Privacy Policy
Last updated:
We respect your privacy and process personal data in accordance with the GDPR and other applicable data protection laws. This Privacy Policy explains what data we collect when you use Actual.Armor (the “Platform”), how we use it, and your choices.
1. Overview
By using the Platform, you acknowledge this Privacy Policy and our Terms of Service. If you do not agree, please discontinue use.
2. Data Controller
Tuluko Group OÜ (registry code: 16754706) is the data controller for the Platform.
Registered address: Harju maakond, Tallinn, Kesklinna linnaosa, Tuukri tn 19-315, 10120, Estonia.
Contact: [email protected]
3. Data We Collect
| Category | Examples | Source |
|---|---|---|
| Account Data | Email address, name (optional), account ID, authentication data. | Provided by you during sign-up and login. |
| Usage Data | Logs of agent executions, prompts, generated outputs, workflow usage, feature interactions, device & browser information, IP address (city-level geolocation), timestamps. | Collected automatically when you use the Platform. |
| Content Data | Files, text, URLs, and other materials you upload or process within the Platform. | Provided by you. |
| Payment Data | Transaction IDs, payment method details, billing address, VAT number where applicable. Processed by our payment providers; we do not store full card details. | Provided by you; processed by Stripe and/or Paddle. |
| Support Data | Messages, attachments, and metadata when you contact support. | Provided by you. |
Sensitive categories of data should not be uploaded to the Platform. If you choose to process such data, you are responsible for having a valid legal basis and ensuring necessary safeguards.
4. Purposes & Legal Bases
| Purpose | Examples | Legal Basis |
|---|---|---|
| Provide & operate the Platform | Account creation, authentication, credit balance, agent/workflow execution, integrations. | Performance of a contract (GDPR Art. 6(1)(b)). |
| Improve & secure the Platform | Analytics, debugging, abuse and fraud prevention, model and feature quality improvement. | Legitimate interests (Art. 6(1)(f)). |
| Billing & taxes | Payments, invoicing, VAT compliance, refunds. | Legal obligation (Art. 6(1)(c)) and performance of a contract. |
| Support & communications | Service notices, product updates, responding to requests. | Legitimate interests; consent where required for marketing. |
| Marketing (optional) | Newsletters, promotions, affiliate programs. | Consent (Art. 6(1)(a)); you may withdraw at any time. |
5. Data Retention
We retain personal data only as long as necessary for the purposes above, or as required by law. You may request deletion (see Your Rights). Aggregated or anonymized data may be retained for statistics and security.
6. Data Sharing
We share data with service providers who help us operate the Platform (e.g., hosting, analytics, payments, customer support). These providers process data under contracts that protect your privacy.
- Cloud & AI providers: infrastructure, model inference, storage, logging.
- Payment providers: Stripe, Paddle (processing of payments and invoicing).
- Analytics & monitoring: product analytics, error tracking, security tools.
- Communication tools: email delivery, in‑app messaging, helpdesk.
We may disclose information if required by law, to protect our rights, users, or the public, or in connection with a merger, acquisition, or sale of assets (with appropriate safeguards).
7. International Transfers
Where personal data is transferred outside the EEA/UK, we rely on approved transfer mechanisms such as adequacy decisions or Standard Contractual Clauses (SCCs), and we assess supplementary measures where appropriate.
8. Your Rights (EEA/UK)
You have the right to access, rectify, erase, restrict processing, object to processing, and data portability, subject to legal limits. You also have the right to withdraw consent at any time (for processing based on consent) and to lodge a complaint with your local supervisory authority.
To exercise your rights, contact us at [email protected]. We may need to verify your identity to process your request.
9. Security
We implement organizational and technical measures designed to protect personal data, including access controls, encryption in transit and at rest where applicable, and regular security reviews. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
10. Cookies & Tracking
We use cookies and similar technologies to run the Platform, measure performance, and remember preferences. Where required by law, we request consent. You can control cookies in your browser settings and via our cookie banner.
| Type | Purpose | Retention |
|---|---|---|
| Strictly Necessary | Authentication, security, basic functionality. | Session or short‑term. |
| Functional | Remembering preferences, UI settings. | Up to 12 months. |
| Analytics | Product usage, performance metrics. | Up to 24 months. |
| Marketing (optional) | Newsletters, campaign attribution, affiliates. | Up to 24 months. |
11. Children’s Privacy
The Platform is not directed to children. We do not knowingly collect personal data from individuals under the age required by applicable law for consent to data processing. If you believe a child has provided data, contact us to request deletion.
12. Changes to this Policy
We may update this Privacy Policy from time to time. We will post the updated version here and update the “Last updated” date. Significant changes may be communicated via email or in‑app notice.
13. Contact
Questions or requests concerning this Privacy Policy can be sent to [email protected] or by mail to the address above.