Privacy Policy

1. Data controller

Data controller and cloud service provider: Type Two Agency LLC.

"Inary Systems" is not, as of this Policy, a Venezuelan operating entity for the service. Copyright registration of the work "Conti" with Servicio Autónomo de Propiedad Intelectual (SAPI) de Venezuela (depositing author: Juan Andrés Marcano Benítez) protects authorship in Venezuela; product code and licenses belong to Type Two Agency LLC and are governed by the laws of the State of Washington, United States.

Dedicated privacy and personal data email: [email protected]

Product support: [email protected]

Security incidents: [email protected]

Legal domicile: State of Washington, United States (formal inquiries by email).

2. Scope and users

The Platform primarily serves entrepreneurs and accountants operating or advising businesses, many in Venezuela. By registering, you confirm legal capacity to accept this Policy and, if acting for an organization, that you are authorized to bind it.

Future features for corporations may involve additional processing we will disclose before activation.

3. Information we collect

• Account data: name, email, phone, usage type (entrepreneur, accountant, etc.), credentials, and preferences.
• Organization data: business name, tax IDs you enter (e.g. RIF), branches, catalog, inventory, sales, purchases, books, and supporting documents.
• Payment data: transaction IDs, amounts, subscription status (card processing via Stripe or others; we do not store full card numbers).
• Usage data: technical logs, IP address, device, cookies, product metrics, and security logs.
• Optional public content: accountant profiles, virtual store, digital menu, marketplace messages, or intake forms you choose to publish.
• Store/showcase orders: if you enable proof-based payment, buyers may submit contact details, payment reference, and proof files; we process them to operate the order and display them to the merchant organization, not as payment confirmation by UsaConti.
• Communications: support messages, feedback, integrations (e.g. Telegram for platform operations when applicable).

4. Fiscal and accounting data

You may upload sensitive tax and accounting information (books, withholdings, IGTF, support reports, client portfolio data). You do so under your responsibility and, for accountants, under your professional relationship with clients.

The Platform does not automatically transmit your records to Servicio Nacional Integrado de Administración Aduanera y Tributaria (SENIAT) as a homologated invoicing system. Any export or report is initiated by you or authorized organization users.

In Venezuela, taxpayers must keep fiscal and accounting records for at least 5 (five) years; homologated fiscal system or documentation contexts may require up to 10 (ten) years under applicable rules. Conti is not homologated; these periods are informational references to general obligations.

We recommend internal access controls (roles, invitations, revocation) and not sharing credentials.

5. Processing purposes

• Provide, maintain, and improve the Platform and its features (POS, books, store, KDS, accountant hub, AI, etc.).
• Process payments, subscriptions, add-ons, and support.
• Security, fraud prevention, and compliance with legal obligations applicable to Type Two in the U.S.
• Operational communications, service notices, and, with consent where required, marketing messages.
• Aggregated, anonymized product analytics.

6. Sharing with third parties

We do not sell your personal information. We may share data with:

• Infrastructure providers: Supabase (PostgreSQL, authentication), Vercel (web app hosting), CDN, transactional email, and similar services.
• Payment processors (Stripe) and authentication services.
• AI providers when you use automated features, under confidentiality and minimization agreements.
• Other users in your organization per roles you configure.
• Competent authorities only when a valid legal obligation or duly founded court order exists in the U.S. or a jurisdiction where we are subject to compliance; we do not voluntarily, informally, or on request disclose data to Venezuelan or other authorities without proper legal process.

7. International transfers

Your data may be stored and processed in the United States or other countries where our vendors operate (e.g. Supabase and Vercel infrastructure). We use reasonable contractual and technical measures (TLS/HTTPS in transit, access controls, RLS per organization) to protect information.

If you access from Venezuela, you acknowledge the service is provided by a U.S. entity and that data protection laws in your country (including LOPDP) may grant you additional rights you may exercise with us.

8. Retention, fiscal legal holds, and account closure

We retain information while your account is active or as needed to provide the service, resolve disputes, comply with legal obligations, or enforce agreements.

Venezuelan tax regulation and practice before Servicio Nacional Integrado de Administración Aduanera y Tributaria (SENIAT) may require keeping books, accounting records, and supporting fiscal documentation for at least 5 (five) years, and up to 10 (ten) years in homologated fiscal system or documentation contexts. When applicable law requires it, Type Two will retain personal and business data that reflect or support those records even after account closure, even if you request deletion.

After cancellation or closure, we may offer an operational window of up to 90 (ninety) calendar days for export or pending incidents during wind-down; this does not mean all data will be deleted when that period ends if legal retention still applies.

When applicable legal periods expire, we delete or anonymize production data reasonably. Encrypted backup copies may persist for up to 30 (thirty) additional days as a technical purge detail after that deletion.

• Your obligation: keep fiscal and accounting records under law (minimum 5 years; up to 10 years where applicable).
• Conti: hosts and processes data for the service and may retain it by legal mandate after closure; immediate deletion does not apply when law requires retention.
• Export: export your data before closure; the post-cancellation window is operational support, not a promise of full erasure at 90 days.

9. Security

We apply reasonable technical and organizational measures appropriate for a growing SaaS. What we use today includes:

• Supabase (PostgreSQL) with managed authentication and row-level security (RLS) policies to isolate data per organization.
• Web application on Vercel with TLS/HTTPS encrypted communications.
• Encryption at rest where provided by Supabase infrastructure and our vendors.
• Periodic database backups; these do not replace your own exports.
• Role-based access controls within the organization and technical operation logs.

No system is 100% secure. Protect your credentials and report unauthorized access to [email protected].

10. Your rights (incl. LOPDP)

If you access from Venezuela or another jurisdiction with data protection law, you may request access, correction, deletion, objection, restriction, or portability of your personal data by emailing [email protected].

We will respond to requests related to Venezuela's Organic Law on Personal Data Protection (LOPDP) and equivalent rights within 15 (fifteen) business days of receiving a complete, verifiable request. We may ask for additional information to confirm identity.

Deletion may be deferred or limited when legal retention of fiscal, accounting, or supporting records required by Venezuelan regulation or a valid competent authority order applies.

Organization accounting data may require account owner or admin authorization to modify or delete.

11. Cookies and similar technologies

We use essential, preference, and analytics cookies per our Cookie Policy. You can manage preferences from the consent banner when available.

12. Children

The Platform is not directed at anyone under 18. We do not knowingly collect data from minors.

13. Changes

We may update this Policy by publishing a new version on the Platform. The “Last updated” date will reflect the change.

If we introduce material changes to how we process personal data, we will notify you at least thirty (30) days in advance via the email on your account and, when feasible, through an in-app notice. You may cancel the service before they take effect if you do not accept the changes.

14. Contact

To exercise rights, privacy inquiries, or security reports, use the appropriate channel: