Privacy Policy, UMAI Bridge

Effective date: 2026-05-19 Controller: UMAI (operator of letsumai.com) Contact: privacy@letsumai.com

This page explains how the UMAI Bridge Chrome extension processes data on behalf of restaurants. It is published to satisfy the Chrome Web Store disclosure requirements and the GDPR transparency obligations of the restaurant (data controller) and UMAI (processor).

Who we are

UMAI Bridge is operated by UMAI to help restaurants synchronize reservation data between external reservation systems (TheFork) and the restaurant’s UMAI 360 account.

What the extension does

The extension runs inside the restaurant’s Chrome browser after the restaurant has logged into both its TheFork manager account and its UMAI 360 account in the same browser profile. It reads reservation information from the restaurant’s TheFork tab and uses it to create matching reservations in the restaurant’s UMAI tab.

The extension does not log into either account on behalf of the restaurant. Credentials never leave the restaurant’s machine.

Data processed

The extension may read and forward the following reservation fields:

  • Guest name (as shown in the reservation row)
  • Guest phone number, if available
  • Guest email address, if available
  • Booking date and time
  • Party size
  • Room or table label
  • Reservation status (confirmed, cancelled, no-show, etc.)
  • Source system identifier (TheFork reservation UUID)

The extension also transmits technical metadata to the UMAI Bridge coordinator: the restaurant’s partner identifier, the extension version, request timestamps, and a per-action result code (created, ignored, error, etc.).

Why we process it

We process reservation data so that the restaurant does not have to retype TheFork reservations into UMAI by hand. We process technical metadata to prevent duplicate reservation creation, to surface synchronization errors to the restaurant, and to protect the service from abuse.

What we store

The UMAI Bridge coordinator stores only the minimum state and audit information needed for synchronization, debugging, and security:

  • A per-restaurant state file recording which reservations have already been synchronized (so re-runs do not duplicate them).
  • A per-restaurant append-only audit log of synchronization decisions and their outcomes.

By default, guest names and the raw text of reservation cards are NOT written to the audit log. They can be enabled per-restaurant during incident investigation and disabled again once the investigation closes.

What we do not do

  • We do not sell guest data.
  • We do not use guest-level reservation data for advertising or profiling.
  • We do not store the restaurant’s TheFork or UMAI password. The extension never sees these credentials.
  • We do not share guest data with third parties beyond the UMAI account that the restaurant already controls.

Retention

  • Synchronization state: retained for as long as the restaurant uses UMAI Bridge. Removed within 30 days of the restaurant disabling the extension.
  • Audit log: retained for 90 days for security and troubleshooting, then pruned automatically.
  • Backup snapshots: retained for 14 days on the coordinator server, then deleted.

Where data is stored

The UMAI Bridge coordinator is hosted in the European Economic Area (Hetzner Cloud, Falkenstein, Germany). No personal data is transferred outside the EEA.

Restaurant responsibilities

The restaurant is the controller for the guest data shown in its TheFork and UMAI tabs. UMAI Bridge processes that data on the restaurant’s instructions. Each restaurant should:

  • Inform its guests that reservation data is synchronized between TheFork and UMAI (this is typically already covered by the restaurant’s general reservation privacy notice).
  • Honor guest requests for access, rectification, or deletion. UMAI support can help restaurants act on these requests when needed.

Guest rights

Guests have rights of access, rectification, deletion, restriction, objection, and portability under GDPR. To exercise these rights, guests should contact the restaurant where they made the reservation. Restaurants can contact UMAI support (privacy@letsumai.com) for technical assistance with these requests.

Security

  • All traffic between the extension and the coordinator is encrypted in transit via TLS (HTTPS).
  • Each restaurant has its own access token. Tokens are kept on the coordinator with strict file permissions and are not shared between restaurants.
  • The coordinator supports a global and per-restaurant kill switch that immediately stops processing for that restaurant.

Changes to this policy

Material changes to this policy will be reflected by updating the effective date at the top of this page and notifying restaurants at their support contact email.

Contact

  • Privacy and data subject requests: privacy@letsumai.com
  • General support: hello@letsumai.com