Last updated: January 20, 2026 This Privacy Policy explains how Oglofus Ltd (Company No. 14840351), trading as Uploft ("Uploft", "we", "us", or "our"), collects, uses, and shares information when you use the Uploft service (the "Service").

1. Scope

This policy applies to the Uploft website, app, and related APIs. It does not cover third-party services you connect to Uploft.

2. Information We Collect

We collect the following categories of information based on how the Service is used:

A. Account and Profile Information

• Name (given and family name)

• Email addresses (primary and additional emails)

• Profile image (including images derived from Gravatar)

• Account role and status

• Newsletter preference

• Figma SSO profile data when you sign in with Figma (for example Figma user ID, handle, and profile image URL)

B. Organization and Membership Data

• Organization name, slug, and logo

• Membership roles and relationships

• Organization status and configuration metadata

• Points balance and points ledger entries (including reasons and actors)

C. Authentication and Security Data

• Session tokens and verification tokens

• Login and registration verification codes

• Request metadata stored in logs (for example headers such as user agent)

D. Design and Artwork Content

• Uploaded images and stored assets

• Figma file keys, frame IDs, and node data used to render designs

• Artwork layers, hotspot geometry, link URLs, and alt text

• Exported HTML and image URLs

E. Integration Data

• OAuth access tokens, refresh tokens, scopes, and expiry timestamps

• Integration metadata such as account IDs, server prefixes, and connected-by identifiers

F. Analytics and Event Data

• Hotspot click events, including target URL, user agent, referer, and timestamp

• System and audit logs for account and organization actions

3. How We Use Information

We use information to:

• Create and manage accounts and organizations

• Authenticate users and secure sessions

• Provide design processing, exports, and hotspot functionality

• Sync data with third-party integrations you connect

• Provide usage tracking and analytics

• Communicate service emails such as verification and onboarding messages

• Maintain, debug, and improve the Service

4. Cookies and Similar Technologies

We use cookies to maintain sessions and verify login or registration flows. Examples include session and verification cookies used to sign you in and complete verification steps.

5. Sharing and Disclosure

We share information only as needed to provide the Service:

• Service providers (for example, hosting, storage, email delivery)

• Third-party integrations you connect (for example, Figma, Mailchimp, Klaviyo)

• Other members of your organization (profile info and workspace content)

• Legal or compliance requirements when required by law

Service Providers

Uploft uses infrastructure providers to host the Service, store files, and deliver email. Examples include Cloudflare (hosting, D1, KV, and R2 storage), Resend (transactional email delivery), and Gravatar (profile image rendering). These providers may process data on our behalf under contractual safeguards.

6. Legal Bases (UK/EEA)

Where applicable, we process personal data based on:

• Contract performance (to provide the Service)

• Legitimate interests (security, fraud prevention, service improvement)

• Consent (for optional marketing communications)

• Legal obligations (where required)

7. Data Retention

We retain data while your account is active and as needed to provide the Service. Some records have short retention windows, for example:

• Verification tokens expire after about 10 minutes

• Session tokens expire after about 15 days unless renewed

• OAuth state records expire after about 10 minutes

You can request account deletion, which will remove or anonymize personal data where feasible.

8. International Transfers

Our providers may process data in countries outside your own. We rely on appropriate safeguards when transferring data internationally.

9. Your Rights and Choices

Depending on your location, you may have rights to access, correct, export, or delete your personal data, and to object to certain processing. You can also opt out of marketing communications at any time.

10. Security

We implement reasonable technical and organizational measures to protect data. No system is completely secure, and you use the Service at your own risk.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date when changes are made.

12. Contact

For privacy questions or requests:

Oglofus Ltd (trading as Uploft)
25 Easten Terrace, Wallsend, NE28 0JW, UK
Email: info@oglofus.com