When you click “Accept all cookies”, you accept the storage of cookies on your device to improve site navigation, analyze site usage and assist in our marketing efforts. See our Privacy Policy for more information.
PreferencesRefuseAccept

Our app and website

Privacy Policy

Privacy Policy (ES)

Terms of use

Terms of use (ES)

Privacy Policy

Fecha de entrada en vigor: 07/22/2025Last updated: August 20th, 2024

I. Our Commitment to User Privacy:

We are committed to:

  • Ensure your personal data is kept safe, private, and secure.
  • We will never share or sell your data for monetary gain.
  • Give you complete control and choice for your tracking & marketing preferences at any time.
  • We will never share your data with unaffiliated third parties without your explicit and written consent.

II. About this Policy:

This Privacy Policy (“Policy”) describes how Tumoni, Inc., doing business as Tumoni, protects and manages your personal data, including:

  • What data we collect when you sign up for, use, or engage with any of our applications, products, services, or websites (collectively, the "Services");
  • How we manage data from the beginning of your engagement onwards;
  • Your choices regarding how data is managed according to your level of consent.

When we say ‘personal data’, we mean information which:

  • We know about you (for example, we know when you use your Tumoni account or card to pay for things)
  • Can be used to personally identify you (for example, a combination of your name and postal address)

We may provide this policy in languages other than English. If there are any discrepancies between other language versions and the English language version, the English language version will prevail.

III. We Limit Use of Your Personal Data to:

  • Providing, maintaining, and improving our Services;
  • Verifying your identity for internal purposes, where applicable;
  • Communicating with you about new and existing Services;
  • Protecting the legal rights, property, and safety of our Services and users.

At no point will we ever share your personal information with third parties unless it is to provide our services.

IV. We Collect and Use Data:

We collect your personal data when you use:

  • our website at www.tumoni.com;
  • any of our Tumoni apps;
  • any of the services available to you through our apps or website.

Data We Collect:

Your name, residential address, email address, phone number, birth date, government-issued identification number, biometric data via selfie, where necessary: payment card and bank information, if applicable, as well as other information you may be asked to provide when signing up for an account, providing identity verification or engaging in a transaction.

Other Data:

  • Transaction Data: when, where, and how a transaction takes place, including, but not limited to, the devices and payment methods used;
  • Device Data: hardware model, operating system, unique device identifiers, mobile network data, as well as other data generated by a device's interaction with our Services;
  • Location Data: to prevent fraudulent use of our Services;
  • User Data: browser data, Internet Protocol ("IP") addresses, and other data describing user engagement;
  • Cookies: small data files we may store on your computer or mobile device memory to help us manage your engagement with our Services, including gathering aggregated data about engagement;
  • Beacons: small electronic images we may use in our Services and emails to deliver cookies and measure user engagement.
  • Information to Enhance your Experience: other data, such as a profile picture that may enhance your experience.

Sources of Information:

  • We also check that you are using our Services legally and are eligible for the Services you want to use. We protect the Services from fraudsters who may put you and your money at risk. To do this, we may collect data about you from companies that help us verify your identity, if applicable, prevent fraud, or assess risk.
  • We collect information about you from the following categories of sources:
    • You directly, when you submit information to us or allow us to access information,
    • Your devices and how you interact with our Services and
    • Other sources, including:
      • Identity Verification: Information from third-party identity verification services and publicly available sources, including your government-issued identification number.
      • Information about you from third parties for any investigation, eligibility, identity or account verification process, fraud detection process, or collection procedure, or as may otherwise be required by applicable law. This may include, without limitation, social media accounts.
  • Location Data: Our mobile application may require location data. If you do not grant us access to this data, you may be unable to use our Services. If you grant access to location data but later revoke this access, your mobile device may no longer be able to use our Services. You may also uninstall our Services to stop the collection of location data.
  • Marketing: You can opt out of email or text messages by following the instructions in these messages. If you opt out, we may still send you notifications regarding transactions and services related to our ongoing business relationship.
  • Notifications: Our Services may ask you for permission to send notifications to your device. Our services will still work if you do not grant us permission to send you notifications.
  • Cookies and Tracking Technologies:
    • Cookies are small text files placed on your computer by websites and services you visit or access. They are widely used to make websites and services work and function more efficiently and to provide information about our users’ experience during the use of, or interaction with, our websites and Services. Some cookies last only for the duration of your web session and expire when you exit your browser; others may last for longer than your web session, including after you exit your browser, for example, by remembering when you return to our website.
    • Functional Cookie for Preferences and Settings: These cookies are used to record a user’s choice and settings that enable our websites and Services to operate correctly or maintain your preferences over time and may be stored on your device.
    • Analytics Cookie: We use cookies and other identifiers to gather usage and performance data to provide our products and improve your user experience on our websites and our Services. For example, we use cookies to count the number of unique visitors to a web page or service or our blog and to develop other statistics about the operations of our Services. This may include cookies from us and third-party providers. We use the information to compile reports and to help us improve our websites and Services.
    • How to Control Cookies: Most web browsers automatically accept cookies but provide controls that allow you to block or delete them. For example, in most modern browsers, you can block or delete cookies by clicking Settings > Tumoni > Cookies. Instructions for blocking or deleting cookies in other browsers may be available in each browser's privacy or help documentation.
    • Do Not Track: Some browsers support a “Do Not Track” feature intended to signal to websites that you do not wish to be tracked across different websites you visit. Our Services do not currently change how they operate based upon detecting a Do Not Track or similar signal.

