Privacy Policy

1. Introduction

Tuco.ai ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website tuco.ai, use our services, or interact with us. Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access or use our services.

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you provide directly to us, including:

• Account Information: Name, email address, phone number, company name, and billing information when you create an account or subscribe to our services.
• Contact Information: Email addresses, phone numbers, and other contact details when you communicate with us, request support, or subscribe to our newsletter.
• Payment Information: Credit card details, billing addresses, and payment history processed through our third-party payment processors.
• Content and Messages: Messages, content, and data you send through our iMessage automation platform, including customer contact information and message content.
• Integration Data: Data from third-party services you connect to our platform (e.g., Shopify, CRM systems, email platforms).

2.2 Information We Collect Automatically

When you use our services, we automatically collect certain information, including:

• Usage Data: Information about how you interact with our services, including pages visited, features used, time spent, and actions taken.
• Device Information: IP address, browser type, operating system, device identifiers, and mobile network information.
• Log Data: Server logs, error reports, and diagnostic information.
• Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to track activity and store preferences. See our Cookie Policy for more details.

2.3 Information from Third Parties

We may receive information about you from third-party services you integrate with our platform, such as:

• E-commerce platforms (e.g., Shopify) for order and customer data
• CRM systems for contact and lead information
• Email marketing platforms for subscriber lists
• Social media platforms when you connect your accounts

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve our iMessage automation services, process transactions, and deliver customer support.
• Communication: To send you service-related notifications, updates, security alerts, and administrative messages.
• Marketing: To send you promotional communications, newsletters, and marketing materials (with your consent, where required by law).
• Analytics: To analyze usage patterns, monitor performance, and improve our services and user experience.
• Security: To detect, prevent, and address fraud, security breaches, and other technical issues.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and enforce our Terms of Service.
• Business Operations: To manage our business operations, conduct research, and develop new features and services.

4. How We Share Your Information

We may share your information in the following circumstances:

• Service Providers: We share information with third-party service providers who perform services on our behalf, such as payment processing, data storage, analytics, and customer support.
• Business Transfers: In connection with any merger, sale of assets, or acquisition, your information may be transferred to the acquiring entity.
• Legal Requirements: We may disclose information if required by law, court order, or government regulation, or to protect our rights, property, or safety.
• With Your Consent: We may share information with third parties when you explicitly consent to such sharing.
• Aggregated Data: We may share aggregated, anonymized data that cannot identify you individually for research, analytics, or marketing purposes.

We do not sell your personal information to third parties for their marketing purposes.

5. Data Security

We implement appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and vulnerability testing
• Access controls and authentication mechanisms
• Secure data centers and infrastructure
• Employee training on data protection

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Ownership, Retention & Confidentiality

6.1 Data Ownership

You retain full ownership of all contact data, reply data, and other content you provide or generate through our services. Upon account closure or at your request, we will export your data to a portable format (e.g., CSV) and/or push it to your connected CRM or other designated system, subject to technical feasibility.

6.2 Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. After the end of an engagement or account closure, we may retain data for a limited period (e.g., 30 days) for reporting and operational purposes, after which we will securely delete or anonymize it unless you request extended retention in writing.

You may request deletion of your information at any time by contacting us at privacy@tuco.ai or following the instructions on our Data Deletion page.

6.3 Confidentiality

We treat your proprietary information as confidential. We do not disclose your contact lists, message content, business strategies, or pricing to third parties except as necessary to provide the services, with your consent, or as required by law. We expect the same standard of confidentiality from you regarding our technical infrastructure and proprietary information.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information, including:

• Access: Request access to the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information (subject to legal obligations).
• Portability: Request a copy of your data in a portable format.
• Objection: Object to processing of your information for certain purposes.
• Restriction: Request restriction of processing in certain circumstances.
• Withdraw Consent: Withdraw consent where processing is based on consent.

To exercise these rights, please contact us at privacy@tuco.ai. We will respond to your request within 30 days, or as required by applicable law.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. We take appropriate safeguards to ensure your information receives adequate protection, including:

• Standard contractual clauses approved by data protection authorities
• Compliance with applicable data protection frameworks (e.g., GDPR, CCPA)
• Regular security assessments of our international operations

9. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@tuco.ai, and we will take steps to delete such information.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information about your preferences and usage patterns. You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our services.

For more information about our use of cookies, please refer to our Cookie Policy or contact us.

11. Third-Party Links

Our services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party websites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

14. Regional Privacy Rights

14.1 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete personal information, and the right to opt-out of the sale of personal information. We do not sell your personal information.

14.2 European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR). For more information, please see our GDPR page.

14.3 Canadian Privacy (CASL)

If you are in Canada, we comply with applicable Canadian privacy laws, including the Canadian Anti-Spam Legislation (CASL) where it applies to our processing. You are responsible for ensuring your own messaging and marketing activities comply with CASL and other Canadian requirements.

14.4 Messaging & A2P Compliance

Where our services involve messaging (e.g., iMessage or other channels), we process data in line with applicable messaging rules. Compliance with TCPA, A2P 10DLC, carrier guidelines, and platform terms (e.g., Apple) for your campaigns remains your responsibility; we provide tools and infrastructure to support compliant use.