UNDET Privacy Policy
Effective date: 11 May 2026 | Version: 2026.05.11 – Cryptlex legal, security, GDPR/DSA, and DPA update
This Policy replaces prior privacy disclosures to reflect the migration of UNDET licensing from the prior custom licensing system to Cryptlex and the May 2026 Cryptlex legal, security, privacy, and data-processing updates. It is intended to be read together with the applicable UNDET EULA, order terms, reseller terms, support terms, cookie notice, and any signed data processing agreement.
Cryptlex notified customers that its Terms of Service, Privacy Policy, and Data Processing Addendum are updated effective 11 May 2026. Our continued use of Cryptlex for UNDET license activation, validation, entitlement management, device activation, usage metering where enabled, compliance, support, and fraud-prevention functions may therefore be governed by Cryptlex legal and security documents as updated from time to time. For transparency, Cryptlex currently publishes its Terms of Service at https://cryptlex.com/legal/terms-of-service, Privacy Policy at https://cryptlex.com/legal/privacy-policy, Data Processing Addendum at https://cryptlex.com/legal/data-processing-addendum, Trust & Compliance Center at https://trust.cryptlex.com/, and subprocessor information at https://trust.cryptlex.com/subprocessors.
Cryptlex represents in its public materials and customer notice that it maintains GDPR compliance commitments, Digital Services Act (DSA) compliance practices where applicable, and ISO/IEC 27001-related information security controls. These vendor commitments support our vendor due-diligence and security program but do not reduce your rights under this Policy, applicable law, or any signed agreement with us.
1. Who We Are and Scope of This Policy
UAB Terra Modus (“Terra Modus”, “UNDET”, “we”, “us”, or “our”) is responsible for the collection and processing of personal data described in this Privacy Policy, except where we act as a processor for a business customer or where another notice states otherwise.
This Privacy Policy explains how we collect, use, disclose, store, and protect personal data when you visit our websites, communicate with us, download a trial, purchase or renew a license, use UNDET Point Cloud or related software, activate or validate a license, receive support, interact with our marketing, or otherwise use our products and services.
This Policy applies worldwide. Some sections apply only where specific laws apply, such as the EU General Data Protection Regulation (GDPR), UK GDPR and Data Protection Act 2018, California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and similar privacy laws in other jurisdictions.
The licensing system for UNDET software has been updated. We use Cryptlex as a third-party licensing provider to manage license activation, validation, entitlement status, device activation, usage metering where enabled, compliance, support-related license troubleshooting, fraud prevention, and related license-management functions. Cryptlex may update its legal, security, and operational terms, and our licensing configuration may be adjusted to maintain compatibility, compliance, and security.
This Policy covers www.undet.com and related UNDET/Terra Modus websites, UNDET Point Cloud, related modules and plug-ins, downloads, installers, updates, trials, licensing tools, reseller channels, support portals or workflows, online documentation, webinars, events, customer communications, marketing, and license administration. Separate notices may apply to unrelated Terra Modus services or to third-party services that we do not control.
2. Contact Details and Data Controller
|
Item |
Details |
|
Controller |
UAB Terra Modus |
|
Address |
S. Zukausko st. 17, LT-08234 Vilnius, Lithuania |
|
|
info@undet.com |
|
Phone |
(+370) 652 17180 |
|
Data Protection Officer |
No statutory Data Protection Officer has been appointed as of the effective date. Privacy matters are handled by the data protection contact at info@undet.com. |
|
UK Representative |
No separate UK representative is appointed as of the effective date. UK users may contact Terra Modus directly. If a particular activity legally requires a UK representative, it will be identified in a supplemental notice, contract, or updated policy. |
|
EU Representative |
Not applicable because UAB Terra Modus is established in the European Union. |
|
California privacy request methods |
Email info@undet.com; website contact form at https://www.undet.com/contact-us/; telephone (+370) 652 17180; postal mail to the address above. Sale/share opt-outs may be submitted by cookie preferences, Global Privacy Control where recognized, or email with subject “Do Not Sell or Share”. |
You may contact us using the details above about privacy questions, rights requests, complaints, or concerns about our processing of your personal data.
3. Processing Roles: Company, Customers, and Cryptlex
For most website, sales, support, marketing, license-administration, and software-licensing activities, we determine why and how personal data is processed and act as a controller. When an organization buys licenses for its employees or other users, that organization may also be an independent controller for information it provides to us or makes available to its license administrators.
Cryptlex provides the licensing platform used to manage UNDET licenses. For License Data that we or our customers store in Cryptlex for license activation and management, Cryptlex generally acts as our processor or service provider and processes data to provide licensing services, subject to Cryptlex terms, its Data Processing Addendum, security measures, and subprocessor arrangements. Cryptlex may act as an independent controller for limited information it processes for its own account administration, service operation, legal compliance, security, billing, or similar independent purposes, as described in Cryptlex notices.
