Privacy Policy

1. Introduction

This Privacy Policy describes how Tuutio ("we," "us," or "our") collects, uses, and protects your information when you use our service. By using Tuutio, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Account Information: When you create an account, we collect your name, email address, company name, and other information you provide during registration.

Payment Information: We collect payment details to process your subscription. Payment information is processed and stored by our payment processor and is not stored on our servers.

Customer Data: Information you and your users enter into the Service, including project details, client information, staff and crew details, equipment inventory, quotes, invoices, and scheduling data.

Usage Data: We automatically collect information about how you interact with the Service, including pages visited, features used, and actions taken.

Device and Log Data: We collect information such as your IP address, browser type, operating system, and access times.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process payments and send transaction-related communications
• Respond to your requests and provide customer support
• Send administrative messages, updates, and security alerts
• Analyze usage patterns to improve the Service
• Power AI-assisted features within the Service
• Comply with legal obligations

AI-Assisted Features: The Service includes optional AI-powered features that are only activated when you choose to use them. AI features do not process your data automatically in the background. We do not routinely review AI prompts or outputs. Access to such data is limited and occurs only for support, security, or legal purposes. You may opt out of AI features simply by not using them. We use third-party AI services to power these features, and we make no representations about whether those providers use data processed through their services to train or improve their models. Please review the privacy practices of our AI service providers if this is a concern.

4. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

Service Providers: We share information with third-party providers who perform services on our behalf, including payment processing, data hosting, and AI-powered features. These providers are contractually obligated to protect your information and use it only for the purposes we specify.

Legal Requirements: We may disclose information if required by law, legal process, or government request, or to protect the rights, property, or safety of Tuutio, our users, or others.

Business Transfers: If Tuutio is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

With Your Consent: We may share information for other purposes with your explicit consent.

5. Communications

Transactional Communications: We will send you emails related to your account, such as payment confirmations, service updates, policy changes, and security alerts. These communications are necessary to provide the Service and cannot be opted out of while you maintain an active account.

Marketing Communications: We may occasionally send you promotional communications about Tuutio, new features, or related offerings. You may opt out of marketing emails at any time by clicking the unsubscribe link in any such email.

6. Data Retention

We retain your account and Customer Data for as long as your account is active. Following cancellation or termination, we retain your data for 30 days to allow for reactivation or data export. After 30 days, your data is permanently deleted from our production systems.

Exceptions: Certain data may be retained beyond this period:

• Backups: Backup systems may retain copies of your data for a limited additional period as part of our disaster recovery processes.
• Billing and Tax Records: We retain transaction and billing records as required for accounting, tax compliance, and legal purposes.
• Security and Audit Logs: We may retain security logs, access records, and audit trails to investigate fraud, abuse, or security incidents, and to comply with legal obligations.
• Legal Holds: If we are required to preserve data due to litigation, legal process, or regulatory investigation, we will retain relevant data until the matter is resolved.

You may request earlier deletion of your data by contacting us, subject to these retention requirements.

7. Your Rights

Regardless of your location, you have the following rights regarding your information:

• Access: You may request a copy of the personal information we hold about you.
• Correction: You may request that we correct inaccurate or incomplete information.
• Deletion: You may request that we delete your personal information, subject to certain legal exceptions.
• Data Export: You may request an export of your Customer Data in a machine-readable format.

To exercise any of these rights, contact us at support@tuutio.com. We will respond to requests within 30 days.

Limitations: Your rights may be subject to limitations under applicable law. We may need to retain certain information for legal compliance, tax and billing records, fraud prevention, security purposes, or to enforce our agreements. Some data, such as audit logs and transactional records, may not be immediately deletable.

8. Data Security

We implement reasonable technical and organizational measures to protect your information, including:

• Encryption: Data transmitted between your browser and our servers is encrypted using HTTPS (TLS). Data stored in our database is encrypted at rest where supported by our infrastructure providers.
• Access Controls: Access to customer data is restricted to authorized personnel and systems on a need-to-know basis.
• Monitoring and Logging: We monitor our systems for security threats and maintain logs to help detect and investigate suspicious activity.
• Backups and Disaster Recovery: We perform regular automated backups with point-in-time recovery capabilities to protect against data loss.

No method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at support@tuutio.com.

Breach Notification: If we become aware of a security incident affecting your personal data, we will notify you and relevant authorities as required by applicable law.

9. Cookies and Tracking

We use cookies and similar technologies for the following purposes:

• Authentication: We use session cookies and refresh tokens to maintain your login session and keep you authenticated across the Service.
• Device Recognition: We may use device identifiers to recognize your device, improve security, and prevent unauthorized access.
• Error Monitoring: We use error monitoring services to detect, diagnose, and resolve technical issues with the Service.
• Analytics: We use analytics services to understand how users interact with the Service, including pages visited, features used, time spent, and general usage patterns.

You can control cookies through your browser settings, but disabling cookies may affect your ability to use the Service.

Where required by applicable law, we obtain consent before placing non-essential cookies on your device.

10. Account Administration and Integrations

Multi-User Accounts: Tuutio supports multiple users per account. Account administrators can access, manage, and control user permissions and Customer Data within their account. If you are a user on an account you do not own, be aware that your account administrator may be able to view your activity, restrict your access, or remove your account.

Third-Party Integrations: The Service may integrate with third-party services such as calendar applications, email providers, or other tools. When you enable an integration, we may receive data from those services and send data to them as necessary to provide the integration. Third-party services are governed by their own privacy policies, and we encourage you to review them. We are not responsible for the privacy practices of third-party services.

11. California and US State Privacy Rights

If you are a resident of California or another US state with applicable privacy laws, you may have additional rights regarding your personal information.

• Right to Know and Access: You have the right to request information about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt Out of Sale or Sharing: We do not sell your personal information or share it for cross-context behavioral advertising.
• Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.
• Sensitive Personal Information: We do not use or disclose sensitive personal information for purposes other than providing the Service.

To exercise any of these rights, contact us at support@tuutio.com.

Verification and Authorized Agents: We may need to verify your identity before processing your request. If you are a California resident, you may designate an authorized agent to make a request on your behalf. We may require the agent to provide proof of authorization and may still require you to verify your identity directly.

12. EEA, UK, and Swiss Privacy Rights

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have certain rights under the General Data Protection Regulation (GDPR) and equivalent laws.

Lawful Bases for Processing: We process your personal data based on the following lawful bases: performance of our contract with you (to provide the Service), our legitimate interests (to operate, improve, and secure the Service), compliance with legal obligations, and your consent where applicable.

Your Rights: In addition to the rights described in Section 7, you have the right to lodge a complaint with your local data protection authority.

International Data Transfers: Your data is transferred to and processed in the United States. We may rely on appropriate transfer mechanisms, such as Standard Contractual Clauses, to help ensure your data is protected in accordance with applicable law.

Data Protection Representative: We have not appointed a formal Data Protection Officer or EU/UK representative at this time. For privacy inquiries, contact us at support@tuutio.com.

13. Data Processing Roles

When you use the Service to store information about your clients, employees, or other third parties ("Customer Data"), you act as the data controller (or "business" under US privacy laws) and determine how that data is collected and used. Tuutio acts as a data processor (or "service provider") and processes Customer Data only according to your instructions and as necessary to provide the Service.

You are responsible for ensuring you have the appropriate legal basis to collect and process Customer Data, including obtaining any necessary consents from individuals whose data you store in the Service.

14. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting the updated policy on our website. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

16. Contact

If you have questions about this Privacy Policy or our data practices, contact us at support@tuutio.com.