1. About Ultralytics
This Privacy Policy (“Policy”) explains how Ultralytics Inc. (“Ultralytics,” “us,” or “we”) collects, uses, stores, shares, processes, and protects personal information across our website, Ultralytics HUB, YOLO models, and related services. It also describes your rights and choices regarding your personal information, and how to contact us to learn more about our privacy practices.
2. Scope and Applicability
This Policy applies to all current and prospective Ultralytics customers, including those using our open-source models and Ultralytics HUB, newsletter subscribers, sales questionnaire respondents, and anyone interacting with our products, services, and website. It also covers end-users, partners, and other individuals whose personal information we process in the course of providing our Services.
This Privacy Policy does not address our privacy practices relating to Ultralytics job applicants, employees and other employment-related individuals, nor data that is not subject to applicable data protection laws (such as deidentified or publicly available information). This Privacy Policy is also not a contract and does not create any legal rights or obligations not otherwise provided by law.
3. Definitions
- Personal Data / Personal Information: Any information relating to an identified or identifiable individual, such as names, email addresses, phone numbers, IP addresses, and other identifiers.
- Controller: The entity that determines the purposes and means of processing personal data.
- Processor: The entity that processes personal data on behalf of the controller.
- Services: Our website, Ultralytics HUB platform, YOLO models, and all related products and services.
- You: The individual using our Services or whose personal data we process.
4. Personal Information We Collect
We collect a limited scope of personal information from individuals using our Services, and in certain cases, with your explicit consent. We may obtain this information directly from you, through your use of our Services, or from third parties. The categories include:
- Registration and Account Information: Name, email address, company role/title, credentials for account creation and access.
- Customer Support: Email address, support request details.
- Usage Data: Device identifiers, operating system, browser type, IP address, pages visited, interaction metrics.
- Business Partner Information: Names, job titles, contact details of business partners.
- Marketing and Communications: Name, email address, preferences for updates and promotions.
- Third-Party Information: Information from third-party services for marketing and operational purposes.
- Newsletter and Event Data: Email address, IP address, registration time, and engagement metrics for newsletters and events.
- Automatically Collected Data through Cookies: Session and device identifiers, page visit timestamps or session duration.
We may aggregate or anonymize data for statistical analysis, product development, and marketing strategies.
5. How We Use Personal Information (Purposes and Legal Basis)
We use personal information for the following purposes and legal bases:
Data category |
Collected from |
Purpose of processing |
Legal basis |
Registration and account information |
Customer |
Account creation, authentication, and user management |
Contract with customer |
Customer support information |
Customer |
Resolve support queries and maintain service quality |
Contract with customer |
Usage data |
Customer |
Analyse platform usage, detect anomalies, and improve UX |
Contract and/or legitimate interest |
Business partner information |
Third parties |
Maintain business relationships and manage partnerships |
Contract and/or legitimate interest |
Marketing and communications |
Customer |
Send newsletters, updates, and promotional material |
Consent and/or contract |
Third-party information |
Third parties |
Enhance marketing campaigns and enrich operational data |
Consent and/or contract and/or legitimate interest |
Newsletter and event data |
Customer |
Manage event participation and measure engagement |
Consent and/or contract with the person |
Automatically collected data through cookies |
Customer |
Improve site functionality, security, and personalise user experience |
Consent and/or legitimate interest |
6. How We Share Personal Information
We share your personal information only as necessary:
- Service Providers and Subprocessors: We use trusted third parties for hosting, analytics, support, and communications. See our current list of subprocessors at: Ultralytics Subprocessors
- Business Transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred as part of the transaction.
- Legal Obligations: We may disclose information to comply with legal requirements or protect rights, property, or safety.
- Aggregated/Anonymized Data: We may share anonymized data that cannot identify you.
7. International Data Transfers
When you access our website or use our Services, your personal data may be transferred to and processed in countries outside your jurisdiction, including the United States. This may involve either the direct provision of personal data to us or transfers by us or third parties acting on our behalf. Where such transfers occur we use the following safeguards:
- Adequacy Decisions: Where applicable, we rely on adequacy decisions issued by the European Commission pursuant to Article 45 of the GDPR (or equivalent UK decisions) which confirm that certain third countries offer an adequate level of data protection.
