Privacy Policy

UNIVERSAL BENCH  |  LAST UPDATED: 22 JUNE 2026

Universal Bench ("we", "us") operates UniversalBench at universalbench.dev. This policy explains what data we collect and what we do with it. By using UniversalBench you agree to this policy.

There are two ways to connect your AI to UniversalBench:

The data practices in this policy apply to both connection methods equally.

1. What we collect

Account data. When you sign up we collect your email address and a hashed password. We never store your password in plain text.

API key. We generate a unique API key (ubk_...) for you. This is the sole credential used to authenticate your requests.

Usage logs. Every tool call is logged with: timestamp, tool name, success or failure flag, execution duration, and your customer ID. We do not log the content of your code, search queries, or data you process.

Billing data. If you top up your wallet, Stripe processes your payment. We store your Stripe customer ID and wallet balance. We never see or store your card number.

Secrets vault. Credentials you store via the secrets vault are encrypted with AES-256-GCM before storage. We store only the encrypted ciphertext and the secret name. The plaintext value is never logged or accessible to our staff.

IP addresses. Your IP is recorded in usage logs for abuse prevention only.

Website visitor logs. When you visit universalbench.dev or any of its subpages, we record the request server side: timestamp, URL path, HTTP method, response status, your IP address, user agent string, referrer, and approximate geographic location (country, region, city) derived from your IP. This data is gathered from standard HTTP headers your browser already sends to any web server, no cookies or JavaScript trackers are used. These visitor logs are retained indefinitely.

2. What we do not collect

3. How we use your data

4. Google user data (Search Console, Analytics, Ads)

When you connect a Google account to UniversalBench, you grant access through Google's own consent screen to one or more of Google Search Console, Google Analytics, and Google Ads. This section describes exactly how we handle that data, and our use complies with the Google API Services User Data Policy, including its Limited Use requirements.

What we access. Only the data covered by the scopes you approve, and only when your connected AI requests it. We do not browse, sample, or pull your Google data on our own initiative.

How we use it. UniversalBench is a pass-through execution layer. When your AI asks for Google data, we fetch it with your granted credentials, structure it, and return it to your AI. We do not read, analyse, or interpret the content ourselves, and no person at UniversalBench accesses it.

What we store. We do not retain your Google user data after it is returned to your AI; it is processed in transit and discarded. The only Google-related items we store are the credentials needed to keep the connection working: the OAuth refresh token, and for Google Ads the developer token and manager account ID you provide. These are encrypted with AES-256-GCM in the secrets vault and are never logged or accessible to our staff. Usage logs record only metadata (timestamp, which capability ran, success or failure, and cost), never the content of your Google data.

What we never do. We do not sell or transfer your Google user data. We do not use it for advertising. We do not use it, or anything derived from it, to develop, improve, or train any generalised or standalone AI or machine learning model. We do not transfer it to third parties except as needed to operate the connection at your direction, or where required by law.

Revoking access. You can disconnect inside UniversalBench at any time, or revoke access directly at myaccount.google.com/permissions. On disconnection or account deletion, the stored credentials are deleted immediately, which ends all further access.

5. Data sharing

We do not sell your data. We do not share it with advertisers. Limited sharing only with:

6. Data retention

Account data is retained while your account is active. Platform usage logs (per-tool-call records of API customers) are retained for 12 months then deleted. Website visitor logs (server-side request records for visitors to universalbench.dev) are retained indefinitely, because identifying slow-developing abuse patterns and defending the platform against security or legal threats requires long historical context. If you delete your account, all account data is deleted within 30 days. Encrypted vault secrets are deleted immediately on account deletion.

7. Your rights

You have the right to access, correct, or delete your personal data, receive a portable copy, restrict or object to certain processing, and withdraw consent where processing is based on consent. Contact us at privacy@universalbench.dev to exercise any of these rights. We respond within 30 days.

Right to complain. If you believe we have not handled your data lawfully, you have the right to lodge a complaint with your local data protection authority. EU and EEA residents may contact their national supervisory authority. Australian residents may contact the Office of the Australian Information Commissioner at oaic.gov.au.

California residents (CCPA). We do not sell your personal information. We do not share personal information with third parties in exchange for anything of value. California residents may contact privacy@universalbench.dev to confirm this, request disclosure of what personal information we hold, or request deletion.

8. Security

All data in transit uses HTTPS. Passwords are hashed with HMAC-SHA256 and a random salt. Vault secrets are encrypted with AES-256-GCM. No system is perfectly secure and we cannot guarantee absolute security.

9. Children

UniversalBench is not directed at children under 13. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

10. Changes

Material changes will be notified by email at least 14 days before taking effect. Continued use after a change constitutes acceptance.

11. Cookies

We use cookies only as necessary to operate the platform and remember your consent choice. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

Cookie namePurposeDurationType
ub_consentStores your cookie consent choice so the banner does not reappear365 daysEssential

You can withdraw or change your consent at any time by clearing the ub_consent cookie in your browser settings (DevTools, Application tab, Cookies) and refreshing the page. The consent banner will reappear and you can make a new choice.

12. Contact

Universal Bench is operated by Nikhil Gogulwar, trading as Universal Bench, Melbourne, Australia.
Email: privacy@universalbench.dev