Privacy Policy

1. General Provisions

This Privacy Policy ("Policy") defines the procedures for collecting, processing, storing, and protecting personal data of users of the Tutum Business SaaS platform (tutum.business).

The data controller is IE Changylov Daniyar Saparbekovich, TIN: 20111199501384, registered at: Kyrgyz Republic, Bishkek, Pervomaysky district, Orozbekova str., 2/2, apt. 60 (hereinafter — the "Operator").

By using the Platform, you consent to the processing of your personal data in accordance with this Policy.

2. Data We Collect

We collect the following categories of data:

Data you provide: first name, last name, email address, phone number, company/store name and details, payment information.

Platform interaction data: activity logs, account settings, uploaded product catalogs, customer database, and messenger conversation history.

Technical data: IP address, browser and device type, cookie data, service usage statistics.

3. Purposes of Data Processing

We process personal data for the following purposes:

— providing and supporting Platform services;

— ensuring the operation of AI assistants (processing catalogs, generating responses to customers);

— processing orders and managing point-of-sale operations;

— improving service quality and developing new features;

— issuing invoices and processing payments;

— communicating with you regarding service matters;

— complying with the laws of the Kyrgyz Republic.

4. Third-Party Sharing

We do not sell or share your personal data with third parties for marketing purposes.

Data may be shared with the following categories of recipients solely for the purpose of delivering Platform services:

— messenger providers: Meta Platforms (WhatsApp Business API, Instagram Direct API), Telegram — to facilitate messaging;

— AI model providers: OpenAI, Google, Anthropic — to process requests via AI assistants;

— hosting providers — for data storage and processing;

— payment systems — for payment processing.

All third parties are required to maintain data confidentiality in accordance with their contractual obligations.

5. Data Storage and Protection

Data is stored on secure servers with the following security measures in place:

— data encryption in transit (TLS/SSL) and at rest;

— access control at the application and database levels;

— regular backups;

— security monitoring and access logging.

Personal data is retained for the duration of your account and for 90 (ninety) days after its deletion, unless otherwise required by law.

6. End-User Data

In the course of providing Platform services, the Operator processes data of users' end customers (buyers communicating via messengers): phone numbers, names, order history, and conversation history.

The Platform user acts as the data controller for their customers' data and is responsible for obtaining the necessary consent for data processing in accordance with applicable law.

The Operator processes such data solely on behalf of the user and for the purpose of providing Platform services.

7. Cookies

The Platform uses cookies to ensure proper service functionality, save user preferences, and collect analytical data. You may disable cookies in your browser settings; however, this may affect the functionality of the Platform.

8. Your Rights

In accordance with the laws of the Kyrgyz Republic, you have the right to:

— obtain information about your personal data processed by the Operator;

— request correction of inaccurate data;

— request deletion of your personal data;

— withdraw your consent to data processing;

— receive a copy of your data in a machine-readable format.

To exercise these rights, please send a request to support@tutum.business. We will process your request within 30 (thirty) days.

9. Policy Changes

We reserve the right to update this Policy. We will notify you of material changes via email or through the Platform. The current version of the Policy is always available on this page.

10. Contact Information

For questions regarding the processing of personal data, please contact:

IE Changylov Daniyar Saparbekovich

TIN: 20111199501384

Address: Kyrgyz Republic, Bishkek, Pervomaysky district, Orozbekova str., 2/2, apt. 60

Email: support@tutum.business

Phone: +996 708 440 114