Effective date: [To be determined]
Last updated: [To be determined]
This Privacy Policy describes how GLG, a.s. ("we", "us", "our", or "GLG") collects, uses, stores, and protects personal data in connection with the UAML website (uaml.ai) and the UAML software product (collectively, the "Service"). This policy is issued in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR") and Act No. 110/2019 Coll. on the Processing of Personal Data (Czech Republic).
1. Data Controller
The data controller responsible for processing your personal data is:
- Company: GLG, a.s.
- Email: support@uaml.ai
- Data protection contact: support@uaml.ai
2. UAML Product Privacy Principle
UAML is a local-first product. The UAML software stores all user data, memories, and agent knowledge locally on your own systems. UAML never sends your data to our servers or any cloud service unless you explicitly configure and enable cloud synchronization features. Your data remains under your full control at all times.
This Privacy Policy pertains to data we collect through the UAML website, account registration, and subscription management β not to the data your UAML installation processes locally.
3. What Personal Data We Collect
3.1 Account Information
When you create an account or purchase a subscription, we may collect:
- Name and surname
- Email address
- Company name and identification number (if applicable)
- Billing address
- Account credentials (password stored in hashed form only)
3.2 Payment Data
Payment processing is handled by our payment gateway provider ComGate (comgate.cz). We do not store your full payment card details. ComGate processes your payment data in accordance with their own privacy policy and PCI DSS standards. We receive only transaction confirmation data (transaction ID, amount, status).
3.3 Usage Analytics
We use Umami, a self-hosted, privacy-focused analytics platform, to collect anonymized usage data about our website. Umami:
- Does not use cookies for tracking;
- Does not collect personal identifiers;
- Does not track users across websites;
- Is hosted on our own infrastructure within the EU;
- Collects only: page views, referrer URLs, browser type, device type, country (based on anonymized IP).
3.4 Communication Data
When you contact us via email, we collect the content of your communication, your email address, and any attachments you provide.
4. Legal Basis for Processing
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Account creation and management | Performance of contract (Art. 6(1)(b)) |
| Subscription and payment processing | Performance of contract (Art. 6(1)(b)) |
| Website analytics (Umami) | Legitimate interest (Art. 6(1)(f)) β improving our services |
| Customer support | Performance of contract (Art. 6(1)(b)) |
| Legal compliance (invoicing, tax records) | Legal obligation (Art. 6(1)(c)) |
| Marketing communications | Consent (Art. 6(1)(a)) β you may withdraw consent at any time |
5. Data Retention
| Data Category | Retention Period |
|---|---|
| Account data | Duration of account + 3 years after deletion |
| Payment/invoice records | 10 years (Czech tax legislation) |
| Website analytics | 24 months (anonymized, aggregated) |
| Support communications | 3 years after resolution |
| Marketing consent records | Duration of consent + 3 years |
6. Your Rights as a Data Subject
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15) β obtain confirmation of whether we process your data and request a copy;
- Right to rectification (Art. 16) β request correction of inaccurate or incomplete data;
- Right to erasure (Art. 17) β request deletion of your data ("right to be forgotten"), subject to legal retention obligations;
- Right to restriction of processing (Art. 18) β request that we limit the processing of your data;
- Right to data portability (Art. 20) β receive your data in a structured, machine-readable format;
- Right to object (Art. 21) β object to processing based on legitimate interest, including profiling;
- Right to withdraw consent (Art. 7(3)) β withdraw consent at any time, without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at support@uaml.ai. We will respond within 30 days of receiving your request.
7. Cookies
The UAML website uses minimal cookies:
- Essential cookies: Session management and authentication (strictly necessary, no consent required);
- Analytics: Umami analytics is cookie-free β it does not set any tracking cookies.
We do not use any third-party tracking cookies, advertising cookies, or social media tracking pixels.
8. Data Transfers
GLG follows a local-first principle for data processing:
- All data is processed and stored within the European Union;
- Our analytics infrastructure (Umami) is self-hosted within the EU;
- Payment processing via ComGate occurs within the EU;
- We do not transfer personal data outside the European Economic Area (EEA) unless strictly necessary, in which case we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR).
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encrypted data transmission (TLS/HTTPS);
- Hashed password storage;
- Access controls and role-based permissions;
- Regular security audits and updates;
- Self-hosted infrastructure under our direct control.
10. Third-Party Processors
| Processor | Purpose | Location |
|---|---|---|
| ComGate a.s. | Payment processing | Czech Republic (EU) |
| Umami (self-hosted) | Website analytics | Our own servers (EU) |
All third-party processors are bound by data processing agreements in accordance with Art. 28 GDPR.
11. Children's Privacy
UAML is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us at support@uaml.ai and we will promptly delete the data.
12. Right to Lodge a Complaint
If you believe that your personal data is being processed in violation of the GDPR or Czech data protection law, you have the right to lodge a complaint with the supervisory authority:
- ΓΕad pro ochranu osobnΓch ΓΊdajΕ― (ΓOOΓ)
- Pplk. Sochora 27, 170 00 Praha 7, Czech Republic
- Website: uoou.cz
- Email: posta@uoou.cz
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or through our website at least 30 days before they take effect. The current version is always available at this URL.
14. Related Documents
15. Contact
For any questions or requests related to your personal data, please contact us:
- π§ support@uaml.ai