This Privacy Policy explains how Taratxt ("we", "us") collects, uses, and protects information when you use our software, APIs, and website.
We strive to comply with applicable privacy laws, including the Philippine Data Privacy Act of 2012 and—where applicable—GDPR and similar regulations.
1. Scope
- Our website and dashboard
- Our APIs and webhooks
- Our support channels and documentation
2. Information We Collect
2.1 Account & Billing
- Account data: name, email, password hash, organization.
- Billing data: plan, invoices, payment status (processed by our payment provider; we do not store full card details).
2.2 Service / Operational Data
- Device data: device IDs, last seen timestamps, capabilities, status.
- Message metadata: direction, to/from numbers, timestamps, delivery status, error codes, and event logs.
- Message content: when needed for delivery and content-safety filtering. We retain full content only transiently for decisioning/troubleshooting, then purge per retention settings (default 7 days), unless longer retention is required by law or you configure otherwise.
2.3 Technical Data
- Logs: IP addresses, user agent, API usage metrics, diagnostic events.
- Cookies & similar: essential cookies for login/session; optional analytics with your consent where required.
2.4 Communications
Emails and messages you send to support/billing/abuse, including attachments.
3. How We Use Information
- Provide, maintain, and improve the Service
- Authenticate users; secure accounts and devices
- Deliver messages and operate webhooks
- Automated content-safety filtering to detect spam, scams, malware, and other prohibited content (AUP)
- Billing, invoicing, and account management
- Troubleshooting, analytics, and abuse prevention
- Legal compliance and enforcing our Terms/AUP
4. Legal Bases (where applicable)
- Contract: to provide the Service you requested.
- Legitimate interests: security, fraud prevention, product improvement.
- Consent: where required (e.g., non-essential cookies/marketing).
- Legal obligation: to comply with laws, tax, and regulatory requests.
5. Data Sharing
We may share limited data with:
- Payment processor (e.g., Lemon Squeezy) for billing
- Hosting, storage, and email providers to operate the Service
- Analytics/monitoring vendors (pseudonymized where feasible)
- Law enforcement/regulators when legally required
- Successors/affiliates in the event of restructuring or acquisition (with equivalent protections)
We do not sell personal data.
6. International Transfers
Where data is transferred internationally, we use appropriate safeguards (e.g., contractual clauses) as required by law.
7. Retention
- Message content: default 7 days (configurable per device/tenant), then deleted or irreversibly anonymized.
- Message metadata & logs: retained for a reasonable period for audit, security, and accounting (typically 30–180 days), unless required longer by law.
- Account/billing: retained as long as your account is active and as required by tax/accounting laws.
8. Security
We implement technical and organizational measures: TLS encryption, access controls, token rotation, least-privilege, and audit logging. No method is 100% secure; report security issues to security@taratxt.com.
9. Your Rights
Depending on your jurisdiction, you may have rights to:
- Access and obtain a copy of your personal data
- Correct or update inaccurate data
- Delete data (subject to legal/operational limits)
- Object to or restrict certain processing
- Data portability
Contact privacy@taratxt.com to exercise rights. We may verify your identity before fulfilling requests. If you are in the Philippines, you may also contact the National Privacy Commission. If you are in the EEA/UK, you may contact your supervisory authority.
10. Cookies
We use necessary cookies for authentication and security. Where required, we request consent for analytics or preferences cookies. You can adjust preferences in your browser and/or our cookie banner (when present).
11. Children’s Data
The Service is not intended for children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect data from children. If you believe a child has provided data, contact us to remove it.
12. Third-Party Links
Our site may link to third-party sites or services. Their privacy practices are governed by their own policies.
13. Changes to this Policy
We may update this Policy to reflect product, legal, or operational changes. We will post the updated date and, if changes are material, provide additional notice. Continued use after the effective date constitutes acceptance.