- Standard Contractual Clauses (SCCs): For transfers to jurisdictions that do not benefit from an adequacy decision, we rely on European Commission’s SCCs (or their UK/Swiss equivalents) in respective data protection agreements with customers, affiliates, and subprocessors where applicable.
- EU-U.S. Data Privacy Framework: The EU-U.S. Data Privacy Framework was designed by the U.S. Department of Commerce and the European Commission to ensure adequate protection for personal data transferred to a company participating in the EU-U.S. Data Privacy Framework. If we transfer any personal data about you from the EEA to a third party outside the EEA who is participating in the EU-U.S. Data Privacy Framework, we may rely on their participation in the Framework to ensure adequate protection for personal data so transferred.
8. Data Retention
We retain personal information only as long as necessary for the purposes described in this Policy, or as required by law.
The criteria used to determine the period of time for which personal data about you will be retained varies depending on the legal basis under which we process your personal data:
- Contract: Where we are processing personal data based on contract, we generally will retain the information for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship.
- Legitimate Interest: Where we are processing personal data based on legitimate interests, we generally will retain the information for a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of data subjects.
- Vital Interest: Where we are processing personal data based on vital interests, we generally will retain the information for the period of time necessary to protect the vital interests of the relevant person plus some additional limited period of time that represents any applicable statute of limitations for legal claims that could arise out of the related events.
- Public Interest: Where we are processing personal data to perform tasks carried out in the public interest or in the exercise of official authority vested in us, we generally will retain the information for a reasonable period of time based on the public interest / official authority, taking into account any obligations we may have to retain the information for a longer period of time.
- Legal Obligation: Where we are processing personal data based on a legal obligation, we generally will retain the information for the period of time necessary to fulfill the legal obligation plus some additional limited period of time that represents the statute of limitations for legal claims that could arise from the legal obligation.
- Consent: Where we are processing personal data based on your consent, we generally will retain the information for the period of time necessary to fulfill the purposes for which you have provided your consent.
In certain circumstances, we may need to apply a “legal hold” that retains information beyond our typical retention period where we face threat of legal claim. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved. In all cases, in addition to the purposes and legal bases identified above, we consider the amount, nature and sensitivity of personal data, as well as the potential risk of harm from unauthorized use or disclosure of personal data, in determining the relevant retention period.
Once retention of the personal data is no longer reasonably necessary for the purposes outlined above, we will either delete or deidentify the personal data or, if that is not possible (for example, because personal data has been stored in backup archives), we will securely store the personal data and isolate it from further active processing until deletion or deidentification is possible.
9. Security Measures
We use reasonable and appropriate physical, technical, and administrative safeguards designed to prevent unauthorized use, access, loss, misuse, alteration, or destruction of your personal information.
However, despite these controls, we cannot completely ensure or warrant the security of your personal data. For more details, see our Trust Center.
10. Cookies and Tracking Technologies
We use cookies and similar technologies to collect information about your interactions with our websites and services. Types include:
- Strictly Necessary Cookies (Always Active): Enable basic website functionality.
- Marketing Cookies: Deliver advertising that is more relevant to you and your interests.
- Personalization Cookies: These cookies allow our website to remember the choices you make (such as your user name, language, or the region you are in).
- Analytics Cookies: Help us understand how our website performs, how visitors interact with the site, and whether there may be technical issues.
You can manage your cookie preferences via our cookie banner, browser settings or website preferences which allow you to update the cookie preferences.
11. Your Rights and Choices
Where applicable, and in line with legal requirements, we aim to be transparent about how we use your personal information so you can make informed choices. You can set your preferences during data collection and update them at any time by reaching out to us.
- Marketing Emails – if you’d prefer not to receive marketing emails from us, you can unsubscribe using the link included in those emails, or contact us directly at privacy@ultralytics.com.
- Ultralytics HUB Account Information - to deactivate your account or request deletion of associated personal data, please contact us at privacy@ultralytics.com.
12. Supplemental Notice for EEA, UK, and Switzerland Residents
If you’re located in the European Economic Area (EEA), UK and Switzerland, we process your personal data only when we have a valid legal basis under applicable data protection laws. The legal basis we rely on depends on how you interact with our Services. For a detailed description of how we collect, use, disclose, and otherwise process personal data, please read our Privacy Policy.
