Lambda and Oumi announce partnership for end-to-end custom AI model development.

Click here to find out more!

Oumi AI

Privacy Policy

Last updated: March 18, 2026

OUMI PBC (“Oumi,” “we,” “us,” or “our”) provides a configurable AI infrastructure platform designed for organizations and professional users, including enterprises, academic institutions, and government agencies. The platform enables customers to build, customize, evaluate, and deploy AI models and workflows—across inference, training, data synthesis, distillation, and quantization—within customer-controlled environments (the “Software”).

This Privacy Policy describes how Oumi processes Personal Data when acting as a data controller.

1. Defined Terms

For purposes of this Privacy Policy:

Customer Content means all content-layer materials submitted by Customer to the Software and all outputs generated from Customer-configured training, inference, evaluation, or workflow execution through the Software, including prompts, inputs, outputs, training datasets, model artifacts, weights, checkpoints, fine-tuned models, and evaluation artifacts. Customer Content does not include Telemetry or Metadata.

Telemetry means system-generated operational, diagnostic, and security data relating to the performance, reliability, integrity, and health of the Services (such as request timestamps, error codes, latency metrics, infrastructure resource utilization, and access logs). Telemetry may include limited technical identifiers such as IP address and device identifiers. Telemetry is used solely for security monitoring, abuse detection, fraud prevention, incident investigation, capacity planning, product and service maintenance, and improving the security, reliability, and performance of the Services, and not for training or improving any centralized, shared, or general-purpose model. Telemetry is maintained separately from Customer Content and is not combined with Customer Content for model development purposes.

Metadata means non-content, descriptive information about Customer’s configuration or use of the Services, such as feature selections, deployment environment selections, workflow configuration types, and usage frequency statistics, provided that such Metadata does not include Customer Content.

Personal Data has the meaning given to it (or to equivalent terms such as "personal information") under applicable data protection and privacy laws.

2. Roles and Scope

2.1 When Oumi Acts as Processor

When customers use the Software to process Personal Data within Customer Content:

  • The customer is the Controller.

  • Oumi acts solely as a Processor.

  • Oumi does not use Customer Content to train, improve, develop, benchmark, or enhance any centralized or multi-tenant model.

    Oumi may use aggregated, de-identified operational insights derived from Customer Content solely for security, abuse prevention, reliability, product and service improvements, and such insights do not identify customers or include Customer Content.

Individuals whose Personal Data is included in Customer Content should direct requests to the relevant customer.

2.2 When Oumi Acts as Controller

Oumi acts as a Controller with respect to:

  • Account registration information
  • Billing and payment information
  • Website visitor data
  • Marketing communications
  • Support communications
  • Security logs
  • Telemetry and Metadata

Certain U.S. state privacy laws provide rights to access, delete, correct, or opt out of certain disclosures. Oumi does not sell personal information and does not share personal information for cross-context behavioral advertising.

This Privacy Policy governs that processing.

3. Personal Data We Collect (Controller Role)

We may collect the following categories of Personal Data:

3.1 Account and Contact Information

  • Name
  • Business email address
  • Phone number (if provided)

3.2 Payment Information

  • Payment transaction metadata (Payment card data is processed by third-party payment processors.)

3.3 CRM / Invoicing Information

  • Company name
  • Contact name
  • Phone number
  • Job Title
  • Email address / alias
  • Billing address

3.4 Website and Technical Information

  • IP address
  • Browser type
  • Device information
  • Referring URLs
  • Cookies / similar technologies

3.5 Telemetry and Metadata

  • System performance metrics
  • API call frequency
  • Error logs
  • Resource utilization
  • Feature selection frequency
  • Deployment region selection

Telemetry and Metadata collection is a core operational feature of the Software and is not optional except where expressly agreed in a separate enterprise agreement.

Oumi may use aggregated, de-identified operational insights derived from Telemetry and Metadata solely for security, abuse prevention, reliability, product and service improvements, and such insights do not identify customers or include Customer Content.

