Privacy Policy

Effective Date: [Date to be set at launch] Last Updated: [Date to be set at launch]

Introduction

UMG Holdings, LLC, doing business as UpfrontOps (“we,” “us,” or “our”), respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit upfrontops.com (and upfrontoperations.com), use our AI agent marketplace, or engage us for consulting services.

If you do not agree with the terms of this policy, please do not access our sites or use our services.

Information We Collect

Information You Provide

Account Information When you create an account or request early access, we collect:

• Name
• Email address
• Company name
• Phone number (optional)
• Billing address

Agent Run Data When you use agents in our marketplace, we receive:

• Input data you upload (CSVs, CRM exports, contact lists)
• Agent configuration and parameters
• Output data generated by agent runs

Agent run data is processed ephemerally — input and output are delivered to you and not retained beyond the run lifecycle. See Trust & Security for details.

Payment Information When you purchase credits, our payment processor (Stripe) collects:

• Credit card or payment method details
• Billing address
• Transaction details

We do not store full credit card numbers on our servers. Stripe is PCI DSS Level 1 certified.

Enterprise & Government Engagement Data When you engage us for consulting, we collect:

• Project descriptions, requirements, and scope documents
• Files you share related to the engagement
• Communications (email, calls, project management)

Communications When you contact us, we collect:

• Email correspondence
• Chat transcripts
• Support ticket contents
• Contact form submissions

Information Collected Automatically

Usage Data When you access our website, we automatically collect:

• IP address
• Browser type and version
• Operating system
• Pages visited and navigation paths
• Time and date of visits
• Time spent on pages
• Referring website or search terms

Information From Third Parties

We may receive information from:

• Business partners and referral sources
• Publicly available sources (for enrichment agent delivery — not stored after run completion)
• Social media platforms (if you connect accounts)

How We Use Your Information

Service Delivery

• Run AI agents on your data and deliver results
• Process credit purchases and maintain your account balance
• Provide consulting services and project deliverables
• Communicate about agent runs, projects, and support requests

Account Management

• Create and manage your account
• Process payments via Stripe
• Send transactional emails (receipts, run completions, account updates)
• Maintain records as required by law

Product Improvement

• Analyze aggregate usage patterns to improve agent performance and marketplace experience
• Identify and fix bugs
• Develop new agents and features

Marketing (With Consent)

• Send promotional emails about new agents, credit offers, and product updates
• Share relevant content and resources
• Notify about new services

You can opt out of marketing at any time (see Your Rights and Choices).

Legal and Safety

• Comply with legal obligations
• Enforce our Terms of Service
• Protect against fraud and abuse
• Respond to legal requests

What We Don’t Do

• We do not sell your personal information. Not to data brokers, not to advertisers, not to anyone.
• We do not use your data to train AI models. Your agent run inputs and outputs are never used for model training. Non-negotiable.
• We do not share your information for third-party marketing without your explicit consent.
• We do not make automated decisions that significantly affect you without human review.

Third-Party Sharing

Service Providers

We share information with vendors who help us operate:

These providers are contractually bound to protect your information and use it only for the services they provide to us.

A full subprocessor list is available upon request for enterprise and government clients.

Business Transfers

If we’re involved in a merger, acquisition, or sale of assets, your information may be transferred. We’ll notify you of any change in ownership or uses of your information before transfer occurs.

Legal Requirements

We may disclose information when required by:

• Law, subpoena, or legal process
• Government requests with proper authority
• Protection of our rights, safety, or property
• Prevention of fraud or harm

With Your Consent

We may share information for other purposes with your explicit consent.

Cookies and Tracking

Cookies We Use

Essential Cookies Required for site functionality — authentication, shopping cart, security. Cannot be disabled.

Analytics Cookies Help us understand how visitors use the site (page views, navigation patterns). Can be disabled.

Marketing Cookies Enable relevant advertising and campaign measurement. Can be disabled.

