UMAP360 holds some of your most sensitive business data — behavioural events, ad-account connections, customer profiles, and billing details. This page explains, in plain terms, how that data is kept private, separated, and protected, and how long we keep it.

Your data is yours alone

Every account in UMAP360 belongs to an organization, and your data is walled off so that only your organization can see it. One organization can never read, edit, or even glimpse another's events, customers, dashboards, or connected accounts. This separation is enforced at the database level — not just in the app — so it holds even as you invite teammates or set different roles.

Within your organization, what each teammate can see and do is governed by their role. You control who has access and at what level from your account settings.

One organization, one boundary

If you work across multiple brands or clients, each gets its own organization with its own isolated data. Nothing leaks across that line.

Credentials and secrets are encrypted

Some of the things you connect to UMAP360 — like your ad-platform logins and API keys — are sensitive by nature. These are stored encrypted at rest, so they're never kept in plain, readable form. Your account password is never stored as text either; it's protected using one-way hashing, which means even we can't read it back.

Data moving between your browser, our servers, and the platforms you connect is encrypted in transit using modern transport security, so it can't be intercepted along the way.

Automated backups

UMAP360 keeps automated, rolling backups so your data can be recovered in the event of a problem. Backups are retained on a 30-day rolling basis — older backups age out automatically as new ones are taken. This gives you a safety net without keeping copies of your data indefinitely.

How long we keep your data

We don't keep data forever. Each type of data has a defined retention period, after which it's removed:

Data typeHow long we keep it
Account dataWhile active, then 90 days
Billing records8 years (required by Indian GST law)
Behavioural / event data25 months (configurable)
Ad-platform data25 months
Server logs90 days
Error-monitoring reports90 days
Email delivery logs30 days
Backups30-day rolling

Billing records are kept the longest because tax law requires it — even after you close an account, financial records must be retained.

Want something deleted sooner?

You can request deletion of your data at any time. We make data inaccessible immediately and permanently purge it within 90 days. See Data deletion for how requests work and the few legally-required exceptions.

Trusted partners who help run the service

To deliver UMAP360, we rely on a small set of established service providers — for things like database hosting, payment processing, transactional email, and error monitoring. Each one only handles the specific data it needs for its job, and they're held to data-protection obligations.

We commit to giving 30 days' notice before adding any new sub-processor, so there are no surprises about who touches your data. You can find the current list, with each provider's purpose and location, in our Privacy Policy.

Personal data is minimised in our tooling

When something goes wrong and we capture error reports to fix it, those reports are automatically scrubbed of personal details — email addresses, tokens, and other sensitive values are redacted before they ever leave the app. We keep the error so we can fix the bug, but not the personal data wrapped around it.

Where to learn more

For the full picture — including how we handle international data transfers, your rights, and our security commitments — see the resources below. The Trust Center is the best starting point for a high-level overview.

Next steps

Last updated 2026-06-11

We use cookies for analytics — to understand how visitors use UMAP360 and improve the product. Essential cookies (session, forms) always run; analytics cookies wait for your call. See cookie policy.