The Cryptlex Data Processing Addendum describes Cryptlex as a processor for customer-controlled service data, incorporates EU Standard Contractual Clauses for relevant restricted transfers, describes categories of customer and end-user data processed through the service, states that retention is determined by the data exporter through use of the services, and references the current Cryptlex subprocessor list and Trust & Compliance Center. We review these materials as part of vendor management and may update this Policy if Cryptlex materially changes the processing relevant to UNDET users.
If you use a license issued to an organization, your organization, its license administrators, authorized resellers, or support contacts may be able to see license and activation information relating to your use, such as assigned user, activation status, device information, license status, usage limits, deactivation status, and support interactions.
Business customers may request Terra Modus data processing terms at info@undet.com where Terra Modus processes personal data on their behalf. Authorized customer administrators and authorized resellers may access license-user, activation, entitlement, usage, and support information to manage licenses, support users, process renewals, investigate misuse, and verify compliance.
4. Personal Data We Collect
|
Category |
Examples |
Sources |
|
Identity and contact data |
Name, surname, email address, phone number, company, job title, billing/contact address, country, communication preferences, customer or organization identifiers. |
You, your employer/organization, resellers, partners, public sources, forms, purchases, support, events. |
|
Account, order, and commercial data |
Trial requests, license purchases, renewals, quotes, invoices, license keys, license type, subscription status, maintenance status, product version, entitlement sets, assigned users, organization, reseller, payment status, tax/VAT information. |
You, your organization, resellers, ecommerce/payment providers, CRM, Cryptlex, our records. |
|
Payment data |
Payment method, billing information, transaction identifiers, fraud-prevention information. We do not intentionally store full payment card numbers; card details are handled by payment processors. |
You, payment processors, ecommerce providers, fraud-prevention providers. |
|
Cryptlex license-user data |
First name, last name, email address, organization, license-user identifiers, customer/order identifiers, user metadata, license metadata, role or admin assignments where configured. |
You, your organization, Company administrators, resellers, Cryptlex. |
|
Cryptlex activation and device data |
License key or activation identifiers, activation/deactivation timestamps, activation status, license validity/expiry, product and version, device hostname, operating system, virtual-machine status, IP address, approximate geolocation derived from IP address, hashed device username, hashed device fingerprint generated from hardware components, and other activation metadata configured by us. |
Automatically from the Software, device, license server, Cryptlex, offline activation files. |
|
Usage and metering data |
License check events, feature entitlements, meter-attribute counts, total/gross usage where enabled, launch or feature-use counts, floating-license leases, timestamps, synchronization events, error/status information, and similar data used for entitlement, compliance, analytics, support, or billing. |
Automatically from the Software, LexActivator/LexFloatServer or related licensing components, Cryptlex. |
|
Support and communications data |
Emails, call notes, chat messages, support tickets, diagnostic information, screenshots, logs, crash information, device or environment details, files you choose to provide, and records of our responses. |
You, support tools, resellers, Company personnel, service providers. |
|
Website, cookies, and marketing data |
IP address, browser and device data, pages visited, referring pages, cookie IDs, analytics identifiers, ad identifiers, newsletter engagement, form submissions, event registrations, and remarketing information. |
Your browser/device, cookies and similar technologies, Google advertising/analytics services, MailerLite or other email/CRM providers. |
|
Public and third-party contact data |
Business contact details, company information, professional profile information, and similar data used for sales, support, fraud prevention, or customer relationship management. |
Public sources, partners, resellers, your organization, previous communications. |
|
User content provided voluntarily |
Point-cloud files, drawings, models, project names, file paths, screenshots, logs, or other project data only if you voluntarily provide them for support, training, troubleshooting, consulting, or another stated purpose. |
You or your organization. |
The licensing mechanism is not intended to collect point-cloud project content, drawings, models, scans, or customer files. However, device names, usernames, hostnames, project names, file paths, metadata, or support submissions may contain personal or confidential information. Please avoid including unnecessary sensitive information in such fields or submissions.
The Software and support workflow may process the license, activation, device, user, organization, reseller, entitlement, meter, usage, offline activation, validation, diagnostic, support-ticket, website, cookie, and marketing data described in this Policy. Routine license validation is not intended to collect point-cloud project contents, drawings, models, or scans. Support materials, local logs, device names, usernames, hostnames, file paths, screenshots, and project metadata may nevertheless contain personal or confidential data if you or your organization include it.
