Tarss

Tarss Privacy Policy

Last updated 13 de Abril del 2026.

PDF EspanolPDF English

1. Identification of the Data Controller

SKY CODE S.A.S., identified with Tax Identification Number (NIT) 902029442, domiciled in Ibagué, Tolima, Colombia, hereinafter “TARSS,” acts as data controller and/or data processor of personal data as described in this policy and in the Terms and Conditions.

Contact email: dev@tarss.com.co

2. Legal Framework

These Terms and Conditions of Use shall be governed exclusively by the laws of the Republic of Colombia. In particular, they are subject to Law 527 of 1999, which establishes, regulates, and recognizes the validity of electronic acts and contracts; Law 1581 of 2012 and Decree 1377 of 2013, which regulate the processing and protection of personal data; Law 1480 of 2011, which protects users’ rights; and Law 23 of 1982, which protects intellectual property rights in software and content; as well as any other regulations that supplement, amend, or replace them.

Any dispute arising from the use of the platform shall be subject to the applicable laws of Colombia.

3. Scope of the Policy

This policy applies to all personal data processed in the context of the use of the TARSS technological platform, including those related to clients, registered users, authorized users within business accounts, and data subjects whose data are managed through the system’s functional modules.

This policy covers both processing activities in which TARSS acts as data controller and those in which it acts as data processor on behalf of its clients.

4. Roles in the Processing of Personal Data

TARSS operates under a mixed data processing model. First, it acts as data controller with respect to personal data necessary for account creation, management and administration, user authentication, billing, technical support, security, and general platform operations.

Second, TARSS acts as data processor with respect to personal data that clients upload, manage, or process within the platform, such as contact information, leads, customers, conversations, calls, transcriptions, campaigns, and other content. In such cases, the client is the data controller, and TARSS limits its processing to the client’s instructions.

5. Personal Data Processed

In the course of its operations, TARSS may process different categories of personal data.

When acting as data controller, TARSS may collect and process data such as name, email address, telephone number, business and billing information, as well as technical data related to access to and use of the platform, including IP address, user-agent, device technical identifiers, and activity and authentication logs.

When acting as data processor, TARSS may process data managed by the client within the platform, including contact information, conversation histories, messages, attachments, call records, transcriptions, content analysis, and operational metadata associated with system usage.

Additionally, the platform allows the uploading of files and structured or unstructured data; therefore, TARSS does not technically restrict the type of information that the client may input, without prejudice to the legal responsibilities borne by the client.

6. Processing of Sensitive Data

The TARSS platform may process sensitive data in cases where clients choose to upload such data directly into the system. Sensitive data shall be understood, by way of example and without limitation, as data related to financial information, health data, biometric data, access credentials, confidential information, or any data whose misuse may result in discrimination or affect the data subject’s privacy.

TARSS does not request or require this type of information for the provision of its services; therefore, its inclusion in the platform is solely at the client’s discretion. Accordingly, the client represents and warrants that it has the necessary legal basis for the processing of such data, including, where applicable, the explicit consent of the data subject.

TARSS does not monitor, filter, or validate the content uploaded to the platform, nor does it verify whether such data falls within sensitive categories. Likewise, TARSS assumes no responsibility for the improper upload of such information or for the client’s non-compliance with data protection regulations.

Notwithstanding the foregoing, TARSS implements reasonable security measures to protect the information processed. However, the use of sensitive data is discouraged unless it is strictly necessary and legally permitted.

7. Purposes of Processing

When TARSS acts as data controller, personal data are processed for the purposes of managing user accounts, enabling authentication and access to the platform, ensuring system security, preventing fraud, providing technical support, fulfilling contractual and legal obligations, and generating analytics and metrics related to the use of the service.

Additionally, TARSS may use such data to send its own informational, operational, or commercial communications related to its services.

When TARSS acts as data processor, data are processed exclusively to enable the execution of the platform’s functionalities, such as customer management, campaign execution, process automation, communication management, interaction analysis, and other operations defined by the client. In such cases, TARSS does not determine the purposes of processing, but rather acts in accordance with the client’s instructions.

8. Use of Third-Party Technologies and Artificial Intelligence

For the provision of the service, TARSS may integrate third-party technological services that enable functionalities such as call transcription, conversation analysis, and automated information processing.

The use of these tools does not imply the training of proprietary models by TARSS. However, the results generated by such systems may not be accurate, complete, or suitable for a specific purpose; therefore, the client is responsible for validating the information before using it for decision-making purposes.

TARSS does not carry out automated decision-making processes that produce legal or significantly relevant effects on data subjects.

9. International Data Transfers

In the context of service provision, personal data may be stored, processed, or transferred to servers located outside Colombia, including jurisdictions such as the United States, when necessary for the operation of the platform.

Use of the platform implies express acceptance of such international data transfers.

10. Sub-processors and Providers

TARSS may rely on third-party technology providers for the provision of its services, including infrastructure services, messaging services, data processing, artificial intelligence, authentication, and other integrations necessary for the operation of the system.

Such providers may have access to personal data in their capacity as sub-processors and may be located within or outside the territory of Colombia.

11. Information Security

TARSS implements reasonable technical, administrative, and organizational measures to protect information, including credential encryption mechanisms, token protection, integrity validation, role-based access control, use of secure cookies, request rate limiting, and logging of security and audit events.

However, the user acknowledges that no technological system can guarantee absolute security, and therefore inherent risks may exist in the transmission and storage of information.

12. Data Retention

Personal data shall be retained for as long as necessary to fulfill the purposes of processing and contractual obligations. Once the relationship with the client has ended, TARSS may retain the data for an approximate period of up to ninety (90) days, unless a legal obligation or justified need requires retention for a longer period.

Anonymized or aggregated data may be retained indefinitely.

13. Data Subject Rights

Data subjects have the right to access, update, rectify, and delete their personal data, as well as to revoke the authorization granted for its processing, in accordance with applicable law.

14. Procedure for Exercising Rights

Requests related to the exercise of rights may be submitted to dev@tarss.com.co. TARSS shall respond within a maximum period of forty-eight (48) business hours.

Upon receipt of a request, TARSS shall verify the identity of the requester and determine whether it acts as data controller or data processor. If TARSS acts as data processor, the request may be forwarded to the client acting as data controller for handling.

15. Client Responsibility

The client is solely responsible for ensuring that the processing of personal data carried out through the platform complies with applicable regulations, including obtaining authorizations, defining the legal basis, addressing data subject rights, and complying with corresponding regulatory obligations.

TARSS does not collect or validate consents on behalf of the client, nor does it assume responsibility for how the client uses the platform.

16. Security Incidents

In the event of incidents affecting information security, TARSS may adopt necessary measures to mitigate risks, investigate the situation, and protect the integrity of the system. Where reasonably possible, TARSS may notify affected clients.

17. Minors

The platform is not directed at minors. The client is responsible for preventing the improper processing of personal data of minors through the use of the service.

18. Cookies and Tracking Technologies

TARSS may use analytics and tracking tools, including Google Analytics and Meta Pixel, in order to understand user behavior, improve the user experience, and optimize the service.

19. Amendments to the Policy

TARSS may modify this Privacy Policy at any time to reflect regulatory, technical, operational, or commercial changes. Such modifications shall become effective upon publication.

20. Contact

For any inquiries related to this policy or the processing of personal data, data subjects may contact TARSS via email at dev@tarss.com.co.