Privacy Policy

Introduction

Welcome to Tucope. We are committed to protecting your privacy and ensuring the security of your personal and financial information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

By using Tucope, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

Information We Collect

Personal Information

We may collect the following personal information:

• Name and contact information (email address, phone number)
• Account credentials (username, password)
• Profile information (profile picture, preferences)
• Device information (device type, operating system, unique device identifiers)

Financial Information

To provide our core services, we collect:

• Transaction data (amount, date, merchant, category)
• Account balance information
• Spending patterns and financial behavior
• Budget and savings goal information
• Receipt images (when you choose to upload them)
• Virtual currency and rewards data (Gems, Diamonds, Coins earned and redeemed)
• Challenge completion and streak information

Usage Information

We automatically collect certain information about how you use Tucope:

• App usage statistics and feature interactions
• Log data (IP address, browser type, access times)
• Analytics data to improve our services
• Crash reports and performance data

How We Use Your Information

We use the collected information for the following purposes:

• Provide Core Services: Track expenses, categorize transactions, generate insights, and provide AI-powered financial recommendations
• Personalization: Customize your experience based on your spending patterns and preferences
• Communication: Send you important updates, notifications about unusual spending, and budget alerts
• Improvement: Analyze usage patterns to improve our app features and user experience
• Security: Detect and prevent fraud, unauthorized access, and other security issues
• Compliance: Comply with legal obligations and enforce our terms of service
• Rewards Management: Track and manage virtual currency (Gems, Diamonds, Coins), challenge completion, and reward redemptions
• AI Training and Model Improvement: For Free Tier users, your AI conversation inputs (excluding passwords and account credentials) may be shared with third-party AI providers like OpenAI for analytics and model training purposes. Paid subscribers have the option to opt-out of this data sharing.

Free Tier vs Paid Tier: Data Usage Differences

How your data is used depends on your subscription tier:

Free Tier Users

To provide AI-powered features at no cost, we participate in model improvement programs with third-party providers like OpenAI. By using the Free Tier, you explicitly consent to the following:

• Your AI conversation inputs and financial queries may be shared with OpenAI for analytics and model training purposes
• This helps subsidize the cost of providing free AI features to you
• Account credentials, passwords, and payment information are never shared
• You can upgrade to a paid tier at any time to opt-out of this data sharing

Paid Tier Users (Pro/Lifetime)

Paid subscribers have enhanced privacy protections:

• Option to opt-out of data sharing with third-party AI providers for model training
• Your AI conversations are still processed by OpenAI to generate responses, but not used for training (when opted out)
• Enhanced data retention controls
• Priority data deletion requests

Data Security

We take the security of your financial data very seriously. We implement industry-standard security measures to protect your information:

• Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption
• Secure Storage: Financial data is stored in secure, compliance-certified data centers
• Access Controls: Strict access controls and authentication mechanisms protect your account
• Regular Audits: We conduct regular security audits and penetration testing
• No Storage of Banking Credentials: We never store your bank login credentials

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

• AI Service Providers (OpenAI): Your financial data and AI conversation inputs are processed by third-party AI services, including OpenAI's ChatGPT API, to provide intelligent financial insights. For Free Tier users, these inputs (excluding passwords and credentials) may be used by OpenAI for model training and analytics. Paid subscribers can opt-out of this data sharing.
• Service Providers: With trusted third-party service providers who assist in operating our app (cloud hosting, analytics, customer support)
• Banking Institutions: With financial institutions to facilitate account connections and transaction retrieval (with your explicit consent)
• Legal Requirements: When required by law, subpoena, or other legal process
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Protection of Rights: To protect our rights, privacy, safety, or property, and that of our users
• Aggregate Data: Anonymized and aggregated data may be shared for research or business purposes

Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request access to the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal obligations)
• Export: Request a copy of your data in a portable format
• Opt-Out: Opt out of marketing communications at any time
• Withdraw Consent: Withdraw consent for data processing where consent is the legal basis

To exercise these rights, please contact us at support@roundbytes.com. We will respond to your request within 30 days.

Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. Specifically:

• Active account data is retained while your account is active
• Transaction history is retained for 7 years for tax and legal purposes
• After account deletion, most data is deleted within 90 days
• Some data may be retained longer if required by law or for legitimate business purposes
• Anonymized data may be retained indefinitely for analytics and AI training
• Virtual currency data (Gems, Diamonds, Coins): If your account is terminated or suspended for violations of our Terms of Service, all virtual currency balances and redemption history are immediately forfeited and deleted. Virtual items have no cash value and cannot be recovered after account termination.

Third-Party Services

Tucope integrates with third-party services to provide certain features:

• AI Services (OpenAI): We use OpenAI's ChatGPT API and other AI services to provide financial insights and conversational features. Your queries and financial data are processed by OpenAI's systems. Free Tier users' inputs may be used for model training. View OpenAI's privacy policy at https://openai.com/privacy
• Banking Aggregation: We use secure third-party services to connect to your financial institutions
• Analytics: We use analytics services to understand app usage (Google Analytics, Mixpanel)
• Cloud Services: Data is stored on secure cloud infrastructure (AWS, Google Cloud)
• Payment Processing: For premium features, we use secure payment processors

These third-party services have their own privacy policies. We encourage you to review their policies. We are not responsible for the privacy practices of third-party services.

Your Responsibility: Protecting Sensitive Information

IMPORTANT: You are responsible for what information you share with our AI features.

DO NOT input the following sensitive information into AI chat or any unstructured text fields:

• Full bank account numbers or credit card numbers
• Social security numbers, national identity numbers, or tax identification numbers
• Passwords, PINs, or security codes
• Copies of identification documents (passports, driver's licenses)
• Full credit card CVV codes

Tucope does not filter unstructured text for PII before sending it to third-party AI providers. If you voluntarily input sensitive personal information into AI features, it may be processed by third-party services like OpenAI, and we are not liable for how those services handle such data.

We strongly encourage you to use partial account numbers (e.g., "...1234") and avoid sharing complete sensitive identifiers when interacting with AI features.

Children's Privacy

Tucope is not intended for children under the age of 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using Tucope, you consent to such transfers.

We ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable laws, including Standard Contractual Clauses approved by regulatory authorities.

California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information held by us
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your CCPA rights

GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to lodge a complaint with a supervisory authority

Governing Law and Jurisdiction

This Privacy Policy is governed by and construed in accordance with the laws of the Republic of Indonesia, without regard to its conflict of law provisions.

Any disputes arising out of or relating to this Privacy Policy or our data practices shall be subject to the exclusive jurisdiction of the courts located in Jakarta, Indonesia, or resolved through binding arbitration in accordance with the rules of the Indonesian National Board of Arbitration (BANI), as specified in our Terms of Service.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify you via email or in-app notification
• Request your consent if required by law

We encourage you to review this Privacy Policy periodically. Your continued use of Tucope after changes are posted constitutes your acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Consent

By using Tucope, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this policy, please discontinue use of our services immediately.