Privacy Policy

Last updated: October 14, 2025

1. General Information

This Privacy Policy applies to the Tuluko.ai platform (hereinafter the “Platform”, “We”), owned and operated by Tuluko Group OÜ (registry code: 16754706), registered at Harju maakond, Tallinn, Kesklinna linnaosa, Tuukri tn 19-315, 10120, Estonia.

We respect your privacy and handle your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

By using Tuluko.ai, you agree to the terms of this Privacy Policy and our Terms of Service.

2. What Data We Collect

We collect only the data necessary to operate and improve our services.

Category	Description
Account Data	Email address, password (encrypted), name (optional), account ID, and authentication data.
Usage Data	Logs of AI agent executions, prompts, generated outputs, and workflow usage for service improvement and debugging.
Content Data	Files, text, and other materials uploaded or generated via the Platform.
Payment Data	Payment history, transaction IDs, and billing details processed exclusively via Stripe. Tuluko.ai does not store or access credit card numbers, expiration dates, or CVV codes.
Analytics Data	Cookies, IP address, device and browser information, and general usage metrics. Used for performance analytics and fraud prevention.
Communication Data	Support requests, feedback, and other correspondence with our team.

3. How We Use Your Data

We use collected data to:

Operate and maintain the Tuluko.ai Platform;
Enable AI content generation and credit-based billing;
Process secure payments via Stripe;
Ensure platform security, stability, and fraud protection;
Communicate important product updates or service changes;
Comply with legal obligations (tax, audit, and regulatory requirements).

4. Payments via Stripe

All payments are processed by Stripe, Inc., which meets the PCI DSS Level 1 security standard — the highest level of certification in the payments industry.
Tuluko.ai does not have access to or store your card number, expiration date, or CVV.
Stripe independently handles all secure payment information in accordance with its Privacy Policy.

5. Data Storage and Security

All user data is stored securely on Google Cloud and Vertex AI infrastructure (EU region, multi-zone backup).
We use strong encryption standards:

Data in transit is protected using TLS 1.2+;
Data at rest is encrypted with AES-256;
Access to data is restricted to authorized personnel under strict internal policies.

6. Data Retention and Deletion

You have full control over your data.
You may at any time:

Delete your entire account and all related information (projects, agents, content, and history);
Request export or erasure of specific data under GDPR Article 17 (Right to Erasure);
Once deleted, your data cannot be restored.

We retain data only as long as necessary to provide services and comply with applicable laws.

7. Cookies and Tracking

We use cookies and similar technologies to:

Authenticate users and maintain active sessions;
Analyze product usage and improve user experience;
Detect security threats or unauthorized access.

You may disable cookies in your browser, but some features of the Platform may not function correctly as a result.

We never sell, rent, or trade personal data.
We may share limited data only with trusted service providers who help us operate the Platform:

Partner	Purpose	Data Shared
Stripe	Payment processing	Billing and transaction details
Google Cloud / Vertex AI	Hosting and computation	Encrypted storage and model processing

All partners comply with GDPR and maintain their own data protection measures and confidentiality agreements.

9. Legal Basis for Processing

We process personal data under the following legal bases (per GDPR Articles 6(1)(a)-(f)):

Consent – when you create an account or agree to cookies;
Contract – when processing payments or providing services;
Legal Obligation – to comply with taxation or regulatory requirements;
Legitimate Interest – to improve and secure the Platform.

10. International Data Transfers

Data is primarily stored within the European Union.
If data is transferred outside the EU (e.g., for Stripe operations), such transfers are protected under the EU Standard Contractual Clauses (SCCs) approved by the European Commission.

11. Children’s Privacy

The Tuluko.ai Platform is not intended for individuals under 16 years of age.
We do not knowingly collect personal data from minors. If you believe that a child has provided us with their data, please contact us immediately.

12. Updates to This Policy

We may update this Privacy Policy periodically to reflect new features, regulations, or technologies.
The latest version is always available at https://tuluko.ai/privacy-policy.
We will notify users of significant changes via email or in-app notification.

13. Contact

If you have any questions regarding this Privacy Policy or data protection at Tuluko.ai, please contact:
📩 [email protected]