Privacy policy

⚠ DRAFT DOCUMENT — this text requires legal review and registration with the Argentine Data Protection Agency (AAIP) before publication. Replace the placeholders {RAZÓN_SOCIAL}, {CUIT}, {DOMICILIO_LEGAL}, {EMAIL_LEGAL}.

This Policy describes how {RAZÓN_SOCIAL} collects, uses and protects the personal data of Service Users, in accordance with Argentine Personal Data Protection Law 25.326, its Regulatory Decree 1558/2001 and the complementary provisions issued by the Agency for Access to Public Information (AAIP).

1. Data controller

  • Legal name: {RAZÓN_SOCIAL}
  • Tax ID (CUIT): {CUIT}
  • Legal address: {DOMICILIO_LEGAL}, Buenos Aires, Argentina
  • Controller email: {EMAIL_LEGAL}

2. Data we collect

  • Telegram identification data: user ID, first name, last name, username (when available), language and profile picture.
  • Contact and shipping data: phone number, delivery address, geographic coordinates linked to the address, recipient name, order notes.
  • Order data: products, quantities, prices, dates, status, order history, comments.
  • Payment data: chosen method, transaction identifier provided by the processor (MercadoPago / Bybit / bank), amount and date. We do not store the full card number or CVV.
  • Technical data: IP address, client type (Telegram WebApp / Web), device information, system logs — for security and diagnostics.

3. Purpose of processing

  • Process and deliver orders.
  • Communicate with the User about order status and support inquiries.
  • Comply with tax and accounting obligations established by AFIP.
  • Prevent fraud and abuse.
  • Improve the Service through aggregated statistics.
  • Send operational notifications (order status updates, reminders) and, with prior revocable consent, promotional communications.

4. Legal basis

Processing is based on (a) performance of the sales contract, (b) compliance with legal and tax obligations, (c) the controller's legitimate interest in fraud prevention and Service improvement, and (d) the User's consent for specific purposes.

5. Data processors

We share strictly necessary data with the following processors:

  • Telegram FZ-LLC (UAE) — messaging and authentication platform.
  • MercadoPago S.R.L. (Argentina) — card and account-balance payment processing.
  • Bybit Fintech Limited (UAE) — USDT-TRC20 payment verification.
  • Geocoding provider — OpenStreetMap / Nominatim, for converting addresses into coordinates.
  • Hosting provider — server infrastructure that runs the Service.

We do not perform additional international data transfers without adequate safeguards under article 12 of Law 25.326.

6. Retention period

  • Accounting and tax data (orders, invoices, payment receipts): 10 years, as required by AFIP.
  • Telegram account and address data: while the account remains active, plus 12 months after last activity.
  • Marketing data: until the User withdraws consent.
  • Technical and security logs: up to 12 months.

7. Rights of the data subject

In accordance with articles 13–16 of Law 25.326, the User has the right to:

  • Access: know which personal data is held in our records.
  • Rectification: update or correct inaccurate data.
  • Deletion: request deletion of data when no longer necessary.
  • Objection: object to specific types of processing, in particular for advertising.

To exercise these rights, the User may write to {EMAIL_LEGAL} indicating their name, Telegram ID and the specific request. We will respond within 10 calendar days from receipt of the request (art. 14 of Law 25.326).

8. Cookies and browser storage

The Service uses Telegram's technical storage (initData) and, in the web version, the browser's local storage to maintain the User's session. We do not use third-party advertising tracking cookies.

9. Minors

The Service is intended for persons over 18 years of age. We do not knowingly collect data from minors. For age-restricted products (e.g. alcoholic beverages), additional verification may be requested at delivery.

10. Security

We apply reasonable technical and organisational measures to protect data against unauthorised access, loss or alteration, in accordance with Disposition 11/2006 of the National Personal Data Protection Office.

11. Supervisory authority

The User may file complaints with the Agency for Access to Public Information (AAIP), Av. Pte. Julio A. Roca 710, 2nd floor, City of Buenos Aires — the supervisory authority for Law 25.326.

12. Changes

This Policy may be amended to adapt to legal or Service changes. The version in force is the one published on this page, with the date of last update indicated.

13. Contact

For any privacy-related inquiry: {EMAIL_LEGAL}.

Last updated: complete on publication.