Legal

Privacy Policy

Umzi Labs Ltd  ·  Effective: 14th March 2026  ·  Questions: privacy@umzi.io

As a UK based business our handling of your information is controlled by the UK Data Protection Act 2018 and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (known as UK GDPR).

We take your privacy and data protection seriously and are committed to handling your personal data responsibly, securely, and transparently. This Privacy Policy explains how the "Umzi Labs Ltd" Services accessible at https://umzi.io/ ("we", "us", "our") collects, uses, stores, discloses and protects personal data in connection with our services and the use of our website. For any privacy related inquiries, please contact us at privacy@umzi.io

Contents

  1. Purpose of This Policy
  2. Applicable Legal Framework
  3. Your Consent
  4. Data Controller
  5. What Data We Collect
  6. Why We Collect Your Information
  7. How We Use Your Information
  8. Third Party and Disclosure
  9. Confidentiality and Disclosure
  10. Lawful Basis for Processing
  11. Cookie Policy
  12. Who We Share Your Information With
  13. Authentication and Identity Management
  14. International Transfers
  15. Security Measures
  16. Data Retention
  17. Your Rights
  18. Children's Privacy
  19. Amendments and Changes
  20. Supervisory Authorities

01What Is The Purpose Of This Policy?

This Privacy Policy describes how "Umzi Labs Ltd" collects, uses, and discloses your personal information when you visit, or use our services, available at https://umzi.io/ (the "Site") or otherwise communicate with us regarding the Site (collectively, the "Services").

The Umzi Labs Ltd process all User's data in accordance with the UK Data Protection Act 2018 and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (known as UK GDPR) and the EU Consumer Rights Directive (2011/83/EU). This policy applies when you:

  1. Use our service
  2. Visit our website
  3. Visit our social media pages
  4. Create a profile
  5. Receive communications such as emails
  6. Interact with us via phone calls

Nothing in this policy affects your rights under applicable Data Protection Legislation. Finally, our website may contain links to other websites for your ease and convenience; we are not responsible for them, or how they operate or their security provision.

02Applicable Legal Framework

The applicable legal framework for our Privacy Policy procedure is the EU General Data Protection Regulation (EU) 2016/679 (GDPR), the UK GDPR and the Data Protection Act 2018.

We take privacy and security seriously. Our internal policies, access controls, and security systems adhere to industry standard safeguards, including encryption, access limitation, and continuous monitoring. While no system is completely immune to risk, we regularly test and update our security measures to reduce the likelihood of unauthorized access or misuse.

03Your Consent

In accordance with Article 9(2)(a) GDPR, you hereby give your explicit and informed consent to the processing of any related personal data submitted through the Website.

This consent is given voluntarily and can be withdrawn at any time by emailing privacy@umzi.io. As a User of the Website, you accept the conditions and consent to the processing of your submitted data for the sole purpose of providing the service.

04Data Controller

For purposes of the data protection law, we are the data controller, meaning we are responsible for how we handle your data.

We in this policy shall mean:

The Umzi Labs trading as "Umzi Labs Ltd"
Email: privacy@umzi.io
Website: https://umzi.io/

"Umzi Labs Ltd" owns and operates the Website located at https://umzi.io/

05What Data We Collect

When you use the Umzi Labs Ltd website, we only collect the information necessary to operate our platform, communicate with you, and improve our services. Below are the types of data we collect and how we collect it.

Account Registration Data. When users create an account, we may collect:

  1. Name
  2. Email address
  3. Username
  4. Password (stored securely in encrypted form)
  5. Profile information voluntarily provided by the user
  6. User Activity and Platform Interaction
  7. Technical and Device Information

06Why We Collect Your Personal Information

The information that we collect and use varies depending on how you interact with us. We rely on legitimate interests as a legal basis, to ensure your interests are balanced against your privacy rights. So such collection or processing does not override your fundamental rights and freedoms. You may object to processing based on legitimate interests at any time (see "Your Rights" section). Additionally, we collect personal data through user accounts or other methods you interact via the Website.

07How We Use Your Information

We use your personal data only for clearly defined and lawful purposes that are necessary for the operation of our platform and the fulfilment of our relationship with you. We do not use your data for any unrelated or undisclosed purposes, and we do not sell your data to third parties.

