Welcome to Tuffin (“we,” “our,” or “us”). We value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share information when you use our website, mobile applications, and other services that reference or link to this policy (“Services”).

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use our Services.

a. Information You Provide

• Account Registration: To use Tuffin, you may need to create an account by providing information such as your phone number, email address, and other authentication details.
• Communication: You may provide us with additional information when you contact our support team or otherwise communicate with us.

b. Information We Collect Automatically

• Usage Data: We may collect information about how you interact with our Services, such as pages visited, features used, and session duration.
• Device Information: We may collect information about your device (e.g., mobile device, browser type, operating system, unique device identifiers) used to access our Services.

c. Information from Third Parties: Plaid

We integrate with Plaid to securely access your financial transaction data. We only use Plaid toread and retrieve historical transactions from linked financial accounts. We do not store your bank login credentials. Tuffin only stores the transaction data provided by Plaid that is necessary to offer our financial analysis services.

We may use the information we collect for various purposes, including:

• Providing and Improving Our Services: We use your information to operate, maintain, and enhance Tuffin's features, including personalized insights from your transaction data.
• Account Management and Authentication: We use your email or phone number to create and secure your account, employing multiple layers of authentication, such as JWT tokens and phone/email verification.
• Customer Support: We use your contact information to respond to inquiries, provide assistance, and troubleshoot issues you might experience while using Tuffin.
• Research and Analytics: We analyze usage data and historical transaction data to improve our Services, develop new features, and optimize the user experience.
• Legal Compliance: We may use your information to comply with applicable laws, regulations, or legal obligations.

We only share your information in the following circumstances:

• Service Providers: We may share your information with trusted third-party service providers who perform functions on our behalf (such as cloud hosting). These providers are required to handle your data in accordance with this Privacy Policy and applicable data protection laws.
• Compliance with Laws: We may disclose your information if we believe in good faith that such disclosure is necessary to comply with a legal obligation, protect our rights or property, prevent fraud, or protect the safety of our users.
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred. We will notify you via email and/or a prominent notice on our Services if such a transfer occurs.
• With Your Consent: We may share your information for other purposes when you have provided your explicit consent.

• Data Security: We maintain administrative, technical, and physical safeguards to protect your personal data from unauthorized access, use, modification, and disclosure. This includes the use of secure servers, encryption of data transmissions, and strict access controls.
• Authentication Layers: We use multiple layers of authentication, including JWT tokens, phone number verification, and email verification, to ensure that only authorized users can access their data.
• Data Retention: We retain historical transaction data from Plaid as long as your account remains active or as needed to provide you with our Services. If you wish to delete your data, please see the “Your Rights” section below for more information.

We may use cookies, web beacons, and similar technologies to enhance your experience, analyze user activity, and improve our Services. You can control the use of cookies by adjusting your browser settings. However, blocking cookies may impair certain features and functionality of our Services.

Depending on your jurisdiction, you may have certain rights regarding your personal data, such as the right to access, correct, or delete your information. To exercise these rights or request more information, please contact us using the information provided in the “Contact Us” section.

Tuffin is not intended for individuals under the age of 13 (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal information from children without parental consent. If you believe your child has provided us with personal data, please contact us, and we will take steps to delete that information promptly.

Tuffin is based in the United States. If you are accessing our Services from outside the U.S., please be aware that your information may be transferred to, stored, and processed in the U.S. or other countries where we or our service providers operate. By using our Services, you consent to these transfers.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we do, we will revise the “Last Updated” date at the top of this page. We encourage you to review this Privacy Policy periodically to stay informed about our data practices.

Tuffin uses SMS messaging for account authentication, verification, and referral purposes. By providing your phone number and consenting to receive SMS messages, you acknowledge and agree to the terms outlined below.

a. SMS Usage

• Phone Verification: We use SMS to send one-time verification codes (OTP) to authenticate your identity during sign-up, login, or other security-related processes.
• Referral Messages: If you choose to invite a contact to Tuffin, we may send an SMS message on your behalf. The message content is pre-set and cannot be modified by the sender.

b. Consent and Opt-Out

By entering your phone number and completing verification, you consent to receive SMS messages from Tuffin for authentication purposes. If you receive a referral message, it was sent at the request of an existing Tuffin user.

• Opt-Out: You can opt out of receiving SMS messages at any time by replying STOP. You will no longer receive messages from Tuffin unless you re-enroll.
• Help & Support: If you need assistance, reply HELP for support.

c. Data Protection and Third-Party Sharing

• We do not share your SMS opt-in data with third parties except as required for delivering SMS messages through Telnyx or other messaging service providers.
• We will not share your SMS opt-in with any third party for purposes unrelated to providing Tuffin's messaging services.
• Telnyx and other messaging providers may process your phone number strictly for the purpose of delivering messages securely and in compliance with carrier regulations.

d. Message and Data Rates

Standard message and data rates may apply depending on your mobile carrier. Tuffin is not responsible for any charges incurred from receiving SMS messages.

e. Changes to SMS Policy

We may update our SMS messaging practices and this policy to comply with evolving regulations. Any changes will be reflected in this section with an updated "Last Updated" date.

If you have any questions about this Privacy Policy, or if you would like to exercise any applicable rights regarding your personal data, please contact us at:

Email: support@tuffin.app