UltraNow

UltraNow Privacy Policy

This Privacy Policy explains how OVRLab, through UltraNow, handles information when companies and employees use UltraNow to manage time-bound Google license access.

Last updated: June 10, 2026

1. Scope

UltraNow provides a control plane for company administrators and employees to approve, activate, review, and stop managed Google license access. This policy applies to ultranow.app, app.ultranow.app, tenant subdomains such as company.ultranow.app, id.ultranow.app, and related support or billing workflows.

A customer company controls the employee and Workspace data it connects to UltraNow. UltraNow processes that data to provide the service, operate security controls, handle billing, and support the customer.

2. Information we collect

Account and sign-in information

We collect the information needed to authenticate users and route them to the correct product surface, including name, email address, profile image if provided by the identity provider, provider name, provider account identifiers, session records, OAuth account metadata, callback state, and trusted-origin information.

Company and administrator information

We collect organization name, tenant slug, verified or derived domain, administrator membership, administrator role, Workspace connection state, OAuth scopes granted, and admin email for the connected Google Workspace grant. When admin invite and back-office features are enabled, we may also process invite state, support actions, and audit records.

Google Workspace data

When a company administrator connects Google Workspace, UltraNow may request Google Workspace admin OAuth access for OpenID profile, email, Admin SDK Directory read-only user and group data, license assignment, and license assignment discovery. This can include Google user IDs, primary emails, names, suspended status, organization unit paths, group IDs, group email addresses, group names, group membership counts, group membership rows, Workspace license assignment counts by SKU, managed-license SKU status, and encrypted admin refresh-token material.

Employee activation and policy data

We collect policy and activation data such as eligibility, assigned access rules, session mode where supported, activation start time, expiry time, stop time, license target email, license assignment or revocation metadata, cleanup attempts, spend or time calculations, and denial reasons.

Billing data

Stripe processes payment card and checkout details. UltraNow stores the Stripe customer, checkout, subscription, invoice, payment status, refund, dispute, and webhook identifiers needed to maintain company subscription state or individual top-up balances. We do not store full payment card numbers.

Technical and support data

Cloudflare and the application may process request metadata such as IP address, user agent, host, path, timestamps, cookies, and security logs. If you contact support, we process the information you provide and the operational records needed to investigate the request.

3. How we use information

  • Authenticate users and keep sessions secure.
  • Resolve company tenants, administrators, employees, and denied access states.
  • Connect Google Workspace, sync users and groups, show discovered license assignments, and assign or revoke managed Google licenses.
  • Apply company access policies, activation limits, and eligibility rules.
  • Operate Stripe checkout, billing portal, subscriptions, refunds, disputes, and webhooks.
  • Calculate session timing, usage, spend, and account or policy status.
  • Detect abuse, debug failures, secure the service, and maintain auditability.
  • Comply with law and enforce customer agreements or product terms.

4. Google API Services and Limited Use

UltraNow's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We use Google Workspace data only to provide and improve user-facing UltraNow features that are visible in the product, including Workspace connection, directory sync, policy targeting, license assignment discovery, license assignment and revocation, activation status, support, and security.

We do not sell Google Workspace user data. We do not use Google Workspace user data for advertising, retargeting, personalized ads, credit-worthiness, lending, or unrelated analytics. Humans do not read Google Workspace user data except when needed for support requested by the customer, security, legal compliance, or aggregated internal operations.

5. How we share information

We share information only as needed to provide, secure, and support UltraNow:

  • With customer administrators, who can see company setup, directory, policy, billing, activation, and support information for their tenant.
  • With employees, who can see their own activation, policy, access, and account state.
  • With Google APIs for sign-in, Workspace admin connection, OIDC, directory sync, license assignment discovery, and license assignment or revocation.
  • With Microsoft identity services when Microsoft sign-in is used.
  • With Stripe for checkout, subscriptions, billing portal, payment events, refunds, and disputes.
  • With Cloudflare and other infrastructure providers that host, secure, log, and deliver the service.
  • With professional advisers, authorities, or successors where required for legal compliance, security, corporate transactions, or enforcement.

6. Cookies and local storage

UltraNow uses cookies, session tokens, OAuth state, and similar storage to sign users in, protect callbacks, remember trusted sessions, and prevent replay or cross-tenant access. The public landing page is static and does not need advertising cookies.

7. Security

UltraNow uses tenant-bound authorization checks, deny-by-default access handling, encrypted Workspace admin refresh tokens, per-token salts for new grants, webhook signature verification, monotonic subscription updates, and least-required provider access. No internet service can be guaranteed perfectly secure, but we design UltraNow to limit data exposure and fail closed when provider or configuration state is unsafe.

8. Retention

We retain information for as long as needed to provide UltraNow, keep customer audit and billing records, secure the service, comply with law, resolve disputes, and support customer requests. Customers may request deletion or export of data, subject to security, billing, backup, and legal requirements.

9. Your choices and rights

Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to processing of personal information. Employees should usually contact their company administrator first because the company controls the tenant. You can also contact UltraNow at support@ultranow.app.

10. Children

UltraNow is designed for business use and is not directed to children.

11. Changes

We may update this policy as UltraNow changes. If we materially change how we use Google user data or other personal information, we will update this page and provide additional notice where required.

12. Contact

Contact UltraNow at support@ultranow.app for privacy questions, data requests, or security concerns.