Privacy Policy

Kumu Inc. ("Kumu", "we", "our", "us") developed the Kumu.io website ("Website", "Services") to help you solve complex problems by visualizing and tracking key relationships and connections. We understand how important your privacy is and will take reasonable steps to protect your information as if it was our own. This document provides our policies and procedures for collecting, using, and disclosing your information.

Kumu Inc. complies with the EU-U.S. Data Privacy Framework Principles, the UK Extension to the EU-U.S. Data Privacy Framework Principles, and the Swiss-U.S. Data Privacy Framework Principles as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, UK, and Switzerland to the United States. Kumu Inc. has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles. If there is any conflict between the terms in this privacy policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern. To learn more about the Data Privacy Framework Principles, and to view our certification, please visit https://www.dataprivacyframework.gov/

.

Information We Collect, and How We Use It

Website Visitors
To simply browse our Website, you are not required to provide any personally-identifiable information. However, we may collect non-personally-identifiable information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. Kumu’s purpose in collecting non-personally identifying information is to better understand how Kumu’s visitors use its website and to monitor and improve our Website and Services. From time to time, we may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website.

Registered Users
When you register for Kumu, we collect personal information including name, username, email, account password, account name and date of registration. We also collect potentially personally-identifying information like Internet Protocol (IP) addresses, information about your computer, geographic location, and other standard web log information. We do not disclose personally-identifying information other than as described below. Visitors can always refuse to supply personally-identifying information, with the caveat that it may prevent them from engaging in certain website-related activities.

We rely upon a number of legal grounds to ensure that our use of your Personal Data is compliant with applicable law. We use Personal Data to facilitate the business relationships we have with our Users, to comply with our financial regulatory and other legal obligations, and to pursue our legitimate business interests. The following list sets out the business purposes that we have identified as legitimate. In determining the content of this list, we balanced our interests against the legitimate interests and rights of the individuals whose Personal Data we process. We:

If we need to use your Personal Data in other ways, we will provide specific notice at the time of collection and obtain your consent where required by applicable law.

We may send you email marketing communications about Kumu products and services, invite you to participate in our events or surveys, or otherwise communicate with you for marketing purposes, provided that we do so in accordance with the consent requirements that are imposed by applicable law. When we collect your business contact details through our participation at trade shows or other events, we may use the information to follow-up with you regarding an event, send you information that you have requested on our products and services and, with your permission, include you on our marketing information campaigns.

Aggregated Statistics
We may collect statistics about the behavior of visitors to the Website. For instance, we may monitor the most popular public accounts and display this information publicly or provide it to others. However, Kumu will not disclose personally-identifying information other than as described below.

Cookies
A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. Kumu uses cookies to help Kumu identify and track visitors, their usage of Kumu website, and their website access preferences. Kumu visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using the Website, with the drawback that certain features of the Website may not function properly without the aid of cookies.

Payments
When paying for an account subscription, Kumu uses a third party payment processor, Stripe, to assist in processing your personally identifiable payment information. We do not receive or store credit card information into our servers. These transactions and Stripe's use of your personal information is governed by their privacy policy (available at stripe.com/privacy).

Where We Store Your Information

If you are located outside the United States, the information that we collect from you may be transferred to, and stored and processed at, a destination in the United States. By submitting information, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Policy.

Disclosing Your Information

Kumu Public Profile
Each registered Kumu user has a public profile which may be accessible to anyone browsing the Website. We disclose your name, username, description (if provided), location (if provided), website (if provided), avatar image (if linked to your email address or uploaded) and date of registration.

Public Accounts, Embeds & Share Links, and Projects & Maps to Which You Have Granted Access to Others
Kumu discloses information related to the owner of each account, including the Gravatar image (if linked to the account owner's email address or uploaded) and the username of the account owner. This information is displayed in the account sidebar of all accounts and is viewable by all who have access to the project. Public projects are accessible to all website visitors and private projects and maps are only accessible to those that you or other managers on your account have granted access to. We may use information about the popularity of public accounts to rank accounts in order of popularity on the public accounts listing, which is accessible to all website visitors.

Protection of Certain Personally-Identifying Information
Kumu discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organizations that (i) need to know that information in order to process it on Kumu’s behalf or to provide services available at the Website, and (ii) that contractually commit to protect the security and confidentiality of Personal Data they process on our behalf. Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using Kumu, you consent to the transfer of such information to them. Kumu will not rent or sell potentially personally-identifying and personally-identifying information to anyone. Other than to its employees, contractors and affiliated organizations, as described above, Kumu discloses potentially personally-identifying and personally-identifying information only in response to a subpoena, court order or other governmental request, or when Kumu believes in good faith that disclosure is reasonably necessary to protect the property or rights of Kumu, third parties or the public at large. If you are a registered user of Kumu and have supplied your email address, Kumu may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with Kumu and our services. You can opt-out of receiving these email communications from us by contacting us at privacy@kumu.io. If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users. Kumu takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally-identifying and personally-identifying information.

