Privacy Policy

Kumu Inc. ("Kumu", "we", "our", "us") developed the website ("Website", "Services", "Compass") to help you tackle tough problems by visualizing and tracking communication patterns. We understand how important your privacy is and will take reasonable steps to protect your information as if it was our own. This document provides our policies and procedures for collecting, using, and disclosing your information.

Kumu Inc. complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Kumu Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit

Information We Collect, and How We Use It

Website Visitors
To simply browse our Website, you are not required to provide any personally-identifiable information. However, we may collect non-personally-identifiable information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. Kumu’s purpose in collecting non-personally identifying information is to better understand how Kumu’s visitors use its website and to monitor and improve our Website and Services. From time to time, we may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website.

Registered Users
When you register for Compass, we collect personal information including name, username, email, account password, account name, date of registration, and subscription data. We also collect potentially personally-identifying information like Internet Protocol (IP) addresses, information about your computer, geographic location, and other standard web log information. We do not disclose personally-identifying information other than as described below. Visitors can always refuse to supply personally-identifying information, with the caveat that it may prevent them from engaging in certain website-related activities.

We rely upon a number of legal grounds to ensure that our use of your Personal Data is compliant with applicable law. We use Personal Data to facilitate the business relationships we have with our Users, to comply with our financial regulatory and other legal oblications, and to pursue our legitimate business interests. The follosing list sets out the business purposes that we have identified as legitimate. In determining the content of this list, we balanced our interests against the legitimate interests and rights of the individuals whose Personal Data we process. We:

  • Respond to inquiries, send service notices and provide customer support;
  • Promote, analyze, modify and improve our products, systems, and tools, and develop new products and services;
  • Analyze and advertise our products and services;
  • Conduct aggregate analysis and develop business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of, our business
  • Share Personal Data with third party service providers that provide services on our behalf and business partners which help us operate and improve our business; and
  • Ensure network and information security throught Kumu and our Services.

If we need to use your Personal Data in other ways, we will provide specific notice at the time of collection and obtain your consent where required by applicable law.

We may send you email marketing communications about Kumu products and services, invite you to participate in our events or surveys, or otherwise communicate with you for marketing purposes, provided that we do so in accordance with the consent requirements that are imposed by applicable law. When we collect your business contact details through our participation at trade shows or other events, we may use the information to follow-up with you regarding an event, send you information that you have requested on our products and services and, with your permission, include you on our marketing information campaigns.

Information from Slack API
When you authorize Compass to access a Slack team, we collect all available data that Slack exposes through their APIs. This may include message content and meta data for public channels, private channels and direct messages (depending on the level of authorization you provide to Compass), user information, channel information, group information, files, survey responses and any other information made available by the Slack API.

Aggregated Statistics
We may collect statistics about the behavior of visitors to the Website. However, Kumu will not disclose personally-identifying information other than as described below.

A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. We uses cookies to help us identify and track visitors, their usage of Compass website, and their website access preferences. Compass visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using the Website, with the drawback that certain features of the Website may not function properly without the aid of cookies.

When paying for an account subscription, we use a third party payment processor, Stripe, to assist in processing your personally identifiable payment information. We do not receive or store credit card information into our servers. These transactions and Stripe's use of your personal information is governed by their privacy policy (available at

Where We Store Your Information

If you are located outside the United States, the information that we collect from you may be transferred to, and stored and processed at, a destination in the United States. By submitting information, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Policy.

Disclosing Your Information

Protection of Certain Personally-Identifying Information
Kumu discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organizations that (i) need to know that information in order to process it on Kumu’s behalf or to provide services available at the Website, and (ii) that contractually commit to protect the security and confidentiality of Personal Data they process on our behalf. Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using Compass, you consent to the transfer of such information to them. Kumu will not rent or sell potentially personally-identifying and personally-identifying information to anyone. Other than to its employees, contractors and affiliated organizations, as described above, Kumu discloses potentially personally-identifying and personally-identifying information only in response to a subpoena, court order or other governmental request, or when Kumu believes in good faith that disclosure is reasonably necessary to protect the property or rights of Kumu, third parties or the public at large. If you are a registered user of Compass and have supplied your email address, we may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with Compass and related services. You can opt-out of receiving these email communications from us by contacting us at If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users. Kumu takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally-identifying and personally-identifying information.

Business Transfers
If Kumu, or substantially all of its assets were acquired, or in the unlikely event that Kumu goes out of business or enters bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquiror of Kumu may continue to use your personal information as set forth in this policy.

