Privacy Policy

1Introduction and Data Controller

This Privacy Policy describes how VuraOS LLC ("VuraOS", "we", "us", or "our"), with offices at 1309 Coffeen Avenue, STE 1200, Sheridan, WY 82801, United States, collects, uses, stores, and protects the personal information of Users who access our platform and services (the "Service").

VuraOS acts as the data controller for the personal data of its Users. For data that the User manages through the Service regarding their own customers, the User acts as the controller and VuraOS as the data processor, under the terms detailed below.

By using the Service, the User accepts the practices described in this Policy. If you do not agree, you must refrain from using the Service.

2Information We Collect

We collect information from different sources and in different contexts:

• Account information: first name, last name, email address, company name, position, and password (stored in encrypted format).
• Billing information: payment method data, transaction history, and billing address. Card data is processed directly by our certified payment providers and VuraOS does not store complete card numbers.
• Datos de uso: features used, access frequency, activity logs, IP address, browser type and version, operating system, and language settings.
• Contenido del Usuario: data, text, conversations, AI agent configurations, and any other content uploaded, transmitted, or generated by the User through the Service.
• Comunicaciones: mensajes enviados a nuestro equipo de soporte, consultas, formularios de contacto y respuestas a encuestas.
• Newsletter subscription information: email address and subscription date, for those who voluntarily subscribe to our communications.

3How We Use the Information

We use the information collected for the following purposes:

• Proveer, operar, mantener y mejorar el Servicio.
• Manage user accounts, subscriptions, and billing processes.
• Respond to inquiries, provide technical support, and manage communications with the User.
• Send operational communications, Service change notices, and security alerts.
• Analizar el uso del Servicio para identificar mejoras, detectar errores y optimizar el rendimiento.
• Detect, prevent, and investigate fraud, abuse, unauthorized access, and other unlawful activities.
• Cumplir con obligaciones legales, regulatorias o requerimientos de autoridades competentes.
• Send marketing communications and news, only to those who have given express consent.

4IA y Processing Automatizado

The Service uses artificial intelligence technologies to process queries and generate automated responses. The User should be aware of the following:

• VuraOS no utiliza el Contenido del Usuario (datos ingresados, conversaciones o configuraciones) para entrenar modelos de inteligencia artificial propios, salvo que el Usuario otorgue su consentimiento expreso para ello.
• AI models integrated into the Service may be provided by specialized third parties. Such providers are subject to confidentiality and data processing contracts that limit the use of information exclusively to the provision of the Service.
• Responses generated by AI agents are automatic and do not involve direct human intervention by VuraOS in each conversation. The User may request human review at any time by contacting our support team.
• We do not make automated decisions that produce significant legal effects on the User based exclusively on the processing of their personal data, without human intervention.

5Bases Legales del Tratamiento

Personal data processing is performed on the basis of the following legal grounds, as applicable to each processing activity:

• Contract performance: el tratamiento es necesario para proveer el Servicio contratado por el Usuario.
• Legitimate interest: para mejorar el Servicio, prevenir fraudes y garantizar la seguridad de la plataforma.
• Consent: for marketing communications, non-essential cookies, and any optional processing that requires express authorization.
• Legal obligation: cuando el tratamiento sea necesario para cumplir con obligaciones legales o requerimientos de autoridades competentes.

For users located in Argentina, data processing is governed by Law 25.326 on Personal Data Protection and its regulatory decree. For users in the European Economic Area or the United Kingdom, the General Data Protection Regulation (GDPR) applies.

6Information Sharing

VuraOS does not sell, rent, or commercialize the personal data of its Users. We may share information only in the following cases:

• Proveedores de servicios: we share data with providers of technology infrastructure, payment processing, email delivery, usage analytics, and support, who act as data processors under contracts that guarantee confidentiality and limited use of the data.
• Integrated messaging platforms: when the User enables integrations with third-party communication channels, the data needed to operate such integrations is transmitted to the corresponding platforms according to their own privacy policies.
• Asesores profesionales: abogados, contadores y auditores que requieran acceso a datos en el marco de sus funciones profesionales, sujetos a obligaciones de confidencialidad.
• Autoridades legales: cuando sea requerido por ley, orden judicial o autoridad gubernamental competente, o cuando sea necesario para proteger los derechos, la seguridad o la propiedad de VuraOS o de terceros.
• Transacciones corporativas: in case of merger, acquisition, spin-off, or sale of VuraOS assets, data may be transferred to the acquirer, who will be obligated to respect this Policy or notify the User in advance.

7Transferencias Internacionales de Datos

VuraOS operates from the United States and may use service providers located in different countries. Therefore, the User's personal data may be transferred to and stored on servers located outside their country of residence, in jurisdictions that may have data protection regulations different from those of their country.

Cuando realizamos transferencias internacionales de datos personales, adoptamos las medidas de salvaguarda adecuadas para protegerlos, incluyendo:

• Data processing contracts with protection clauses equivalent to those required by applicable regulations.
• Uso de proveedores que cuenten con certificaciones de seguridad reconocidas internacionalmente.
• Minimization of data transferred to those strictly necessary for each service.

