Skip to content

Privacy Policy

Last updated: April 2026

1. Who We Are

Umera is operated by UAB Umera, registered in the Republic of Lithuania (company code pending registration). Our registered address is Vilnius, Lithuania. For any privacy-related questions, contact us at privacy@umera.ai.

As a data controller, we are responsible for deciding how and why your personal data is processed. This policy explains what data we collect, why, and what rights you have under the General Data Protection Regulation (GDPR) and applicable Lithuanian law.

2. Data We Collect

We collect the following categories of personal data:

  • Account data — name, email address, company name, and password hash when you create an account.
  • Waitlist data — name, email address, and optional company name when you join the waitlist.
  • Communication data — messages, call recordings, and transcriptions processed through the Umera platform on your behalf.
  • Usage data — pages visited, features used, session duration, and interaction patterns.
  • Device data — browser type, operating system, screen resolution, IP address, and approximate location (country/city level).
  • Cookie data — see our Cookie Policy for details.

3. Legal Basis for Processing

Under GDPR Article 6, we process your data based on:

  • Contract performance (Art. 6(1)(b)) — to provide the Umera platform, process your messages, and manage your account.
  • Legitimate interest (Art. 6(1)(f)) — to improve our services, prevent fraud, ensure security, and send product updates. You can object to this at any time.
  • Consent (Art. 6(1)(a)) — for analytics cookies, session recording, and marketing communications. You can withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)) — to comply with applicable laws, regulations, or legal processes.

4. How We Use Your Data

  • Provide, operate, and maintain the Umera platform.
  • Process messages and calls through connected channels on your behalf.
  • Generate AI-assisted replies, summaries, and follow-up suggestions from your conversations.
  • Auto-populate CRM records from conversation data.
  • Send transactional emails (account confirmations, security alerts).
  • Send product updates and waitlist communications (with your consent).
  • Analyze usage patterns to improve features and performance.
  • Detect and prevent abuse, fraud, and security incidents.

5. Third-Party Services

We use the following third-party services that may process your data:

  • Google Analytics — website traffic analysis. Data may be transferred to the US under Google’s Data Processing Terms.
  • Microsoft Clarity — session recordings and heatmaps (with your consent). Data is processed by Microsoft under its Data Processing Terms.
  • Sentry — error tracking and performance monitoring. Processes technical data (stack traces, browser info) to help us fix bugs.
  • Resend — transactional and marketing email delivery. Processes email addresses and message content.
  • Anthropic (Claude) — AI processing for conversation analysis and reply drafting. Message content is processed but not used to train AI models.

Each provider operates under a Data Processing Agreement (DPA) and processes data only as instructed by us. We do not sell your personal data to anyone.

6. Data Retention

  • Account data — retained while your account is active, deleted within 30 days of account deletion.
  • Waitlist data — retained until you unsubscribe or the waitlist closes.
  • Communication data — retained while your account is active. Deleted within 30 days of account deletion or upon your request.
  • Usage and analytics data — retained for up to 26 months, then automatically deleted or anonymized.
  • Session recordings — retained for up to 90 days.
  • Error logs — retained for up to 90 days.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS 1.2+) and at rest, access controls, regular security reviews, and infrastructure monitoring. While no system is 100% secure, we continuously work to protect your data against unauthorized access, alteration, or destruction.

8. International Data Transfers

Your data is primarily stored and processed within the European Union. Where we use service providers outside the EU (e.g., Google Analytics, Anthropic), we ensure adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or the provider’s participation in recognized data protection frameworks.

9. Your Rights Under GDPR

As an EU resident, you have the following rights:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate or incomplete data.
  • Erasure — request deletion of your personal data (“right to be forgotten”).
  • Restriction — request that we limit how we process your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interest or for direct marketing.
  • Withdraw consent — withdraw previously given consent at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at privacy@umera.ai. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Lithuanian State Data Protection Inspectorate (VDAI) at vdai.lrv.lt.

10. Automated Decision-Making

Our AI features analyze your conversations to generate draft replies, contact records, and follow-up suggestions. These are always presented as proposals for your review — no automated decisions with legal or similarly significant effects are made without human approval.

11. Children’s Privacy

Umera is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

12. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or an in-app notification at least 14 days before they take effect. The “Last updated” date at the top reflects the most recent revision.

13. Contact

For privacy-related inquiries, contact us at privacy@umera.ai.

UAB Umera
Vilnius, Lithuania
privacy@umera.ai