Privacy Policy

1. Introduction

UMELLE EOOD ("UMELLE," "we," "our," or "us"), a company registered in Bulgaria, operates the Librarian application (including the FORGE model fine-tuning feature), the Librarian Launcher, the website umelle-librarian.ai, the license server, and related services (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you interact with our Services.

Librarian is built on a local-first architecture. All document processing, indexing, embedding generation, and AI inference occur entirely on your local machine or local network. We do not access, collect, transmit, or store any of your documents, chat conversations, embeddings, or AI-generated outputs. This Privacy Policy addresses only the limited data we collect in connection with licensing, subscription management, support, and our website.

This Privacy Policy should be read together with our Terms of Service and End-User License Agreement (EULA), both available at umelle-librarian.ai. In the event of any conflict, the Terms of Service prevail.

2. Data Controller

The data controller responsible for your personal data is:

UMELLE EOOD
Registered in Bulgaria (European Union)
Contact: support@umelle.com

For all privacy-related inquiries, data subject requests, or complaints, please contact us at support@umelle.com. As UMELLE is established within the European Union, no Article 27 EU GDPR representative is required. UMELLE does not currently target or direct its services to individuals in the United Kingdom and does not maintain an establishment there. If this changes in the future, we will appoint a UK GDPR representative under Article 27 of the UK GDPR and update this section with their contact details. UK residents who use our Services may contact us for any data protection inquiries at the same address.

3. Data That Stays on Your Machine

The following categories of data are processed and stored exclusively on your local machine or local network and are never transmitted to UMELLE or any third party:

• Documents, files, and folders you upload into Librarian
• Document embeddings and vector database contents
• Chat conversations, queries, and AI-generated responses
• AI model data, including model weights downloaded and managed via Ollama on your machine
• A local record of which AI models have been installed (stored as a marker file on your machine)
• Local application configuration and preferences
• PostgreSQL database contents used for local application data storage
• GPU, CPU, RAM, and V-RAM usage data during local processing
• TLS and ACME private keys generated for your Librarian instance
• FORGE training datasets, training pairs (instruction/response), and training job records stored in the local PostgreSQL database
• FORGE adapter weights, merged model weights, and exported fine-tuned model files (GGUF format) stored on your local disk

We have no technical ability to access this data. It never leaves your machine unless you enable LAN Mode, in which case it is accessible only to devices on your local network.

If your documents contain personal data, FORGE's training data generation and model fine-tuning processes may incorporate that personal data into training pairs and model weights. This processing occurs entirely on your machine under your control. UMELLE has no access to FORGE data.

4. Data We Collect

4.1 Account and Licensing Data

When you purchase a subscription, the following data is collected and stored on our license server:

The email address you provide to Stripe during checkout is also the email address you must use when submitting requests for subscription changes or exercising your data subject rights. Providing your email address is a contractual requirement for subscription services; without it, we cannot create or maintain your account.

4.2 Consent Records

Before completing a purchase, you are asked to confirm that you have read and agree to our Terms of Service and Privacy Policy. We record the following consent data on the license server:

• Consent timestamp
• Policy version(s) accepted
• Your email address and license ID (linked to the consent record)

Consent records are not anonymized and are retained in accordance with the retention schedule in Section 8.

4.3 Device and Seat Tracking

To enforce seat limits under your license, we collect:

• Device ID: A randomly generated unique identifier (GUID) stored locally on your machine. This identifier is not derived from your hardware and cannot be used to fingerprint your device.
• Last Seen Timestamp: The most recent time a device checked in with the license server via a heartbeat signal.
• Account Seat Data: Opaque account identifiers (UUIDs generated by the application), creation and revocation timestamps, and active status for each seat. The license server does not receive or store usernames, display names, or any other personally identifying information for individual account seat holders.

Device IDs are used solely for seat management and are not correlated with other personal data to create user profiles.

4.4 Launcher Communications Data

When the Librarian Launcher is open, it communicates with our license server and update server. The following data is transmitted:

Heartbeat Signals (approximately every 5 minutes): Each heartbeat transmits your license key and your device identifier (random GUID). HTTP request headers include the Launcher version and operating system family (e.g., "Windows"). No usage data, document content, hardware identifiers, or timestamps are included in the heartbeat payload.

Update Checks (approximately every 30 minutes): The Launcher fetches a static update manifest file from the update server. No license key, device identifier, application version, or other user-specific data is included in the request. Standard HTTP metadata (such as IP address) is visible to the hosting infrastructure.

