Trust & Compliance

Privacy Policy

This page provides a high-level privacy overview for UmamiMind. For binding terms, refer to your executed agreement(s) and the full policy text distributed under legal review.

Trust Center Compliance Export Center Request Trust Pack

Summary

UmamiMind processes limited personal data to operate its services, secure customer environments, and support enterprise procurement and compliance workflows. We apply data-minimization by default, restrict access through least-privilege controls, and maintain audit-friendly retention and deletion processes. Customer content and customer-configured data remain customer-controlled under applicable agreements and configuration.

What we collect

Account and identity data

Names, business email addresses, organization/tenant identifiers, authentication attributes (e.g., SSO claims), and role/permission assignments required to provision and administer access.

Usage and telemetry

Service usage events (feature interactions, timestamps, tenant context), reliability metrics, and security signals used for performance tuning, abuse prevention, and incident investigation. Where feasible, telemetry is aggregated or pseudonymized.

Device and network data

IP addresses, user agent strings, approximate location derived from IP (region/country), and session/cookie identifiers used to maintain session integrity and detect anomalous activity.

Procurement and trust requests

Details submitted via Trust Pack requests (requester identity, organization, role, NDA status, evaluation scope, and notes). This information supports diligence workflows and controlled disclosure.

Customer content

Customer-provided data or content that a customer chooses to submit to the platform. Customer content is processed to provide requested functionality and is governed by customer agreements and configuration.

How we use data

Provide, maintain, and secure the services (authentication, authorization, core functionality).
Detect, prevent, and investigate fraud, abuse, and security incidents.
Operate reliability and performance monitoring, capacity planning, and debugging.
Support customer requests, procurement diligence, and Trust Center disclosures.
Meet legal obligations and enforce contractual terms where applicable.

Legal bases (where applicable)

Depending on jurisdiction and context, UmamiMind may process personal data under one or more of the following: (i) performance of a contract, (ii) legitimate interests (security, service improvement), (iii) compliance with legal obligations, or (iv) consent (e.g., certain cookies/marketing preferences).

Retention and deletion

We retain personal data only as long as necessary for the purposes described above. Retention periods vary by data category (e.g., security logs vs. support tickets). Where feasible, logs are rotated, minimized, and access is restricted. Customer content retention is governed by customer configuration and contractual terms.

Typical retention patterns in enterprise deployments include time-bound log retention, exportable audit trails, and configurable deletion workflows.

Security safeguards

Role-based access control (RBAC) and least-privilege permissions.
Encryption in transit (TLS) and encryption at rest where supported by underlying systems.
Audit logging for access to sensitive trust artifacts and admin actions.
Monitoring, alerting, and incident response playbooks aligned to enterprise expectations.
Supplier risk review and controlled subprocessor management.

Specific controls and evidence packages may be available in the Trust Pack under NDA.

Sharing and subprocessors

UmamiMind shares personal data only as needed to provide the services, comply with law, or protect the security of the platform and our customers. We use vetted subprocessors for infrastructure and operational support. A current list is available in the Subprocessors page.

View Subprocessors Data Processing Addendum

International transfers

If personal data is transferred across borders, we implement appropriate safeguards (such as contractual protections) consistent with applicable law and customer agreements. Transfer specifics depend on deployment region, hosting configuration, and chosen subprocessors.

Your rights

Depending on jurisdiction, you may have rights to access, correct, delete, restrict processing, or object to certain processing. Enterprise tenant administrators may be able to handle some requests directly. Where UmamiMind acts as a processor, we support customer instructions consistent with the relevant agreement.

Cookies and similar technologies

We use cookies and similar technologies to maintain sessions, protect against abuse, and remember preferences. Certain cookies are strictly necessary for security and authentication. Where required, optional analytics or marketing cookies are subject to consent.

Children

UmamiMind services are intended for business and enterprise use and are not directed to children. We do not knowingly collect personal data from children.

Changes

We may update this overview as the platform evolves. For enterprise customers, material changes impacting data handling are typically communicated through contractual channels or release notes.

Contact

For privacy or data protection inquiries, contact your UmamiMind account representative or submit a Trust Pack request with “Privacy” in the notes field. If you are an enterprise customer, please include your tenant and the relevant tracking ID.