Privacy
Our commitment
Every wing of UnMasking Neurons is built on the same principle: Your agency is the default. We have designed our architecture so that we are technically incapable of accessing, reading, or utilizing your personal information without your active, manual participation. You maintain absolute sovereignty over your data—across every product and every client engagement.
Across every wing
Technology — UMNTech Your data never leaves your device by default. All AI processing happens on-device. No passive telemetry. No behavioral profiling. If you opt into cloud backup, your data is encrypted on your device before it is transmitted. The server receives only ciphertext it cannot decrypt.
Community — UMNTogether Community data lives on self-hosted infrastructure we own and operate. It is not sold, shared with advertisers, or used to train external models. You own your participation.
Science Institute Research data is anonymized by design. No personally identifiable information is collected or retained. Findings are published in aggregate only.
Consulting & Advisory Client engagements are governed by a Data Processing Agreement. No client data is retained after an engagement closes. Assessment findings are delivered directly to the client and stored nowhere else. Our own infrastructure — the same infrastructure that supports our consulting practice — is zero-knowledge by design.
The technical reality
| Layer | How we implement it |
|---|---|
| Data collection | Minimal by design. No passive telemetry. No behavioral profiling. |
| On-device processing | AI analysis runs locally. No data sent to cloud for processing. |
| Encryption at rest | AES-256 encryption on device storage. |
| Encryption in transit | TLS 1.2/1.3 for all network communication. |
| Zero-knowledge sync | Client-side encryption before any data leaves the device. Server receives only ciphertext. |
| Key management | Encryption keys are derived locally from user credentials. We have no “backdoor” or recovery mechanism; if a user loses their credentials, the data remains ciphertext and is irrecoverable by UnMasking Neurons. |
| Infrastructure | Hetzner, Germany. GDPR-compliant. Annual TÜV Rheinland audit. No third-party data sharing. |
| Access control | UnMasking Neurons nor their DBAs have access to user data. Zero-knowledge is enforced by technical architecture, not policy. |
When data is shared — and only when you choose
Improving the app — optional and opt-in If you choose to contribute anonymized usage data to help improve UMNTech apps, you can opt in at any time. This is never on by default. You can withdraw at any time. No personally identifiable information is included.
Technical support — your logs, your decision If you contact us for technical support and want to share diagnostic logs to help resolve an issue, you initiate that sharing explicitly. We do not have background access to your logs. You choose what to send, when to send it, and the data is used only to resolve your specific issue.
Institutional, educational and clinical deployments
- Provider-Led Support: If a UMNTech app is provided through a school, medical practice, or support program, sharing diagnostic data is still a choice. If a provider is assisting you with technical troubleshooting, you may choose to “push” logs to facilitate that support.
- Structural Privacy: Regardless of who provides the app, our underlying architecture remains zero-knowledge. Your providers and administrators cannot access your personal data through our systems. We are technically incapable of bypassing your local encryption, ensuring your clinical or educational privacy is enforced by code, not just policy.
- Managed Feature Sets: In some institutional settings, administrators may disable certain optional data-sharing features to comply with local privacy regulations (such as FERPA or HIPAA). In these cases, the data is simply never collected; it is not rerouted to the institution.
Children’s data
Children cannot opt in to data sharing. Period. If a UMNTech app is used by a child, all optional data sharing features are disabled regardless of device or account settings. A parent or guardian cannot opt a child in on their behalf. The only data that exists for a child user is what stays on the device.
In all cases: your choice, your control, your data.
Why European infrastructure
Our backup and sync infrastructure is hosted on Hetzner, a German provider operating under EU jurisdiction. This is a deliberate choice. EU law provides stronger statutory protections against compelled disclosure than U.S. law. And because we use zero-knowledge encryption, the physical location of the server is a secondary protection on top of an architectural one. A subpoena returns an encrypted blob no one can read.
For institutional and enterprise partners
Organizations considering UnMasking Neurons products or consulting services can request:
- Data Processing Agreements for EU/GDPR compliance
- HIPAA-adjacent architecture review and BAA upon request
- SOC 2-aligned security documentation
- Open-source code review for security teams (under NDA)