Privacy Policy

How UjumbeAI handles personal data for our B2B hospitality and service customers.

Last Updated: February 2026

1. Introduction

UjumbeAI ("UjumbeAI", "we", "our", or "us") provides a business-to-business (B2B) AI-powered communication platform for hospitality and service organizations, including web-based AI chat, multilingual guest communication, conversation management, and administrative controls.

This Privacy Policy explains how we collect, use, process, store, and protect personal data in connection with:

  • Our website (https://ujumbe.ai)
  • Our SaaS platform
  • Our embedded AI chat widget
  • Related administrative and support services

UjumbeAI operates as:

  • A Data Controller for personal data relating to our business customers (e.g., account holders, billing contacts).
  • A Data Processor for personal data processed on behalf of our customers (e.g., guest conversations handled through the AI chat widget).

Our customers remain the Data Controllers for the end-user (guest/customer) data processed through our platform.

2. Scope of This Policy

This policy applies to:

  • Business representatives creating or managing UjumbeAI accounts
  • Visitors to our website
  • End-users interacting with our customers’ AI chat widgets (processed on behalf of customers)

It does not apply to third-party services linked from our platform.

3. Information We Collect

3.1 Business Account Information (Controller Data)

When a company registers for UjumbeAI, we collect:

  • Company name
  • Contact name
  • Business email address
  • Authentication credentials
  • Subscription and billing details
  • Onboarding configuration settings

This information is necessary to provide and manage the service.

3.2 Conversation and Communication Data (Processor Data)

When our customers use UjumbeAI’s AI chat services, we may process:

  • Messages sent via embedded web chat
  • Conversation transcripts
  • Metadata (timestamps, session identifiers)
  • Language preferences
  • Uploaded content within chats (if enabled)

We process this data strictly on behalf of our customers in accordance with their instructions and applicable data protection laws.

UjumbeAI does not claim ownership of customer conversation data.

3.3 Technical and Usage Information

We automatically collect certain technical data, including:

  • IP address
  • Browser type and device information
  • Log data and diagnostic information
  • Platform usage metrics
  • Error reports
  • Security event logs
  • Correlation identifiers for observability and auditing

This data is used for reliability, security, fraud prevention, and system performance optimization.

4. How We Use Information

We use collected data for the following purposes:

Service Provision

To operate, maintain, and improve the UjumbeAI platform.

Security & Fraud Prevention

To detect abuse, enforce rate limits, prevent unauthorized access, and maintain platform integrity.

Billing & Subscription Management

To manage payments and subscription status.

Customer Support

To respond to inquiries and provide technical assistance.

Compliance & Legal Obligations

To comply with applicable laws, regulatory requirements, and contractual obligations.

AI Processing

AI responses are generated through third-party AI providers under strict data processing agreements. UjumbeAI does not use customer conversation data to train public AI models.

5. AI and Automated Processing

UjumbeAI uses artificial intelligence models to generate responses to user inquiries.

AI processing may involve:

  • Sending prompts to approved AI providers
  • Receiving generated responses
  • Logging outputs for audit and reliability purposes

We implement contractual and technical safeguards to ensure:

  • Data minimization
  • Secure transmission
  • No public model training on customer data (where supported by provider policies)

Customers are responsible for informing their end-users that automated AI systems may be used in communication.

6. Legal Basis for Processing (GDPR)

For business account data (Controller role), our legal bases include:

  • Performance of a contract
  • Legitimate interests (security, fraud prevention, product improvement)
  • Legal obligations

For end-user data (Processor role), processing is performed under our customers’ lawful basis.

7. Data Retention

We retain data according to the following principles:

  • Active accounts: retained while subscription is active
  • Conversation data: retained per customer configuration or until deletion
  • Audit logs: retained for security and compliance purposes
  • Billing records: retained as required by tax and accounting laws
  • Backups: encrypted and retained for limited disaster recovery periods

Upon account termination, data is deleted or anonymized within a defined retention period, except where legally required otherwise.

8. Data Security

We implement enterprise-grade safeguards, including:

  • Encryption in transit (TLS 1.2+)
  • Encryption at rest
  • Role-based access control (RBAC)
  • Multi-factor authentication for administrative access
  • Audit logging of administrative actions
  • Rate limiting and abuse detection
  • Secure hosting infrastructure
  • Regular dependency and vulnerability monitoring

No system can guarantee absolute security, but we continuously improve our safeguards.

9. Subprocessors and Infrastructure

UjumbeAI relies on trusted subprocessors to operate the platform. These may include:

  • Hosting infrastructure providers
  • Database and authentication providers
  • AI model providers
  • Email delivery services
  • Monitoring and logging services

Core infrastructure currently relies on Vercel (application hosting), Supabase (database, authentication, and storage), OpenAI (AI model provider), and Resend (email delivery), each operating under appropriate data processing agreements.

All subprocessors are subject to data processing agreements and appropriate safeguards. A current list of subprocessors is available upon request.

10. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), we implement appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Contractual and technical protections

Primary data storage is configured within EU data regions where available.

11. Data Subject Rights

Under GDPR and applicable laws, individuals may have rights including:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction
  • Right to data portability
  • Right to object
  • Right to lodge a complaint with a supervisory authority

For end-user requests, customers (as Data Controllers) are responsible for handling requests. UjumbeAI supports customers through export and deletion tools.

Requests relating to UjumbeAI account data may be directed to: support@ujumbe.ai

12. Cookies and Website Tracking

Our website may use essential cookies required for:

  • Authentication
  • Session management
  • Security controls

We do not deploy invasive tracking mechanisms without consent. Where analytics tools are used, they operate in compliance with applicable privacy regulations.

13. Children’s Data

UjumbeAI is a business service and is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect operational, legal, or regulatory changes. Updated versions will be published on our website with a revised “Last Updated” date.

Material changes may be communicated via email or platform notice.

15. Contact Information

For privacy-related inquiries:

UjumbeAI

Email: support@ujumbe.ai