5. How We Use Personal Data and Our Legal Bases
|
Purpose |
Examples |
Legal basis where EU/UK GDPR applies |
|
Provide websites, trials, Software, licenses, and services |
Create accounts, process trial requests, deliver downloads, provide license keys, activate/validate licenses, manage subscriptions, provide documentation, and operate customer portals. |
Contract or pre-contractual steps; legitimate interests; legal obligations where applicable. |
|
Cryptlex license activation and compliance |
Validate license authenticity, device activation, entitlement status, expiry, permitted users/devices, floating-license leases, offline activation, deactivation, and license restrictions. |
Contract; legitimate interests in protecting Software, preventing misuse, and enforcing license terms; legal obligations where applicable. |
|
Usage tracking, metering, analytics, and product improvement |
Track license usage, meter attributes, feature entitlements, launch or feature counts where enabled, product/version trends, license utilization, support needs, and product performance. |
Legitimate interests; contract where metering is part of license or billing; consent or opt-out where required for optional analytics or marketing-related tracking. |
|
Fraud, abuse, security, and legal enforcement |
Detect piracy, overuse, credential or license-key misuse, suspicious activations, payment fraud, security incidents, and violations of our terms or law. |
Legitimate interests; legal claims; legal obligations; recognised legitimate interests under UK law only where a specified condition applies and is documented. |
|
Orders, billing, tax, and administration |
Process purchases, renewals, payments, invoices, refunds, taxes, accounting, collections, and customer records. |
Contract; legal obligations; legitimate interests. |
|
Support and troubleshooting |
Respond to inquiries, diagnose issues, review logs or screenshots you provide, fix errors, and communicate about product or licensing issues. |
Contract; legitimate interests; consent where required for optional support files. |
|
Marketing and customer communications |
Send newsletters, offers, product updates, event invitations, renewal reminders, and customer communications; manage preferences and suppression lists. |
Consent where required; legitimate interests for business-to-business communications where permitted; contract/legal obligation for service notices. |
|
Website analytics, cookies, and advertising |
Operate websites, remember preferences, measure traffic, improve pages, and deliver or measure interest-based advertising or remarketing. |
Consent for non-essential cookies/advertising where required; legitimate interests for security and essential functionality. |
|
Compliance with law and rights requests |
Maintain required records, respond to legal process, comply with sanctions/export rules, respond to privacy requests and complaints, and protect legal rights. |
Legal obligations; legitimate interests; legal claims. |
Where we rely on legitimate interests, we balance our interests against your rights and freedoms. You may object to processing based on legitimate interests where applicable. Where we rely on consent, you may withdraw consent at any time without affecting processing that occurred before withdrawal.
The lawful bases in the table below are selected for the current licensing and support model. Required license activation and validation are processed mainly for contract performance and legitimate interests in protecting the Software and enforcing license terms. Non-essential cookies, advertising, remarketing, and optional marketing are handled through consent or opt-out mechanisms where required by law. Direct marketing is subject to applicable electronic communications rules and unsubscribe rights.
6. Cryptlex Licensing: Data Use and Transparency
Cryptlex is used to provide license-management services for UNDET software. When you activate or use a license, the Software may communicate with Cryptlex and our systems to create or update license records, activation records, user records, organization records, reseller records, entitlement records, meter-attribute records, audit logs, or similar licensing records.
License Data may be used to determine whether the Software may run, which features are available, whether a trial or subscription has expired, whether a license is assigned to the correct user or organization, whether device or concurrent-use limits are exceeded, and whether suspicious or unauthorized use has occurred.
Cryptlex licensing may create a device fingerprint and may collect device details such as hostname, operating system, virtual-machine status, IP address, approximate geolocation, hashed username, and hashed hardware fingerprint generated from hardware components. Hashing helps reduce direct identifiability but does not necessarily remove privacy-law protections.
If usage metering is configured, the Software may update meter attributes or other usage counters, such as allowed uses, current uses, lifetime/gross uses, feature usage, launch counts, or consumption metrics. These metrics are used for entitlement management, compliance, billing where applicable, analytics, and support.
If you are an end user of an enterprise, academic, reseller-managed, or organization-managed license, your license administrator, organization administrator, or reseller may be able to view certain License Data to manage licenses and support users.
Automated license checks may permit, restrict, suspend, or deny Software access based on license status, activation limits, subscription status, payment status, fraud indicators, or compliance rules. You may contact us for human review if you believe a license decision is incorrect.
Activation and validation metadata may include license key or activation identifiers, product and version, activation/deactivation timestamps, license validity and expiry, entitlement set, meter attributes, device hostname, operating system, virtual-machine status, IP address, approximate IP-derived geolocation, hashed device username, hashed hardware/device fingerprint generated from hardware components, offline activation request/response data, and other license metadata configured for the license. The Software is not configured to intentionally collect project files or point-cloud contents through routine license checks.
