Key Privacy Principles
This summary highlights important aspects of our privacy practices but does not replace the complete policy.
| Topic | Summary |
|---|---|
| Email Address | RequiredMandatory for authentication |
| Personal Details | OptionalName, gender, birthday |
| Payment Info | ConditionalOnly for paid plans via Polar.sh |
| Data Selling | NeverWe do NOT sell your data |
Overview
This Privacy Policy ("Policy") describes how Tuturuuu JSC (Công ty Cổ phần Tuturuuu, Tax ID: 0318898402), a company incorporated in Vietnam, collects, uses, and protects your personal information.
This Policy applies to all users of our services, including our website, applications, and related services (collectively, the "Services").
As an open-source platform, our data handling practices are publicly auditable through our GitHub repository.
Important: Artificial intelligence (AI) features are only available to users 18 years of age or older.
Information Collection
We collect the following categories of information:
-
Required Information
- Email address (mandatory for authentication and platform access)
-
Optional Information
- Name and contact details (provided at user discretion)
- Gender and birthday (when voluntarily provided)
-
Usage Information
- Device and browser information
- IP address and approximate location
- Service usage patterns and performance metrics
-
User-Generated Content
- Documents, files, and workspace data
- Communications and feedback
How We Use Your Information
We process your information for the following purposes:
-
Service Provision
- Account management and authentication
- Service delivery and customization
- Technical support and maintenance
-
Service Improvement
- Analytics via Vercel Analytics (privacy-friendly, no personal data tracking)
- Performance optimization and product development
-
Communication
- Service updates and important notifications
- Support responses
- Marketing communications (with your explicit consent only)
Third-Party Services & Data Sharing
We Do NOT Sell Your Data
Security Measures
We implement comprehensive security measures to protect your information:
-
Technical Controls
- Industry-standard encryption protocols
- Secure data transmission (SSL/TLS)
- Access control and authentication systems
- Regular security assessments and penetration testing
-
Organizational Controls
- Data access policies and least-privilege principles
- Incident response procedures
-
Open-Source Advantage
- Our codebase is publicly auditable — the community can review security implementations
- Report security concerns to security@tuturuuu.com
We continuously monitor and update our security measures to protect against emerging threats.
Data Retention
We retain your personal data according to the following principles:
- Active Accounts — data is retained for as long as your account is active and needed to provide Services
- Account Deletion — upon account removal, personal data is deleted within 30 days, except where retention is legally required
- Legal Requirements — certain data may be retained longer to comply with legal obligations, resolve disputes, or enforce agreements
- Anonymized Data — aggregated, anonymized data may be retained indefinitely for analytics and service improvement
You can request data deletion at any time by contacting us or through your account settings.
User Rights
You have the following rights regarding your personal information:
- Access — review the personal information we hold about you
- Correction — update or correct inaccurate information
- Deletion — request deletion of your account and associated data
- Export — receive a copy of your data in a portable format
- Withdraw Consent — opt out of non-essential data processing
- Lodge Complaints — contact relevant data protection authorities
How to exercise your rights: Contact our Data Protection team at privacy@tuturuuu.com or use the data management tools in your account settings.
For more information about how we expect data to be handled on our platform, see our Community Guidelines and Acceptable Use Policy.
Minor Protection
Our commitment to protecting minors includes:
-
Age Restrictions
- General services require users to be at least 13 years old
- AI features are strictly limited to users 18 years and older
- Parental consent is required for users aged 13–18 for non-AI features
-
Data Protection
- Immediate deletion of data if we identify it belongs to a minor under 13
- Enhanced privacy controls for users aged 13–18
- Age verification measures during registration
If you believe we have inadvertently collected information from a child under 13, or if a minor under 18 has accessed AI features, please contact us immediately at privacy@tuturuuu.com.
International Data Transfer
Tuturuuu JSC is based in Vietnam. Your data may be transferred to and processed in other jurisdictions through our service providers:
- Hosting — Vercel (global edge network)
- Database — Supabase (cloud infrastructure)
- AI Processing — various providers as listed in the Third-Party Services section
We ensure appropriate safeguards are in place for all international data transfers, including contractual protections with our service providers.
Payment Processing
Payment information is handled as follows:
- Collection — payment information is only collected when you subscribe to a paid plan
- Processing — all payment credentials are processed and stored exclusively by Polar.sh
- Data Minimization — Tuturuuu does not directly store payment card information in our systems
- History — payment history is retained for legal compliance and dispute resolution
No payment information is required for free accounts.
Open Source Transparency
As a fully open-source platform, we offer an additional layer of transparency:
- Source Code — our entire codebase is available at github.com/tutur3u/platform
- Security Auditing — the community can review how we handle data at the code level
- Responsible Disclosure — report security vulnerabilities privately to security@tuturuuu.com
- Contribution Reviews — all code contributions are reviewed by our internal team before being merged to ensure security and privacy standards are maintained
Policy Updates
This Privacy Policy may be updated periodically:
- Notification — changes will be announced on our website
- Version Control — previous versions are tracked with effective dates
- Acceptance — continued use of the Services after changes constitutes acceptance
Material changes will be highlighted and take effect after a reasonable notice period.
Contact Information
For privacy-related inquiries:
Data Protection Team Email: privacy@tuturuuu.com Response Time: Within 48 hours
Security Concerns Email: security@tuturuuu.com
Bug Reports & Feature Requests GitHub: github.com/tutur3u/platform/issues
For immediate assistance with privacy concerns, please include "PRIVACY" in the subject line.
GDPR & International Compliance
Tuturuuu JSC is committed to compliance with international data protection regulations, including GDPR, CCPA, and other applicable laws. We process personal data lawfully, fairly, and transparently. For EU/UK users, we serve as a data controller for account information and a processor for content you create. As an open-source platform, our data handling practices are publicly auditable.
This Privacy Policy outlines our commitment to protecting your personal information. For questions or concerns, please contact our Data Protection team at privacy@tuturuuu.com.
