Tyspicar

Privacy Policy

Last updated: January 15, 2026

At Tyspicar S.A.S. (hereinafter "Tyspicar", "we" or "the Platform"), located at Av. González Suárez N31-72, Quito, Ecuador, we are committed to protecting the privacy of our users. This policy describes how we collect, use, store, and protect your personal information in accordance with Ecuador's Organic Law on Personal Data Protection (LOPDP), effective since 2023.

1. Information We Collect

We collect information you provide directly when creating your account, verifying your identity, or using our services: identification data (name, ID/passport, date of birth), contact data (email, phone, address), financial information (bank details for return transfers), KYC/AML documentation required by regulation, and browsing data (IP address, device type, pages visited).

2. Use of Information

We use your information to: manage your account and process investments, comply with legal and regulatory obligations (KYC/AML), communicate about your investments and project status, improve our services and user experience, send commercial communications (with your prior consent), and prevent fraud and illicit activities.

3. Legal Basis for Processing

The processing of your data is based on: your express consent upon registration, the execution of the services agreement, compliance with legal obligations (Securities Market Law, SCVS regulations), and our legitimate interest in fraud prevention and service improvement.

4. Data Sharing

We do not sell your personal information. We share data only with: financial entities for payment processing, regulatory authorities when required by law, technology service providers under confidentiality agreements, and project developers to the extent necessary to manage your investment.

5. Security and Storage

We implement technical and organizational measures to protect your information: AES-256 encryption for data at rest, TLS 1.3 for data in transit, multi-factor authentication, quarterly security audits, and servers located in SOC 2 Type II certified data centers. We retain your data for the duration of your relationship with us and for the legally required period (minimum 10 years for financial records).

6. Your Rights

Under the LOPDP, you have the right to: access your personal data, rectify inaccurate information, request data deletion (subject to legal obligations), restrict or object to processing, data portability, and withdraw your consent. To exercise these rights, contact our Data Protection Officer at privacidad@tyspicar.com.

7. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes by email and publish the updated version on the Platform with the new effective date.