Privacy Policy

We collect the minimum information necessary for the App to function:

• Account data: name, email address, and user ID, solely for authentication and App functionality.
• Assistant queries: questions sent to the AI assistant are processed on external servers to generate responses. For authenticated users, session summaries are stored on our server to improve conversation continuity. These summaries do not contain the full text of your messages.
• Usage data: we log IP addresses and query counts for abuse prevention (rate limiting) and plan limit enforcement. These logs are automatically deleted.
• Local data: full conversation history, bookmarks, notes, and preferences are stored exclusively on your device (local browser or app storage).

We use the information collected exclusively to:

• Authenticate your identity and manage your account.
• Process your tax questions through the AI assistant.
• Improve service quality and functionality.

We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes.

The following data is stored exclusively on your device:

• Conversation history with the assistant (up to 30 conversations).
• Bookmarked articles and personal notes.
• App preferences (theme, settings).

This data is not transmitted to any external server and remains under your full control. You can delete this data at any time directly from the App.

The App uses the following third-party services. All process data in the United States, constituting international transfer under article 26 of Colombian Law 1581 of 2012. By using Tribai you expressly authorize such transfer:

• Anthropic (Claude) — USA: NLP for the AI assistant. Queries are sent to Anthropic to generate tax responses. Primary provider.
• OpenAI — USA: fallback provider for service continuity.
• Pinecone — USA: semantic search over the tax knowledge base.
• Supabase — USA: database for session summaries and user profiles. Does not store full conversations.
• Vercel (hosting + Analytics) — USA: application hosting and, if you explicitly authorize it via the cookie banner, aggregated anonymous usage metrics.
• Clerk — USA: authentication and account management.
• Stripe — USA: payment processing. Card data never touches our servers.
• Resend — USA: transactional email delivery.

Tribai uses two cookie categories. Under Colombian Decree 1377/2013 art. 7, analytics only activates upon your prior, explicit and informed consent (cookie banner):

• Essential (mandatory): session cookie, anonymous identifier tribai-anon-id (HttpOnly, Secure, SameSite=Lax) for usage limits and abuse prevention, theme preference.
• Analytics (opt-in): Vercel Analytics collects aggregated anonymous metrics. No tracking cookies, no PII. Activates only if you accept in the banner.

We do not use advertising cookies, tracking pixels, retargeting networks, or sell data to brokers.

In accordance with Colombian Law 1581 of 2012 (Personal Data Protection Act — Habeas Data), you have the right to:

• Access: freely access your personal data that has been processed.
• Update and rectify: request the update or correction of your personal data.
• Delete: request the deletion of your data when you deem it appropriate. You can delete your data at any time directly from the App.
• Revoke: revoke authorization for the processing of your personal data.
• File complaints: with the Superintendence of Industry and Commerce (SIC) for violations of data protection law.

To exercise these rights, contact us at privacidad@tribai.co.

We implement the following security measures:

• Encrypted communications (HTTPS/TLS) with all external services.
• Local storage of full conversation history on your device.
• Secure credential storage in device Keychain (iOS) or local browser storage (web).
• Rate limiting to prevent platform abuse.
• Minimal data collection: we only collect what is strictly necessary.

The App is not intended for individuals under 18 years of age. We do not knowingly collect information from minors.

We reserve the right to update this privacy policy. Significant changes will be communicated through the App. The last updated date will be reflected at the top of this document.

This privacy policy is governed by Colombian data protection legislation:

• Law 1581 of 2012: Statutory Law on Personal Data Protection (Habeas Data).
• Decree 1377 of 2013: regulatory decree for Law 1581 of 2012.
• Decree 1074 of 2015 (book 2 title 2 chapter 25): Unique Regulatory Decree of the Commerce Sector.
• SIC External Circular 02 of 2015: instructions for the National Database Registry (RNBD).

National Database Registry (RNBD): Inplux S.A.S. (operator of Tribai) is in the process of registering the usuarios_tribai and leads_tribai databases before the Superintendence of Industry and Commerce (SIC). Registration number available at privacidad@tribai.co upon completion.

Data Controller: Inplux S.A.S., domiciled in Bogota D.C., Colombia.

For questions, requests, or concerns regarding this privacy policy or the processing of your personal data, you may contact us at:

• Email: privacidad@tribai.co
• Website: tribai.co