Get started
Back to Home

Privacy Policy

1. Data controller and scope

This Privacy Policy (the “Policy”) describes how Tulkea (hereinafter, “Tulkea”, “we” or “our”) processes personal data when:

  • You visit our websites and public sections.
  • You register for and use the Tulkea platform (the “Platform”) as a professional user.
  • You interact with us through support or contact channels.

When the Customer uses the Platform to process personal data of its own customers, employees or other data subjects, Tulkea acts in most cases as a processor and the Customer as controller, in accordance with Regulation (EU) 2016/679 (GDPR) and applicable regulations. In such cases, this Policy is complemented by the data processing agreement we may enter into with the Customer.

2. Data we process

2.1. Account and organization data
We may process:

  • Identification and contact details: name, surname, professional email address, and the organization you belong to.
  • Organization profile data: name, logo, configuration of business accounts (Business_Accounts), internal and external teams (Team, Team_Member) and roles (owner, admin, member, etc.).
  • Authentication data: encrypted credentials, technical session identifiers, login and device logs.

2.2. Platform usage data
In the context of providing the service, we process:

  • Information about configured channels (Channels, Channel_Member, Channel_Team).
  • Communication threads and messages (Threads, Messages), including content, dates, participants and metadata.
  • Data associated with subtasks, traces and events (Subtasks, Traces, Trace_Events, Traces_Content, Checkpoints) for execution, audit and debugging purposes.
  • Configuration data for channel procedures, automations and business rules defined by the Customer.

The specific content of messages or data entered or generated by the Customer depends on how the Customer uses the Platform. The Customer is responsible for not including special categories of data or other highly sensitive data unless it has an appropriate legal basis and has previously agreed with Tulkea on any additional measures needed.

2.3. Technical and analytics data
We may automatically collect certain technical information when you use the Platform or our websites, such as:

  • IP address (shortened or anonymized whenever possible).
  • Device and browser identifiers.
  • Dates and times of access, pages visited, features used and errors recorded.
  • Aggregated information about performance and usage to improve service quality.

2.4. Communications and support
If you contact us (for example, via a contact form, email or support systems), we will process the data you provide (name, contact details, content of the query and any additional information you choose to include).

3. Purposes and legal bases for processing

We process personal data for the following purposes and on the following legal bases:

3.1. Provision of the Platform

  • Managing user and organization registration.
  • Configuring and maintaining channels, business accounts, teams and permissions.
  • Processing communication threads, messages, subtasks, traces and events.
  • Providing audit, history and version control features.

Legal basis: performance of a contract or taking steps prior to entering into a contract (Art. 6.1(b) GDPR) where processing is necessary to provide the service to the Customer; legitimate interest (Art. 6.1(f) GDPR) for certain technical and security logs.

3.2. Security, abuse prevention and legal compliance

  • Detecting and mitigating security incidents, unauthorized access or misuse of the Platform.
  • Maintaining activity logs for audit and incident resolution purposes.
  • Complying with legal and regulatory obligations or requests from competent authorities.

Legal basis: compliance with legal obligations (Art. 6.1(c) GDPR) and legitimate interest in ensuring the security of the service and data (Art. 6.1(f) GDPR).

3.3. Continuous service improvement

  • Analysing Platform performance in an aggregated and anonymized manner.
  • Developing new features and optimizing existing ones.
  • Conducting internal testing, debugging and analysis of the data model and user experience.

Legal basis: legitimate interest in improving our services (Art. 6.1(f) GDPR). Whenever possible, we use aggregated or anonymized data.

3.4. Product and commercial communications

  • Sending communications about service updates, new features, security notices and changes to the Terms or this Policy.
  • Sending, where permitted by law and where we have a prior contractual relationship, commercial communications relating to similar services.

Legal basis: legitimate interest (Art. 6.1(f) GDPR) for communications related to the contracted service; consent (Art. 6.1(a) GDPR) where required by applicable regulations.

