Legal

Privacy Policy

Last updated: April 10, 2026

1. Introduction

This Privacy Policy describes how JAMAK Lab (“we”, “us”, “our”) collects, uses, and protects your information when you use the Caudal platform (“the Platform”). We are committed to protecting your privacy and complying with Mexico's Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP).

2. Data We Collect

Account Information

When you create an account, we collect your name, email address, company name, and role within your organization.

Financial Data

To provide our services, we process financial data you upload including invoices, vendor information, bank account details (CLABE numbers), payment records, and tax identifiers (RFC). This data is stored encrypted and access is restricted to your organization through row-level security policies.

Usage Data

We collect information about how you interact with the Platform, including pages visited, features used, and actions taken. This data helps us improve the service.

Technical Data

We automatically collect IP addresses, browser type, device information, and access timestamps for security and rate-limiting purposes.

3. How We Use Your Data

  • Provide and maintain the treasury management services
  • Process payments and manage your subscription via Stripe
  • Send transactional emails (approval requests, payment notifications, invitations)
  • Enforce security through rate limiting and access controls
  • Generate cash flow projections and analytics based on your financial data
  • Improve the Platform through aggregated, anonymized usage patterns
  • Comply with legal obligations and respond to lawful requests

4. Third-Party Services

We use the following third-party services to operate the Platform:

  • Supabase — Database hosting and authentication
  • Stripe — Subscription billing and payment processing
  • Resend — Transactional email delivery
  • Upstash — Rate limiting and security enforcement
  • Vercel — Application hosting and content delivery
  • Banxico API — Exchange rate data

Each of these providers has their own privacy policies. We only share the minimum data necessary for each service to function.

5. Data Security

We implement industry-standard security measures to protect your data:

  • All data is transmitted over HTTPS/TLS encryption
  • Database-level row-level security (RLS) isolates each company's data
  • Authentication is handled through secure, httpOnly session cookies
  • Role-based access control restricts actions based on user permissions
  • All sensitive operations are logged in an audit trail
  • API endpoints are protected by distributed rate limiting

6. Data Retention

We retain your financial data for as long as your account is active. Upon account deletion or subscription cancellation, we retain data for 90 days to allow for reactivation, after which it is permanently deleted. Audit logs are retained for the legally required period under Mexican financial regulations.

7. Cookies

We use the following cookies:

  • Authentication cookies (essential) — Maintain your login session
  • Subscription cache (essential) — Cache subscription status to reduce database queries (5-minute TTL)
  • Locale preference (functional) — Remember your language preference (Spanish/English)

We do not use third-party tracking cookies or advertising cookies.

8. Your Rights (ARCO Rights)

Under the LFPDPPP, you have the right to Access, Rectify, Cancel, and Oppose the processing of your personal data (ARCO rights). To exercise these rights, contact us at hello@caudalapp.com with the subject line “ARCO Request”. We will respond within 20 business days as required by law.

9. International Data Transfers

Your data may be processed in servers located outside of Mexico (United States) through our hosting and infrastructure providers. We ensure that any international transfers comply with applicable data protection requirements and that adequate safeguards are in place.

10. Children's Privacy

The Platform is designed for business use and is not intended for individuals under 18 years of age. We do not knowingly collect data from minors.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Platform and updating the “Last updated” date. We encourage you to review this policy periodically.

12. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at: hello@caudalapp.com

JAMAK Lab
Mexico City, Mexico