8Data Retention

We retain personal data for the time necessary to fulfill the purposes described in this Policy, and in particular:

• Account data is retained as long as the account is active and for 30 days after cancellation, during which the User may request export or deletion.
• Billing and transaction data is retained for the periods required by applicable tax and accounting legislation (generally between 5 and 10 years).
• Activity logs are retained for a period of up to 12 months.
• Newsletter subscription data is retained until the User requests to unsubscribe.

After the retention periods elapse, data is securely deleted or irreversibly anonymized.

9Information Security

VuraOS implements reasonable technical and organizational measures to protect personal data against unauthorized access, loss, alteration, disclosure, or accidental or unlawful destruction. The measures adopted include:

• Encryption of data in transit through secure protocols (TLS/HTTPS).
• Encryption of passwords and sensitive data at rest.
• Role-based access control and principle of least privilege.
• Continuous infrastructure monitoring to detect anomalous access.
• Periodic security evaluations.

However, no security system is infallible. VuraOS cannot guarantee the absolute security of data. The User must keep their access credentials in strict confidentiality and notify us immediately of any unauthorized access.

10Your Rights

In accordance with applicable legislation, the User may have the following rights regarding their personal data:

• Access: request information about what personal data we have about you and how we use it.
• Rectification: request the correction of inaccurate or incomplete data.
• Erasure: request the deletion of their personal data when it is no longer necessary or when they withdraw consent.
• Objection: oponerse al tratamiento de sus datos para determinadas finalidades, incluyendo el marketing directo.
• Restriction: request restriction of the processing of their data in certain circumstances.
• Portability: receive their data in a structured, commonly used, and machine-readable format.
• Consent withdrawal: withdraw at any time the consent given for processing based on it, without affecting the lawfulness of prior processing.

Users from Argentina may exercise the rights of access, rectification, and erasure provided for in Law 25.326 and have the right to appeal to the Public Information Access Agency (AAIP) as the supervisory authority.

Para ejercer cualquiera de estos derechos, puede contactarnos en privacy@vuraos.com. We will respond within 30 business days. We may request identity verification before processing the request.

11Cookies and Similar Technologies

The Service uses cookies and similar technologies (such as browser local storage) to ensure operation, remember User preferences, and analyze Service usage.

• Cookies esenciales: necessary for Service operation. Cannot be disabled without affecting basic functionality.
• Cookies de preferencias: recuerdan configuraciones del Usuario, como el tema visual (claro/oscuro) y preferencias de idioma.
• Analytics cookies: allow us to understand how the Service is used to improve it. Can be disabled without affecting essential functionality.

The User can control and manage cookies from their browser settings. Disabling essential cookies may prevent the Service from functioning correctly.

12Comunicaciones de Marketing

Solo enviaremos comunicaciones comerciales, newsletters o novedades del Servicio a quienes hayan dado su consentimiento expreso para recibirlas, ya sea al registrar su cuenta o suscribirse expresamente a nuestras comunicaciones.

El Usuario puede darse de baja de las comunicaciones de marketing en cualquier momento mediante:

• The unsubscribe link included in each marketing email.
• Email request to privacy@vuraos.com.

Unsubscribing from the newsletter does not affect operational communications related to your account or the Service.

13Menores de Edad

The Service is intended exclusively for individuals over 18 years of age. VuraOS does not knowingly collect personal data from minors. If we become aware that we have collected data from a minor under 18 without parental or legal guardian consent, we will proceed to delete such information as soon as possible.

Si usted cree que hemos recopilado datos de un menor, le rogamos nos contacte de inmediato en privacy@vuraos.com.

14Third-party Services and Sites

The Service may contain links to third-party websites or services not operated by VuraOS. This Privacy Policy does not apply to such services. Use of third-party services integrated with the Service (such as messaging platforms, analytics tools, or payment processors) is subject to each third party's own privacy policies.

VuraOS is not responsible for the privacy practices of third-party sites and services. We recommend that the User review the privacy policies of any third-party service before using it.

15Security Breach Notification

En caso de que VuraOS tome conocimiento de una brecha de seguridad que afecte datos personales de los Usuarios y que represente un riesgo significativo para sus derechos, nos comprometemos a:

• Notificar a los Usuarios afectados dentro de un plazo razonable desde que tomemos conocimiento del incidente, salvo que las autoridades competentes requieran confidencialidad.
• Inform about the nature of the breach, the types of data affected, the measures adopted to mitigate damage, and the steps the User can take to protect themselves.
• Notify competent data protection authorities when required by applicable legislation.

16Changes to this Policy

VuraOS may update this Privacy Policy periodically to reflect changes in our practices, the Service, or applicable legislation. The updated version will be published on this page with the new effective date.

If changes are material, we will notify the User via email to the address registered in their account or through a prominent notice within the Service, at least 15 days prior to the effective date.

Continued use of the Service after the publication of changes implies acceptance of the updated Policy.

17Contacto y Consultas

Para ejercer sus derechos, formular consultas, presentar reclamos o reportar incidentes relacionados con la privacidad de sus datos, puede contactar a nuestro equipo en:

Users from Argentina may also direct their inquiries or claims to the Public Information Access Agency (AAIP), enforcement authority of Law 25.326, located at Av. Pte. Gral. Julio A. Roca 710, floor 2, Buenos Aires.