Privacy Policy

Contact and onboarding data: name, email, company, role, jurisdiction, and declared operating model.

Operational telemetry: service events, audit records, and configuration metadata required for platform reliability and compliance.

We process data to deliver, secure, and improve the service, including fraud prevention and policy enforcement.

We also use data for user support, issue response, and controlled product communications.

Processing is limited to service delivery, legitimate security interests, contractual operation, and legal obligations where applicable.

Tuplar acts as controller for account, security, audit, billing, and platform operations data. Tuplar acts as processor only where agreed in a signed enterprise DPA.

We do not sell personal data.

Data is retained only as long as necessary for product operation, security, auditability, and legal compliance.

Default retention windows: account and operational records (active relationship + 24 months), security logs (12 to 24 months), support records (24 months), and custodial audit trails (up to 7 years where custodial mode applies).

We apply technical and organizational controls designed to reduce unauthorized access and data misuse risk.

No security program can guarantee absolute protection; users remain responsible for endpoint and credential hygiene.

We may rely on infrastructure and service providers acting under contractual controls.

Where required, subprocessor details are documented in applicable contractual materials, including DPA workflows.

Cross-border processing may occur based on customer location, vendor topology, and legal requirements.

Where required, international transfers are performed using permitted legal mechanisms, including contractual safeguards and model clauses under applicable law.

Hosting provider and processing regions are documented in Tuplar security documentation and may be updated from time to time.

Subject to applicable law, users may request access, correction, deletion, restriction, portability, or objection.

Requests can be submitted through the contact channel below and will be handled according to legal timelines. For Argentina Law 25.326 requests, Tuplar targets 10 calendar days for access requests and 5 business days for rectification, update, or deletion requests, where applicable.

Service operations are based in Neuquén, Argentina. Contracting legal entity details (legal name, tax ID, and legal address) are provided in the applicable Order Form or Subscription before custodial activation.

Custodial mode is enabled only after applicable compliance onboarding and contractual acceptance for the customer jurisdiction.

For privacy requests and data protection inquiries, contact privacy@tuplar.net.