Privacy Policy

This Privacy Policy explains how Tsunu AI ("we," "us," or "our") collects, uses, and protects your information when you use tsunu.ai and the Tsunu AI platform ("the Service"). By using the Service you agree to this policy.

1. Information We Collect

Account information

When you register we collect your name, email address, and organization name. If you choose to upload an avatar, that image is stored on our servers.

Billing information

Payment details (card number, expiry, CVV) are collected and stored directly by Stripe. We receive only a tokenized representation and never store raw card data on our servers.

Usage data

We record which features you use, pages you visit, actions you take inside the platform, error events, and performance metrics. This helps us improve the Service and diagnose problems.

Content you generate

Text, uploads, and other content you submit to the AI assistants ("your content") is processed to provide the Service. See Section 3 for how it is handled by third-party AI providers.

2. How We Use Your Information

• To create and manage your account
• To provide, operate, and improve the Service
• To process payments and manage subscriptions
• To send transactional emails (account confirmations, billing receipts, password resets)
• To send product updates and marketing communications (you may opt out at any time)
• To detect, investigate, and prevent abuse or security incidents
• To comply with legal obligations

We do not sell your personal information to third parties.

3. Third-Party Services

We use the following third-party services to operate the platform. Each provider has its own privacy policy.

• Stripe — payment processing and subscription management. Card data is governed by Stripe's PCI-compliant systems.
• AI Providers — the Tsunu AI platform routes prompts to one or more AI providers to power the assistants. We currently use Anthropic and OpenAI. Your prompts and AI outputs are transmitted to these providers solely to generate responses on your behalf; neither provider uses API inputs to train their models without explicit agreement. For a current list of AI providers and their data-processing terms, see our AI Provider Disclosure. All AI processing occurs on infrastructure hosted in the United States.
• Resend — transactional email delivery (account and billing notifications).
• Cloudflare — DNS, CDN, DDoS protection, and the Turnstile bot-detection widget. Cloudflare may set cookies for security purposes.
• Sentry — error monitoring and performance tracing. Personally identifiable information is minimized in error reports.

3a. The Vault and Personas

The Vault is your organization's private knowledge store within Tsunu AI. It holds context documents, brand guidelines, client data, and other information you upload or save. Personas are named context profiles within the Vault that you configure to shape how the AI assistants respond.

You own all data stored in the Vault, including Personas. We do not use Vault content or Personas to train AI models, and we do not share them with third parties except to the extent required to route your active AI request to a provider listed in Section 3. You may delete any Vault entry or Persona at any time from the platform. Account-level deletion is covered in Section 6.

4. Data Retention

We retain your account data for as long as your account is active. If you cancel your subscription, your data is retained for 90 days to allow reactivation, then deleted. Aggregate, anonymized usage statistics may be retained indefinitely. Billing records are retained as required by applicable law (typically 7 years).

Project Deletion and Data Retention

When a project is deleted, associated data (including Vault entries, assistant conversation history, and brand voice settings) enters a 30-day retention period before permanent deletion. During this period, the data is not accessible through the platform. After 30 days, the data is permanently deleted from our systems. If you have questions about data deletion, contact support@tsunu.ai.

5. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate data
• Deletion — request deletion of your account and associated data
• Portability — request an export of your data in a machine-readable format
• Objection — object to processing based on legitimate interest

To exercise any of these rights, email privacy@tsunu.ai. We will respond within 30 days.

6. Data Deletion Requests

You have the right to request permanent deletion of your Tsunu AI account and all personal data associated with it, including your profile, usage history, generated content, and any files you uploaded to The Vault.

To submit a deletion request:

1. Email privacy@tsunu.ai with the subject line "Data Deletion Request" from the email address associated with your account.
2. We will verify your identity and confirm receipt within 5 business days.
3. Your account and personal data will be permanently deleted within 30 days of confirmation. You will receive an email when deletion is complete.

Note: Deletion is irreversible. Any active subscription will be cancelled immediately with no refund for unused time. Billing records required by law (typically 7 years) are retained but stripped of personally identifiable information.

If you connected third-party integrations (Google Calendar, Gmail, etc.), you should also revoke Tsunu AI's access directly from those providers' permission settings.

7. Cookies

We use essential session cookies to keep you logged in and to protect against cross-site request forgery. Cloudflare Turnstile sets a verification cookie on registration and login forms. We do not use advertising or tracking cookies.

8. Data Security

All data is transmitted over TLS (HTTPS). Data at rest is encrypted. Access to production systems is limited to authorized personnel and protected by multi-factor authentication. We monitor for unauthorized access using Sentry and structured logging.

9. Children

The Service is not directed at children under 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes we will notify you by email or by a prominent notice on the platform at least 14 days before the change takes effect. The effective date at the top of this page will always reflect the latest version.

11. California Online Privacy Protection Act (CalOPPA)

We comply with the California Online Privacy Protection Act. The following disclosures apply to California residents and any user who visits the Service:

• Do Not Track: We honor Do Not Track (DNT) signals. When DNT is enabled in your browser, we do not use cookies or tracking pixels to collect behavioral data about your browsing activity across third-party websites.
• Third-party tracking: Certain third-party service providers — including Stripe (payment processing), Cloudflare (security and CDN), and Sentry (error monitoring) — may place cookies or use tracking technologies on our Service as part of their own operations. We do not control these third-party technologies. Please review each provider's privacy policy for details.
• Updating your information: You may update or correct your personal information at any time by contacting support@tsunu.ai or through your account settings.

12. Contact

For privacy questions or requests: