Privacy Policy

tuagencia is operated by Blue King Code LLC, a Delaware limited liability company ("tuagencia," "we," "us"). This Privacy Policy explains how we collect, use, share, and protect information when you use our website, applications, and APIs (collectively, the "Service").

For any privacy-related question, contact us at hello@tuagencia.app.

2.1 Account information

When you create an account, we collect your name, email address, password (stored hashed via Supabase Auth), organization name, and country. If you connect with a third-party provider, we receive basic profile data per your authorization.

2.2 Business configuration data

You provide content used to configure your AI agents: bot personas, knowledge documents, business rules, contact lists, and templates. We process this data to operate the Service for you.

2.3 End-customer data routed through your bots

When your end-customers message your bots through connected channels (WhatsApp, Facebook Messenger, Instagram Direct, web chat, email), we receive and process those messages, attachments, sender identifiers (phone numbers, page-scoped IDs), and timestamps on your behalf. You are the data controller for end-customer data; we are the data processor.

2.4 Connected platform data

When you connect a Meta platform asset (Facebook Page, Instagram Business account), we receive and store: page identifier, page access token (encrypted), connected Instagram Business account identifier, and page metadata necessary to route messages. We do not access content beyond what is needed to provide the messaging functionality you enabled.

2.5 Payment data

Payments are processed by Stripe. We receive limited billing metadata (subscription status, plan, country, last 4 digits) but never see or store full card numbers.

2.6 Usage and diagnostic data

We collect logs (timestamps, IP addresses, user agents, error traces) and aggregate usage metrics (API calls, message volumes, latency) to operate and improve the Service.

• Operate, maintain, and secure the Service.
• Route messages between your end-customers and your AI agents.
• Generate AI responses using language model providers (see §5).
• Process payments and manage subscriptions.
• Provide customer support and respond to inquiries.
• Detect and prevent abuse, fraud, and policy violations.
• Comply with legal obligations.
• Improve the Service through aggregated, de-identified analytics.

We do not sell your data, share it with third parties for advertising, or use end-customer message content to train third-party models without your explicit instruction.

We process data on the following bases: (a) performance of our contract with you; (b) your consent where required; (c) our legitimate interests in operating and securing the Service; and (d) compliance with legal obligations.

We use the following sub-processors to operate the Service:

• Supabase (US) — database, authentication, file storage.
• Vercel (US) — application hosting and edge functions.
• Stripe (US) — payment processing.
• Kapso — WhatsApp Business Solution Provider proxy.
• Meta Platforms, Inc. (US) — when you connect Facebook Pages or Instagram Business accounts.
• OpenAI (US) — language model inference and embeddings.
• Anthropic (US) — language model inference, used optionally.
• Resend (US) — transactional email delivery.

Each sub-processor processes data under written terms requiring confidentiality and security commensurate with this Policy. We may update this list as the Service evolves; material changes will be notified per §13.

When you connect a Facebook Page or Instagram Business account, we receive, store, and process Meta platform data exclusively to provide the messaging functionality you enabled.

• Page access tokens are stored encrypted at rest.
• We comply with the Meta Platform Terms, Developer Policies, and applicable channel policies (Messenger Platform Policy, Instagram Platform Policy).
• We do not use Meta platform data for advertising, sell it, or transfer it outside the sub-processors listed in §5.
• You can revoke access at any time from your Facebook Business Settings or from within tuagencia. Upon disconnection or token revocation, we revoke our copy of the token immediately and delete associated platform data within 30 days, except where retention is required by law.
• If you submit a deletion request (see §9 and our Data Deletion page), we extend the process to all Meta platform data we hold for you.

We operate from the United States and Latin America. Your data may be processed in the United States and in regions where our sub-processors operate. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

• Active account data: retained while your account is active.
• After account closure: deleted within 90 days, except data we are legally required to retain.
• Billing records: retained 7 years to comply with U.S. tax law.
• Conversation history with end-customers: retained while your account is active; you can shorten this via in-app settings when available.
• Logs: retained up to 90 days for operational and security purposes.

Subject to applicable law, you may:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion (see the Data Deletion page).
• Request export of your data in a machine-readable format.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with your local data protection authority.

To exercise these rights, write to hello@tuagencia.app. We respond within 30 days.

We use industry-standard safeguards including TLS in transit, encryption at rest, row-level security in our database, webhook signature verification, and least-privilege access controls. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.

The Service is not directed to individuals under 18. We do not knowingly collect personal data from children. If you believe a child has provided data to us, contact hello@tuagencia.app and we will delete it.

We use a minimal set of cookies for authentication, locale preferences, and security (anti-CSRF). We do not use advertising or cross-site tracking cookies.

We may update this Policy from time to time. The effective date above reflects the latest revision. If we make material changes, we will notify you by email or in-app notice before they take effect.

Blue King Code LLC, dba tuagencia
hello@tuagencia.app