Effective date: March 20, 2026
Last updated: March 20, 2026
This Privacy Policy describes how GLG, a.s. ("we", "us", "our", or "GLG") collects, uses, stores, and protects personal data in connection with the UAML Memory online store at uaml-memory.com (hereinafter "Store") and the UAML Memory software product (collectively, the "Service"). This policy is issued in accordance with Regulation (EU) 2016/679 (GDPR) and Act No. 110/2019 Coll. on the Processing of Personal Data (Czech Republic).
1. Data Controller
The data controller responsible for processing your personal data is:
- Company: GLG, a.s.
- Email: support@uaml.ai
- Data protection contact: support@uaml.ai
2. UAML Memory Privacy Principle
UAML Memory is a local-first product. The software stores all user data, memories, and agent knowledge locally on your own systems. UAML Memory never sends your data to our servers or any cloud service unless you explicitly configure and enable cloud synchronization features. Your data remains under your full control at all times.
This Privacy Policy pertains to data we collect through the Store, account registration, license management, and subscription processing — not to the data your local UAML Memory installation processes.
3. What Personal Data We Collect
3.1 Account Information
When you create an account or purchase a license, we may collect:
- Name and surname
- Email address
- Company name and identification number (if applicable)
- Billing address
- Account credentials (password stored in hashed form only)
3.2 Payment Data
Payment processing is handled by our payment gateway provider our authorized payment processor. We do not store your full payment card details. the payment processor processes your payment data in accordance with their own privacy policy and PCI DSS standards. We receive only transaction confirmation data (transaction ID, amount, status).
3.3 Trial and License Data
When you activate a free trial or purchase a license, we collect information about your subscription tier, trial start/end dates, and license status to manage your access.
3.4 Usage Analytics
We use Umami, a self-hosted, privacy-focused analytics platform, to collect anonymized usage data about our Store. Umami:
- Does not use cookies for tracking;
- Does not collect personal identifiers;
- Does not track users across websites;
- Is hosted on our own infrastructure within the EU;
- Collects only: page views, referrer URLs, browser type, device type, country (based on anonymized IP).
3.5 Communication Data
When you contact us via email, we collect the content of your communication, your email address, and any attachments you provide.
3.6 Technical Data
When you register an account or log in, we automatically collect certain technical information for security, fraud prevention, and service quality purposes:
- IP address
- Browser type and version (User-Agent)
- Browser language preferences (Accept-Language)
- Referring URL
- Screen resolution, timezone, and platform
- Browser fingerprint (a hash derived from device characteristics — not personally identifiable on its own)
This data is stored separately from your account profile and is not visible in your account settings. It is used for:
- Fraud prevention and abuse detection
- Correlating anonymous telemetry data with accounts (to improve onboarding and installation success)
- Security auditing
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) for IP address and User-Agent collection; Consent (Art. 6(1)(a)) for browser fingerprint and telemetry correlation.
4. Legal Basis for Processing
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Account creation and management | Performance of contract (Art. 6(1)(b)) |
| License and subscription processing | Performance of contract (Art. 6(1)(b)) |
| Payment processing via our authorized payment processor | Performance of contract (Art. 6(1)(b)) |
| Free trial management | Performance of contract (Art. 6(1)(b)) |
| Website analytics (Umami) | Legitimate interest (Art. 6(1)(f)) |
| Customer support | Performance of contract (Art. 6(1)(b)) |
| Legal compliance (invoicing, tax records) | Legal obligation (Art. 6(1)(c)) |
| Marketing communications | Consent (Art. 6(1)(a)) |
| Technical data collection (IP, browser fingerprint) | Legitimate interest (Art. 6(1)(f)) + Consent (Art. 6(1)(a)) |
5. Data Retention
| Data Category | Retention Period |
|---|---|
| Account data | Duration of account + 3 years after deletion |
| Payment/invoice records | 10 years (Czech tax legislation) |
| Website analytics | 24 months (anonymized, aggregated) |
| Support communications | 3 years after resolution |
| Marketing consent records | Duration of consent + 3 years |
| Trial/license records | Duration of account + 3 years |
| Technical data (IP, fingerprint) | Duration of account + 1 year after deletion |
6. Your Rights as a Data Subject
Under the GDPR, you have the following rights:
- Right of access (Art. 15) — obtain confirmation and a copy of your data;
- Right to rectification (Art. 16) — request correction of inaccurate data;
- Right to erasure (Art. 17) — request deletion ("right to be forgotten");
- Right to restriction (Art. 18) — request limitation of processing;
- Right to data portability (Art. 20) — receive data in a machine-readable format;
- Right to object (Art. 21) — object to processing based on legitimate interest;
- Right to withdraw consent (Art. 7(3)) — withdraw consent at any time.
Contact us at support@uaml.ai. We will respond within 30 days.
7. Cookies
The Store uses minimal cookies:
- Essential cookies: Session management and authentication (strictly necessary);
- Analytics: Umami is cookie-free.
We do not use third-party tracking cookies, advertising cookies, or social media tracking pixels.
8. Data Transfers
- All data is processed and stored within the European Union;
- Analytics (Umami) is self-hosted within the EU;
- Payment processing via our authorized payment processor occurs within the EU;
- We do not transfer data outside the EEA unless strictly necessary with appropriate safeguards (Art. 46(2)(c) GDPR).
9. Data Security
We implement appropriate technical and organizational measures:
- Encrypted data transmission (TLS/HTTPS);
- Hashed password storage;
- Access controls and role-based permissions;
- Regular security audits;
- Self-hosted infrastructure under our direct control.
10. Third-Party Processors
| Processor | Purpose | Location |
|---|---|---|
| the payment processor a.s. | Payment processing | Czech Republic (EU) |
| Umami (self-hosted) | Website analytics | Our own servers (EU) |
All processors are bound by data processing agreements per Art. 28 GDPR.
11. Children's Privacy
UAML Memory is not intended for individuals under 16. We do not knowingly collect data from children. Contact support@uaml.ai if you believe we have.
12. Right to Lodge a Complaint
- Úřad pro ochranu osobních údajů (ÚOOÚ)
- Pplk. Sochora 27, 170 00 Praha 7, Czech Republic
- Website: uoou.cz
- Email: posta@uoou.cz
13. Changes to This Policy
Material changes will be communicated at least 30 days before they take effect. The current version is always available at this URL.