Controller Details and Privacy Contacts
If you live in the European Economic Area (EEA) or Switzerland, Ultralytics AI Spain, S.L., with its registered office at Carrera de San Jerónimo, 15, Madrid 28014, Spain, is the controller responsible for the processing of your Personal Data.
If you live in the UK, Ultralytics Ltd, with its registered office at 8 Devonshire Square London, England EC2M 4YJ, is the controller responsible for the processing of your Personal Data.
You may contact our Data Protection Officer for the EEA, UK, and Switzerland at dpo@ultralytics.com.
Additional Questions or Complaints
If you have a concern about our processing of personal data, you have the right to lodge a complaint with the Data Protection Authority where you reside, where you work, or where an alleged violation of the law has occurred. Contact details for applicable Data Protection Authorities can be found using the links below:
We would, however, appreciate the chance to handle your concerns directly prior to a complaint being filed, so please contact us directly at privacy@ultralytics.com if you have any concerns.
Purposes and Legal Bases of Processing
When we process your personal data, we will do so in reliance on the following lawful bases:
- Contract: Where the processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract with you. This applies to any processing where you sign a contract with us, for example when you become our customer or deliver services to us as a vendor or contractor. This may also include processing necessary for the performance of our Terms of Use.
- Legitimate Interest: Where the processing is necessary for the purposes of a legitimate interest that are not overridden by your interests or fundamental rights and freedoms (e.g., to provide, maintain, and improve our products and services, conduct data analytics, and communicate with you regarding our services).
- Vital Interest: Where the processing is necessary to protect the vital interests of you or another person (e.g., to protect your physical safety).
- Public Interest: Where the processing is necessary to perform tasks carried out in the public interest or in the exercise of official authority vested in us (e.g., to cooperate in an ongoing law enforcement investigation).
- Legal Obligation: Where the processing is necessary to comply with our legal obligations (e.g., to maintain a record of your personal data to comply with laws and regulations related to bookkeeping, accounting, taxation, and employment).
- Consent: Where we have your consent for the processing (e.g., when you opt in to receive marketing communications from us). When consent is the legal basis for our processing of your personal data, you may withdraw your consent at any time.
You are not required to provide personal data to us, but we do rely on your personal data to provide certain of our products and services. For example, we need your personal data to facilitate and deliver an order that you request. If you choose not to provide us with your personal data, we may not be able to provide you with a service or product you request. We will inform you at the point that we collect personal data from you if the provision of certain personal data is mandatory or optional for receipt of our products and services.
If you have questions about the legal bases we rely on, feel free to reach out via the contact details listed in the “Contact Us” section or review the “Your Choices and Rights” section for more information.
Automated Decision-Making and Profiling
We do not conduct automated processing of personal data, including profiling, for the purposes of making decisions about you.
13. Supplemental Notice for United States Residents
We collect and disclose the following categories of personal information for business purposes:
- Identifiers/contact information
- Commercial information
- Internet or network activity
- Geolocation data
- Inferences drawn
- Account log-in credentials
You have the right to:
- Know what personal information we collect and how we use it
- Request access, correction, or deletion of your information
- Opt out of the sale of your information
- Non-discriminatory treatment for exercising your rights
To exercise your rights, contact us at privacy@ultralytics.com.
14. Children’s Privacy
Our Services are not directed to, and we do not intend to, or knowingly, collect or solicit personal data from children under the age of 13. If an individual is under the age of 13, they should not use our services or otherwise provide us with any personal data either directly or by other means. If a child under the age of 13 has provided personal data to us, we encourage the child’s parent or guardian to contact us to request that we remove the personal data from our systems. If we learn that any personal data we collect has been provided by a child under the age of 13, we will promptly delete that personal data.
15. Third-Party Services and Links
Our Services may include links to third-party services, applications, and websites with their own privacy policies. We are not responsible for the privacy practices of these entities.
16. Changes to This Policy
We may periodically update this Privacy Policy to reflect new services, features, or regulatory requirements. Significant changes will be communicated through our services or direct notification to users.
17. Contact Us
If you have any questions or complaints about this Privacy Policy or our data handling practices, please contact us at privacy@ultralytics.com. You can contact our Data Protection Officer at dpo@ultralytics.com in matters related to Personal Data processing. You can also contact us at the following mail address:
Ultralytics Inc.
5001 Judicial Way
Frederick, MD 21703
United States