Cryptlex’s May 2026 legal materials state that customer end-user data processed through Cryptlex services may include end-user identifiers, names or email addresses, license and activation details, device identifiers or hashed fingerprints, hostnames, operating system information, IP addresses, approximate IP-derived location, and license usage event logs. The exact data processed depends on our license configuration, your organization’s configuration, and the activation or validation method used.
Cryptlex’s Terms of Service and DSA-related provisions may apply to content, files, reports, links, or other materials transmitted through Cryptlex services or support workflows. Routine UNDET license validation is not intended to host or distribute user-generated project content; however, if files, messages, logs, links, screenshots, or other submissions are provided to us, Cryptlex, resellers, or service providers, they must not contain unlawful, infringing, malicious, or harmful content. We and our service providers may remove, restrict, report, preserve, or disclose such materials and related data where required by law, official order, DSA obligations, security obligations, or service-provider terms.
7. Cookies, Analytics, Advertising, and Marketing
We use cookies and similar technologies on our websites and, where applicable, in online services. These technologies may be strictly necessary, functional, analytics, advertising, or security-related. Where required by law, we obtain consent before using non-essential cookies or similar technologies.
We may use Google advertising or remarketing services to display ads to users who previously visited our website and to measure advertising effectiveness. These services may process cookie IDs, device/browser information, IP address, pages visited, and advertising interactions. You can control cookies through your browser and, where available, our cookie preference tools.
If you download a trial, purchase a license, register interest, or otherwise provide contact details, we may send you service notices, product updates, renewal reminders, offers, newsletters, or event information. We will request consent where legally required for marketing and will provide opt-out or unsubscribe mechanisms. Service, license, security, legal, and transactional communications may continue where necessary.
The current policy position is that non-essential analytics, advertising, and remarketing cookies are subject to consent or opt-out where required. Google analytics/advertising/remarketing services and MailerLite or successor email/CRM tools may be used. Trial downloads or purchases do not override jurisdictions that require separate marketing consent. We honor unsubscribe requests, recognized browser opt-out preference signals such as Global Privacy Control where required, and email opt-out requests sent to info@undet.com.
8. How We Share Personal Data
We do not sell personal data for money. We may disclose personal data to service providers, processors, contractors, partners, and other recipients for the purposes described in this Policy.
|
Recipient category |
Purpose |
Notes |
|
Cryptlex |
License activation, validation, entitlement management, device activation, usage metering, compliance, support, fraud prevention, license records, security, DPA/SCC-supported processing, and related Cryptlex service operation. |
Processor/service provider for License Data controlled by Terra Modus or its business customers; independent controller only for limited Cryptlex account, billing, legal, security, or operational data. Cryptlex legal documents and Trust Center may be updated from time to time. |
|
Payment and ecommerce providers |
Payment processing, subscription management, fraud prevention, invoicing, tax, refunds. |
Banks, card processors, payment gateways, ecommerce providers, tax/VAT providers, and reseller marketplaces used for a transaction. Full card numbers are not intentionally stored by Terra Modus. |
|
Hosting, security, infrastructure, and IT providers |
Website hosting, cloud storage, backups, security monitoring, email delivery, logging, technical operations. |
Providers used for UNDET websites, business systems, email, backups, cybersecurity, and technical operations under appropriate confidentiality, security, and data-processing terms. |
|
Email, CRM, marketing, analytics, and advertising providers |
Newsletter delivery, customer relationship management, lead management, analytics, advertising, remarketing, event management. |
MailerLite or successor email/CRM providers; Google analytics/advertising/remarketing services; consent-management and marketing tools. |
|
Resellers, distributors, and partners |
License sales, customer support, renewals, offline activation assistance, customer relationship management, local support. |
Only as necessary for the relevant customer, reseller, distributor, or partner relationship and subject to appropriate restrictions. |
|
Customer or organization administrators |
License assignment, activation visibility, user management, support, compliance, renewals. |
Where licenses are organization-managed, school-managed, university-managed, or reseller-managed. |
|
Professional advisers and authorities |
Legal, accounting, audit, insurance, compliance, law enforcement, regulators, courts, dispute resolution, corporate transactions. |
As necessary for legal obligations, legal claims, corporate transactions, compliance, security, or legitimate interests. |
|
Business transfers |
Merger, acquisition, financing, restructuring, sale of assets, insolvency, or similar transaction. |
Subject to confidentiality, due diligence controls, and applicable law. |
Where a third party acts as our processor or service provider, we require it to process personal data only for authorized purposes and to implement appropriate security measures. Where a third party acts as an independent controller, its own privacy notices and legal responsibilities may apply.
Cryptlex maintains and publishes its current subprocessor list at https://trust.cryptlex.com/subprocessors. As of the effective date of this Policy, we rely on Cryptlex to manage its subprocessors under applicable data-processing terms, the Standard Contractual Clauses where relevant, and appropriate technical and organizational safeguards. We may review Cryptlex subprocessor updates and, where required, object, seek clarification, apply supplementary measures, notify affected customers, or update this Policy.
