Privacy Policy

Effective date: May 18, 2026

Upmend ("we", "our", "us") provides a managed monitoring and maintenance service for non-technical founders running AI/no-code apps in production. This policy explains what information we collect, why, and how we handle it. We try to keep it short and plain.

What we collect

Analytics and cookies

On our public marketing pages (our homepage and informational pages such as this one) we use Google Analytics 4 to understand aggregate, anonymous traffic — for example which pages people visit and roughly where visitors arrive from. Google Analytics sets cookies and processes a shortened form of your IP address on Google's infrastructure as a data processor on our behalf. See Google's Privacy Policy and the Google Analytics opt-out.

We do not run Google Analytics or any third-party tracking inside the authenticated product (your dashboard) or the admin area, and we do not use advertising or cross-site tracking cookies anywhere. You can block analytics cookies via your browser or the opt-out above without affecting the service.

Why we collect it

Who has access

Only Upmend personnel directly involved in serving your account. We do not sell your data, share it with advertisers, or use it to train AI models.

We use the following service providers to run Upmend, who process limited data on our behalf:

How long we keep it

We keep your account data for as long as your subscription is active. After cancellation, we keep records for up to 12 months for billing, dispute, and legal-compliance purposes, then delete them.

You can request earlier deletion at any time — see "Your rights" below.

Your rights

Depending on where you live, you may have the right to:

Email hello@upmend.io to exercise any of these and we'll respond within 30 days.

Security

We host on Vercel and Supabase, both of which provide industry-standard security including encryption in transit and at rest. Customer dashboard data is gated by row-level security so only the logged-in customer can see their own records. We do not store sensitive credentials of your app's third-party services without explicit need; when we do, they are stored in our access-controlled internal records.

If we ever experience a data breach affecting your information, we will notify you within 72 hours.

Children

Upmend is a B2B service for adults building software businesses. We do not knowingly collect data from anyone under 18.

Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify customers by email at least 30 days before the change takes effect.

Contact

For any privacy questions, email hello@upmend.io.