Privacy isn't a feature we bolted on — it's how UMAP360 is built. You stay in control of what's collected and who it's shared with, your data is kept secure and isolated to your organization, and you can request deletion of customer data at any time. This page maps out everything in the Privacy & Trust section so you can find what you need.
What "privacy-first" means here
UMAP360 brings together behavioural data, ad spend, and store orders — sensitive information that belongs to your customers and your business. We treat it that way:
- You control consent. Visitors can be asked to opt in before behavioural data is collected, and you decide how those preferences are honoured.
- Your data is isolated. Information collected through your account is scoped to your organization. Other customers on the platform cannot see it.
- It's stored securely. Data is encrypted in transit and at rest, and access is tightly controlled.
- You can have it deleted. You can request deletion of an end-user's data, or close your account entirely, and we'll process it on a clear timeline.
- It's built for the rules that apply to you. The platform is designed around India's DPDP Act and the EU's GDPR, with additional coverage for California's CCPA/CPRA.
Acting on behalf of your customers
When UMAP360 handles behavioural data your visitors generate, you are the data controller and we act as the processor. That means deletion and access requests from your end users come to you first — you decide, and we carry it out. See data deletion for the flow.
What's in this section
| Page | What it covers |
|---|---|
| Consent management | How visitor consent is captured and honoured before data is collected |
| How your data is stored | Where data lives, how it's secured, and how long it's kept |
| Data deletion | Requesting deletion of customer data or closing an account, and what happens next |
Deletion you can rely on
When you request deletion, data is made inaccessible immediately and permanently removed within 90 days. The grace period exists on purpose:
- Mistakes are recoverable. If a request was made in error, there's time to reverse it before the data is gone for good.
- Legal obligations are met. Some records — billing and tax documents in particular — must be retained for a fixed period regardless of a deletion request.
- The request is auditable. A clear trail shows the request was received and acted on.
This "made inaccessible immediately, purged within 90 days" approach is a recognised, compliant way to honour erasure requests.
Anyone can request deletion
You don't need to be signed in to request data deletion. A public request page on our website is open to dashboard users, end users, and anyone whose data we may hold. You'll get a confirmation code to track the request.
How we keep your data safe
A few of the safeguards working behind the scenes:
- Data encrypted both while moving and while stored.
- Each organization's data isolated from every other organization's.
- Error and monitoring reports automatically stripped of personal details before they leave the platform — emails, tokens, and other sensitive fields are redacted, not just logged.
- A short list of trusted service providers, each used for a specific purpose, with advance notice before any new one is added.
The regulations we're built around
| Regulation | Where it applies |
|---|---|
| DPDP Act 2023 | India |
| GDPR | EU / EEA |
| CCPA / CPRA | California, USA |
We also follow Google's and Meta's platform requirements for any ad data you connect, including their limits on how that data may be used.
Tell your visitors what you collect
If you use the tracker on your own site or app, you're responsible for disclosing data collection to your visitors and gathering consent where it's required. UMAP360 gives you the tools — consent management — but the notice on your site is yours to provide.
Read the legal details
For the full, formal versions of everything summarised here:
- Privacy Policy — the complete policy covering what we collect, why, your rights, retention periods, and the service providers we use.
- Trust Center — our security posture, compliance commitments, and how to reach us about privacy.
- Data deletion request — the public form to request deletion or account closure.
Next steps
- Consent management — capture and honour visitor consent
- How your data is stored — security and retention
- Data deletion — request deletion or close an account
- Trust Center — security and compliance overview
Last updated 2026-06-11