Business Transfers
If Kumu, or substantially all of its assets were acquired, or in the unlikely event that Kumu goes out of business or enters bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquiror of Kumu may continue to use your personal information as set forth in this policy.

Your Rights and Choices

Your Data Protection Rights
Depending on your location and subject to applicable law, you may have the following rights with regard to the Personal Data we control about you:

Where the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent at any time. You may also have the right to object to the processing of your Personal Data on grounds relating to your particular situation.

Communications Preferences
We offer those who provide personal contact information a means to choose how we use the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of our marketing emails or you may send a request to privacy@kumu.io. Please note that if you opt-out of receiving marketing related emails from us, we may still send you important administrative messages that are required to provide you with our Services.

Correcting, Updating and Removing Your Information
Upon request we will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. To request this information please contact us at privacy@kumu.io. Account owners may update or change their account information by editing their personal profile or workspace profile or by contacting support@kumu.io for more detailed instructions. To make a request to have personal information maintained by us returned to you or removed, please email support@kumu.io. Requests to access, change, or remove your information will be handled within 30 days.

An individual who seeks access to, or who seeks to correct, amend, or delete inaccuracies in personal information stored or processed by us on behalf of an account owner should direct his/her query to the account owners (the data controller). Upon receipt of a request from one of our account owners for us to remove the data, we will respond to their request within thirty (30) days. We will retain personal information that we store and process on behalf of our account owners for as long as needed to provide the Services to our users. We will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. If you have any questions about the security of your personal information, you can contact us at privacy@kumu.io.

If you are an account owner or otherwise provide us with personal information in connection with your use of our Websites or Services, we will delete this information upon your request, provided that, notwithstanding such request, this information may be retained for as long as you maintain an account for our Services, or as needed to provide you with our Services, comply with our legal obligations, resolve disputes and enforce our agreements.

Security and Retention

We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data within our organization against unauthorized access, destruction, loss, alteration or misuse. Your Personal Data is only accessible to a limited number of personnel who need access to the information to perform their duties. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please contact us immediately.

If you are a Kumu User, we retain your Personal Data as long as we are providing the Services to you. We retain Personal Data after we cease providing Services to you, even if you close your Kumu account, to the extent necessary to comply with our legal and regulatory obligations. We also retain Personal Data to comply with our tax, accounting, and financial reporting obligations. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.

Data Privacy Framework Program

Kumu abides by and has certified adherence to the principles of the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce. For more information on these frameworks, and to view the scope of Kumu’s certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the Data Privacy Framework, Kumu commits to resolve complaints about our collection or use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact us at:

By email:
privacy@kumu.io

By mail:
Kumu Inc.
Attn: Privacy
720 University Avenue, Suite 200
Los Gatos, CA 95032

We have further committed to refer unresolved Data Privacy Framework complaints to ICDR/AAA, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit ICDR/AAA (https://go.adr.org/dpf_irm.html) for more information or to file a complaint. The services of ICDR/AAA re provided at no cost to you.

If neither Kumu nor ICDR/AAA resolves your complaint, you may pursue binding arbitration through the Data Privacy Framework Arbitration Panel. To learn more about the Arbitration Panel, click here. The Federal Trade Commission has investigation and enforcement authority over our compliance with the Data Privacy Framework.

If we have received your personal information under the Data Privacy Framework and subsequently transfer it to a third party service provider for processing, we will remain responsible if they process your personal information in a manner inconsistent with the Data Privacy Framework Principles, unless we prove that we are not responsible for the event giving rise to the damage.

Data Processing Addendum

We offer a data processing addendum (DPA) for our customers who collect data from people in the EU. Please see our GDPR Policy for more info.

Privacy Policy Changes

Although most changes are likely to be minor, Kumu may change its Privacy Policy from time to time, and in Kumu’s sole discretion. Kumu encourages visitors to frequently check this page for any changes to its Privacy Policy. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change.

Effective Date: August 26, 2024

Questions?

If you have any questions about our privacy policy, you can contact us by email at privacy@kumu.io or by mail using the following address:

By mail:
Kumu Inc.
Attn: Privacy
720 University Avenue, Suite 200
Los Gatos, CA 95032

Note: This Privacy Policy is available under a Creative Commons Sharealike license, which means you’re more than welcome to steal it and repurpose it for your own use, just make sure to replace references to us with ones to you.