Plain-English Summary
This summary is for convenience. The full policy below gives the details.
- We collect the identity, account, organization, content, connection, device, and security information needed to provide TUNC Hub.
- Chats, agent activity, files, artifacts, policies, and tool results are visible to the collaborators you choose and, in governed workspaces, to authorized organization administrators.
- We do not sell personal information, share it for cross-context behavioral advertising, or use advertising trackers.
- We do not train AI models on User Content unless a Free user gives separate, explicit opt-in consent. Business and Enterprise content is excluded from training entirely.
- You may ask to access, correct, export, or delete your personal information. Contact legal@tunc.ai or use available account controls.
1. Scope and Our Role
TUNC is responsible for personal information used to operate tunchub.com, TUNC accounts, and TUNC-managed cloud services. For a workspace governed by an organization or a customer-operated Core, that organization may decide why and how workspace information is processed. In that setting, the organization is responsible for its notices and instructions, and TUNC may act as its service provider or processor.
This policy does not govern third-party AI models, model routers, repositories, cloud providers, tools, or websites you connect to the Service. Their terms and privacy policies apply to their processing.
2. Information We Collect
3. Where Information Comes From
We receive information from you; your browser, device, TUNC Hub, and TUNC CLI; identity providers such as Google or GitHub; organization administrators and collaborators; services and tools you connect; and service providers that help us operate, secure, support, and bill for the Service.
If an administrator invites you or creates an account for you, we may receive your name, work email, role, and workspace assignment from that organization before you first sign in.
4. Why We Use Information
We use personal information to authenticate users; create and administer accounts and organizations; provide chats, agents, collaboration, artifacts, memory, policies, approvals, and connected tools; route requests to services you choose; process subscriptions; provide support; communicate service and security notices; prevent abuse; investigate incidents; maintain reliability; enforce our Terms; and comply with law.
Where a legal basis is required, we process information to perform our contract with you, pursue legitimate interests in operating and securing the Service, comply with legal obligations, and, for optional uses such as AI-training participation, based on consent that you may withdraw.
We do not use personal information to make solely automated decisions that produce legal or similarly significant effects about you.
5. User Content and AI Training
We use User Content only to provide, secure, support, and improve the reliability of the Service, including routing it to collaborators and model or tool providers you select. We do not sell User Content or personal information and do not disclose either for third-party advertising.
AI training is off by default. We do not use User Content to train or fine-tune AI models unless a Free user first gives separate, explicit, informed opt-in consent through a setting that defaults to off. Business and Enterprise content is never used for training, regardless of settings. Withdrawing an opt-in stops future training use but may not reverse training already completed with data previously provided under valid consent.
We may use aggregate operational statistics that contain no User Content and cannot reasonably identify a person or organization to understand reliability and feature usage.
6. Google and Other Connected Services
Google Sign-In provides basic identity information such as your email address, display name, and profile image. If you separately connect a Google Workspace feature, we request only the permissions shown in the Google consent screen and use the resulting data only to provide or improve the visible feature you requested, secure the Service, comply with law, or as otherwise permitted by the Google API Services User Data Policy.
We do not use Google user data for advertising, credit decisions, surveillance, or AI training. We do not permit a person to read data obtained through sensitive or restricted Google scopes unless you affirmatively authorize support for specific data, access is necessary for security, access is required by law, or the data has been aggregated for lawful internal operations.
You can revoke a Google connection from your Google Account permissions and remove supported connections in TUNC settings. Revocation stops new access but does not automatically delete information already stored; use account controls or contact legal@tunc.ai to request deletion.
When you direct the Service to call an AI model, router, repository, cloud service, or tool, the information required for that request is sent to that provider. Review the provider you select before sending confidential or regulated information.
7. How We Disclose Information
We disclose information only as needed to provide the Service or when you direct us: to cloud hosting, storage, content-delivery, identity, email, payment, security, support, and infrastructure providers; to AI models and connected tools you select; to collaborators, guests, and authorized organization administrators; to professional advisers; to authorities or other parties when reasonably necessary to comply with law, protect rights and safety, investigate abuse, or secure the Service; and in a merger, financing, acquisition, reorganization, or sale of assets subject to appropriate confidentiality and notice.
We require service providers to process information for the contracted service and protect it appropriately. We do not sell personal information or User Content, and we do not share either for cross-context behavioral advertising.
8. Collaboration and Governed Workspaces
Shared sessions are visible to their participants. People you invite can see messages, artifacts, activity, names, and profile images in that session and may retain copies.