Current provider categories include Cryptlex and its subprocessors listed in Cryptlex’s Trust & Compliance Center or subprocessor page; MailerLite or successor email/CRM providers; Google analytics, advertising, and remarketing services; payment, banking, ecommerce, accounting, tax, hosting, email, support, security, backup, and IT providers; authorized resellers and distributors; customer or organization administrators; professional advisers; regulators and authorities. Providers may change as business operations, security requirements, Cryptlex configuration, and legal requirements evolve.
9. International Data Transfers
We operate from Lithuania and may process personal data in the European Economic Area and other countries. Our service providers, including Cryptlex and its subprocessors, may process personal data in countries different from your country of residence.
Where GDPR, UK GDPR, Swiss data protection law, or similar laws require transfer safeguards, we use appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, the UK International Data Transfer Agreement or UK Addendum, Swiss addenda where relevant, transfer impact assessments, contractual protections, and supplementary measures where appropriate. For Cryptlex processing, we rely on Cryptlex’s Data Processing Addendum and related SCC, security, and subprocessor provisions where applicable.
You may contact us for more information about the transfer safeguards relevant to your personal data, subject to confidentiality and security restrictions.
Personal data may be processed in the EEA, United Kingdom, United States, and other countries where Terra Modus, Cryptlex, resellers, partners, or service providers operate. Transfer safeguards include adequacy decisions, EU Standard Contractual Clauses, the UK International Data Transfer Agreement or UK Addendum, the Swiss addendum where relevant, data protection agreements, transfer risk assessments, supplementary measures, and vendor due diligence. Copies or summaries of relevant safeguards may be requested at info@undet.com, subject to confidentiality and security restrictions.
10. Retention
We retain personal data only for as long as necessary for the purposes described in this Policy, including to provide products and services, maintain licenses, comply with law, resolve disputes, enforce agreements, maintain security, and keep accurate business records. Retention periods vary by data category and applicable legal requirements.
|
Data category |
Retention approach |
|
Website analytics/cookies |
Essential cookies: session duration or up to 12 months. Website server/security logs: up to 24 months. Cookie consent records: 5 years. Analytics user-level data: up to 14 months where configurable. Advertising/remarketing cookies: up to 13 months unless shorter provider settings apply. |
|
Marketing contacts |
Until you unsubscribe, object, withdraw consent, or have no meaningful interaction for 24 months. Suppression records may be retained for 10 years or as long as necessary to honor opt-outs and demonstrate compliance. |
|
Sales, order, invoice, and accounting data |
10 years from the end of the relevant financial year or transaction, or longer where required by tax, accounting, audit, corporate, customs, consumer protection, or legal-claim requirements. |
|
Customer account and license administration data |
For the license term and active customer relationship, plus 7 years after expiration, termination, or last transaction for support, renewals, audit, compliance, disputes, and legal claims. Anti-piracy or abuse records may be retained up to 10 years where necessary. |
|
Cryptlex activation, device, and License Data |
For the active license/account period, plus 5 years after expiration, deactivation, or termination. Records connected to suspected fraud, piracy, security incidents, chargebacks, audits, or legal claims may be retained up to 10 years or longer if legally required. |
|
Usage/metering data |
For the license term and 3 years after expiration or termination for entitlement management, billing reconciliation, analytics, support, and compliance. Aggregated or anonymized metrics may be retained indefinitely. |
|
Support tickets, diagnostics, and logs |
Support tickets and communications: 3 years after ticket closure or last substantive communication. Support files, screenshots, logs, and diagnostic packages: normally deleted or anonymized within 12 months after closure unless needed for unresolved issues, product fixes, security, warranty, legal claims, or compliance. |
|
Security logs and fraud-prevention records |
Routine security logs: up to 24 months. Confirmed incident, fraud, abuse, or piracy records: 7 years, or up to 10 years where necessary for legal claims, audit, or enforcement. |
|
Data submitted for rights requests or complaints |
6 years after the request, complaint, or matter is closed, unless a longer period is required for legal claims, regulatory compliance, litigation hold, or audit. |
When data is no longer required, we delete, anonymize, aggregate, or securely archive it in accordance with applicable law and our technical capabilities. Backup copies may be retained for a limited period before deletion in the ordinary course of backup rotation.
The retention periods below are adopted for this Policy. They may be extended where required or permitted for legal obligations, tax/accounting rules, audits, security incidents, fraud or piracy investigations, litigation holds, disputes, warranty or support needs, regulatory inquiries, or legal claims. Data may be anonymized or aggregated and retained indefinitely where it no longer identifies an individual.
