Privacy Policy

Last Updated: March 24, 2026

This Privacy Policy describes how UM4MI ("UM4MI," "we," "our," or "us") collects, uses, processes, and shares personal information. This Policy applies to visitors and users (individually, "you") of the UM4MI website at um4mi.com, mobile applications, embeddable booking widgets, and all other services we provide (collectively, our "Services").

If you are a restaurant owner, operator, or staff member ("Restaurant Partner"), additional terms regarding your use of our platform are described in our Terms of Service. Your use of our Services is subject to this Privacy Policy and our Terms of Service.

I. INFORMATION WE COLLECT AND USE

"Personal information" means data that identifies, relates to, describes, can be used to contact, or could reasonably be linked directly or indirectly to you.

A. Information We Collect Directly From You

As you visit or use our Services, we collect the following categories of personal information:

  • Personal details — your name, date of birth (if provided)
  • Contact information — email address, phone number, postal address
  • Account information — account credentials, settings, and passwords for Restaurant Partners
  • Reservation information — restaurant preferences, reservation date/time, party size, special requests, dietary restrictions, allergies, and dining history
  • Payment information — credit/debit card details (processed securely via Stripe; UM4MI does not store full card numbers)
  • Order information — food and beverage orders placed through our online ordering system, delivery/pickup preferences
  • Communications — messages you send us via customer support, chat, email, or SMS, and messages between you and restaurant partners through our platform
  • Restaurant reviews and content — reviews, photos, ratings, and feedback you provide
  • Guest CRM data (Restaurant Partners) — guest profiles, visit history, notes, tags, preferences, and custom fields maintained by restaurants
  • Business information (Restaurant Partners) — restaurant name, address, cuisine type, opening hours, menu data, floor plan layouts, and table configurations

B. Information We Collect Automatically

When you use our Services, we automatically collect:

  • Device information — IP address, browser type, operating system, device type, screen resolution, and language settings
  • Usage data — pages visited, features used, time spent on pages, click patterns, and referring URLs
  • Location data — approximate geographic location derived from your IP address; precise location only if you grant permission through your device or browser
  • Cookies and tracking technologies — we use cookies, web beacons, and similar technologies as described in our Cookie Policy

C. Information We Receive From Third Parties

  • Authentication providers — if you sign in via Google OAuth, we receive your name, email address, and profile picture
  • Payment processors — Stripe provides us with transaction confirmation data (not full card numbers)
  • Restaurant Partners — restaurants may provide us with guest information in connection with managing reservations

D. Sensitive Personal Information

We do not proactively collect sensitive personal information. However, our Services include text fields (e.g., "Special Requests" or "Allergies") where you may voluntarily provide information that could be considered sensitive under applicable law (for example, health-related dietary restrictions). We process this information solely to facilitate your dining experience and do not use it for marketing purposes.

II. HOW WE USE YOUR INFORMATION

We use your personal information for the following purposes:

  • Providing our Services — processing reservations, managing waitlists, facilitating online ordering, processing payments, and connecting guests with restaurants
  • Account management — authenticating your identity, managing your account settings, and maintaining your profile
  • Communications — sending booking confirmations, reminders, and updates via email and SMS; responding to your inquiries and providing customer support
  • AI-powered features — our AI concierge ("V0NCI") uses your queries and publicly available restaurant data to help you discover restaurants and make reservations. We do not use your personal conversations with V0NCI to train AI models
  • CRM and guest management — enabling Restaurant Partners to manage guest profiles, track visit history, and personalize dining experiences
  • Marketing communications — with your consent, sending promotional offers and newsletters. You can unsubscribe at any time
  • Analytics and improvement — understanding how you use our Services to improve features, user experience, and performance
  • Security and fraud prevention — detecting, investigating, and preventing fraudulent, unauthorized, or illegal activity
  • Legal compliance — complying with applicable laws, regulations, legal processes, and government requests

Electronic Communications

UM4MI sends automated service messages to guests via email and/or SMS pertaining to reservation confirmations, reminders, modifications, cancellations, order updates, and review invitations ("Service Communications"). You may also opt in to receive promotional communications ("Marketing Communications").

