Privacy Policy
Last updated: July 2026
Yuma AI Inc. ("Yuma", "we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect personal information when you use our services or interact with our website. It also describes our commitments under the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Framework.
Yuma provides AI-powered customer support and customer experience automation to business customers. When we process personal data contained in customer support interactions, order data, and similar records, we do so as a data processor (an "agent" under the Data Privacy Framework) acting on behalf and under the instructions of our business customers, who are the data controllers. Where we collect personal data directly (for example, from website visitors, prospects, or people who contact us), we act as a data controller.
1. Information We Collect
We may collect the following categories of information:
- Contact information (such as name, email address, company details)
- Customer data processed on behalf of our customers (e.g., support interactions, order data)
- Technical data (such as IP address, device information, and usage logs)
- Communications you provide when contacting us
2. How We Use Information
We use personal data to:
- Provide, operate, and improve our services
- Deliver AI-powered customer support automation
- Respond to inquiries and provide support
- Ensure security, monitor usage, and prevent fraud
- Comply with legal and regulatory obligations
Where we process customer data, we act as a data processor on behalf of our customers.
3. Data Sharing and Onward Transfers
We do not sell or share personal data for advertising purposes.
We may share data with:
- Service providers and subprocessors (e.g., hosting, infrastructure, analytics)
- Customers (when we process data on their behalf)
- Legal authorities, when required by law
Onward transfers under the Data Privacy Framework: When we transfer personal data received in reliance on the Data Privacy Framework to third-party agents or service providers, we remain responsible for ensuring that such third parties process the data in a manner consistent with our obligations under the DPF Principles, and we require them by contract to provide the same level of protection. Yuma remains potentially liable in cases of onward transfer to third parties of personal data of EU and UK individuals received pursuant to the Data Privacy Framework, except where we are not responsible for the event giving rise to any alleged damage.
Where we act as a data controller (for example, in relation to website visitors, prospects, or individuals who contact us directly), you may limit the use and disclosure of your personal data. In particular, you have the right to opt out of (i) the disclosure of your personal data to a third party acting as a controller, and (ii) the use of your personal data for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. To exercise these choices, contact us at legal@yuma.ai.
Where we process personal data as a processor (an "agent" under the Data Privacy Framework) on behalf of a business customer, such choices are directed to and managed by that customer as the data controller.
4. Data Security
We implement industry-standard technical and organizational measures to protect personal data, including:
- Encryption of data in transit and at rest
- Access controls based on least privilege
- Monitoring, logging, and intrusion detection
- Regular security testing and vulnerability management
Our security program is aligned with industry standards and supported by independent audits (SOC 2 Type II).
5. Data Integrity and Purpose Limitation
We limit the personal data we process to what is relevant for the purposes of processing. We take reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current. We retain personal data only for as long as it serves the purposes for which it was collected or as otherwise permitted by applicable law.
6. Data Retention
We retain personal data only as long as necessary for the purposes described in this policy or as required by law.
For customer data processed through our platform:
- Data is retained according to contractual agreements
- Data may be deleted upon request or after defined retention periods
7. Your Rights
Depending on your location, you may have rights to:
- Access your personal data
- Correct or update your data
- Request deletion
- Restrict or object to processing
- Request data portability
Where Yuma processes personal data on behalf of a business customer (as a processor/agent), requests to exercise these rights are generally directed to that customer (the controller). If you contact us directly, we will refer your request to the relevant customer and cooperate to facilitate a response, consistent with applicable law and our contractual obligations.
To exercise these rights, contact us at legal@yuma.ai.
8. International Data Transfers and the Data Privacy Framework
We may process data in the United States and other jurisdictions. Where required, we implement appropriate safeguards for international transfers.
Yuma AI Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Yuma AI Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit dataprivacyframework.gov.
9. Regulatory Oversight (FTC)
The Federal Trade Commission (FTC) has jurisdiction over Yuma AI Inc.'s compliance with the Data Privacy Framework. Yuma is subject to the investigatory and enforcement powers of the FTC.
10. Disclosure to Public Authorities
We may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
11. How to Make a Complaint — Recourse and Enforcement
If you have a question or complaint about our handling of personal data, please contact us first at legal@yuma.ai. We will respond to DPF-related complaints within 45 days.
Independent recourse mechanism. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Yuma commits to refer unresolved complaints concerning our handling of personal data received in reliance on these frameworks to JAMS, an alternative dispute resolution provider based in the United States, at no cost to you. If you do not receive timely acknowledgment of your complaint, or if we have not addressed it to your satisfaction, visit jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint.
Binding arbitration. Under certain conditions, more fully described on the Data Privacy Framework website, you may be entitled to invoke binding arbitration before the "DPF Panel" when other dispute resolution procedures have been exhausted.
12. Cookies and Tracking
We use cookies and similar technologies to:
- Operate and improve our website
- Analyze usage and performance
You can control cookies through your browser settings.
13. Changes to This Policy
We may update this Privacy Policy from time to time.
14. Contact
Yuma AI Inc.
245 Main Street, 2nd Floor
Cambridge, MA 02142, USA
Email: legal@yuma.ai