11. Security
We use administrative, technical, and organizational measures designed to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, damage, theft, alteration, or disclosure. These measures may include access controls, role-based permissions, authentication, logging, encryption or secure transmission where appropriate, vendor due diligence, confidentiality obligations, backups, and security monitoring.
No system is completely secure. You are responsible for protecting your devices, networks, license keys, activation files, administrator accounts, passwords, and any data you provide to us. Please notify us promptly if you suspect unauthorized access to your license, account, or personal data.
Where required by law, we will notify affected individuals, customers, regulators, or other parties of personal data breaches within applicable timeframes.
Current security measures include role-based access controls, confidentiality obligations, administrator account controls, encryption in transit where appropriate, encrypted local storage for Cryptlex activation responses where supported by Cryptlex licensing components, backups, logging, security monitoring, vendor due diligence, incident-response procedures, internal access reviews, and breach notification workflows. We rely on Cryptlex and other processors to maintain appropriate technical and organizational measures for the services they provide. Cryptlex’s public DPA and Trust & Compliance Center describe an information security program aligned with ISO/IEC 27001, including TLS encryption in transit, access controls, role-based and least-privilege access, logging and monitoring, vulnerability management, backup and disaster recovery, incident response, personnel confidentiality, data minimization, limited retention, and vendor/subprocessor security assessments.
Security certifications, compliance badges, Trust Center materials, and vendor commitments are part of our vendor-diligence process but are not a guarantee that systems will be free from incidents, vulnerabilities, outages, or unauthorized access. We will continue to assess vendor risks, implement reasonable safeguards, and update contractual or technical controls where appropriate.
12. Your Privacy Rights
Depending on your location and applicable law, you may have rights to request access to your personal data; correction of inaccurate personal data; deletion; restriction of processing; objection to processing; data portability; withdrawal of consent; information about recipients, sources, purposes, retention, and transfers; and review of certain automated decisions.
To exercise rights, contact us using the details in Section 2. We may need to verify your identity and may ask for information necessary to process your request. We respond within the time required by applicable law. Some rights are subject to exceptions, such as where data is needed to provide the service, maintain security, comply with legal obligations, prevent fraud or piracy, or establish, exercise, or defend legal claims.
If you use the Software through an organization-managed license, we may need to refer your request to your organization or reseller if that party is the relevant controller or if it controls the license record. We will explain this where appropriate.
EU/EEA users may lodge a complaint with their local supervisory authority. Because we are established in Lithuania, our lead supervisory authority may be the State Data Protection Inspectorate of Lithuania. UK users may contact the UK Information Commissioner’s Office. You may also contact us first so we can try to resolve your concern.
Rights requests and complaints may be submitted by email to info@undet.com, through https://www.undet.com/contact-us/, by telephone, or by postal mail. We verify requests using information reasonably necessary to confirm identity and authority. EU/EEA and UK requests are normally answered within one month, subject to lawful extensions. California requests, where CCPA/CPRA applies, are normally answered within 45 days after verification, subject to lawful extension. UK data protection complaints will be acknowledged within 30 days and handled without undue delay, consistent with UK good practice and, from 19 June 2026, applicable UK Data Use and Access Act complaints-procedure requirements.
13. California Privacy Notice
This Section applies to California residents to the extent the CCPA/CPRA applies to our processing. Terms such as “personal information”, “sensitive personal information”, “sell”, and “share” have the meanings given in the CCPA/CPRA.
In the preceding 12 months, we may have collected the categories of personal information described in Section 4, including identifiers, commercial information, internet or other electronic network activity information, geolocation information derived from IP address, professional or employment-related information, inferences for marketing or customer management, and sensitive personal information only where you provide it or where it is necessary for account access, payment, security, or service delivery.
We collect personal information from the sources listed in Section 4 and use it for the purposes listed in Sections 5 and 6. We disclose personal information to the recipient categories listed in Section 8.
We do not sell personal information for money. License activation and validation disclosures to Cryptlex are made for license-management services and are not intended as a sale or sharing for cross-context behavioral advertising. However, if we use advertising or remarketing cookies or similar technologies, disclosures of website identifiers or browsing activity to advertising partners may be considered “sharing” under California law. California residents may opt out as described below.
