Trust center

Everything an auditor, customer due-diligence team, or compliance reviewer needs to assess VUMY Technologies. Each document is versioned and dated; subprocessor changes also publish to a subscribable RSS feed.

Documents

• Security posture — Hosting, encryption, identity & signature integrity, audit logs, compliance posture.
• Privacy policy — Global privacy policy with regional addenda (GDPR, CCPA, India DPDP).
• Data Processing Addendum (DPA) — Public DPA template covering GDPR Article 28 obligations.
• Subprocessors — Public list of subprocessors with effective dates. Machine-readable JSON + RSS feeds.
• Acceptable Use Policy — Conduct prohibited on vumyo. Referenced from Terms.
• Cookie policy — Cookies on the corporate site (none) and on vumyo (functional + opt-in analytics).
• Service Level Agreement — Uptime, support response, service-credit policy for paid tiers.
• Responsible Disclosure — Vulnerability reporting; safe harbor for good-faith research.
• Terms of Service — Master agreement covering vumyo and its constituent products.
• security.txt (RFC 9116) — Security contact, policy, and disclosure preferences.
• The vumyo pledge — Seven numbered, dated commitments — what the product enforces in code.

Transparency reports

Monthly aggregate roll-ups of platform-wide Pledge compliance — min, max, average, median across every snapshot recorded that month. Reproducible from the public Atom feed: an auditor can independently capture the snapshot stream and reconcile against the report we publish.

• Platform — list of months: {product-origin}/api/public/pledge/report
• Platform — single month: {product-origin}/api/public/pledge/report/2026-05
• Per workspace — list of months: {product-origin}/api/public/pledge/report/workspace/{handle}
• Per workspace — single month: {product-origin}/api/public/pledge/report/workspace/{handle}/2026-05
• Source data (subscribable): {product-origin}/api/public/pledge/feed.atom

Compliance posture

• GDPR-aligned (DPA, subprocessors, data subject rights documented).
• CCPA-aligned (privacy policy includes the California addendum).
• India DPDP-aligned (Aadhaar handling, retention, redaction).
• SOC2 Type II — readiness in progress; auditor engagement scheduled.