Your Rights and Choices

Your Data Protection Rights. Depending on your location and subject to applicable law, you may have the following rights with regard to the Personal Data we control about you:

  • The right to request confirmation of whether Kumu processes Personal Data relating to you, and if so, to request a copy of that Personal Data;
  • The right to request that Kumu rectifies or updates your Personal Data that is inaccurate, incomplete or outdated;
  • The right to request that Kumu erase your Personal Data in certain circumstances provided by law;
  • The right to request that Kumu restrict the use of your Personal Data in certain circumstances, such as while Kumu considers another request that you have submitted (including a request that Kumu make an update to your Personal Data); and
  • The right to request that we export to another company, where technically feasible, your Personal Data that we hold in order to provide Services to you.

Where the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent at any time. You may also have the right to object to the processing of your Personal Data on grounds relating to your particular situation.

Communications Preferences
We offer those who provide personal contact information a means to choose how we use the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of our marketing emails or you may send a request to Pleae note that if you opt-out of receiving marketing related emails from us, we may still send you important administrative messages that are required to provide you with our Services.

Correcting, Updating and Removing Your Information
Upon request we will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. To request this information please contact us at Account owners may update or change their account information by editing their profile or organization profile or by contacting for more detailed instructions. To make a request to have personal information maintained by us returned to you or removed, please email Requests to access, change, or remove your information will be handled within 30 days.

An individual who seeks access to, or who seeks to correct, amend, or delete inaccuracies in personal information stored or processed by us on behalf of an account owner should direct his/her query to the account owners (the data controller). Upon receipt of a request from one of our account owners for us to remove the data, we will respond to their request within thirty (30) days. We will retain personal information that we store and process on behalf of our account owners for as long as needed to provide the Services to our users. We will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. If you have any questions about the security of your personal information, you can contact us at

If you are an account owner or otherwise provide us with personal information in connection with your use of our Websites or Services, we will delete this information upon your request, provided that, notwithstanding such request, this information may be retained for as long as you maintain an account for our Services, or as needed to provide you with our Services, comply with our legal obligations, resolve disputes and enforce our agreements.

Security and Retention

We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data within our organization against unauthorized access, destruction, loss, alteration or misuse. Your Personal Data is only accessible to a limited number of personnel who need access to the information to perform their duties. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please contact us immediately.

If you are a Compass User, we retain your Personal Data as long as we are providing the Services to you. We retain Personal Data after we cease providing Services to you, even if you close your Compass account, to the extent necessary to comply with our legal and regulatory obligations. We also retain Personal Data to comply with our tax, accounting, and financial reporting obligations. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.

Privacy Shield Frameworks

Privacy Shield Frameworks
Kumu abides by and has certified adherence to the principles of the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce. For more information on the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks, and to view the scope of Kumu’s certification, please visit

In compliance with the Privacy Shield Principles, Kumu commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at:

By email:

By mail:
Kumu Inc.
Attn: Privacy
720 University Avenue, Suite 200
Los Gatos, CA 95032

We have further committed to refer unresolved Privacy Shield complaints to ICDR/AAA, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit ICDR/AAA ( for more information or to file a complaint. The services of ICDR/AAA are provided at no cost to you.

If neither Kumu nor ICDR/AAA resolves your complaint, you may pursue binding arbitration through the Privacy Shield Panel. To learn more about the Privacy Shield Panel, click here. The Federal Trade Commission has investigation and enforcement authority over our compliance with the Privacy Shield.

If we have received your personal information under the Privacy Shield and subsequently transfer it to a third party service provider for processing, we will remain responsible if they process your personal information in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.

Data Processing Addendum

We offer a data processing addendum (DPA) for our customers who collect data from people in the EU. Our DPA offers contractual terms that meet GDPR requirements and that reflect our data privacy and security commitments to our customers. Customers can request a DPA by emailing

To guarantee no terms are imposed on us beyond what is reflected in our DPA and Terms of Service, we cannot agree to sign individual customers’ DPAs. We are a small team and are unable to make individual changes to our DPA. Any changes to the standard DPA would require legal counsel and considerable back and forth discussion, which would be cost-prohibitive for our small team.

Privacy Policy Changes

Although most changes are likely to be minor, Kumu may change its Privacy Policy from time to time, and in Kumu’s sole discretion. Kumu encourages visitors to frequently check this page for any changes to its Privacy Policy. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change.

Effective Date: May 25, 2018


If you have any questions about our privacy policy, you can contact us by email at or by mail using the following address:

By mail:
Kumu Inc.
Attn: Privacy
720 University Avenue, Suite 200
Los Gatos, CA 95032

Note: This Privacy Policy is available under a Creative Commons Sharealike license, which means you’re more than welcome to steal it and repurpose it for your own use, just make sure to replace references to us with ones to you.