Privacy Policy
Last updated: April 22, 2026
1. Introduction
Tenko AI ("we", "our" or "the Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose and protect your information when you use our WhatsApp message management platform with Artificial Intelligence, as well as our website at tenko.com.co.
By accessing or using our services, you accept the practices described in this policy. If you do not agree with any term, we ask that you do not use our services.
2. Data controller
The controller of your personal data is:
- Company
- Tenko AI
- Website
- https://tenko.com.co
3. Information we collect
We collect the following types of information:
3.1 Information you provide directly
- First and last name
- Email address
- Phone number
- Company name and details
- Billing and payment information (processed by third parties)
- Password (stored encrypted with bcrypt)
3.2 WhatsApp conversation data
To provide the service, we process WhatsApp messages sent and received through our platform via Meta's WhatsApp Business API. This includes:
- Text message content
- Attachments (images, documents, audio) — stored encrypted at rest
- Phone numbers of contacts who message you
- Message metadata (date, time, delivery status)
This data is processed solely to provide the contracted service and is never sold to third parties. Attachments are kept according to the retention period described in section 7.
3.3 Usage and technical data
- IP address and approximate location data
- Browser type and operating system
- Pages visited and actions taken on the platform
- Error logs and system performance
- Cookies and similar tracking technologies (see section 8)
4. How we use your information
We use the information collected for the following purposes:
- Provide, operate and improve our services
- Process payments and manage subscriptions
- Send service notifications, updates and security alerts
- Respond to support and customer service requests
- Train and improve the service's AI models (anonymously and in aggregate)
- Comply with legal and regulatory obligations
- Prevent fraud and ensure platform security
- Send marketing communications (only with your prior, revocable consent)
5. Legal basis for processing
We process your personal data based on (GDPR and Colombia's Law 1581 of 2012):
- Contract performance: to provide the service you contracted.
- Legitimate interest: to improve our platform, prevent fraud and ensure security.
- Consent: for marketing and use of non-essential cookies.
- Legal obligation: when required by applicable law.
6. Sharing data with third parties
We may share your information with:
6.1 Meta Platforms, Inc.
Our platform uses the WhatsApp Business API, provided by Meta Platforms, Inc. By using our service, some data (such as your WhatsApp Business number and message metadata) is processed through Meta's infrastructure, subject to the WhatsApp Business Policy and Meta's Platform Terms. We do not use data received from Meta for purposes other than those authorized by those terms.
6.2 Subprocessors
We share data with trusted providers that help us operate the platform. We maintain an updated list of subprocessors:
| Provider | Purpose | Location |
|---|---|---|
| Amazon Web Services | Hosting and infrastructure | São Paulo (Brazil) |
| Meta Platforms, Inc. | WhatsApp Business API | USA / Global |
| Stripe, Inc. | Payment processing | USA |
| Anthropic / OpenAI | AI models (no-retention processing) | USA |
| Resend | Transactional email delivery | USA |
| Plausible Analytics | Cookieless web analytics | Germany (EU) |
6.3 Legal requirements
We may disclose information when required by law, court order or competent government authority.
We do not sell, rent or share your personal data with third parties for commercial purposes.
7. Data retention
We retain your data while you maintain an active account with us or while it is necessary to provide the service. Conversation data (including attachments) is retained during the active subscription period and up to 90 days after account cancellation, unless the law requires a longer period.
You may request deletion of your data at any time by contacting us at privacidad@tenko.com.co.
8. Cookies
We use cookies and similar technologies to enhance your experience, analyze traffic and personalize content. Detail of the cookies we use:
| Name | Purpose | Duration |
|---|---|---|
| tenko_session | Keep your session signed in | Session |
| tenko_locale | Remember your preferred language | 1 year |
| plausible_ignore | Exclude your own visit from internal metrics | Permanent |
We do not use advertising or third-party tracking cookies. You can control cookies from your browser settings. Note that disabling certain cookies may affect service functionality.
9. Your rights
Depending on your location, you may have the following rights regarding your personal data (GDPR and Colombia's Law 1581):
- Access: get a copy of the data we hold about you.
- Rectification: correct inaccurate or incomplete data.
- Erasure: request deletion of your data ("right to be forgotten").
- Portability: receive your data in a structured, machine-readable format.
- Objection: object to processing based on legitimate interest or for marketing.
- Restriction: request restriction of processing in certain cases.
- Withdraw consent: at any time, without affecting the lawfulness of prior processing.
- Know, update and rectify (Law 1581): request proof of authorization given and learn the use of your personal data.
To exercise any of these rights, write to us at privacidad@tenko.com.co. We will respond within 15 business days (Colombia) or 30 days (GDPR).
10. Data deletion
You may request deletion of your account and all associated data at any time. To do so, send an email to privacidad@tenko.com.co with the subject "Data deletion request" indicating the email associated with your account. We will process your request within 30 days.
11. Security
We implement technical and organizational measures to protect your data against unauthorized access, loss, alteration or disclosure. This includes encryption in transit (TLS 1.3), encryption at rest (AES-256), role-based access control, multi-factor authentication for the internal team and periodic security audits.
However, no system is 100% secure. In the event of a security breach affecting your data, we will notify you as required by applicable law, within a maximum of 72 hours.
12. Minors
Our services are intended for businesses and are not directed at people under 18. We do not knowingly collect data from minors. If you become aware that a minor has provided us with information, contact us so we can delete it.
13. Changes to this policy
We may update this Privacy Policy periodically. We will notify you of significant changes by email or via a prominent notice on our platform. The "last updated" date at the start of this document indicates when the last change was made. We recommend reviewing this policy regularly.
14. Contact
If you have questions, comments or requests related to this Privacy Policy or the processing of your personal data, you can contact us: