Privacy Policy
You keep your private paper content. We process it to run the studio, author profile, AI helpers, exports, billing, security, and support.
This Privacy Policy explains how Sequester AG, Zug, Switzerland processes personal data for gumu.ai, including the website, accounts, paper studio, author profile features, AI-assisted drafting, PDF/source workflows, billing, support, and related services.
For privacy questions or requests, contact [email protected].
Account and contact data: name, email address, login method, account identifiers, organization information, billing status, support messages, and communication preferences.
Paper workspace data: paper prompts, manuscript drafts, source files, PDFs, screenshots, annotations, comments, chat messages, uploaded images, venue targets, references, helper-agent requests, generated outputs, and export artifacts.
Author profile data: Google Scholar or other profile URLs you provide, CV files, website URLs, public publication metadata, titles, venues, inferred research topics, writing-style summaries, likely venue history, grant-context summaries, and paper direction suggestions.
Usage and technical data: device and browser information, IP address, user agent, timezone, local and UTC timestamps, language, viewport and screen metadata, cookie and storage capability, session identifiers, logs, errors, feature usage, security events, approximate location derived from network data, and cookies or similar local storage.
Payment data: plan, credits, invoices, tax or billing metadata, payment status, Stripe customer/session/payment identifiers, and login or checkout diagnostics used to prevent abuse, support billing, and respond to payment disputes. Payment card details are generally processed by payment providers rather than stored directly by Sequester AG.
We use personal data to provide and secure the service, create and maintain accounts, run paper and AI workflows, build author profiles, render and export artifacts, process payments, preserve billing and dispute evidence, provide support, enforce service limits, prevent abuse, debug errors, improve product quality, comply with law, and communicate about service changes.
We may use aggregated or de-identified information to understand usage, improve reliability, develop features, and publish high-level statistics, provided the information does not identify you or reveal private drafts.
Where Swiss data protection law applies, we process personal data in accordance with the Federal Act on Data Protection and related Swiss law.
Where the GDPR or similar laws apply, the legal bases may include performance of a contract, legitimate interests in operating and improving the service, compliance with legal obligations, consent where requested, and protection of rights, security, and fraud prevention.
gumu.ai may send prompts, manuscript excerpts, annotations, files, metadata, and conversation context to AI model providers or infrastructure providers to generate suggestions, edits, summaries, checks, and other outputs.
We do not sell private drafts. We do not use unpublished private paper content to train Sequester AG public foundation models. Third-party model providers process content as service providers or subprocessors where available under their terms and data-processing commitments.
Do not upload content that you are not permitted to process through hosted AI services.
Private drafts and non-public project materials are treated as private service content.
Once you publish a paper or otherwise make it public, Sequester AG may use public bibliographic metadata, the public paper title, abstract, venue, DOI or URL, public screenshots, short public excerpts, and a factual description of gumu.ai's assistance as examples, as described in the Terms of Service.
You may opt out of new example use by emailing [email protected].
We use cookies, session storage, local storage, and similar technologies for authentication, security, remembering draft intake data, account state, preferences, and product operation.
If we add non-essential analytics or marketing cookies, we will provide notices or controls where required by applicable law.
We may share personal data with hosting providers, database and storage providers, AI model providers, authentication providers, payment processors, email and support tools, security tools, analytics or observability providers, professional advisers, and authorities where required by law.
We require service providers to process data only as needed to provide services to Sequester AG, subject to appropriate confidentiality, security, and data-processing obligations where applicable.
Sequester AG is based in Switzerland, but service providers may process data in Switzerland, the European Economic Area, the United Kingdom, the United States, or other countries.
Where required, we rely on adequacy decisions, standard contractual clauses, data processing agreements, technical measures, or other lawful transfer mechanisms.
We retain personal data for as long as needed to provide the service, maintain accounts, comply with law, resolve disputes, enforce agreements, prevent abuse, and keep business records.
You may request deletion of your account or project data. Some information may remain in backups, logs, legal records, invoices, or security records for a limited period where necessary or required by law.
We use reasonable technical and organizational measures designed to protect personal data, including access controls, transport security, monitoring, and operational safeguards.
No service can guarantee perfect security. You should avoid uploading highly sensitive, restricted, or third-party confidential material unless your organization has approved that processing.
Depending on applicable law, you may have rights to request access, correction, deletion, restriction, objection, portability, information about processing, or withdrawal of consent.
You may exercise rights by contacting [email protected]. We may need to verify your identity before acting on a request.
If Swiss law applies, you may also contact the Federal Data Protection and Information Commissioner (FDPIC). If EU or UK law applies, you may have the right to contact your local supervisory authority.
gumu.ai is not intended for children. We do not knowingly collect personal data from children below the age required for lawful use of the service. If you believe a child provided personal data, contact [email protected].
We may update this Privacy Policy from time to time. We will post the updated version on this page and update the effective date. Material changes will be communicated where required by law.