We do not use or disclose sensitive personal information for purposes that require a right to limit, unless we provide the required notice and right to limit. We do not knowingly sell or share personal information of consumers under 16 years of age.
|
California right |
Description |
|
Right to know/access |
Request categories and specific pieces of personal information collected, sources, purposes, and disclosures. |
|
Right to delete |
Request deletion of personal information, subject to exceptions. |
|
Right to correct |
Request correction of inaccurate personal information. |
|
Right to opt out of sale/share |
Opt out of sale or sharing, including sharing for cross-context behavioral advertising, if applicable. |
|
Right to limit sensitive personal information |
Limit certain uses/disclosures of sensitive personal information if we use it beyond permitted purposes. |
|
Right to non-discrimination |
We will not discriminate against you for exercising CCPA rights. |
|
Authorized agent |
You may authorize an agent to submit requests, subject to verification and proof of authority. |
|
Global Privacy Control |
We honor recognized opt-out preference signals such as Global Privacy Control where required by applicable law. If a signal is not technically recognized, submit an opt-out by cookie preferences or by emailing info@undet.com with subject “Do Not Sell or Share”. |
To exercise California rights, email info@undet.com, use https://www.undet.com/contact-us/, telephone (+370) 652 17180, or send postal mail to UAB Terra Modus at S. Zukausko st. 17, LT-08234 Vilnius, Lithuania. Authorized agents may use the same methods and must provide proof of authority. To opt out of sale or sharing, use available cookie preferences, enable a recognized Global Privacy Control signal, or email info@undet.com with the subject “Do Not Sell or Share” or “California Opt-Out”.
For this Policy, we disclose California rights to the extent the CCPA/CPRA applies. We do not sell personal information for money. License activation and validation disclosures to Cryptlex are treated as service-provider/processor disclosures for license management. Website advertising or remarketing cookies may constitute “sharing” under California law; users may opt out through cookie preferences, Global Privacy Control where recognized, or by contacting us.
14. Additional Regional Notices
Where other privacy laws apply, such as Brazilian LGPD, Canadian privacy laws, Australian Privacy Act, Swiss FADP, Indian Digital Personal Data Protection Act, South African POPIA, New Zealand Privacy Act, other U.S. state privacy laws, or other national laws, we will honor applicable rights and obligations, including access, correction, deletion, portability, consent withdrawal, objection, complaint, grievance, and appeal rights where required.
Some jurisdictions provide additional rights to opt out of targeted advertising, sale of personal data, profiling, or certain automated decisions. You may contact us to exercise applicable rights. If an appeal right applies and we deny your request, you may appeal by replying to our decision email with the word “Appeal” in the subject line.
For other applicable privacy laws, including Brazilian LGPD, Canadian privacy laws, Australian Privacy Act, Swiss FADP, Indian Digital Personal Data Protection Act, South African POPIA, New Zealand Privacy Act, and other U.S. state privacy laws, we will honor applicable transparency, access, correction, deletion, portability, consent withdrawal, objection, targeted-advertising opt-out, sale opt-out, profiling opt-out, complaint, grievance, and appeal rights. Supplemental notices, local-language notices, representatives, or grievance contacts will be provided where legally required for a specific market.
15. Automated Decisions and License Restrictions
The Software may use automated license checks to decide whether a license is active, expired, genuine, assigned to the correct user or organization, within activation or usage limits, or otherwise compliant. These checks may automatically enable, restrict, suspend, or deny access to the Software or particular features.
Automated license decisions are based on license records, activation data, subscription status, entitlement status, usage limits, device data, and fraud or abuse indicators. If you believe a license decision is incorrect, contact us or your organization’s license administrator so we can review the issue.
We do not intentionally use License Data to make automated decisions that produce legal effects or similarly significant effects about individuals beyond controlling access to licensed Software and related services, unless we provide additional notice or obtain required consent.
Automated license checks are limited to licensing, entitlement, security, compliance, fraud-prevention, and access-control purposes. They are not intended to evaluate work performance, creditworthiness, health, personal preferences, or other unrelated personal characteristics. If a license is blocked, suspended, or restricted and you believe the decision is wrong, contact us or your organization’s license administrator for human review and correction where appropriate.
16. Children
Our websites and Software are intended for business, professional, educational, and technical users and are not directed to children under 16. We do not knowingly collect personal data from children under 16 without appropriate authorization. If you believe a child has provided us personal data, contact us so we can take appropriate action.
Educational and academic licenses may be issued to institutions. Where an institution provides access to minors or students, that institution is responsible for providing required notices and obtaining any required parent, guardian, student, school, or institutional authorizations under applicable child privacy, education, procurement, and data protection laws.
17. Business Customer and Administrator Responsibilities
Business customers, schools, resellers, and license administrators are responsible for ensuring that users receive appropriate notices about license activation, device data, usage tracking, administrator visibility, and data sharing with us, Cryptlex, resellers, and service providers.
Customers must not submit unnecessary sensitive, confidential, or regulated personal data in license metadata, activation metadata, usernames, hostnames, device names, support tickets, logs, or custom fields. Customers must ensure that any personal data submitted to us or Cryptlex is lawful, accurate, relevant, and properly authorized.
Where we process personal data on behalf of a business customer under a Data Processing Addendum or similar agreement, we process such data according to the customer’s documented instructions and applicable law.
