Effective date: [To be determined]
Last updated: [To be determined]
This Privacy Policy describes how GLG, a.s. ("we", "us", "our", or "GLG") collects, uses, stores, and protects personal data in connection with the UAML Memory online store at uaml-memory.com (hereinafter "Store") and the UAML Memory software product (collectively, the "Service"). This policy is issued in accordance with Regulation (EU) 2016/679 (GDPR) and Act No. 110/2019 Coll. on the Processing of Personal Data (Czech Republic).
1. Data Controller
The data controller responsible for processing your personal data is:
- Company: GLG, a.s.
- Email: support@uaml.ai
- Data protection contact: support@uaml.ai
2. UAML Memory Privacy Principle
UAML Memory is a local-first product. The software stores all user data, memories, and agent knowledge locally on your own systems. UAML Memory never sends your data to our servers or any cloud service unless you explicitly configure and enable cloud synchronization features. Your data remains under your full control at all times.
This Privacy Policy pertains to data we collect through the Store, account registration, license management, and subscription processing — not to the data your local UAML Memory installation processes.
3. What Personal Data We Collect
3.1 Account Information
When you create an account or purchase a license, we may collect:
- Name and surname
- Email address
- Company name and identification number (if applicable)
- Billing address
- Account credentials (password stored in hashed form only)
3.2 Payment Data
Payment processing is handled by our payment gateway provider ComGate (comgate.cz). We do not store your full payment card details. ComGate processes your payment data in accordance with their own privacy policy and PCI DSS standards. We receive only transaction confirmation data (transaction ID, amount, status).
3.3 Trial and License Data
When you activate a free trial or purchase a license, we collect information about your subscription tier, trial start/end dates, and license status to manage your access.
3.4 Usage Analytics
We use Umami, a self-hosted, privacy-focused analytics platform, to collect anonymized usage data about our Store. Umami:
- Does not use cookies for tracking;
- Does not collect personal identifiers;
- Does not track users across websites;
- Is hosted on our own infrastructure within the EU;
- Collects only: page views, referrer URLs, browser type, device type, country (based on anonymized IP).
3.5 Communication Data
When you contact us via email, we collect the content of your communication, your email address, and any attachments you provide.
4. Legal Basis for Processing
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Account creation and management | Performance of contract (Art. 6(1)(b)) |
| License and subscription processing | Performance of contract (Art. 6(1)(b)) |
| Payment processing via ComGate | Performance of contract (Art. 6(1)(b)) |
| Free trial management | Performance of contract (Art. 6(1)(b)) |
| Website analytics (Umami) | Legitimate interest (Art. 6(1)(f)) |
| Customer support | Performance of contract (Art. 6(1)(b)) |
| Legal compliance (invoicing, tax records) | Legal obligation (Art. 6(1)(c)) |
| Marketing communications | Consent (Art. 6(1)(a)) |
5. Data Retention
| Data Category | Retention Period |
|---|---|
| Account data | Duration of account + 3 years after deletion |
| Payment/invoice records | 10 years (Czech tax legislation) |
| Website analytics | 24 months (anonymized, aggregated) |
| Support communications | 3 years after resolution |
| Marketing consent records | Duration of consent + 3 years |
| Trial/license records | Duration of account + 3 years |
6. Your Rights as a Data Subject
Under the GDPR, you have the following rights:
- Right of access (Art. 15) — obtain confirmation and a copy of your data;
- Right to rectification (Art. 16) — request correction of inaccurate data;
- Right to erasure (Art. 17) — request deletion ("right to be forgotten");
- Right to restriction (Art. 18) — request limitation of processing;
- Right to data portability (Art. 20) — receive data in a machine-readable format;
- Right to object (Art. 21) — object to processing based on legitimate interest;
- Right to withdraw consent (Art. 7(3)) — withdraw consent at any time.
Contact us at support@uaml.ai. We will respond within 30 days.
7. Cookies
The Store uses minimal cookies:
- Essential cookies: Session management and authentication (strictly necessary);
- Analytics: Umami is cookie-free.
We do not use third-party tracking cookies, advertising cookies, or social media tracking pixels.
8. Data Transfers
- All data is processed and stored within the European Union;
- Analytics (Umami) is self-hosted within the EU;
- Payment processing via ComGate occurs within the EU;
- We do not transfer data outside the EEA unless strictly necessary with appropriate safeguards (Art. 46(2)(c) GDPR).
9. Data Security
We implement appropriate technical and organizational measures:
- Encrypted data transmission (TLS/HTTPS);
- Hashed password storage;
- Access controls and role-based permissions;
- Regular security audits;
- Self-hosted infrastructure under our direct control.
10. Third-Party Processors
| Processor | Purpose | Location |
|---|---|---|
| ComGate a.s. | Payment processing | Czech Republic (EU) |
| Umami (self-hosted) | Website analytics | Our own servers (EU) |
All processors are bound by data processing agreements per Art. 28 GDPR.
11. Children's Privacy
UAML Memory is not intended for individuals under 16. We do not knowingly collect data from children. Contact support@uaml.ai if you believe we have.
12. Right to Lodge a Complaint
- Úřad pro ochranu osobních údajů (ÚOOÚ)
- Pplk. Sochora 27, 170 00 Praha 7, Czech Republic
- Website: uoou.cz
- Email: posta@uoou.cz
13. Changes to This Policy
Material changes will be communicated at least 30 days before they take effect. The current version is always available at this URL.