LAN Mode — DNS Record Management: In LAN Mode, the Launcher transmits your device's local network IP address (e.g., 192.168.x.x), your FQDN, and your license key to the license server for the sole purpose of creating a DNS A-record that enables other devices on your local network to access your Librarian instance. This is a private, non-routable IP address that is not meaningful outside your local network. The LAN IP address persists in the DNS zone managed by Cloudflare until overwritten by a subsequent application launch or manually removed by UMELLE. In Loopback Mode, no LAN IP address is transmitted.

LAN Mode — Certificate Provisioning: Approximately every 76 days, the Launcher provisions a TLS certificate through the Let's Encrypt ACME protocol. This process transmits your FQDN and an ACME account public key. Private keys are never transmitted.

Certificate Metadata: The Launcher reports certificate expiry dates to the license server for renewal management. Private keys are never transmitted.

4.5 Support Data

If you submit a support ticket through the Launcher, the following data is collected:

• Ticket Information: Category, status, and your description of the issue.
• License Key: Transmitted to authenticate the ticket submission.
• System Information (collected automatically): Launcher version, application version, operating system and architecture, .NET runtime version, a truncated SHA-256 hash of the machine name (not reversible), GPU model, total RAM, free disk space, Ollama status (e.g., "Running" or "Not Installed"), WSL2 status, LAN mode status, FQDN, application state, and service component statuses.

Support data is collected only at your initiation and is used exclusively to diagnose and resolve technical issues.

4.6 Feedback Data

If you provide feedback through the application, we collect the following data on the license server:

• Feedback Record: Your rating score (1–10), any comments you provide (up to 2,000 characters), and a timestamp.
• Context Data: Your subscription plan type and trial status at the time of submission.
• License Identifier: Your license ID is associated with your feedback to enable follow-up and product improvement. Your email address is not stored with the feedback record, but an administrator could trace feedback to your email through the license ID link until that link is severed by anonymization (see Section 8).

4.7 Infrastructure-Level Data

Although UMELLE does not collect IP addresses at the application level, our infrastructure providers may process IP addresses and request metadata as part of their standard network operations:

• Cloudflare: All traffic to and from the license server, update server, and website passes through Cloudflare's network. Cloudflare may process and temporarily retain IP addresses, request timestamps, and other connection metadata in accordance with Cloudflare's privacy policy. UMELLE does not access or use Cloudflare infrastructure logs for any purpose beyond security incident investigation.
• Let's Encrypt: During ACME certificate provisioning, Let's Encrypt processes the FQDN being certified and standard connection metadata.

UMELLE does not correlate infrastructure-level data with application-level user records.

4.8 Website Data

When you visit umelle-librarian.ai, the following data may be collected:

• Essential Cookies: Strictly necessary cookies for website functionality, session management, and security. These cookies are set without requiring your consent, as they are essential for the website to operate.
• Analytics and Marketing Cookies: We use analytics cookies (Google Analytics 4) and marketing cookies (Meta Pixel) to understand website usage, measure advertising effectiveness, and support cross-context behavioral advertising. These cookies are only placed with your explicit, informed consent, managed through our cookie consent mechanism. If you decline marketing cookies, no data is shared with Google or Meta for advertising purposes. You may change your cookie preferences at any time using the cookie settings control on the website.
• UTM Parameters: Advertising campaign parameters (utm_source, utm_medium, utm_campaign, utm_content) are captured in your browser session storage when you arrive at the site. These parameters are used to attribute purchases to specific advertising campaigns and are passed to Stripe as metadata during checkout. Session storage is cleared when you close your browser tab.

We present a cookie consent banner to all website visitors regardless of their location, providing the same level of choice to everyone. You may withdraw consent at any time through the consent mechanism on the website.

The website does not use session replay tools, heatmap tools, A/B testing tools, newsletter signups, or any data collection mechanism beyond the items described above and the Stripe checkout flow.

4.9 Data We Do NOT Collect

For absolute clarity, UMELLE does not collect:

• Your documents, files, or any content you process in Librarian
• Your chat conversations, queries, or AI-generated outputs
• Your document embeddings or vector database contents
• Information about which AI models you have installed or their versions (model status may appear in support tickets if you submit one, but model names and versions are not transmitted)
• Payment card numbers, bank details, or financial information (processed exclusively by Stripe)
• IP addresses at the application level (though Cloudflare and other infrastructure providers may process IP addresses in the course of routing network traffic)
• Biometric data, location data, or behavioral tracking data
• Telemetry, usage analytics, or automatic crash reports
• Filesystem paths, browsing history, or data from other applications on your machine
• Hardware fingerprints (the device identifier is a random GUID, not derived from hardware characteristics)
• FORGE training data, training pairs, adapter weights, fine-tuned model files, or any data derived from your documents through FORGE

4.10 Pre-Launch Interest Forms (Historical)

Before Librarian was available for purchase, visitors could submit a pre-launch interest form on our website to be notified when the product became available. If you submitted this form, we collected the following data:

• Email Address (required): Used solely to send a one-time notification when Librarian became available for purchase.
• Self-Description / Role (optional): Used to help us understand the types of users interested in the product. This field was not used to contact you or make decisions about you individually.