Managing Cookies

• Use your browser settings to block or delete cookies
• Use our cookie preference center (available via the cookie banner)
• See our Cookie Policy for detailed information

Note: Disabling essential cookies may prevent parts of the site from functioning.

Data Retention

When retention periods expire, data is:

• Securely deleted from active systems
• Removed from backups within 90 days
• Anonymized where required for aggregate analytics

Your Rights and Choices

Your Rights

Depending on your location, you may have the right to:

• Access — Request a copy of your personal information
• Correction — Request correction of inaccurate information
• Deletion — Request deletion of your personal information
• Portability — Request your data in a machine-readable format
• Restriction — Request we limit processing of your information
• Objection — Object to certain processing activities
• Withdraw Consent — Withdraw consent where processing is consent-based

How to Exercise Your Rights

1. Email privacy@upfrontops.com
2. Specify which right you’re exercising
3. Provide enough information to verify your identity
4. We’ll acknowledge your request within 5 business days
5. We’ll fulfill your request within 30 days (or notify you of any extension)

Marketing Opt-Out

• Click “unsubscribe” in any marketing email
• Email privacy@upfrontops.com with “Unsubscribe” in the subject line
• Transactional emails (receipts, run completions, security alerts) are not affected by opt-out

California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

• Right to know what personal information we collect, use, and disclose
• Right to delete personal information
• Right to opt-out of sale — we don’t sell personal information, so there’s nothing to opt out of
• Right to non-discrimination — we won’t penalize you for exercising your rights

Categories of information we collect:

• Identifiers (name, email, IP address)
• Commercial information (credit purchases, agent usage)
• Internet activity (browsing behavior, usage data)
• Professional information (company, title)

Sources: Directly from you, automatically via our website, and from business partners.

Business purposes: Service delivery, account management, analytics, marketing (with consent), and security.

To exercise CCPA rights, follow the same process described in “How to Exercise Your Rights” above. California residents may also designate an authorized agent to make requests on their behalf.

Security

We protect your data with:

• Encryption in transit (TLS 1.2+, TLS 1.3 preferred) and at rest (AES-256)
• Hardware-backed multi-factor authentication (FIPS 140-2 Level 2/3 YubiKey) for all privileged access
• Role-based access controls with principle of least privilege
• Automated vulnerability scanning and code review
• 24/7 infrastructure monitoring with incident response procedures

For complete security details, see Trust & Security.

Breach Notification

If a data breach affects your personal information, we’ll notify you as required by applicable law — typically within 72 hours of confirmed discovery. Notification will include: what happened, what data was affected, what we’re doing about it, and what you can do.

International Data Transfers

Your information may be processed in the United States, where UpfrontOps is based, or in other countries where our service providers (AWS, Stripe, HubSpot) operate infrastructure.

For international transfers, we rely on:

• Standard contractual clauses where required
• Vendor security certifications (SOC 2, ISO 27001)
• Compliance with applicable data transfer regulations

Children’s Privacy

Our services are not intended for children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact privacy@upfrontops.com and we will delete it promptly.

Changes to This Policy

We may update this policy periodically. Changes will be posted with a new “Last Updated” date. Material changes (new data practices, new sharing arrangements) will be communicated via email or prominent notice on our website.

Continued use of our services after changes are posted constitutes acceptance of the updated policy.

Contact Us

Privacy Questions Email: privacy@upfrontops.com Mail: UMG Holdings, LLC, 30 N Gould St, Ste R, Sheridan, WY 82801 Response time: Within 30 days

Security Concerns Email: security@upfrontops.com See Trust & Security for security-specific contacts

Data Protection Inquiries Email privacy@upfrontops.com with “Data Protection” in the subject line.

Page Metadata

title: "Privacy Policy | UpfrontOps"
description: "UpfrontOps privacy policy. How we collect, use, and protect your personal information when you use our AI agent marketplace and consulting services."
keywords:
  - privacy policy
  - data protection
  - personal information
  - CCPA
  - GDPR
  - agent data privacy
  - UpfrontOps privacy
noindex: false