PRIVACY POLICY

Fuego Studios, Inc.

Effective Date: October 26, 2025
Last Updated: October 26, 2025

1. INTRODUCTION

Welcome to Fuego Studios, Inc. ("Fuego," "we," "us," or "our"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile app builder platform, website (fuego.io), and related services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy.

2. INFORMATION CLASSIFICATION AND PROTECTION

2.1 Information We Collect

We collect and classify the following types of information:

Personal Information:

  • Name and email address
  • Account credentials and authentication data

Technical Information:

  • IP address, browser type, and device information
  • Usage data, analytics, and performance metrics
  • Log files and system access records
  • Cookies and tracking technologies

Customer Data:

  • Data you upload or transmit through our platform
  • Mobile app content and configurations
  • Analytics and Store data integrated through Shopify and third-party services

2.2 Data Classification

We classify information based on sensitivity levels:

  • Public: Information intended for public disclosure
  • Internal: Information for internal business operations
  • Confidential: Sensitive business and customer information
  • Restricted: Highly sensitive data requiring special protection

3. AUTHORIZED USE AND DISCLOSURE OF DATA

3.1 How We Use Your Information

We use your information for:

  • Providing and maintaining our Services
  • Processing payments and transactions
  • Communicating with you about your account and services
  • Improving our platform through analytics and research
  • Complying with legal obligations
  • Detecting and preventing fraud or security breaches

3.2 Information Sharing

We may share your information with:

  • Service Providers: Third-party vendors who assist in our operations (with your consent)
  • Business Partners: Shopify and integrated app providers (with your consent)
  • Legal Authorities: When required by law or to protect our rights

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. ACCESS CONTROL

4.1 User Access Rights

You have the right to:

  • Access your personal information
  • Correct inaccurate or incomplete data
  • Delete your personal information (subject to legal requirements)
  • Port your data to another service
  • Restrict processing of your information
  • Object to certain uses of your data

4.2 Internal Access Controls

We implement role-based access controls ensuring:

  • Employees access only information necessary for their job functions
  • Multi-factor authentication for system access
  • Regular access reviews and permission updates
  • Segregation of duties for sensitive operations

5. PHYSICAL SECURITY REQUIREMENTS

5.1 Data Center Security

Our data is protected through:

  • SOC 2 Type II certified cloud providers
  • Data Centers with 24/7 physical security monitoring
  • Biometric access controls and security cameras
  • Environmental controls and redundant power systems
  • Secure disposal of hardware containing data

5.2 Office Security

Our facilities maintain:

  • Controlled access to work areas
  • Secure storage of physical documents
  • Clean desk policies
  • Visitor management systems

6. ACCEPTABLE USE OF INFORMATION AND IT DEVICES

6.1 Permitted Uses

Information and IT resources may be used for:

  • Legitimate business purposes related to our Services
  • Authorized research and development activities
  • Compliance and legal requirements
  • Security monitoring and incident response

6.2 Prohibited Activities

The following activities are strictly prohibited:

  • Unauthorized access to systems or data
  • Sharing credentials or access privileges
  • Using information for personal gain or unauthorized purposes
  • Installing unauthorized software or applications
  • Attempting to bypass security controls

7. SECURITY IN HUMAN RESOURCES

7.1 Employee Screening

We conduct appropriate background checks for employees with access to sensitive information.

7.2 Security Training

All personnel receive:

  • Initial security and privacy training
  • Regular updates on security best practices
  • Specific training for roles handling sensitive data
  • Incident response and reporting procedures

7.3 Confidentiality Obligations

All employees and contractors sign confidentiality agreements and are bound by ongoing privacy and security obligations.

8. SOFTWARE DEVELOPMENT SECURITY

8.1 Secure Development Practices

We implement:

  • Secure coding standards and guidelines
  • Code review processes for security vulnerabilities
  • Automated security testing in development pipelines
  • Third-party security assessments and penetration testing

8.2 Data Protection by Design

Our development process incorporates:

  • Privacy and security considerations from initial design
  • Data minimization principles
  • Encryption of data in transit and at rest
  • Regular security updates and patches

9. INCIDENT MANAGEMENT AND RESPONSE PROCEDURES

9.1 Security Incident Response

In the event of a security incident:

  • Immediate containment and assessment procedures
  • Notification to affected parties within 72 hours (where required)
  • Investigation and root cause analysis
  • Implementation of corrective measures
  • Documentation and reporting to relevant authorities

9.2 Privacy Incident Response

For privacy incidents involving personal data:

  • Rapid assessment of impact and risk
  • Notification to data protection authorities (where required)
  • Communication with affected individuals
  • Remediation and prevention measures
  • Ongoing monitoring and review

10. COMPLIANCE WITH LAWS AND REGULATIONS

10.1 Regulatory Compliance

We comply with applicable privacy and data protection laws, including:

  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • Children's Online Privacy Protection Act (COPPA)
  • State and federal privacy regulations
  • International privacy frameworks

10.2 Industry Standards

We adhere to recognized industry standards:

  • ISO 27001 information security management
  • SOC 2 Type I compliance
  • Privacy framework best practices
  • Shopify App Store security requirements

11. RETENTION AND DESTRUCTION OF DATA

11.1 Data Retention

We retain information for as long as:

  • Your account remains active
  • Necessary to provide our Services
  • Required by legal or regulatory obligations
  • Needed for legitimate business purposes

11.2 Data Destruction

Upon expiration of retention periods:

  • Secure deletion of electronic data
  • Physical destruction of storage media
  • Certificate of destruction for sensitive information
  • Verification of complete data removal

11.3 Retention Schedules

  • Account information: Duration of relationship plus 1 year
  • Transaction records: 3 years from transaction date
  • Security logs: 1 year from creation
  • Marketing data: Until consent withdrawn or 3 years of inactivity

12. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies to:

  • Provide and improve our Services
  • Remember your preferences and settings
  • Analyze usage patterns and performance
  • Deliver relevant content and advertisements

You can control cookie settings through your browser preferences.

13. INTERNATIONAL DATA TRANSFERS

We may transfer your information to countries outside your jurisdiction. When we do:

  • We ensure adequate protection through appropriate safeguards
  • We comply with applicable cross-border transfer requirements
  • We use standard contractual clauses or other approved mechanisms

14. CHILDREN'S PRIVACY

Our Services are not intended for children under 13. We do not knowingly collect personal information from children under 13. If we discover such information, we will delete it promptly.

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending email notifications to registered users
  • Providing in-app notifications

Continued use of our Services after changes constitutes acceptance of the updated policy.

16. CONTACT INFORMATION

For questions about this Privacy Policy or our privacy practices, contact us:

Fuego Studios, Inc.
Email: [email protected]
Address: 1188 Mission St, APT 1212, San Francisco, CA 94103
Phone: +1(970)888-6942

For EU residents, you may also contact our Data Protection Officer at: [email protected]

17. YOUR RIGHTS AND CHOICES

Depending on your location, you may have additional rights including:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to correct inaccurate information
  • Right to data portability
  • Right to opt-out of sale of personal information (where applicable)
  • Right to non-discrimination for exercising privacy rights

To exercise these rights, contact us using the information provided above.