Privacy Policy — Tiffany Smart S.A.S.

Effective Date: October 2025

Company: Tiffany Smart S.A.S.

Registered Office: Medellín, Colombia

NIT (Tax ID): 901941173-1

Email: info@tiffanysmart.co

Website: https://tiffanysmart.co

1. Introduction

Tiffany Smart S.A.S. ("Tiffany Smart", "we", "our", or "us") provides business process automation and AI-driven communication tools, including WhatsApp-based services. We are committed to protecting your privacy and handling all personal data in compliance with Colombian Law 1581 of 2012, Decree 1377 of 2013, and international data protection standards (GDPR). By using our website or services, you accept this Privacy Policy.

2. Data We Collect

• Identification data: name, company name, WhatsApp number, and email address.

• Communication data: messages exchanged through WhatsApp or other channels connected to our platform.

• Usage and technical data: device, browser, IP address, and system logs.

• Optional business data provided by clients for automation purposes.

We do not intentionally collect sensitive data unless strictly required and with explicit consent.

3. Purpose of Data Processing

• Deliver and improve our automation and messaging services.

• Manage customer accounts and provide support.

• Verify user identity and maintain secure access.

• Ensure compliance with WhatsApp Business Policy and applicable laws.

• Handle billing and commercial relationships.

• Maintain audit logs for consent and communication.

• Analyze usage for platform improvement.

4. Legal Basis

• Consent – when users opt in to receive WhatsApp messages.

• Contractual necessity – to perform our services.

• Legal obligation – for record keeping or reporting.

• Legitimate interest – for security and fraud prevention.

5. Habeas Data Policy (Colombian Law 1581/2012)

• Data subjects have the right to access, correct, update, or delete their information.

• Inquiries and claims will be processed within 10 business days for consultations and 15 business days for complaints.

• Requests can be made via info@tiffanysmart.co or through our contact form.

• Tiffany Smart acts as the Data Controller for all personal information processed within its operations.

6. Data Retention

• Customer and transaction data: up to 5 years.

• Consent records: until the user withdraws consent.

• Backups: securely encrypted and deleted after defined retention periods.

7. Data Sharing and International Transfers

We may share data with trusted third-party service providers (cloud hosting, CRM, analytics). Transfers outside Colombia comply with adequacy standards under Law 1581/2012 and GDPR Articles 44–49. All processors operate under confidentiality and security agreements.

8. Information Security

• Encryption of stored and transmitted data.

• Multi-factor authentication and access control.

• Incident response and monitoring systems.

• Employee confidentiality obligations.

9. Cookie and Tracking Policy

Our website may use cookies to improve user experience and collect anonymized analytics. Cookies are used for:

• Session management and navigation.

• Analytics and performance (e.g., Google Analytics).

• Marketing pixels for campaign measurement.

Users can manage or delete cookies in their browser settings. By continuing to browse our site, you consent to our cookie use.

10. PQR and Data Subject Requests

All Petitions, Complaints, and Claims (PQR) related to data rights can be sent to info@tiffanysmart.co. Requests must include the name, ID, contact method, and description of the issue. We commit to answering within the legal deadlines set by Decree 1377/2013.

11. Policy Updates

We may update this Privacy Policy periodically. Changes will be posted at https://tiffanysmart.co/privacy-policy with the new effective date.

WhatsApp Compliance

Tiffany Smart S.A.S. complies with WhatsApp’s Business Messaging Policy. For details, see our WhatsApp Compliance Statement.