  1. To enable networking and community interaction
  2. To personalise the user experience
  3. To allow other members to discover and interact with users
  4. To create and manage your account
  5. To allow access to platform features
  6. To facilitate user interactions
  7. Comply with legal obligations
  8. Improve our website and services
  9. To comply with legal, regulatory, and accounting obligations
  10. We may process or disclose your personal information if required to comply with a lawful governmental, judicial, or regulatory order
  11. To pursue our legitimate business interests

Where required by law or where we rely on your consent, we will process your data only for the specific purposes outlined above. We will not use your personal data for any purposes beyond those listed above without first notifying you and, where required, obtaining your explicit consent.

08Third Party and Disclosure

To operate the Platform efficiently, we use selected third-party service providers who process personal data on our behalf. For example we use the following third parties to provide our platform and services. E.g. Brevo, PostHog, Auth0, Railway etc.

These providers act as data processors and are contractually bound to process personal data only in accordance with our instructions and applicable data protection laws.

09Confidentiality and Disclosure

All personal data and customer information is treated as confidential and handled in accordance with applicable UK data protection law. We will not disclose personal data to third parties except where disclosure is:

10Lawful Basis for Processing

We process your personal data based on one or more of the following lawful grounds:

Purpose Activities Legal Basis (GDPR Art. 6) Explanation / Notes
To provide and operate our platform and services Contact us Form, and access to the service Performance of a contract (Art. 6(1)(b)) Necessary to deliver the services you request and maintain platform functionality
To process transactions and manage billing Payments via service providers; sending invoices or receipts Performance of a contract / Legal obligation (Arts. 6(1)(b),(c)) Required to process payments and comply with financial/tax laws
To communicate with you about your order or requests Responding to contact forms, support tickets, or feedback Legitimate interest (Art. 6(1)(f)) Necessary to respond to inquiries and maintain user relationships
To send newsletters, and marketing offers Email campaigns, product recommendations Consent (Art. 6(1)(a)) Sent only if you have opted in; you can withdraw consent anytime
To personalize and improve our website Analytics, A/B testing, optimizing layout or deal recommendations Legitimate interest / Consent (Arts. 6(1)(f),(a)) Our interest in maintaining system integrity and security outweighs minimal data impact
To comply with legal obligations Record-keeping, responding to lawful requests from authorities Legal obligation (Art. 6(1)(c)) Required under EU and national laws (e.g., financial, tax, data protection)

11Cookie Policy

Like other websites, we use Cookies on our Site. We use Cookies to power and improve our Site and our Services (including to remember your actions and preferences), to run analytics and better understand user interaction with the Services (in our legitimate interests to administer, improve and optimize the Services). We may also permit third parties and services providers to use Cookies on our Site to better tailor the services, and products on our Site and other websites.

Most browsers automatically accept Cookies by default, but you can choose to set your browser to remove or reject Cookies through your browser controls. Please keep in mind that removing or blocking Cookies can negatively impact your user experience and may cause some of the Services, including certain features and general functionality, to work incorrectly or no longer be available. Additionally, blocking Cookies may not completely prevent how we share information with third parties such as our advertising partners.

12Who We Share Your Information With

At Umzi Labs Ltd, we value your privacy and handle your personal information responsibly. We do not sell, rent, or trade your personal data to third parties.

We share your information only when necessary to operate our business, fulfil our obligations to you, comply with the law, or enhance our services always under strict data protection and confidentiality controls. All third parties that receive User submitted data act as independent data controllers under the GDPR.

We may share your data with:

Category Purpose / Function Example Providers
Service Providers To allow us to perform our services Google Analytics, Brevo, PostHog, Auth0, Railway etc.
Professional Advisors To obtain legal, accounting, or consulting services necessary for compliance and business operations Legal counsel, auditors, data protection advisors
Business Partners and Vendors To promote specific Services that you access through The Umzi Labs website Verified vendors, affiliate networks
Legal and Regulatory Authorities To respond to lawful requests, investigations, or court orders in accordance with applicable law UK or EU regulatory bodies, courts
Successors in Corporate Transactions To enable continuity of service if ownership of The Umzi Labs or its assets changes Acquiring or merging entities (subject to this Policy)

All sub processors:

  1. Are bound by written data processing agreements (DPAs)
  2. Must act only on our documented instructions
  3. Are prohibited from using your data for their own purposes
  4. Must maintain appropriate security and confidentiality standards

A current list of our sub processors is available when you send us a message. We will provide advance notice of any new sub processors via email or account notification, as required under our DPA, before any change becomes effective. You agree to give your Consent for the use and Sharing of your data, notwithstanding you reserve the right to revoke your consent by sending us an email.

13Authentication and Identity Management

We use Auth0 to provide secure authentication services.