The interest form is no longer active. Interest form data previously collected is stored on our license server and will be deleted in accordance with the retention schedule in Section 8. You may request deletion of your interest form data at any time by contacting support@umelle.com.

5. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR) and the UK General Data Protection Regulation (UK GDPR), we process your personal data on the following legal bases:

• Consent (Article 6(1)(a)): Analytics and marketing cookies on our website (including Google Analytics 4 and Meta Pixel) are placed only with your prior, informed consent, obtained through our cookie consent mechanism. You may withdraw cookie consent at any time through the cookie settings control on the website, without affecting the lawfulness of processing based on consent before its withdrawal. Interest form data collected during the pre-launch period was processed on the basis of consent provided through the form's required checkbox.
• Performance of a Contract (Article 6(1)(b)): Processing your account, licensing, subscription, consent, and payment-related data is necessary to provide you with the Services you have purchased.
• Legitimate Interest (Article 6(1)(f)): Processing activity logs, device tracking for seat management, file-based application logs, and operational data is necessary for our legitimate interest in operating and securing our Services, preventing abuse, enforcing license compliance, and improving our products. We have assessed that these interests are not overridden by your rights, given the limited scope of data involved and the absence of any profiling or automated decision-making.
• Legal Obligation (Article 6(1)(c)): We may process data as required to comply with applicable laws, regulations, tax obligations, or legal proceedings.

6. Third-Party Service Providers (Sub-Processors)

We share personal data with the following third-party service providers, who process data on our behalf and under contractual obligations to protect your data:

We do not sell your personal data for monetary consideration. When you consent to marketing cookies, personal information (such as pseudonymous identifiers and browsing activity) is shared with Meta for cross-context behavioral advertising purposes. Under the California Privacy Rights Act (CPRA), this disclosure constitutes "sharing" of personal information. You may opt out of this sharing at any time — see Section 10 for details. Data is shared with the providers above only to the extent necessary to deliver the Services or, in the case of advertising providers, only with your prior consent. Each provider processes data in accordance with its own privacy policy and applicable data protection laws.

7. International Data Transfers

UMELLE EOOD is established in Bulgaria, a member state of the European Union. UMELLE does not transfer this core service data outside the EEA. The license server is currently hosted in Bulgaria within the European Economic Area (EEA). Your data may be processed by our third-party service providers in jurisdictions outside the European Economic Area (EEA) and the United Kingdom, including the United States.

Where personal data is transferred outside the EEA or the UK, we ensure that appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission or the UK Information Commissioner's Office, as applicable
• The service provider's participation in recognized data protection frameworks
• Adequacy decisions issued by the European Commission or the UK government, where available

If the license server hosting infrastructure is migrated to a different provider or jurisdiction in the future, we will ensure equivalent or stronger safeguards are in place and will update this Privacy Policy accordingly.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy:

You may request early deletion of your data at any time by contacting support@umelle.com, subject to our legal obligations (such as retention of consent records). Upon receiving a verified deletion request, UMELLE will process the deletion within thirty (30) days.

Anonymized aggregate data (such as feedback scores, plan type, and trial status, with all identifying information removed) may be retained indefinitely for product improvement purposes after deletion of your identifiable data.

9. Your Rights Under the GDPR and UK GDPR

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights regarding your personal data:

• Right of Access (Article 15): Request a copy of the personal data we hold about you.
• Right to Rectification (Article 16): Request correction of inaccurate or incomplete data.
• Right to Erasure (Article 17): Request deletion of your personal data, subject to legal retention requirements (including consent records).
• Right to Restrict Processing (Article 18): Request that we limit how we use your data in certain circumstances.
• Right to Data Portability (Article 20): Receive your data in a structured, commonly used, machine-readable format.
• Right to Object (Article 21): Object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds.
• Right to Withdraw Consent (Article 7(3)): Where processing is based on consent (such as analytics cookies), withdraw it at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: File a complaint with a supervisory authority. In Bulgaria, this is the Commission for Personal Data Protection (CPDP) at cpdp.bg. In the United Kingdom, this is the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, contact us at support@umelle.com. We will verify your identity and respond within one calendar month. If your request is complex or we receive a high volume of requests, we may extend this period by an additional two months, in which case we will notify you of the extension within the initial one-month period.

