VUMY Technologies
vumyo
ProductsCompanyTrustContact Open vumyo
Legal

Privacy policy

Last updated 2026-05-03 · v2.0

This policy describes how VUMY Technologies (the company behind vumyo and its constituent products) collects, uses, and shares Personal Data. It applies to both the corporate site and the vumyo product, with the regional addenda below providing additional rights where local law requires.

1. What we collect

Account data

Email, name, role, country, optional Google/LinkedIn OAuth identifiers.

Workspace data

Whatever you put into your workspace — candidates, applications, signed documents, identity verification artifacts, CRM records, scheduled interviews. We process this on your behalf as a data Processor.

Public surface data

Public profiles (/{handle}, /{cc}/{handle}), public job postings, public team directories, public booking pages — only what you mark public.

Operational data

Server logs (IP, user agent, request path, timestamp). Used for security, rate limiting, debugging, and abuse prevention.

2. How we use it

  • To provide the vumyo services (the product purpose).
  • To detect and respond to fraud, abuse, and security incidents.
  • To comply with legal obligations.
  • To send transactional email (verification, IMPORTANT application events). Routine status changes do not trigger email.
  • Aggregate, anonymized analytics for product improvement.

We do not use your workspace data, candidate Personal Data, or identity verification artifacts to train AI models. See /security and the vumyo pledge.

3. Sharing

Personal Data is shared only with vetted sub-processors, and only for the documented purpose. A current sub-processor list is provided to customers under the data processing terms of their agreement. Personal Data is not sold. Identity verification outcomes remain inside the customer workspace at all times.

4. Retention

  • Account data: retained until account deletion + 30 days.
  • Workspace data: retained until workspace deletion + 90 days, except where law requires longer.
  • Identity verification artifacts: workspace-configured retention window (default 90 days).
  • Server logs: 30 days.

5. Your rights

Regardless of jurisdiction you may request access, rectification, erasure, portability, restriction of processing, and to object to processing. Email privacy@vumy.net. Authenticated users can also exercise these rights directly via /self/privacy on vumyo.com.

6. Regional addenda

GDPR (EEA / UK / Switzerland)

Lawful bases: contract (Art. 6(1)(b)), legitimate interests (Art. 6(1)(f)), legal obligation (Art. 6(1)(c)), consent (Art. 6(1)(a)) where applicable. Data subjects have the right to lodge a complaint with their supervisory authority. Data Processing Addendum at /dpa.

CCPA / CPRA (California)

California residents have the rights to know, delete, correct, and opt-out of sale/sharing. We do not sell Personal Information; we do not share it for cross-context behavioral advertising.

India DPDP

Aadhaar-based verification handled per the /security page; voice statements and liveness captures redacted on retention expiry.

7. Contact

Privacy queries and data subject requests: privacy@vumy.net.

Questions about this document? privacy@vumy.net