If a workspace is governed by an organization operating a Core, authorized administrators may apply policies and access session history, usage records, audit events, and artifacts under that organization's rules and applicable law. TUNC Hub identifies governed workspaces. Ask your organization about its own monitoring, retention, and access practices.
9. Cookies, Local Storage, and Tracking
We use essential authentication and security cookies to keep you signed in and protect account access. These cookies are not used for advertising. The website may use local browser storage for preferences such as light or dark mode.
We do not currently use third-party advertising cookies, pixels, or cross-site behavioral advertising trackers. Because we do not sell or share personal information for behavioral advertising, there is no sale or advertising-sharing opt-out needed for our current practices. Where legally required, we honor recognized opt-out preference signals such as Global Privacy Control. Browser Do Not Track signals do not have a uniform standard, but we do not use them to enable advertising tracking.
10. Retention and Deletion
We keep information only as long as reasonably necessary for the purposes described here, taking account of account status, workspace settings, contractual commitments, security needs, dispute and legal-preservation requirements, and applicable law.
- Account and profile information is generally kept while the account is active. After account closure, you have 30 days to export User Content, after which we may delete it.
- Chats, agent activity, artifacts, and governed-workspace records follow the retention controls and policies shown for the account or organization. Generated artifacts default to 30 days where no different retention period is selected.
- Deleted content may remain in transient backups until those backups are overwritten in the ordinary course, no more than 35 days.
- Authentication credentials and connected-service tokens are retained until they expire, are revoked, or are no longer needed for the connection.
- Security, audit, billing, Terms-acceptance, and transaction records may be kept longer when reasonably necessary to protect the Service, document compliance, resolve disputes, or satisfy tax, accounting, and legal obligations.
11. Security
We use administrative, technical, and organizational safeguards designed to protect information, including access controls, encryption in transit, credential protections, tenant and role boundaries, logging, and vendor controls appropriate to the Service. No system is completely secure. You are responsible for protecting your credentials, API keys, devices, repositories, and connected services and for promptly reporting suspected unauthorized access to support@tunc.ai.
12. Your Choices and Privacy Rights
Depending on where you live, you may have rights to know or access personal information, correct it, delete it, receive a portable copy, restrict or object to processing, withdraw consent, or appeal a denied request. You may also complain to the privacy or data-protection authority where you live. We will not discriminate against you for exercising a privacy right.
Use available account controls or email legal@tunc.ai with the subject "Privacy Request." Describe the account and request. We may verify identity and authority before acting, and legal exceptions may apply. If TUNC processes governed-workspace information only for your organization, we may direct the request to that organization.
You can unsubscribe from optional marketing email using the link in the message. We may still send account, transaction, security, and service notices.
13. California Privacy Notice
In the preceding 12 months, we may have collected the categories described in Section 2: identifiers; customer-record and account information; commercial information; internet or electronic-network activity; approximate location derived from IP address; professional or employment-related information supplied through an organization; User Content that may include sensitive information you choose to provide; and inferences limited to account, security, and product-operation needs. We collect these categories from the sources in Section 3, use them for the purposes in Section 4, and disclose them to the recipient categories in Section 7.
We do not sell personal information and do not share it for cross-context behavioral advertising. We do not use or disclose sensitive personal information to infer characteristics about a person. We do not offer financial incentives for personal information.
Where the California Consumer Privacy Act applies, California residents may request access to categories or specific pieces of personal information, correction, deletion, and information about collection and disclosure, and may exercise applicable opt-out or limitation rights. Because our current practices do not involve sale, behavioral-advertising sharing, or sensitive-information uses that require limitation, those opt-outs do not change our current processing. Submit requests as described in Section 12.
14. International Use
TUNC is based in the United States. We and our providers may process information in the United States and other countries whose laws may differ from those where you live. Where required, we use contractual or other recognized safeguards for cross-border transfers.
15. Children
The Service is for adults and is not directed to children under 18. We do not knowingly create accounts for children. If you believe a child provided personal information, contact legal@tunc.ai so we can investigate and delete it where appropriate.
16. Changes to This Policy
We may update this policy as the Service or law changes. We will post the updated version and effective date. Before using personal information for a materially different purpose, including a new use of Google user data or User Content for AI training, we will provide notice and obtain consent where required. We will not retroactively remove the no-sale and no-training commitments for information already on the Service.
17. Contact
TUNC LLC, California, USA. Privacy requests and questions: legal@tunc.ai. Security and account-access concerns: support@tunc.ai.