10. Your Rights Under the CCPA / CPRA

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources from which it was collected, the business purposes for collection, and the categories of third parties with whom it is shared.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: We do not sell your personal information for monetary consideration. However, when you consent to marketing cookies on our website, pseudonymous identifiers and browsing activity are shared with Meta Platforms for cross-context behavioral advertising, which constitutes "sharing" as defined under the CPRA. You may opt out of this sharing at any time by: (a) declining or withdrawing marketing cookie consent through the cookie settings control on our website; (b) sending a browser-level Global Privacy Control (GPC) signal, which we honour as a valid opt-out request; or (c) emailing support@umelle.com with the subject line "Do Not Share." If you do not consent to marketing cookies, no sharing occurs.
• Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined under the CPRA.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

To submit a request, email support@umelle.com with the subject line "CCPA Request." We will verify your identity and respond within forty-five (45) days.

11. Your Rights Under Other Privacy Laws

UMELLE respects the privacy rights of individuals worldwide. If you are located in a jurisdiction with applicable data protection legislation not specifically addressed above, including but not limited to Brazil (Lei Geral de Proteção de Dados — LGPD), Canada (Personal Information Protection and Electronic Documents Act — PIPEDA), Australia (Privacy Act 1988), or other jurisdictions, you may have rights similar to those described in Sections 9 and 10 of this policy, including rights to access, correct, delete, and port your personal data, and to object to or restrict processing.

To exercise any applicable privacy rights, contact us at support@umelle.com. We will respond to your request in accordance with the applicable law in your jurisdiction. Where we are unable to verify your identity or determine the applicable legal framework, we will communicate with you to resolve the matter in good faith.

UMELLE applies the same data minimization principles and privacy protections described in this policy to all users regardless of location.

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• TLS/HTTPS encryption for all data in transit between the Launcher and our license server, and between users and the website
• ACME-provisioned TLS certificates for secure FQDN access in LAN Mode
• SHA-256 cryptographic hash verification for all downloaded update packages
• DPAPI encryption for locally stored license key data on your machine
• Cryptographically secure random number generation for device identifiers and certificate passwords
• Cloudflare Tunnel for secure ingress to the license server, with no publicly exposed ports
• Infrastructure-level encryption at rest for stored data, provided by the hosting and storage providers
• Rolling backup retention with geographic redundancy (local and remote copies)
• Local-first architecture ensuring your documents and AI data never leave your machine

While we take reasonable steps to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

13. Data Breach Notification

In the event of a security breach affecting the personal data held on the license server, UMELLE will notify affected users without unreasonable delay and in accordance with applicable law, including the notification obligations under the GDPR (within 72 hours to the supervisory authority where feasible), the UK GDPR, and applicable U.S. state data breach notification statutes. Notification to affected users will be provided via the email address associated with your account.

A security breach of the license server cannot compromise your local documents, embeddings, conversations, or AI outputs, as this data is never transmitted to or stored on the license server.

14. Children's Privacy

Our Services are not directed to individuals under the age of eighteen (18). We do not knowingly collect personal data from children. If you believe a child under 18 has provided us with personal data, please contact us at support@umelle.com, and we will promptly delete such data.

15. Automated Decision-Making and Profiling

UMELLE does not engage in automated decision-making or profiling as defined under Article 22 of the GDPR or equivalent provisions under other privacy laws. No decisions with legal or similarly significant effects are made about you based on automated processing of your personal data.

16. Do Not Track and Global Privacy Control Signals

Our website does not respond to legacy "Do Not Track" (DNT) browser signals, as there is no universally accepted standard for DNT. However, we honour Global Privacy Control (GPC) signals as a valid opt-out of the sharing of personal information under the CCPA/CPRA. When our website detects a GPC signal from your browser, marketing cookies that share data with third parties for cross-context behavioral advertising will not be loaded, regardless of any prior cookie consent. Our cookie consent mechanism also provides you with granular control over analytics and marketing cookies independently of GPC.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our Services, or applicable law. We will notify you of material changes by posting the updated policy on our website with a revised "Last Updated" date and, where required by law or where the changes materially affect how we process your data, by email to the address associated with your account. Material changes take effect thirty (30) days after posting unless a longer period is required by applicable law. Your continued use of the Services after the revised Privacy Policy takes effect constitutes acceptance of the changes.

18. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

UMELLE EOOD
Registered in Bulgaria (European Union)
Email: support@umelle.com
Website: umelle-librarian.ai

We aim to respond to all inquiries within thirty (30) days.