V. We Share Personal Data Under Controlled Circumstances:

  1. With affiliated Third Parties:
    In accordance with our Third Party Risk Management Policy, Tumoni diligently reviews its Third Party privacy policies to ensure the proper use and protection of our customer’s data before starting a business relationship. 
    Third-party access to the data is limited by Tumoni. Some third-party providers may access the data through an internal IP whitelisting process that permits the third party to “cross” our firewall. Tumoni will only allow access to, or share, the customer data required to complete the third-party intended task.
    • How we share your data: Each third-party provider has an integration dashboard created solely for Tumoni’s restricted access. This integration platform allows the Tumoni Engineering team to create processes that communicate with the third-party established processes. 
    • Third-Party Analytics Services
      • We and our third-party service providers may sometimes use technologies to engage in data analytics, auditing, measurement, research, reporting, and debugging on our Services and to measure interactions with our services.
      • Tumoni ensures that all the services that may be used for analytics purposes are adequately licensed and that their privacy policy protects our customers' data.
  2. With Government & Regulatory agencies
    1. With government and law enforcement where reasonably necessary to comply with applicable law, regulation, legal process, or governmental request;
    2. With others where reasonably necessary to protect the security or integrity of our Services or users’ safety;
    3. In connection with, or during the negotiation of, any merger, sale of company stock or assets, financing, acquisition, divestiture, or dissolution of all or a portion of our business;
  3. Social media and advertising companies
    When we use social media for marketing purposes, your personal data (limited to only your name, email address, phone number) may be shared with the social media platforms so that they can check if you also hold an account with them. If you do, we may ask the social media provider to:
    • help us to understand and measure the effectiveness of our online advertising;
    • use your personal data to send our adverts to you, because we think that you might be interested in a new Tumoni product or service;
    • not send you our adverts, because the marketing relates to a service that you already use;
    • send our adverts to people who have a similar profile to you (for example, if one of our services is particularly useful to people with similar interests to the ones on your social media profile, we may ask our advertising partner or social media partner to send our adverts for that service to those people);
      We may share your personal data with our advertising partners in the ways described above, but the personal data is hashed before we send it, and the advertising partner we share it with is only allowed to use that hashed personal data in the ways described above.

      Our legal basis is:
      legitimate interests (to ensure Tumoni’s advertising is as effective as possible)
  4. We may also share aggregated and anonymized information that does not explicitly identify you or any individual user of our Services.

VI. Website and Third party links:

We may make changes to our site

We may suspend or withdraw our site. We may occasionally update and change our site to reflect changes to our products, users' needs, and business priorities. We will try to give you reasonable notice of any significant changes.

Our site is made available without charge. We do not guarantee that our site, or any content on it, will always be available or uninterrupted. We may suspend, withdraw, or restrict the availability of all or any part of our site for business and operational reasons. We will try to give you reasonable notice of any suspension or withdrawal.

You are also responsible for ensuring that all persons who access our site through your internet connection are aware of these terms of use and other applicable terms and conditions and that they comply with them.

Tumoni is the owner or the licensee of all intellectual property rights on our site and in the material published on it. Those works are protected by copyright laws and treaties around the world. All such rights are reserved.

You may print off one copy and download extracts of any page(s) from our site for your personal use, and you may draw the attention of others within your organization to content posted on our site.

You must not modify the paper or digital copies of any materials you have printed off or downloaded in any way, and you must not use any illustrations, photographs, video or audio sequences, or any graphics separately from any accompanying text.

Our status (and that of any identified contributors) as the authors of content on our site must always be acknowledged.

You must not use any part of the content on our site for commercial purposes without obtaining a license from us or our licensors.

If you print off, copy, or download any part of our site in breach of these terms of use, your right to use our site will cease immediately, and you must, at our option, return or destroy any copies of the materials you have made.

Do not rely on information on this site

The content on our site is provided for general information only. It is not intended to amount to advice on which you should rely. You must obtain professional or specialist advice before taking or refraining from any action based on the content on our site.

Although we make reasonable efforts to update the information on our site, we make no representations, warranties, or guarantees, whether expressed or implied, that the content on our site is accurate, complete, or up to date.