You may unsubscribe from Marketing Communications at any time by clicking the "unsubscribe" link in any marketing email, replying STOP to any SMS, or contacting us at contact@um4mi.com. Service Communications necessary for reservation management will continue as long as you use our Services.

III. HOW WE SHARE YOUR INFORMATION

We share your personal information in the following circumstances:

  • With Restaurant Partners — when you make a reservation, we share your name, contact information, party size, reservation details, and any special requests with the relevant restaurant, just as you would provide when calling to make a reservation. Restaurant Partners may use this information in accordance with their own privacy policies
  • With payment processors — we share payment information with Stripe to process transactions securely. Stripe's use of your data is governed by Stripe's Privacy Policy
  • With communication service providers — we use Resend for transactional emails and third-party providers for SMS notifications. These providers process your contact information solely to deliver messages on our behalf
  • With hosting and infrastructure providers — our platform is hosted on Vercel and uses Supabase for database services. Data may be stored on servers in the United States and/or the European Union
  • With analytics providers — we use analytics tools to understand usage patterns and improve our Services
  • For legal reasons — we may disclose your information when required by law, to comply with legal processes, to protect our rights or property, or to ensure the safety of our users
  • In business transfers — if UM4MI is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction

We do not sell your personal information. We do not share your data with third parties for their own marketing purposes.

IV. HOW WE STORE AND PROTECT YOUR INFORMATION

UM4MI maintains commercially reasonable technical, administrative, and physical security measures designed to protect your information from loss, misuse, unauthorized access, disclosure, alteration, and destruction.

Payment Card Security

UM4MI does not store credit or debit card numbers on its servers. All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. Payment card data is transmitted using TLS encryption and is never accessible to UM4MI systems.

Data Retention

We retain your personal information for as long as necessary to:

  • Provide our Services and maintain your account
  • Comply with legal, accounting, and regulatory obligations
  • Resolve disputes and enforce our agreements
  • Maintain business records for analysis and audit purposes

Guest data: Reservation and guest profile data is retained for up to 3 years of inactivity, after which it is anonymized or deleted unless the applicable Restaurant Partner requests otherwise.

Restaurant Partner data: Account information is retained for 12 months after account cancellation to allow reactivation. After this period, data is deleted upon request.

V. COOKIES

We use cookies and similar tracking technologies to collect information about your usage of our Services. For full details on the types of cookies we use and how to manage your preferences, please see our Cookie Policy.

VI. YOUR CHOICES AND RIGHTS

Communication Preferences

  • Email — click "unsubscribe" in any marketing email to opt out of future promotional messages
  • SMS — reply STOP to any text message to opt out
  • Push notifications — use your device settings to enable or disable push notifications

Cookie Preferences

You can manage cookie preferences through your browser settings or our cookie consent tool. See our Cookie Policy for details.

Your Data Rights

Depending on your location, you may have certain rights regarding your personal information, including the right to access, correct, delete, port, or restrict processing of your data. For details on GDPR-specific rights, please see our GDPR Policy.

To exercise any of these rights, contact us at contact@um4mi.com. We will respond to your request within 30 days (or sooner if required by applicable law).

VII. CHILDREN'S PRIVACY

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us at contact@um4mi.com.

VIII. INTERNATIONAL DATA TRANSFERS

UM4MI operates globally. Your personal information may be transferred to and processed in countries other than the country in which you reside, including the United States, where our infrastructure providers operate. These countries may have data protection laws that differ from those in your jurisdiction.

Where we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland, we implement appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, to ensure an adequate level of protection.

IX. THIRD-PARTY SERVICES

Our Services may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to those third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access through our platform.

X. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our website or sending you an email. Your continued use of our Services after the effective date of any updated Privacy Policy constitutes your acceptance of the changes.

XI. HOW TO CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

UM4MI
Email: contact@um4mi.com
Website: um4mi.com

V0NCI

Your dining concierge · always on