Privacy Policy

Last updated: February 23, 2026

Privacy Policy Content

At UMMRO, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI safety audit services.

1. Information We Collect

1.1 Personal Information

We may collect personal information that you voluntarily provide to us when you:

  • Register for an account
  • Sign up for our services
  • Contact our support team
  • Subscribe to our newsletter

This information may include your name, email address, company name, and payment information.

1.2 Usage Data

We automatically collect certain information when you visit, use, or navigate our platform. This includes:

  • IP address and browser type
  • Device information
  • Pages viewed and features used
  • Time spent on the platform
  • Referring URLs

1.3 Audit Data

When you use our AI safety audit services, we process:

  • API endpoints or model identifiers you specify
  • Test prompts and responses (anonymized)
  • Audit results and reports

Important: We never require or store access to your model weights, training data, or proprietary source code. Our audits are conducted as black-box testing only.

2. How We Use Your Information

We use the information we collect to:

  • Provide and maintain our services
  • Process your transactions
  • Send you technical notices and support messages
  • Improve our platform and develop new features
  • Monitor and analyze usage patterns
  • Detect, prevent, and address technical issues
  • Comply with legal obligations

3. Data Security

We implement appropriate technical and organizational security measures to protect your data:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access with strict authentication
  • Regular Audits: Security assessments and penetration testing
  • Compliance: GDPR and SOC 2 aligned practices

4. Data Retention

We retain your information only as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements

Audit reports are retained according to your subscription plan. Free tier reports are retained for 30 days, while paid plans have extended or customizable retention periods.

5. Your Privacy Rights

Depending on your location, you may have the right to:

  • Access your personal data
  • Correct inaccurate information
  • Request deletion of your data
  • Object to processing
  • Data portability
  • Withdraw consent

To exercise these rights, contact us at privacy@ummro.dev.

6. Third-Party Services

We may use third-party service providers for:

  • Payment processing (Stripe)
  • Cloud hosting (AWS/GCP)
  • Analytics (privacy-respecting)
  • Email delivery

All third parties are vetted for security and privacy practices.

7. Cookies

We use cookies and similar tracking technologies to:

  • Authenticate users
  • Remember preferences
  • Analyze platform usage
  • Improve user experience

8. Children's Privacy

Our services are not intended for individuals under 18. We do not knowingly collect personal information from children.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

By using UMMRO, you agree to the collection and use of information in accordance with this Privacy Policy.