We are not responsible for websites we link to

Where our site contains links to other sites and resources provided by third parties, these links are provided for your information only. Such links should not be interpreted as our approval of those linked websites or information you may obtain from them. We have no control over the contents of those sites or resources.

User-generated content is not approved by us

This website may include information and materials other site users upload, including bulletin boards. We have not verified or approved this information or these materials. The views expressed by other users on our site do not represent our views or values.

Uploading content to our site

Whenever you use a feature that allows you to upload content to our site or contact other site users, you must comply with the content standards set out in our Acceptable Use Policy.

You warrant that any such contribution does comply with those standards, and you will be liable to us and indemnify us for any breach of that warranty. This means you will be responsible for any loss or damage we suffer due to your breach of warranty.

VII. Security:

We maintain strong measures, including administrative, technical, and physical safeguards, to help protect your personal data from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. Tumoni’s Security Architecture is proprietary, which mitigates the nefarious use of standard tools to access or breach our security infrastructure. 

We maintain strict security standards and procedures with a view to preventing unauthorized access to your data by anyone, including our staff. We use leading technologies such as (but not limited to) rate limiters, data encryption, abstraction layers, firewalls, and server authentication to protect the security of your data.

Tumoni is committed to protecting its customer’s information. We have set in place an Incident Response Policy with specific guidelines to protect our user’s data in the event of a Security Breach. To mitigate potential external data scraping or brute-force search attacks from bad actors, Tumoni has made great efforts to limit the discoverability of our users. Users can only be located via their unique Monitag, and if a brute-force search of multiple Monitags occurs, our rate limiter will negate any significant harm. 

No method of electronic transmission or storage is 100% secure; therefore, we cannot guarantee absolute security of your Personal Information. You also play a role in protecting your Personal Information. Please safeguard the username and password for your account and do not share them with others. If we receive instructions using your Account log-in information, we will consider that you have authorized the instructions. You agree to notify us immediately of any unauthorized use of your Account or any other breach of security related to the Services. At our sole discretion, we reserve the right to refuse to provide the Services, terminate your Account, and remove or edit content.

VIII. Consent:

GLB Act

“Financial institutions must provide their clients a privacy notice that explains what information the company gathers about the client, where this information is shared, and how the company safeguards that information. This privacy notice must be given to the client prior to entering into an agreement to do business.”. Please check Appendix A.

Tumoni will always request user agreement and acknowledgment of our privacy policy upon new user sign-up.

IX. Additional Privacy Rights:

  • Privacy Rights and Information for California Residents
    • Exercising Your Rights:
      • If you are a California resident and would like to exercise any of your rights under the CCPA, please contact us as outlined in the “Contact Details” section below. We will process such requests in accordance with applicable laws.
      • Please note that according to the CCPA exemptions, “Financial Institutions shall follow GLBA Data privacy obligations (i.e., those requirements related to the collection, use, and volitional sharing of the personal data) and are exempt from state obligations on this specific matter.
      • This does not, however, exempt Tumoni from having to follow the data security requirements of the CCPA. (i.e., those requirements related to the protection of personal data). As a result, the California Attorney General ('AG'), the California Privacy Protection Agency ('CPPA'), and private plaintiffs may still bring suit against Tumoni for alleged data security failures that lead to data breaches.
    • “Sales” of Personal Information under the CCPA. For purposes of the CCPA, Tumoni does not “sell” personal information.
    • Non-Discrimination. California residents (and all Tumoni users according to our non-discrimination rule of conduct) have the right not to receive discriminatory treatment by us for exercising their rights conferred by the CCPA.
    • Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. To authorize an agent, provide written authorization signed by you and your designated agent and contact us.
    • Verification. To protect your privacy, we will take steps to reasonably verify your identity before fulfilling your request. These steps may involve asking you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative or to answer questions regarding your account and use of our services.
    • De-Identified Information. If we create or receive de-identified information, we will not attempt to re-identify such information except to comply with applicable law.
  • GLBA FTC Privacy Notice:
    • Tumoni will be displaying its annual privacy notice based on the FTC example. This notice will detail to customers how Tumoni uses their data and will provide tools and options to manage our access to their data. Please check Appendix A.

X. Changes to this Policy:

We may amend this Policy occasionally by posting a revised version and updating the “Effective Date” above. The revised version will be effective on the “Effective Date” listed. We will provide you with reasonable prior notice of material changes in how we use your information, including by email if you have provided one. If you disagree with these changes, you may cancel your account anytime. 

By continuing to use or access our Services, you are consenting to the practices, changes, and updates described in this Policy.

XIV. Contact Details:

If you have questions about these policies or the operation of the Services, contact Tumoni at +1 (585) 636-2311 via phone or WhatsApp, or via email to help@tumoni.com.

XVI. Appendix:

Appendix A. GLBA Annual Privacy Notice: 2025


® 2025, Tumoni, inc. All Rights Reserved