Upware, Inc. ("Upware," "we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website at upware.ai (the "Site") or use our enterprise AI harness platform and related services (the "Service").
This Policy applies to visitors of the Site and to customers and authorized users of the Service. By using the Site or the Service, you agree to the collection and use of information in accordance with this Policy.
If you do not agree with this Policy, please do not use the Site or the Service.
Upware, Inc. is incorporated in the State of Delaware, United States. We provide enterprise infrastructure software, the "Agentic Harness Layer," that enables organizations to connect AI agents to their existing business systems and automate operational processes.
For privacy-related questions, contact us at:
This Policy covers two distinct contexts, and the data practices differ between them:
(a) The Website. When you visit upware.ai, browse our pages, or click through to request a demo, your interaction is limited to standard website browsing. We do not collect personal information through a form on our Site; requests to "Request a Demo" redirect to a third-party scheduling tool (currently Calendly), which has its own privacy practices governing any information you provide there. See Section 8.
(b) The Service. When a business becomes an Upware customer, our platform connects to that customer's internal systems (such as CRMs, ERPs, core banking systems, or other business applications) to learn and automate business processes. Our data handling in this context is described in Section 5 below and, in more detail, in the Data Processing Agreement ("DPA") executed with each customer.
This Policy is written primarily from the perspective of the Site. For Service-specific terms, the applicable Master Service Agreement ("MSA") and DPA between Upware and the customer govern, and take precedence over this Policy in the event of conflict.
We collect very limited information directly through the Site. Currently, the Site does not include forms that collect personal data. If you choose to schedule a demo, you will be redirected to Calendly, a third-party scheduling platform, where you will provide information directly to Calendly under its own privacy policy.
If in the future we add direct forms to the Site (such as a newsletter signup, contact form, or content download), we will update this Policy to describe what is collected and why before such forms go live.
When you visit the Site, certain information may be collected automatically through standard web server logs and, in the future, through analytics tools. This may include:
Current state: As of the effective date of this Policy, Upware does not use third-party analytics, advertising, or tracking tools on the Site.
Future use: We intend to implement analytics tools (such as Google Analytics, HubSpot, or similar platforms) to understand how visitors use the Site. When we do, we will update this Policy to name the specific tools in use, describe the categories of data they collect, and provide instructions for opting out where applicable. We will also implement a cookie consent mechanism appropriate to the jurisdictions described in Section 9.
If you are an authorized user of the Service on behalf of a customer organization, we may collect:
We do not collect, store, transmit, or otherwise process personal data, sensitive data, or any other content originating from a customer's underlying business systems (such as customer records, financial data, health information, or any other data resident in the systems Upware connects to), except to the extent necessary to generate and maintain Workflow Configuration Data as described below. Upware's platform is architected so that the substantive data passing through a connected system during the execution of an automated process is not retained, stored, or persisted by Upware.
We use the limited information described above for the following purposes:
We do not sell personal information. We do not use personal information for behavioral advertising, and we do not share personal information with third parties for their own independent marketing purposes.
Upware's platform operates by observing how a business process is performed (through demonstration, documentation, or instruction) and converting that process into an automated, governed workflow ("Workflow Configuration Data"). Workflow Configuration Data may include:
Workflow Configuration Data is structural and operational in nature. It describes how a process works, not the underlying business records or personal data the process may act upon during live execution. Upware is architected to execute against a customer's live systems without persisting the substantive content of those systems.
Workflow Configuration Data is owned by the customer and is used by Upware solely to provide, maintain, support, and improve the Service for that customer, as further described in the applicable MSA and DPA.
We may share information in the following limited circumstances:
Service providers. We may share information with third-party vendors who perform services on our behalf, such as cloud hosting, customer support tooling, and (in the future) analytics providers. These vendors are contractually obligated to protect the information and use it only for the purposes for which it was disclosed.
Legal requirements. We may disclose information if required to do so by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect the rights, property, or safety of Upware, our customers, or the public.
Business transfers. If Upware is involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to standard confidentiality protections.
With consent. We may share information for any other purpose with your consent.
We do not share Workflow Configuration Data, or any data processed through the Service, with other customers or third parties for any purpose outside of providing the Service to the customer to whom that data belongs.
Website data: Server logs and any future analytics data are retained for as long as reasonably necessary for the purposes described in this Policy, and are deleted or anonymized thereafter in accordance with our internal data retention practices.
Service data: Workflow Configuration Data is retained for the duration of the customer relationship and for a reasonable period thereafter as specified in the applicable MSA, to support account transitions, legal obligations, or dispute resolution. Customers may request earlier deletion subject to the terms of their agreement with Upware.
Calendly. Demo requests on the Site redirect to Calendly, a third-party scheduling service. Calendly's collection and use of your information is governed by Calendly's own privacy policy, available at calendly.com/privacy. Upware does not control and is not responsible for Calendly's data practices.
Future third-party tools. As noted in Section 3.2, we plan to add analytics and may add other third-party tools to the Site over time. Each such tool will be named in an updated version of this Policy prior to deployment, along with information on how to control or opt out of data collection by that tool, where such controls are available.
Upware is a U.S. company and primarily serves customers in the United States. We also conduct business in the United Kingdom and Australia, and the following provisions apply to individuals in those and other jurisdictions where applicable law grants specific rights.
Depending on your state of residence, you may have rights under state privacy laws (such as the California Consumer Privacy Act, as amended by the California Privacy Rights Act, or similar laws in other states), including the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale or sharing of personal information. As stated above, Upware does not sell personal information.
To exercise applicable rights, contact us at compliance@upware.ai. We will respond in accordance with applicable law.
If you are located in the UK or EEA, we process personal data in accordance with the UK General Data Protection Regulation and/or the EU General Data Protection Regulation ("GDPR"), as applicable. Our legal bases for processing include performance of a contract, legitimate interests, compliance with legal obligations, and, where applicable, consent.
Under GDPR, you have the right to access, correct, delete, or restrict the processing of your personal data, the right to data portability, and the right to object to processing in certain circumstances. You also have the right to lodge a complaint with your local data protection authority.
Where we transfer personal data from the UK or EEA to the United States, we rely on appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms.
If you are located in Australia, we handle personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth), to the extent applicable to our business. You may contact us using the details in Section 1 to make inquiries or complaints regarding our handling of your personal information.
The Site and Service are intended for business use by adults and are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can take appropriate action.
We implement administrative, technical, and organizational measures designed to protect information against unauthorized access, alteration, disclosure, or destruction. These measures include, among others, outbound-only network connections for the Service, no storage of customer credentials, encryption in transit, and access controls. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Upware is currently undergoing a SOC 2 Type II audit. Additional detail on our security architecture is available on our Platform page and upon request from prospective and current customers.
Cookies. The Site does not currently set non-essential cookies. When we introduce analytics or other tools that use cookies or similar technologies, we will provide a cookie banner or preference center allowing you to manage your choices, as required by applicable law.
Communications. If we begin sending marketing communications, you will be able to opt out via an unsubscribe link in those communications or by contacting compliance@upware.ai.
Access and deletion requests. You may contact compliance@upware.ai to make a request regarding personal information we hold about you, subject to the limitations described in this Policy and applicable law.
We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated Policy on this page with a revised "Last Updated" date. Material changes will be communicated through reasonable means, such as a notice on the Site or, for customers, through account communications.
If you have questions about this Privacy Policy or our data practices, please contact us at: