Privacy Policy
Last updated: May 2026
1. Introduction
Castillo & Company (C&Co), based in Coro, Venezuela, operates Murett (murett.app), a commercial intelligence platform for SMBs. This policy describes how we collect, use, and protect your personal information.
2. Data we collect
We collect the following categories of information: (a) Account information — full name, email address, WhatsApp number, encrypted password, organization name and address, unique identifiers assigned to your account and business; (b) Business data you upload to the platform — sales, purchases, inventory, customer information (names, phone numbers, tax IDs when you load them), recipes, expenses, product photos or your logo. This data is yours and you manage it; (c) Subscription payment information — when you subscribe to a paid plan we process the minimum data necessary for the transaction (mobile payment reference, transfer or card when applicable). We do not store full card numbers — that's handled by the payment processor; (d) App usage data — pages and screens visited, features used, in-app searches, error and performance logs. This data is anonymous at the event level and aggregated at the account level; (e) Technical information — IP address, browser or device type, operating system, device identifiers (when you enable push notifications), timezone. We do not collect precise or approximate location. The mobile app does not request GPS permissions. We do not read the content of WhatsApp messages you send to your customers — we only log the metadata needed to show you the conversation history (timestamp, inbound or outbound direction).
3. How we use your data
We use your data to: provide and improve the Murett service, generate analytics and reports for your business, send you notifications about your account and subscription, respond to support requests, and comply with legal obligations. We do not sell your data to third parties or use it for third-party advertising.
4. Data retention
We retain your account data while your subscription is active. After cancellation, we retain data for 30 days to facilitate reactivation. Transactional data (sales, purchases) is permanently deleted after that period. You may request immediate deletion by contacting us.
5. Data sharing
We do not sell your personal data or your business data to third parties, nor do we use it for cross-advertising with other companies. To operate the service we rely on the following specialized providers, each under a data processing agreement: Vercel Inc. (United States) — hosting of the website and the mobile web application; DigitalOcean LLC (United States) — application server and database hosting; Sentry (United States) — error log collection for technical diagnosis; Resend (United States) — transactional email delivery (verification, password recovery, account notifications); Meta Platforms / WhatsApp Business API (United States / Ireland) — sending WhatsApp messages when you request them to communicate with your customers; Google Analytics 4 (United States) — aggregated product usage analytics; payment processor (varies by country) — subscription billing processing when applicable. We share information with competent authorities when required by law.
6. Security
Your data travels encrypted in transit using TLS 1.2 or higher between your device and our servers. The database is hosted on encrypted disks; backups are also stored encrypted. Integration keys with external services (for example your WhatsApp Business token) are additionally encrypted with AES-256 before being stored. Passwords are never stored in plain text: they are processed with Argon2id and a unique per-account value (salt). We audit our code and dependencies periodically. If you discover a vulnerability, write to soporte@murett.app or via WhatsApp and we will treat it as a priority.
7. Your rights
You have the right to: access the personal information we hold about you; correct inaccurate information directly from your account; export all your data in CSV format from Settings → Data → Export; delete your account and associated data from Settings → Privacy → Delete my account inside the application. The deletion completes within 30 days, during which you can reverse it by writing to us. After 30 days the deletion is permanent; object to data processing for purposes other than those described in this policy. For any inquiry or to exercise rights you can write to us via WhatsApp from inside the app or by email at soporte@murett.app. We respond within a maximum of 5 business days.
8. Cookies
We use essential cookies for authentication (session token in httpOnly cookie) and analytics cookies to understand how the platform is used. We do not use third-party advertising tracking cookies. You can disable non-essential cookies in your browser settings.
9. Contact
For privacy inquiries or to exercise your rights, contact Castillo & Company via WhatsApp or at soporte@murett.app. We respond to requests within 5 business days.