  1. Login credentials
  2. Authentication tokens
  3. Account access logs

14International Transfers

Some of our processors are located, or may store data, outside the UK and the European Economic Area (EEA). In such cases, The Umzi Labs Ltd ensures that appropriate safeguards are in place for international data transfers, including one or more of the following:

  1. Standard Contractual Clauses (SCCs) approved by the European Commission
  2. Data Privacy Framework (DPF) participation, where applicable
  3. Binding Corporate Rules (BCRs) for intra-group transfers
  4. Other mechanisms recognized under Articles 45–49 GDPR

For further details on our transfer mechanisms, please see our Data Processing Addendum (DPA). The Umzi Labs remains the Data Controller for personal data processed on its behalf and retains overall responsibility for ensuring that its sub processors comply with applicable data protection standards. We conduct periodic reviews and audits to verify compliance with our security and privacy requirements.

15Security Measures

We maintain a comprehensive information security management framework that includes the following safeguards:

If you have any further questions about our security and processing activities, please contact us via email.

16Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, to comply with our legal obligations, and to protect our legitimate interests.

Category of Data Purpose of Processing Retention Period Legal Basis / Notes
Profile Data Service access and authentication Retained for the duration of the account and until the User deletes his account Contractual necessity / legitimate interests
Billing and Transaction Data Accounting and tax compliance 7 years (EU legal requirement) Legal obligation
Marketing and Communication Data Promotional communications and user engagement Until withdrawal of consent or 24 months after last interaction Consent / legitimate interests
Support and Correspondence Logs Customer support records Up to 3 years after resolution Legitimate interests
Technical and Log Data (IP, usage analytics) Security monitoring and service performance Up to 12 months, unless extended for security reasons Legitimate interests
Backup and Archival Data Business continuity Maximum 90 days after deletion request Legal and operational necessity

After these periods, personal data is securely deleted, anonymised, or aggregated for statistical purposes, ensuring it can no longer identify an individual.

17Your Rights

Under the General Data Protection Regulation (EU) 2016/679 (GDPR), and other global data protection laws, you are recognised as a Data Subject and enjoy specific rights concerning your personal data. These rights apply irrespective of your nationality or place of residence, as long as your data is processed within the scope of applicable data protection laws. You can exercise any of your rights by contacting our Data Protection Officer (DPO) at privacy@umzi.io.

  1. Right to access — You have the right to obtain confirmation as to whether we process your personal data, and, where applicable (Art. 15 GDPR)
  2. Right to rectification — You may request correction or completion of any personal data that is inaccurate or incomplete (Art. 16 GDPR)
  3. Right to erasure — You have the right to request the deletion of your personal data (Art. 17 GDPR)
  4. Right to restrict processing — You may request that we temporarily suspend the processing of your data (Art. 18 GDPR)
  5. Right to object — You may object at any time to the processing of your personal data (Art. 21 GDPR)
  6. Right to data portability — You may request a copy of your personal data that you have provided to us, in a structured, commonly used, and machine readable format (such as CSV or JSON) (Art. 20 GDPR)
  7. Right to withdraw your consent — you can revoke your consent at any time by contacting us at privacy@umzi.io. Withdrawal of consent does not affect the lawfulness of processing conducted before withdrawal.
  8. Right to Lodge a Complaint — If you believe that we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with a Supervisory Authority in the country where you reside, work, or where the alleged infringement occurred.

Link to lodge a complaint:

18Children's Privacy

Our services are not directed to children, and we do not knowingly collect or process personal information from anyone under the legal age of digital consent:

If we discover that a child's data has been collected without verified parental consent, we will delete or anonymise it within 30 days of notice, unless required by law to retain it. Parents or guardians who believe their child has shared personal data with us should contact privacy@umzi.io. We will verify the request and promptly erase the data.

Where age verification is required, we may use age-gating tools or parental consent workflows, ensuring no unnecessary data is collected. We comply with GDPR, Data Protection Act 2018, COPPA, and other global child privacy laws to maintain a safe, age-appropriate environment for all users.

19Amendments and Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other operational reasons. The latest version will always be available on this page and marked with its last updated date.

If we make material changes that affect your rights or the way we process your personal data, we will notify you in advance by email, in product notice, or other reasonable means before the update takes effect. Your continued use of our website or services after any changes have been published means you accept the revised Policy. All modifications comply with GDPR, UK GDPR, and other applicable global data protection laws.

20Supervisory Authorities & Further Information

If you are in the United Kingdom and wish to file a complaint you may contact your local supervisory authority.

For queries and complaints please email: privacy@umzi.io