Data Ownership & Client Rights
Last Updated on 3rd February 2026
At United Alliances, data ownership, control, and transparency are foundational principles of our operations. As a provider of Virtual Assistant and outsourced business support services, we process information that is critical to our clients’ businesses. This document explains how data ownership is preserved, how data is processed, and what rights and controls clients retain throughout the data lifecycle.
Purpose of This Document
This Data Ownership & Client Rights statement is intended to:
- Affirm exclusive client ownership of all client data
- Define the legal role of United Alliances when processing data
- Explain how data is handled, protected, retained, and deleted
- Describe client rights and controls under U.S. law and contract
- Support enterprise due-diligence, audits, and risk assessments
- Provide transparency and reduce ambiguity
Definitions
For purposes of this document:
- “Client Data” means all information, records, credentials, documents, communications, files, systems access, and materials provided to or accessed by United Alliances on behalf of a client.
- “Personal Information” has the meaning given under applicable U.S. privacy laws, including the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).
- “Processing” includes collection, access, storage, use, modification, transmission, disclosure, and deletion.
- “Client” means any organization or individual engaging United Alliances’ services.
This policy applies regardless of data format, storage medium, or processing method.
Absolute Client Ownership of Data
Ownership Principle
All Client Data is and shall remain the exclusive legal and beneficial property of the Client.
United Alliances:
- Does not acquire ownership, license, or intellectual property rights in Client Data
- Does not assert any lien, security interest, or claim over Client Data
- Does not treat Client Data as a corporate asset
Ownership is not affected by:
- Data hosting location
- Use of third-party systems
- Duration of services
- Termination or expiration of any agreement
No Commercial Exploitation
United Alliances expressly commits that Client Data will never be:
- Sold or rented
- Shared for commercial value
- Used for advertising or marketing
- Used to train AI or analytics models unrelated to service delivery
- Combined with data from other clients
- Used beyond client-authorized purposes
Role of United Alliances
Service Provider / Processor Role
When handling Client Data, United Alliances acts strictly as:
- A Service Provider / Contractor under CCPA / CPRA, and
- A data processor under applicable contractual arrangements
United Alliances:
- Processes data only on documented client instructions
- Does not determine the purpose or lawful basis of processing
- Does not independently decide how or why data is used
The Client remains the data owner and controller at all times.
No Independent Rights
United Alliances has no independent right to:
- Retain Client Data beyond service requirements
- Reuse Client Data for internal purposes
- Disclose Client Data except as authorized or legally required
Permitted Purposes of Processing
Client Data may be processed only for:
- Delivering agreed Virtual Assistant or outsourcing services
- Executing client-authorized workflows and tasks
- Communicating with client-designated representatives
- Meeting contractual obligations
- Complying with applicable U.S. laws
Any processing beyond these purposes requires explicit written authorization from the Client.
Client Control & Instructions
Clients retain full authority and control over Client Data, including the right to:
- Define what data is shared
- Limit the scope of processing
- Approve or restrict tools and systems
- Modify or revoke access permissions
- Issue binding data-handling instructions
United Alliances implements client instructions promptly and in good faith.
Access Control & Internal Limitations
Within United Alliances:
- Access is strictly role-based
- Only assigned personnel may access Client Data
- Access is limited to what is necessary for task performance
- Access is logged, monitored, and periodically reviewed
- Access is revoked immediately when no longer required
Unauthorized access or misuse is prohibited and subject to disciplinary action.
Client Access, Visibility & Portability
Access & Transparency
Clients may request:
- Confirmation of whether Client Data is processed
- Descriptions of processing activities
- Access to Client Data held by United Alliances
- Information regarding storage locations and tools
Data Portability & Transition
Where applicable, United Alliances supports:
- Secure data export
- Reasonable cooperation during provider transitions
- Transfer in commonly used, structured formats
Data Retention
Client Data is retained only as long as necessary to:
- Perform contracted services
- Fulfill contractual obligations
- Meet legal or regulatory requirements
- Resolve disputes or enforce rights
Retention periods are defined internally, reviewed periodically, and aligned with legal requirements.
Data Return, Deletion & Destruction
End-of-Engagement Handling
Upon service termination or written client request:
- Access to Client Data is revoked
- Client Data is returned or securely deleted
- Residual data is removed from active systems
Secure Deletion
Deletion methods are designed to:
- Prevent unauthorized recovery
- Ensure irreversibility
- Align with industry best practices
Written confirmation of deletion may be provided upon request.
Confidentiality
Client Data is treated as Confidential Information at all times.
United Alliances enforces:
- Confidentiality agreements for all personnel
- Mandatory security and privacy training
- Disciplinary consequences for violations
Confidentiality obligations survive termination indefinitely.
Data Security & Safeguards
United Alliances maintains an ISO/IEC 27001-aligned security framework, including:
- Encryption in transit
- Role-based access controls
- Secure remote-work practices
- Endpoint protection
- Logging and monitoring
- Incident response procedures
Controls are reviewed and updated as risks evolve.
Data Breach Response
In the event of a confirmed security incident involving Client Data:
- Immediate investigation and containment
- Impact and scope assessment
- Client notification where required by law or contract
- Regulatory notification where legally required
- Remedial actions to prevent recurrence
- Clients may request details regarding:
Clients may request details regarding:
- Nature of the incident
- Categories of data affected
- Mitigation steps taken
California Privacy Rights (CCPA / CPRA)
Where Client Data includes California residents’ personal information, individuals may have rights to:
- Know what personal information is collected
- Request correction or deletion
- Opt out of sale or sharing (United Alliances does not sell data)
- Limit use of sensitive personal information (if applicable)
- Exercise non-discrimination rights
United Alliances assists Clients in fulfilling such requests where contractually required.
Client Responsibilities
Clients are responsible for:
- Lawful collection of data
- Obtaining required notices and consents
- Defining processing purposes
- Managing their own systems and credentials
- Maintaining internal compliance programs
Data protection is a shared responsibility.
Transparency, Audits & Due Diligence
United Alliances supports reasonable client due-diligence and may provide:
- Policy summaries
- Data processing confirmations
- Sub-processor disclosures
- Security and privacy questionnaire responses
Policy Updates
This document may be updated to reflect:
- Legal or regulatory changes
- Industry best practices
- Operational improvements
Updates will be posted with a revised effective date.
United Alliances
1468 W 9th St, Suite 2003, Cleveland, OH 44118, USA