4. Processor role and Customer responsibilities

When the Customer uses the Platform to process personal data of its own customers, employees or other data subjects:

  • The Customer acts as controller.
  • Tulkea acts as processor, and will process data only in accordance with the Customer’s documented instructions, in line with the contract and applicable data processing agreement.

The Customer is responsible for:

  • Determining the purposes and means of processing the data it introduces into the Platform.
  • Informing data subjects and obtaining consent, where required.
  • Ensuring it has an appropriate legal basis for processing.
  • Correctly configuring roles, permissions and access (for example, in Business_Account_Member, Channel_Member, Team_Member, Delegated_Access, etc.).

5. Data retention

We retain personal data for as long as strictly necessary for the purposes described and, in particular:

  • For as long as there is an active contractual relationship with the Customer.
  • For as long as legal retention obligations exist (for example, tax or accounting obligations).
  • For the applicable limitation periods for potential liabilities.

Once these periods have ended, we may:

  • Securely delete the data, or
  • Irreversibly anonymize it for statistical and analytical purposes only.

The Platform’s design, based on trace trees and history, allows historical records to be maintained. The Customer may, subject to Platform capabilities and applicable law, request the deletion or anonymization of identifiable personal data, taking into account existing technical and legal constraints.

6. Recipients and international transfers

6.1. Service providers (processors)
We may rely on certain external providers for auxiliary services (for example, hosting, infrastructure, communications, monitoring, technical analytics). These providers will act as processors and will be bound by contractual confidentiality and data protection obligations.

6.2. International data transfers
If any of our providers is located outside the European Economic Area (EEA) or provides services from third countries, we will implement appropriate safeguards under the GDPR, such as:

  • Adequacy decisions by the European Commission.
  • Standard contractual clauses approved by the European Commission.
  • Additional contractual, technical and organizational measures where necessary.

6.3. Disclosures to third parties

We may disclose personal data to:

  • Competent authorities and public bodies where we are legally required to do so.
  • Professional advisers (lawyers, auditors, etc.) to the extent necessary to protect our rights and legitimate interests.

We will never sell personal data to third parties.

7. Data subject rights

Data subjects whose data we process may exercise, where applicable and under the terms provided by law, the following rights:

  • Right of access.
  • Right to rectification.
  • Right to erasure (“right to be forgotten”).
  • Right to object.
  • Right to restriction of processing.
  • Right to data portability.
  • Right not to be subject to a decision based solely on automated processing, including profiling, where applicable.

Where Tulkea acts as processor, we will in most cases refer requests to the Customer acting as controller, unless the law requires us to respond directly.

To exercise your rights or ask any question about how we process your personal data, you may contact us through the channels indicated on the Platform or on our website, clearly indicating the right you wish to exercise and providing the information necessary to identify you.

If you believe that your data protection rights have been infringed, you also have the right to lodge a complaint with the relevant supervisory authority.

8. Information security

Tulkea applies appropriate technical and organizational measures to protect personal data against destruction, loss, alteration, disclosure or unauthorized access, including:

  • Role‑ and organization‑based access controls.
  • Activity and event logs (Trace_Events, histories of Threads, Messages, Subtasks, Traces).
  • Access limitation on a need‑to‑know basis.
  • Encryption and pseudonymization measures where appropriate.

Despite our security measures, no system is completely secure. In the event of a personal data breach, we will follow our internal incident management procedures and, where required, notify the authorities and affected data subjects.

9. Cookies and similar technologies

The use of cookies and similar technologies on our websites and within the Platform is described in our Cookies Policy, which explains what types of cookies we use, for what purposes and how you can manage or disable them.

10. Changes to this Policy

We may update this Policy to adapt it to legal, technical or business changes. In the event of material changes, we will inform users through the Platform or by other reasonable means.

The updated version will be indicated with a “last revised” date. Continued use of the Platform after the changes take effect will constitute acceptance of the updated Policy.

If you have any questions about this Policy or how we process your personal data, you can contact us through the channels indicated on the Platform or in our contact section.

Tulkea

Home

Pages

BlogDocs

Legal

Terms and ConditionsPrivacy Policy
Privacy Policy | Tulkea