GDPR and data protection information

Umami Labs Limited, Hong Kong, acts as the data controller for personal data processed through UmiCare. For certain business integrations, we may act as a processor on your behalf; in those cases we will enter into appropriate data processing terms.

We have not appointed an EU/UK representative or Data Protection Officer at this time; please contact us at legal@umicare.co for GDPR matters.

We rely on GDPR legal bases as applicable: (a) performance of a contract to provide and operate the Services and support; (b) legitimate interests to improve reliability, security, and quality, protect against fraud or abuse, and communicate service-related matters where not overridden by your rights; (c) consent for marketing communications and certain analytics or cookies where required (withdrawable at any time); and (d) legal obligations to comply with applicable laws and regulatory requirements.

See our Privacy Policy for detailed categories. In summary: account data (identifiers, credentials), care/profile data (entered baby care details, notes, media you upload), device/usage data (logs, diagnostics), support communications, payment metadata (handled by processors; no full card storage), cookie/SDK data (see Cookie Policy), and optional marketing preferences.

If you purchase a subscription before creating an account, our payment processor (Stripe) may collect your email and create a customer record and subscription so we can associate the subscription with your account when you sign up with the same email address.

You have rights of access, rectification, erasure, restriction, objection (including to legitimate interests), portability, and withdrawal of consent where relied upon. You also have the right to lodge a complaint with a supervisory authority. To exercise these rights, email legal@umicare.co. We will verify your identity and respond within applicable timelines. Where permitted by law, we may deny requests that would adversely affect others or conflict with legal obligations.

We do not use automated decision-making that produces legal or similarly significant effects.

Personal data may be transferred outside the EEA/UK (for example, hosting in Singapore and processing by vetted vendors). Where required, we use Standard Contractual Clauses or equivalent safeguards and apply technical measures such as encryption in transit and at rest. We evaluate vendors’ security and privacy posture before engagement.

We retain personal data only for as long as necessary for the purposes described in the Privacy Policy or as required by law. Account and caregiver data, as well as care records and notes, are retained for the life of the account and deleted upon verified request unless retention is required by law. Analytics and diagnostics are retained in short rolling windows to improve reliability. Backups are retained on rolling schedules with limited durations and are deleted as they cycle out.

We engage subprocessors under data processing agreements, including Standard Contractual Clauses where applicable. Core providers include DigitalOcean (hosting, networking, backups), OpenAI (AI-powered summaries; no training on submitted personal data), email/support providers (transactional email and support), and analytics providers (product analytics and performance; no advertising profiles). We keep this list under review and update when material changes occur.

For customers who need a signed DPA, please email legal@umicare.co. Our DPA includes Standard Contractual Clauses (as applicable) and outlines technical and organizational measures.

We apply measures described in our Security Overview, including encryption in transit and at rest, access controls with logging, vulnerability management, backups and disaster recovery, vendor due diligence, and incident response procedures.

Umami Labs Limited
Email: legal@umicare.co

If you are in the EEA/UK, you may also contact your local supervisory authority. We encourage you to contact us first so we can address your concerns.

Last updated: 2026-01-06