Customer data processing terms are available on request at info@undet.com where Terra Modus processes personal data on behalf of a business customer. Such terms are intended to include GDPR Article 28 and UK GDPR processor provisions where applicable, CCPA service-provider/contractor terms where applicable, confidentiality, security, subprocessor, assistance, breach notice, deletion/return, audit, and international-transfer provisions.
18. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our products, licensing system, legal requirements, service providers, or business practices. The updated version will be posted on our website with an updated effective date. Where required by law, we will provide additional notice or obtain consent for material changes.
Effective date and version history: this Policy is effective 11 May 2026. Version 2026.05.11 materially updates prior privacy disclosures to reflect Cryptlex’s updated Terms of Service, Privacy Policy, Data Processing Addendum, Trust & Compliance Center, ISO/IEC 27001-related security controls, GDPR and DSA compliance commitments, current subprocessor-publication approach, and the resulting availability of license activation, device, license-user, organization, entitlement, usage, metering, compliance, and administrator-visibility data. Existing users should be notified through website posting, release notes, customer communications, in-product notice, license activation notice, or EULA update as appropriate.
19. Contact and Complaints
For privacy questions, rights requests, opt-outs, or complaints, contact UAB Terra Modus at S. Zukausko st. 17, LT-08234 Vilnius, Lithuania, email info@undet.com, phone (+370) 652 17180, or https://www.undet.com/contact-us/.
If you are in the EU/EEA, you may complain to your local data protection authority or to the Lithuanian State Data Protection Inspectorate. If you are in the UK, you may complain to the UK Information Commissioner’s Office. If you are in another jurisdiction, you may have the right to contact your local privacy, data protection, or consumer protection authority.
The privacy contact for this Policy is info@undet.com. EU/EEA users may contact the Lithuanian State Data Protection Inspectorate at L. Sapiegos str. 17, LT-10312 Vilnius, Lithuania, email ada@ada.lt, telephone +370 5 271 2804 / +370 5 279 1445. UK users may contact the UK Information Commissioner’s Office. Other users may contact their local privacy or consumer protection authority where applicable.
20. Operational Compliance Commitments
|
Topic |
Operational commitment |
|
Effective date and notice |
Effective 11 May 2026. Material Cryptlex-related privacy, DPA, Trust Center, subprocessor, security, DSA, or licensing changes should be communicated through website posting, release notes, customer communications, in-product notice, license activation notice, or EULA update as appropriate. |
|
Data inventory |
Maintain an internal data map covering license, activation, device, metadata, meter, usage, support, cookie, marketing, vendor, and reseller data. Review before enabling new telemetry or Cryptlex metadata fields. |
|
Cryptlex configuration |
This Policy covers node-locked, floating, named-user, trial, offline activation, validation, and meter-attribute configurations where enabled. Material configuration changes, new Cryptlex metadata fields, new usage meters, new automated restrictions, or Cryptlex legal/security updates should receive privacy and legal review. |
|
Subprocessors/vendors |
Review Cryptlex, the Cryptlex Trust & Compliance Center and subprocessor page, MailerLite or successor email tools, Google tools, payment providers, hosting, CRM, support, crash reporting, analytics, ads, resellers, and processing regions at least annually and after material vendor changes. |
|
Lawful bases and consent |
Use contract and legitimate interests for required licensing and security; use consent or required opt-outs for non-essential cookies, advertising, optional marketing, and optional telemetry where required by law. |
|
Retention periods |
Apply the category-specific periods in Section 10. Legal holds, tax/accounting duties, audits, security incidents, disputes, and legal claims may override ordinary deletion schedules. |
|
International transfers |
Use adequacy decisions, EU SCCs, UK IDTA/Addendum, Swiss addendum where relevant, transfer assessments, supplementary measures, Cryptlex DPA provisions, and vendor due diligence for restricted transfers. |
|
Rights and complaints |
Accept requests through info@undet.com, https://www.undet.com/contact-us/, telephone, and postal mail. Verify identity and authority proportionately. Maintain records of requests and outcomes. |
|
California and U.S. state laws |
Apply CCPA/CPRA and other U.S. state notices to the extent legally applicable. Provide sale/share and targeted-advertising opt-outs through cookie preferences, GPC where recognized, and email request methods. |
|
Customer DPA |
Provide business customer data processing terms on request where Terra Modus acts as processor, including GDPR/UK GDPR, CCPA service-provider/contractor, security, subprocessor, assistance, deletion, audit, transfer, breach notice, and legal-order cooperation provisions as applicable. Review alignment with Cryptlex’s current DPA when Cryptlex processes customer-controlled License Data. |
|
Regional notices |
Provide supplemental notices, local-language notices, representative or grievance-contact details, and localized mechanisms where required for specific distribution markets. |
Provide supplemental notices, local-language notices, representative or grievance-contact details, and localized mechanisms where required for specific distribution markets.