Legal
This Privacy Policy explains how Ujama Ltd collects, uses, stores, and protects your personal data when you use Ujama. It is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Last updated
5 May 2026
Controller
Ujama Ltd
Contact
privacy@ujama.co.uk
Ujama Ltd is the data controller responsible for your personal data, registered in England and Wales. Our registered address is London, United Kingdom. If you have any questions, contact us at privacy@ujama.co.uk.
We collect account data (name, email, job title, organisation, location, bio, social links, hashed password), usage and technical data (pages visited, IP address, browser type, API requests, error logs), payment data (billing name and address - card details are processed by Stripe and never stored on our servers), and communications data (emails and support requests).
We process your data to provide and maintain Ujama (contract), manage your account and authentication (contract), process billing (contract), send transactional emails (contract), improve the platform (legitimate interests), monitor security (legitimate interests), send product updates where opted in (consent), and comply with legal obligations (legal obligation).
We do not sell or rent your data. We share data only with: Vercel Inc. (frontend hosting), Railway Corp. (backend hosting), Neon Inc. (database), Upstash Inc. (caching), Stripe Inc. (payments), Mapbox Inc. (mapping), and Groq Inc. (AI inference). All processors operate under data processing agreements and, where based in the USA, under Standard Contractual Clauses.
Account data is retained for the duration of your account plus 2 years. Payment records are retained for 7 years (UK financial regulations). Usage logs are retained for 12 months then anonymised. Support correspondence is retained for 3 years. Security and audit logs are retained for 12 months.
We use essential session cookies (required for login), functional preference cookies (settings), and analytics cookies (anonymous usage patterns). We do not use advertising or third-party tracking cookies.
You have the right to access, rectify, erase, restrict, and port your personal data. You may object to processing based on legitimate interests. You also have the right to lodge a complaint with the UK Information Commissioner's Office at ico.org.uk. To exercise your rights, email privacy@ujama.co.uk. We will respond within 30 days.
Some processors operate in the USA. All international transfers are protected by Standard Contractual Clauses approved by the UK ICO.
We use TLS encryption in transit, bcrypt password hashing, row-level database security, short-lived JWT tokens (30 minutes), audit logging, and staff access controls. If you suspect your account has been compromised, contact privacy@ujama.co.uk immediately.
Ujama is a professional B2B service not intended for use by individuals under 18. We do not knowingly collect data from children.
We may update this policy from time to time. The "Last updated" date will reflect any changes. Material changes will be notified by email or prominent notice on the platform.
For privacy questions or data subject requests, contact Ujama Ltd, London, United Kingdom - privacy@ujama.co.uk