Privacy Policy
Effective Date: 27.04.2026
1. Introduction
1.1 ultimitai.com respects the privacy of its users and is committed to protecting their personal information. This Privacy Policy is regulated by and governed in accordance with the laws of the UK and explains how we collect, use, store, and disclose data when users access or interact with our website, https://ultimitai.com/.
1.2 By using our services, users consent to the collection and processing of their information in accordance with this Privacy Policy.
2. Information We Collect
2.1 When users register an account, we collect personal details such as name, email address, and payment information to facilitate account creation and transactions.
2.2 We collect information on user activity, including usage data, preferences, and interactions with our AI tools, to improve our services and enhance user experience.
2.3 Payment transactions are processed by third-party providers, and ultimitai.com does not store financial details such as credit card numbers.
2.4 We may collect cookies and similar tracking technologies to monitor website performance, user preferences, and engagement.
3. How We Use Information
3.1 The information we collect is used to provide, manage, and improve our services, including AI-generated content creation and customer support.
3.2 We use collected data to communicate with users regarding account updates, promotional offers, and security notices.
3.3 Analytics and tracking data help us enhance platform functionality and optimize user experience.
3.4 User-generated content may be used for promotional or operational purposes, provided users have not opted out.
4. Data Sharing and Disclosure
4.1 We do not sell or rent user data to third parties. However, we may share necessary information with trusted service providers for payment processing, customer support, and technical maintenance.
4.2 Data may be disclosed if required by law or to protect the rights, property, or safety of Ultimit AI, its users, or others.
4.3 If Ultimit AI undergoes a merger, acquisition, or asset sale, user data may be transferred to a successor entity, subject to the same privacy commitments.
5. General Data Protection Regulation (GDPR) and UK GDPR
We are committed to ensuring that your personal information is protected and processed in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the UK GDPR (as incorporated into UK law under the Data Protection Act 2018). This includes:
- Collecting and processing data lawfully, fairly, and transparently.
- Limiting data collection to what is necessary for our specified purposes.
- Allowing users to access, correct, delete, or restrict the use of their data.
- Storing personal data securely and taking appropriate measures to prevent unauthorized access.
- Ensuring that data is retained only for as long as necessary to fulfill the purposes for which it was collected.
If you are located in the European Economic Area (EEA) or the United Kingdom, you have specific rights under GDPR or UK GDPR, respectively. These include:
- The right to access your personal data
- The right to data portability
- The right to erasure (“right to be forgotten”)
- The right to restrict or object to certain processing activities
To exercise any of these rights, please contact us at [email protected].
Strong Customer Authentication (SCA) and Payment Services Directive (PSD2 / UK PSD Regulations)
In compliance with the Revised Payment Services Directive (PSD2) in the EEA and the UK Payment Services Regulations 2017 (as amended), including Strong Customer Authentication (SCA) requirements, we ensure that all electronic payments processed through our platform meet applicable security standards.
Where required, we implement multi-factor authentication to verify the identity of users during the payment process. This may include:
- Something the customer knows (e.g., a password or PIN),
- Something the customer has (e.g., a mobile device or hardware token),
- Something the customer is (e.g., fingerprint or facial recognition).
We work with payment providers that comply with applicable EEA and UK regulatory requirements, ensuring secure and authenticated transactions for customers in both regions.
6. International Data Transfers
6.1 Ultimit AI is based in the United Kingdom. Your personal data may be processed in the UK, EEA, and transferred to countries outside the EEA/UK, including the United States, where our infrastructure, payment, analytics, and AI service providers (such as OpenAI and other subprocessors) operate.
6.2 Where required by GDPR or UK GDPR, we implement appropriate safeguards for cross-border transfers, which may include Standard Contractual Clauses (SCCs) approved by the European Commission, the UK International Data Transfer Agreement (IDTA) or UK Addendum, adequacy decisions, or other lawful transfer mechanisms.
6.3 You may request further information about transfers and safeguards by contacting [email protected].
7. Data Security
5.1 We implement industry-standard security measures to protect user information from unauthorized access, loss, or misuse.
5.2 While we strive to safeguard data, no online service is entirely secure, and users are encouraged to maintain strong passwords and protect their account credentials.
8. User Rights and Choices
6.1 Users have the right to access, update, or delete their personal data by contacting us at [email protected].
6.2 Users can manage cookie preferences through browser settings and opt-out of marketing communications at any time.
6.3 Requests for data deletion or modification will be processed in accordance with applicable data protection laws.
9. Retention of Data
9.1 Account and profile data is retained while your account is active and for up to three (3) years after closure where needed for legal, tax, fraud-prevention, or dispute-resolution purposes.
9.2 Prompts, uploads, and inputs are transmitted to AI providers to perform your request. They are not used by Ultimit AI to train our own models. Third-party providers may retain data according to their policies and our agreements with them.
9.3 Generated content (text, images, logos, audio) is stored temporarily so you can download and use it. Unless you delete it sooner or we must retain it for legal compliance, generated files are typically deleted within 30 days of creation. We do not guarantee indefinite storage or later retrieval of past generations.
9.4 Payment and transaction records are kept as required by accounting and payment regulations.
9.5 When retention periods end, data is securely deleted or anonymized.
10. Third-Party Links and Services
8.1 Our website may contain links to third-party services or external platforms. We are not responsible for their privacy practices and encourage users to review their policies before interacting with them.
11. Changes to This Privacy Policy
9.1 We may update this Privacy Policy periodically. Users will be notified of significant changes, and continued use of the platform after modifications constitutes acceptance of the updated policy.
12. Governing Law
10.1 This Privacy Policy is governed by the laws of the United Kingdom. Any disputes arising in connection with this policy shall be resolved in the appropriate UK courts.
13. Contact Information
11.1 For any privacy-related inquiries, users can contact us at [email protected].
11.2 By using ultimitai.com, users acknowledge that they have read, understood, and agreed to this Privacy Policy.
COSARDEX LTD
Company number 17039153
61 Bridge Street, Kington, United Kingdom, HR5 3DJ