Privacy
Our commitment
Every wing of UnMasking Neurons is built on the same principle: your data belongs to you — across every product, and every client engagement. We are technically incapable of reading your data.
Across every wing
Technology — UMNTech Your data never leaves your device by default. All AI processing happens on-device. No passive telemetry. No behavioral profiling. If you opt into cloud backup, your data is encrypted on your device before it is transmitted. The server receives only ciphertext it cannot decrypt.
Community — UMNTogether Community data lives on self-hosted infrastructure we own and operate. It is not sold, shared with advertisers, or used to train external models. You own your participation.
Science Institute Research data is anonymized by design. No personally identifiable information is collected or retained. Findings are published in aggregate only.
Consulting & Advisory Client engagements are governed by a Data Processing Agreement. No client data is retained after an engagement closes. Assessment findings are delivered directly to the client and stored nowhere else. Our own infrastructure — the same infrastructure that supports our consulting practice — is zero-knowledge by design.
The technical reality
| Layer | How we implement it |
|---|---|
| Data collection | Minimal by design. No passive telemetry. No behavioral profiling. |
| On-device processing | AI analysis runs locally. No data sent to cloud for processing. |
| Encryption at rest | AES-256 encryption on device storage. |
| Encryption in transit | TLS 1.2/1.3 for all network communication. |
| Zero-knowledge sync | Client-side encryption before any data leaves the device. Server receives only ciphertext. |
| Key management | Encryption keys are derived from user credentials and never transmitted or stored server-side. |
| Infrastructure | Hetzner, Germany. GDPR-compliant. Annual TÜV Rheinland audit. No third-party data sharing. |
| Access control | No UnMasking Neurons personnel have access to user data. Zero-knowledge is enforced by technical architecture, not policy. |
When data is shared — and only when you choose
Improving the app — optional and opt-in If you choose to contribute anonymized usage data to help improve UMNTech apps, you can opt in at any time. This is never on by default. You can withdraw at any time. No personally identifiable information is included.
Technical support — your logs, your decision If you contact us for technical support and want to share diagnostic logs to help resolve an issue, you initiate that sharing explicitly. We do not have background access to your logs. You choose what to send, when to send it, and the data is used only to resolve your specific issue.
Institutional and workplace deployments If a UMNTech app is provided through an employer, school, or support program, the program administrator may restrict opt-in data sharing options as part of their own compliance requirements. In those cases, the features simply are not available — no data is collected in their place. The underlying privacy architecture does not change. We are still technically incapable of reading your data regardless of how the app is deployed.
Children’s data Children cannot opt in to data sharing. Period. If a UMNTech app is used by a child, all optional data sharing features are disabled regardless of device or account settings. A parent or guardian cannot opt a child in on their behalf. The only data that exists for a child user is what stays on the device.
In all cases: your choice, your control, your data.
Why European infrastructure
Our backup and sync infrastructure is hosted on Hetzner, a German provider operating under EU jurisdiction. This is a deliberate choice. EU law provides stronger statutory protections against compelled disclosure than U.S. law. And because we use zero-knowledge encryption, the physical location of the server is a secondary protection on top of an architectural one. A subpoena returns an encrypted blob no one can read.
For institutional and enterprise partners
Organizations considering UnMasking Neurons products or consulting services for workplace programs can request:
- Data Processing Agreements for EU/GDPR compliance
- HIPAA-adjacent architecture review and BAA upon request
- SOC 2-aligned security documentation
- Open-source code review for security teams (under NDA)