Privacy Policy

Effective as of 04/03/2026

Contents

1. Overview

Hummify ("we", "us", or "our") is operated by HUMMIFY LTD, a company registered in England and Wales (company number 16826424) with a registered office at 82a James Carter Road, Mildenhall, England, IP28 7DE.

This Privacy Policy explains how we collect, use, store, and share personal data in connection with the Hummify platform, website, and related services (together, the "Service").

Controller vs processor: For account, billing, and operation of the Service, Hummify generally acts as a data controller. For user-generated content (such as files, comments, project content, and collaboration data) uploaded by a business team or organisation, Hummify typically acts as a data processor on behalf of the relevant workspace owner.

2. Information we collect

The specific data we collect depends on how you use the Service. We may collect:

  • Contact data: Name and email address.
  • Account and profile data: User ID, avatar or profile image URL, organisation/workspace membership, and basic account settings.
  • Google OAuth data: Name, email address, and profile image URL when you choose to sign in with Google. This data is used only to authenticate you and populate your profile.
  • Communication data: Messages, support requests, feedback, and other communications you send to us.
  • Collaboration data: Comments, timestamps, markers, and other collaboration metadata associated with your use of the Service.
  • User-generated content: Files you upload, derived media created to provide the Service, associated metadata, version history, playlists/stacks, and project structures.
  • Usage data: Pages visited, features used, and interaction events (typically in an aggregated or pseudonymous form).
  • Technical data: IP address, device and browser details, diagnostic logs, and error reports.
  • Billing and payment data: Limited billing metadata such as customer IDs, subscription status, plan, and invoices. Payment card details are processed by Stripe (or another payment processor) and are not stored by us.
  • Cookie, preference, and consent data: Authentication cookies, security tokens, and similar technologies used to keep you signed in, protect the Service, and remember your preferences (including analytics consent).

Hummify's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

3. How we use your data

We use personal data to:

  • Provide and operate the Service: Authentication, maintaining sessions, enabling uploads, providing playback and collaboration features, and managing projects and sharing.
  • Support and reliability: Responding to support requests, diagnosing issues, and improving stability.
  • Security and abuse prevention: Protecting accounts and content, enforcing access controls, and detecting misuse.
  • Account administration: Managing subscriptions, billing status, and plan entitlements.
  • Product improvement: Understanding feature usage and improving performance and usability (subject to your analytics consent where required).
  • Legal and compliance: Maintaining records required for accounting and complying with lawful requests.

4. Legal grounds for processing

Where UK GDPR/EU GDPR applies, we process personal data only where we have a valid legal basis, including:

  • Contract: To provide the Service you request.
  • Legitimate interests: To secure, operate, and improve the Service (balanced against your rights and expectations).
  • Consent: For optional analytics and session replay.
  • Legal obligation: For accounting, tax, and other compliance requirements.

5. Cookies, analytics, and session replay

We use cookies and similar technologies to keep you signed in, protect the Service, and remember your preferences.

Where enabled, we also use analytics and masked session replay to understand how the Service is used and to improve reliability and user experience.

  • Strictly necessary technologies are used to run and secure the Service.
  • Optional analytics and session replay run only after you provide consent, and you can withdraw consent at any time through our controls.

Our session replay is configured to mask content (for example, hiding text and images by default) to reduce the risk of collecting unnecessary personal data.

For detailed information about cookies and how to manage choices, please see our Cookie Policy.

6. Sharing your information

We share personal data only where necessary to provide and protect the Service:

  • Service providers (processors): We use third parties to support hosting, storage, analytics, email delivery, monitoring, and payment processing. They process personal data only on our instructions and under contracts with appropriate safeguards.
  • Professional advisers: Legal, financial, and technical advisers where needed.
  • Legal requests: Where required by law or to protect rights, safety, and security.
  • Business transfers: If we undergo a merger, acquisition, or sale, personal data may be transferred as part of that transaction, subject to continued protection consistent with this policy.

We do not sell personal data.

A list of key subprocessors is available on request by contacting contact@hummify.app.

7. Data retention

We retain personal data only for as long as necessary for the purposes described in this policy, or as required by law.

  • Account data: Retained while your account is active. If your account is closed, we delete or anonymise data within a reasonable period unless we need it for legal or operational reasons.
  • Workspace/project content: Retained while the workspace remains active, unless deleted by authorised users.
  • Deleted assets: When you delete an asset, it is queued for permanent removal after approximately 30 days, subject to backup and logging constraints.
  • Analytics/session replay: Retained for limited periods and then deleted or aggregated, as configured in our tooling and settings.
  • Logs: Retained for limited periods for security and operational purposes.
  • Billing records: Retained for 6 years or as required by UK tax/accounting rules.

8. International transfers

Some of our service providers may process data outside the UK or EEA. Where personal data is transferred to a country that does not have an adequacy decision from the UK or EU, we use appropriate safeguards, such as Standard Contractual Clauses (and the UK Addendum where applicable) or other approved mechanisms.

You can contact us for more information about safeguards used for international transfers.

9. Security of your information

We implement technical and organisational measures designed to protect personal data, including:

  • Encryption in transit for web access and content delivery.
  • Access controls and role-based permissions.
  • Monitoring and logging for security and operational visibility.
  • Access mechanisms designed to prevent unauthorised access to content (for example, signed access and token-based authorisation where appropriate).

No system can be fully secure, but we work to reduce risk and improve controls over time.

10. Your rights and choices

If you are in the UK or EEA (or in a jurisdiction with similar laws), you may have rights in relation to your personal data, including:

  • Access – request a copy of your data.
  • Rectification – correct inaccurate data.
  • Erasure – request deletion (subject to legal requirements).
  • Restriction – request that we restrict processing in certain cases.
  • Objection – object to processing based on legitimate interests.
  • Portability – request a copy in a structured, machine-readable format where applicable.
  • Withdraw consent – where processing is based on consent (such as optional analytics).

To exercise your rights, contact us at contact@hummify.app. We may need to verify your identity before responding.

11. Children's access

The Service is intended for users aged 18 and over. We do not knowingly collect or process personal data from children. If you believe a child has provided personal data, please contact us so we can review and, where appropriate, delete that data.

12. Third-party services

The Service may use third-party services such as Google (for sign-in), Stripe (for payments), and providers that support hosting, storage, monitoring, email delivery, and analytics. These services process data in line with their own privacy policies.

Where these providers act as our processors, we remain responsible for how personal data is used. Where you separately interact with third parties (for example, visiting their websites), those activities are governed by the third party's terms and privacy policy.

13. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in the Service, our processing activities, or applicable law. When we make material changes, we will notify you through the Service or by other appropriate means. The effective date at the top shows when this policy was last updated.

14. Contact information

Controller: HUMMIFY LTD

82a James Carter Road, Mildenhall, England, IP28 7DE

Company number: 16826424

Email: contact@hummify.app

15. UK/EU information

If you are located in the UK or EEA, you have the rights described in section 10. You also have the right to lodge a complaint with a supervisory authority, in particular in the country where you live or work, or where you believe a violation has occurred.

No sensitive data: We do not intentionally collect special-category personal data (such as health, racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, or sexual orientation). You should not upload or share such information through the Service. If you believe special-category data has been provided, contact us so we can review and, where appropriate, remove it.

Automated decision-making: We do not use automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you.