if you sign in with Google or connect Google Sheets / Drive (for an accounting copy) and for sending emails.
  • Anthropic – provision of AI functions (only when AI / the Pro plan is active; only the content related to a specific AI request is processed).
  • Server / hosting provider – for the operation of the System.

Data may also be provided to competent authorities (e.g. the tax authority, social security) where required by law or where you submit reports yourself.

6. Transfers outside the EEA

Some processors (e.g. Anthropic, and in certain cases Stripe or Google) may process data outside the European Economic Area (EEA), including in the USA. In such cases the transfer is based on appropriate safeguards – the European Commission's Standard Contractual Clauses (SCC) or adequacy decisions.

7. Retention periods

  • Account data is retained while the account is active and for a reasonable period after its closure.
  • Retention periods for accounting documents are set by law (accounting documents – generally up to 10 years); the Client, as controller, is responsible for compliance with these periods.
  • Logs (audit log) and technical data are retained for a reasonable period for security purposes.

8. Data security

We apply technical and organisational measures: each client's data is isolated in a separate database schema (multi-tenant isolation), sensitive keys are encrypted, passwords are stored only as cryptographic hashes, the connection is secured with HTTPS, and backups are made. No measure guarantees absolute protection, so please keep your login credentials safe.

9. Cookies

The System uses essential cookies (for session and security, e.g. CSRF protection). The website may use statistics / marketing cookies (e.g. Google Analytics). You can decline cookies in your browser settings.

10. Your rights

You have the right to access your data, to rectify, erase, restrict or object to its processing, the right to data portability, and the right to withdraw consent. You can export your accounting data at any time using the System's export tools. To exercise your rights, contact info@uvis.pro. You also have the right to lodge a complaint with the State Data Protection Inspectorate (VDAI, vdai.lrv.lt).

11. Changes to this policy

We may update this policy. We will notify you of material changes on the website or in the System. The update date is shown at the top of the document.

12. Contact

For questions about the privacy policy, contact:

Email: info@uvis.pro
Website: www.uvis.pro