4. How We Use Personal Data

We use Personal Data (in our Controller capacity) to:

  • Provide account access
  • Process billing and payments
  • Respond to support requests
  • Communicate product updates
  • Maintain platform security
  • Detect fraud or abuse
  • Comply with legal obligations
  • Improve the reliability, performance, and security of the Software using Telemetry and Metadata
  • Provide Professional Services (including onboarding and implementation support)

We do not use Customer Content to train, improve, or develop any centralized or multi-tenant model. Oumi may use aggregated, de-identified operational insights derived from Customer Content solely for security, abuse prevention, reliability, product and service improvements, and such insights do not identify customers or include Customer Content.

5. AI and Model Training

Oumi operates as infrastructure.

Except where a customer expressly opts into a separate written program:

  • Oumi does not use Customer Content to train or improve general-purpose AI systems. Oumi may use aggregated, de-identified operational insights derived from Customer Content solely for security, abuse prevention, reliability, and product and service improvements, and such insights do not identify customers or include Customer Content.

  • Oumi does not aggregate Customer Content across customers for centralized model development. Oumi may use aggregated, de-identified operational insights derived from Customer Content solely for security, abuse prevention, reliability, product and service improvements, and such insights do not identify customers or include Customer Content.

  • Oumi does not sell Customer Content.

Telemetry and Metadata may be aggregated and de-identified for operational purposes.

6. Legal Bases for Processing (GDPR)

Where the GDPR applies, Oumi relies on:

  • Contract performance (account provisioning, billing, support)
  • Legitimate interests (security, fraud prevention, product and service reliability)
  • Legal obligation (regulatory compliance)
  • Consent (where required for marketing communications)

Where required by applicable law, we obtain consent prior to placing non-essential cookies.

7. International Data Transfers

Where Customer Personal Data subject to GDPR is transferred outside the EEA, UK, or Switzerland to a jurisdiction without an adequacy decision, Oumi implements appropriate safeguards pursuant to Article 46 GDPR, including the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914), the UK International Data Transfer Addendum, and Swiss transfer mechanisms, as applicable.

Where Oumi acts as a Controller, Oumi relies on appropriate safeguards under Article 46 GDPR. Oumi may rely on the SCCs (and/or other Article 46 safeguards) as applicable.

8. Data Retention

We retain Personal Data only as long as necessary for:

  • Contract performance
  • Legal obligations
  • Security and fraud prevention
  • Legitimate business purposes

Customer Content retention is governed by the DPA and applicable contractual terms.

System-generated security logs and Telemetry are typically retained for short, defined periods (currently 30 days), unless a longer retention period is required for active security investigations, legal obligations, or documented compliance requirements.

9. Security

Oumi maintains administrative, technical, and physical safeguards designed to protect Personal Data.

Security measures include:

  • Encryption in transit
  • Encryption at rest (where applicable)
  • Access controls
  • Monitoring and incident response procedures

No method of transmission or storage is completely secure.

10. Data Subject Rights

Where applicable law provides rights, individuals may request:

  • Access
  • Correction
  • Deletion
  • Portability
  • Restriction of processing
  • Objection to processing

Requests relating to Customer Content should be directed to the relevant customer.

Requests relating to Oumi’s controller processing may be sent to: privacy@oumi.ai

We may require verification of identity before responding to requests.

11. Cookies and Tracking

We use cookies and similar technologies for:

  • Website functionality
  • Security
  • Performance analytics

We do not use cross-context behavioral advertising based on Customer Content.

12. Marketing Communications

If you subscribe to marketing communications:

  • You may unsubscribe at any time.
  • We do not sell Personal Data.

13. Third-Party Service Providers

We may engage third-party service providers for:

  • Hosting
  • Payment processing
  • Analytics
  • Security monitoring
  • Support systems

Such providers are bound by contractual confidentiality and data protection obligations.

14. Children

The Software is intended for personal professional, business, academic, research, or governmental purposes, and is not directed to children under 16.

15. Changes to This Privacy Policy

Material changes will be communicated where required by applicable law.

16. Contact Information

OUMI PBC
2018 156th Avenue N.E. Building F, Suite 100
PMB 8404 Bellevue, Washington 98007
Email: privacy@oumi.ai