Umoo

Privacy Policy

Umoo Privacy Policy

Last Updated: April 6, 2026

Welcome to Umoo (“the Platform” or “we”). We value your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information.

1. Information We Collect

1.1 Information You Provide

  • Account information: Email address, username, and password during registration
  • Contact information: Name, company name, and contact details submitted via forms or email
  • Payment information: Billing details for paid services (processed by third-party payment providers)

1.2 Automatically Collected Information

  • Device information: Browser type, operating system, IP address, device identifiers
  • Usage data: Page views, feature usage frequency, activity logs
  • Log data: Server logs, error reports, performance metrics

1.3 IoT Device Data

  • Device metadata: Device name, firmware version, network address, online status
  • Telemetry data: CPU, memory, disk, and network performance metrics
  • Shadow state: Device configuration and reported state data

2. How We Use Information

We use collected information to:

  • Provide, maintain, and improve the Platform’s features and services
  • Process your registration, authentication, and account management
  • Manage and monitor your IoT device fleet
  • Send service notifications, security alerts, and technical support communications
  • Analyze usage patterns to improve user experience
  • Comply with legal and regulatory requirements

3. Data Storage & Security

3.1 Storage

  • Self-hosted deployments: Data is stored on your own infrastructure — we do not access or store your data
  • Managed service: When using our managed service, device registration information is stored on our platform; device telemetry, business data, and other content remain under your control
  • PostgreSQL Row-Level Security (RLS) enforces tenant data isolation

3.2 Security Measures

  • Mutual TLS (mTLS) certificate authentication for device communication
  • JWT token-based user authentication
  • TLS/HTTPS encryption for all API communications
  • Role-Based Access Control (RBAC) with least-privilege enforcement
  • Immutable audit logs for all administrative actions

4. Data Sharing

We do not sell, rent, or trade your personal information. Exceptions include:

  • With your consent: When you explicitly authorize sharing
  • Service providers: Necessary sharing with partners who assist in providing services
  • Legal requirements: When required by law or government authority
  • Safety: To protect the rights and safety of the Platform, users, or the public

5. Data Retention

  • Account data is retained for the duration of your active account
  • Device telemetry data is automatically cleaned per tenant retention policies (default 30 days)
  • Audit logs are retained per compliance requirements
  • After account deletion, we will delete or anonymize your personal data within a reasonable timeframe

6. Your Rights

You have the right to:

  • Access your personal information
  • Correct inaccurate personal information
  • Delete your personal information and account
  • Export your data
  • Withdraw consent to data processing

To exercise these rights, contact us at: contact@grainpeak.com

7. Cookies

The Platform uses essential cookies and local storage to:

  • Maintain user login sessions
  • Remember user preferences (language, theme)
  • Ensure platform security

We do not use third-party tracking or advertising cookies.

8. Children’s Privacy

The Platform is not intended for individuals under 16 years of age. We do not knowingly collect personal information from minors.

9. Policy Updates

We may update this Privacy Policy from time to time. Updated policies will be posted on this page with a revised “Last Updated” date. We will notify you of significant changes via email or platform notification.

10. Contact Us

If you have questions about this Privacy Policy: