Privacy Policy

UpdatedMay 22, 2026 Version1.4 Data controllerTuCora · Argentina Contactsoporte@tucora.com.ar AAIP registrationRL-2026-41929993-APN-DNPDP#AAIP

1. Introduction

TuCora ("the App") is a mobile application that helps people keep an emotional record of their romantic relationships. This policy explains what information we collect, how we use it, and what rights you have over it.

We comply with Law 25.326 on the Protection of Personal Data (Argentina) and, where applicable, with the European Union's General Data Protection Regulation (GDPR).

2. Data we collect

Your account data (in our backend)

If you create an account, we store the following on secure servers (provider: Supabase, USA):

Email
Date of birth (minimum-age verification)
Device language
Version and date of acceptance of the Terms
Status of your premium subscription

This data is used exclusively for authentication, age validation, management of your subscription, and support.

You can use TuCora without creating an account. In that case, no data leaves your device. An account is only necessary to sync your Premium across devices and to redeem coupons.

Your activity data (only on your device)

All the information you enter inside the App is stored only on your device. Sensitive fields (notes, red flags, descriptions, personal circle, favorites, intimate dates, encounters, period log, diary content) are encrypted with AES-256 before being stored. The remaining fields (name, photo, date of birth, zodiac sign, criteria) are stored unencrypted locally, accessible only to whoever has physical access to the unlocked device.

Nothing leaves your phone unless you explicitly decide so: when you export an analysis PDF, when you take a screenshot, or when you enable Cloud Backup (a Premium feature described in section 5.c).

About you: optional name, zodiac sign, preferences.
About other people: name, photo, date of birth, zodiac sign, important dates, notes, personal criteria, "red flags", intimate records, close circle.
Emotional diary: mood, emotion, notes.
Calendar events: name, date, place, reminders.

3. What we do NOT do with your data

We do not use cookies or behavioral-analytics SDKs inside the App (no Facebook SDK, no Google Analytics, no AppsFlyer, Adjust, or Branch).
We do not sell or share your personal information with third parties for commercial purposes.
We do not have access to the content of your diary, profiles, or notes.
In the free version, the App shows ads through Google AdMob, which uses the Android advertising identifier (GAID) and standard advertising signals to serve ads. AdMob never receives the content of your diary, profiles, notes, encounters, or period log. In the Premium version no ads are shown and AdMob is not involved.

4. Third-party services

The App may communicate with the following external services:

Supabase (USA) — stores your account data and, if you enable Cloud Backup (Premium), an encrypted copy of your data for up to 72 hours (see section 5.c). Policy.
Google Generative AI (Gemini) — only when you request an Oracle reading or a zodiac Compatibility query. The call goes through our tarot-reading Edge Function in Supabase, where the content is sanitized and rate-limiting is applied (max 30 readings/day per user). We send your name, date of birth, zodiac sign and, where applicable, the name and sign of the partner being consulted. We do not send diary data, profiles, encounters, or any other app data. This feature requires a registered account for rate-limiting and abuse-prevention purposes. Google Policy.
RevenueCat — if you activate a premium subscription, to validate the purchase. Policy.
Google Play Billing — handles payments.
Google AdMob (USA) — only in the free version, to show ads. It uses the Android advertising identifier (GAID) and standard advertising signals. It does not receive the content of your diary, profiles, notes, encounters, or period log, and is not shown on sensitive screens. It is not involved in Premium. Google Policy.
Expo Notifications — local reminders. They do not leave the device.
Sentry (USA) — error and crash monitoring for the App. It receives technical metadata (version, operating system, error stack trace). The content of sensitive screens (diary, profiles, spreads, encounters) is masked by configuration (maskAllText: true, maskAllImages: true). Your email appears in the error context if you are logged in. Retention 30 days. Policy.

5. Information about other people

TuCora lets you record information about other people. As the user, you are responsible for:

The truthfulness of the information you enter about third parties.
Obtaining the consent of those people where required by law.
The consequences of disseminating, exporting, or sharing that information.

TuCora does not act as the Data Controller for the data of the third parties you enter; it acts as a technical tool.

5.b Exports (PDF) and screenshots

When you export an analysis PDF or take a screenshot of the app, the generated files or images contain information that leaves the app's encrypted environment.

From that moment on:

You become the sole Data Controller of the file (Law 25.326 art. 2 / GDPR art. 4).
TuCora acts only as a technical generation tool and does not control or hold custody of the exported file.
Each generated PDF carries a footer with your email and the date, for your reference and as a traceability measure.
You are responsible for safeguarding the file or image and for not redistributing it to third parties without the consent of the people recorded in it.

Full detail of your obligations in the Terms of Use, sections 5.b and 5.c.

5.c Cloud Backup (Premium)

If you have a Premium subscription, you can use the optional Cloud Backup feature. It is a tool to move your data to another device, not a permanent backup. It works as follows:

It is manual: the copy is uploaded only when you tap "Back up to the cloud". There is no automatic or background sync.
Before leaving your device, the copy is encrypted with a PIN that you define (PBKDF2 derivation + AES-256). The PIN is not transmitted to any server. Without your PIN, no one —neither the TuCora team nor our hosting provider— can read the content of the backup.
The encrypted copy is stored in a private space of yours within Supabase (USA), accessible only from your account (per-user access policies).
It is automatically deleted after 72 hours from upload. After that period it is permanently removed (a server-side scheduled process, plus a verification within the app itself).
Each new backup replaces the previous one: there is at most one copy per user.
The backup includes: your relationship profiles (with photos, notes, "red flags", encounters, and dates), your evaluation criteria, your emotional diary, your calendar events, and your period log. It does not include the app's settings or Oracle data.

Because the content travels and is stored encrypted with a key only you know, TuCora continues to act as a technical tool and not as the Data Controller of the backup's content: by design we cannot access it. Responsibility for the PIN and for the decision to upload the backup is yours. If you lose the PIN, the backup cannot be recovered.

6. Security

All sensitive information is encrypted with AES-256 before being stored on the device.
The key is stored in the Keychain (iOS) or EncryptedSharedPreferences (Android).
Optional app-lock support with fingerprint, face, or system PIN.
Passwords hashed (bcrypt) in Supabase, never in plain text.
Cloud Backup (Premium) is encrypted on your device with your PIN before being uploaded; it travels and is stored encrypted, and is deleted after 72 hours (see 5.c).

7. Your rights

At any time you can exercise the following rights:

Access your information — always visible inside the App.
Export all your local data — the "Export my data" button in Settings.
Rectify or modify any data — from the corresponding screen.
Delete your account and associated data — the "Delete account" button in Settings (instant and irreversible).
Delete all your local data — the "Delete EVERYTHING" button in Settings.

Step-by-step guide to delete your account: tucora.com.ar/eliminar-cuenta.

8. Minors

TuCora is intended for people over 16 years old. We validate age via the date of birth when an account is created. If you are a minor, do not use the App.

9. Data retention

Account data: while the account is active.
After a deletion request from the app: immediate and irreversible deletion.
Local device data: until you delete it.
Oracle spreads you shared publicly: the text of the spread is kept in the community feed with no link to your original account. Your identity as an author is stored as a pseudonym (an irreversible SHA-256 hash of your user.id), not as your email or name. When you delete your account, that relationship between the pseudonym and you is permanently broken: your name disappears but the spread remains published. A technical decision to preserve the integrity of the shared feed without re-identifying the author.

10. Changes to this policy

If we substantially modify this policy, we will notify you inside the App on your next sign-in, and you will have to accept the new version to keep using it.

10.b If you appear in someone's profile

Any information about other people that a user records in TuCora is stored encrypted with AES-256 exclusively on their device. It is not transmitted to or stored on TuCora's servers, unless the user enables Cloud Backup (Premium): in that case an encrypted copy protected with their PIN is uploaded, which we cannot read either, and which is deleted after 72 hours (see section 5.c). By design, we have no technical access to the content —neither local nor in the backup— and we cannot view, copy, or delete it.

Consequently, with respect to that information TuCora does not act as the data controller within the meaning of Law 25.326 or the GDPR. The controller is the user who created it.

10.c Security incident notification

In the event of a security breach of the data stored on our servers that compromises personal information, we will notify the competent authority (AAIP in Argentina, the relevant supervisory authority in other jurisdictions) within 72 hours of becoming aware of the incident, in accordance with GDPR art. 33 and equivalent rules. We will also notify affected users if the risk to their rights and freedoms is high.

10.d Jurisdiction and territorial scope

TuCora is directed exclusively at users residing in Argentina and Latin America. We do not offer or market the service in the European Union, the United Kingdom, California, or other jurisdictions with specific data-protection regulations. We also do not advertise or sell in those markets, and our interface, user support, and pricing are localized for Latin America.

If you nevertheless access the service from one of those jurisdictions, the provisions of Law 25.326 of the Argentine Republic will apply insofar as they are compatible with your local law. For claims or to exercise your rights, you can write to us at soporte@tucora.com.ar.

Clarification: TuCora does not sell or share personal data with third parties for commercial purposes, in any jurisdiction.

10.f Special-category sensitive data

TuCora is a personal-record and self-knowledge tool — it is not a health, therapy, or diagnostic app. That said, one optional feature does record data that may be considered special-category under the GDPR (art. 9) or Law 25.326 (art. 7):

Period log (optional, within the "Encounters calendar", your own or your partner's): it is reproductive-health data.

Before enabling these features, TuCora asks for your explicit and separate consent inside the app. You can revoke it at any time from Settings. This data:

Is encrypted with AES-256 and lives on your device. It only leaves it if you enable Cloud Backup (Premium), and in that case it travels encrypted with your PIN and is deleted after 72 hours (see 5.c).
Is never sent to Google Analytics, Facebook Analytics, AdMob, or any tracking, advertising, or research service. The ads in the free version (AdMob) only receive the advertising identifier (GAID) and standard advertising signals; never the content of this sensitive data.
Is never included in exportable PDFs or in any data the app generates for sharing.

The "encounters calendar" records the days the user marks as "I saw this person". It does not infer or record the specific nature of the encounter.

10.h Advertising (free version) · No behavioral tracking · No automated profiling

The free version of TuCora shows ads through Google AdMob, which uses the Android advertising identifier (GAID) and standard advertising signals to serve ads. Ads do not appear on sensitive screens (Diary, Encounters calendar, period log). In the Premium version no ads are shown and AdMob is not involved.

Beyond AdMob, TuCora does not have third-party behavioral-tracking SDKs (no Facebook SDK, no Google Analytics, no AppsFlyer, Adjust, Branch, or similar), and does not make automated decisions with legal effects on you within the meaning of GDPR art. 22.

The partner-evaluation score and the Oracle reading are tools for your own reflection, not decisions by the App with consequences for you.

10.i Your information, your control

TuCora is designed so that you have direct control over your data, without having to request anything from us:

Access: the data stored on your device (profiles, diary, calendar, etc.) is always visible in the app. The minimal data associated with your account (email, premium status) is visible in Settings → My account.
Modification: any data you entered can be edited from the corresponding screen of the app.
Erasure: you delete your account and all associated data from Settings → My account → Delete account. It is immediate and irreversible. Guide: tucora.com.ar/eliminar-cuenta.

If you do not want us to hold any information about you, simply delete your account. You do not need to write to us for that.

10.g Point of contact and authority

Single point of contact for inquiries, claims, and exercising your rights: soporte@tucora.com.ar.

TuCora, given its size and nature, does not require the formal designation of a Data Protection Officer (DPO) under GDPR art. 37. The support contact fulfills that operational function.

TuCora's user database is registered with the Agency for Access to Public Information (AAIP) under registration number RL-2026-41929993-APN-DNPDP#AAIP (file EX-2026-41889742-APN-DNPDP#AAIP), in accordance with art. 3 of Law 25.326.

10.j Cookies and similar technologies

The website tucora.com.ar does not use cookies or similar tracking technologies, neither its own nor third parties' (no Google Analytics, no Meta Pixel, no LinkedIn Insight, no Hotjar, no advertising tags). Only the browser's strictly necessary cookies are used to serve the site (technical session). We do not require a consent banner because there is no processing that would warrant one.

The App does not use cookies; the only advertising technology it uses is Google AdMob in the free version, described in section 10.h. In Premium there are no ads.

10.k If we discover data of minors under 16

If we become aware that an account belongs to a person under 16 years of age, we will delete the account and all associated data without delay, without prior notice to the user. If you are a mother, father, or guardian and believe that a minor in your care created an account, write to us at soporte@tucora.com.ar and we will delete it within no more than 72 hours.

10.m Data retention table

Category	Retention period
Email + basic account data	While the account is active. Immediate deletion upon deletion request.
Local data (profiles, diary, calendar)	Until you delete it from the device.
Encrypted Cloud Backup (Premium)	Maximum 72 hours. Deleted automatically.
Supabase logs (access, errors)	7 days.
Communications to soporte@	2 years from the last interaction.
Payment / subscription history	10 years (AR tax requirement).

10.n AI transparency (Oracle)

The "Oracle" feature uses the Google Gemini AI model to generate symbolic interpretations of Tarot cards. When you make a query:

We send to Gemini: your name, date of birth, zodiac sign, and text query.
In zodiac compatibility queries: we send the zodiac sign of the selected partner (with no name or any other identifying data).
We do NOT send: emotional diary, notes, red flags, encounters, or any other profile data. Partner names are never transmitted to external services.
Google states that it does NOT use the generative API prompts to train its models by default.
The response is generative and non-deterministic: the same question may yield different answers. It is not prediction, it is symbolic reflection.
The AI does not make automated decisions with legal effects on you (GDPR art. 22). It is just a tool for inspiration.

10.o DPIA — Data Protection Impact Assessment (summary)

We have carried out an internal data protection impact analysis in accordance with GDPR art. 35:

Risk assessed: medium. Sensitive data (encounters, period log, emotional diary) lives encrypted on the user's device. It only reaches our servers if the user enables Cloud Backup (Premium), and in that case it travels and is stored encrypted with a PIN that only that person knows, for a maximum of 72 hours.
Main risk mitigated: sharing third-party data without consent → the feature to share profile templates was removed entirely; relationship data does not leave the device.
Residual risk: the user can export to PDF or take screenshots and share them manually. Mitigated with explicit disclaimers and email-based traceability in the PDFs.
Technical measures: AES-256 encryption at-rest, HTTPS in-transit, RLS in Supabase, optional biometric lock.
Organizational measures: clear usage policy, documented transfer of responsibility.

Expanded detail available upon a reasoned request to soporte@tucora.com.ar.

10.p Privacy by Design & Default

TuCora was designed following the 7 principles of Privacy by Design (Ann Cavoukian / GDPR art. 25):

1. Proactive not reactive: local-first architecture from day 1.
2. Privacy by default: the "no account" mode is fully functional.
3. Privacy embedded into the design: native AES-256 encryption, not as an add-on.
4. Full functionality (positive-sum): no trade-off between privacy and experience.
5. End-to-end security: full lifecycle of the data protected.
6. Visibility and transparency: this policy, listed subprocessors, auditable code.
7. Respect for user privacy: rights accessible from the app.

10.q Security improvements

We work continuously to improve the security of the application. Implemented measures include local AES-256 encryption, RLS access policies in the database, and server-side validation of rate limits.

10.r Accessibility

TuCora is committed to universal accessibility. We are working toward WCAG 2.1 level AA conformance. The current app includes accessibilityLabel and accessibilityRole labels on key interactive components. If you encounter accessibility barriers, write to us at soporte@tucora.com.ar and we will prioritize the fix.

11. Jurisdiction

This policy is governed by the laws of the Argentine Republic. Any dispute will be resolved before the ordinary courts of the Autonomous City of Buenos Aires.