Privacy Policy

Account Information: When you register, we collect your name, email address, and password (stored as a secure hash).

Order Data: When you place an order, we collect billing details, product choices, and payment confirmation references (we never store full card numbers).

Usage Data: We collect anonymized logs of pages visited, features used, and error reports to improve the service.

Communications: If you contact us via the contact form or email, we retain those messages to respond and improve support.

Cookies: We use essential cookies for authentication and optional analytics cookies (with your consent) to understand site usage.

To deliver and manage the services you purchase (domains, hosting, gaming top-ups, AI tools, courses).

To send transactional emails: order confirmations, service provisioning updates, renewal reminders.

To respond to your support requests and contact-form submissions.

To detect and prevent fraud, abuse, or unauthorized access.

To comply with applicable laws and regulations.

To send newsletter or promotional emails — only if you have subscribed and only with your explicit consent.

Contract: Processing is necessary to fulfil a contract you have entered with us (e.g., purchasing a service).

Consent: For marketing emails and non-essential analytics cookies, we rely on your explicit consent, which you may withdraw at any time.

Legitimate Interests: For security logging and fraud prevention, we rely on our legitimate interests to protect users and the platform.

Legal Obligation: When required by law (e.g., tax records, fraud investigations).

We do not sell, rent, or trade your personal data to third parties.

Payment Processors: eSewa, Khalti, Fonepay, and Stripe receive only the order amount and reference ID necessary to process payments; they operate under their own privacy policies.

Email Service: We use Resend to deliver transactional emails; messages pass through their servers.

Domain Registrars: When you register a domain, WHOIS-required contact details are shared with DomainNameAPI (our registrar partner) and published in public WHOIS records unless you enable WHOIS privacy.

Hosting Providers: For VPS orders, server creation requests (without your personal PII) are sent to Hetzner or Vultr.

Analytics: Anonymized, aggregated usage statistics may be shared with analytics partners; no personally identifiable data is included.

Account data is retained while your account is active and for 3 years after closure, unless you request deletion.

Order and invoice records are retained for 7 years to comply with tax regulations.

Support correspondence is retained for 2 years.

Marketing consent records are retained until you withdraw consent, plus 1 year.

Access: Request a copy of the personal data we hold about you.

Rectification: Ask us to correct inaccurate or incomplete data.

Erasure: Request deletion of your data (subject to legal retention obligations).

Portability: Receive your data in a machine-readable format.

Objection: Object to processing based on legitimate interests.

Withdraw Consent: Unsubscribe from marketing emails at any time via the unsubscribe link or by emailing info@caiunity.com.

To exercise any of these rights, email info@caiunity.com with the subject line "Privacy Request".

All data is transmitted over HTTPS (TLS 1.2+).

Passwords are hashed using bcrypt with a cost factor of 12.

Sensitive fields (payment keys, 2FA secrets) are encrypted at rest using AES-256-GCM.

We support two-factor authentication (TOTP) for all accounts.

Access to production data is restricted to authorised staff only.

Our infrastructure is hosted primarily in the EU/US via Neon (database) and Vercel (application). By using our services, you acknowledge that your data may be processed outside your country of residence.

Where we transfer data outside Nepal or the EEA, we apply appropriate safeguards (Standard Contractual Clauses or equivalent).

Our services are not directed to persons under 18 years of age. We do not knowingly collect personal data from minors. If you become aware that a child has provided us with personal data, please contact info@caiunity.com.

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email at least 30 days before they take effect.

Continued use of the platform after the effective date constitutes acceptance of the updated policy.

This policy was last updated: May 2026.

Data Controller: CAI Global Solutions

Email: info@caiunity.com

Website: caiunity.com