Who we are

TukuToi is a registered LTD (TukuToi Company Limited) in the Socialist Republic of VietNam

Full Name: Công Ty Tnhh Tukutoi

Director: Schmid Beda

Address: Tang 5, 16-18 Xuan Dieu, Phuong 04, Quan Tan Binh, TP Ho Chi Minh, Việt Nam

Tax Number: 0317143575

Email: congtytnhh@tukutoi.com

Introduction

At tukutoi.com, accessible from https://www.tukutoi.com, one of our main priorities is the privacy of our visitors.

We meant it. This is not just a standard phrase.

TukuToi is possibly the first online website being completely off-the-grid when it comes to tracking. We have for this purpose branded a Zero Tracking Policy badge, which websites can use to declare their tracking, privacy and security policy, and which we implement ourselves, of course. More on that here.

TukuToi.com does not track you in any way other than absolutely necessary. We do not engage in marketing or user tracking and surveillance as commonly done with and by Google Analytics and/or Search console, Facebook and else Pixels or tracking code, or any other (not even self hosted like plausible.io) tracking and surveillance activities of our Visitors.

Our Server logs your IP, and when you leave a message in the contact form, we have to retain, and moderate, certain data for our own safety. But, that’s it. This is also why if you want to tell us something, you will have to enter in contact. We repeat: TukuToi does not track any of your activities on this website or elsewhere.

That said, this Privacy Policy document contains types of information that is collected and recorded by tukutoi.com and how we use it.

If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us.

Please also refer to our Terms and Conditions

General Data Protection Regulation (GDPR)

We are a Data Controller of your information.

tukutoi.com legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Information we collect and the specific context in which we collect the information:

  • tukutoi.com needs to perform a contract with you
  • You have given tukutoi.com permission to do so
  • Processing your personal information is in tukutoi.com legitimate interests
  • tukutoi.com needs to comply with the law

tukutoi.com will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. If you wish to be informed what Personal Information we hold about you and if you want it to be removed from our systems, please contact us.

In certain circumstances, you have the following data protection rights:

  • The right to access, update or to delete the information we have on you.
  • The right of rectification.
  • The right to object.
  • The right of restriction.
  • The right to data portability
  • The right to withdraw consent

Log Files

tukutoi.com does not log your movements on our website, however the host where the website is stored, may follow standard procedure of using log files. You may refer to WebDock.io Privacy Policy for this. TukuToi only has access to native NGINX and Ubuntu Log files and only would ever use those in a question of security or law enforcement.

Cookies and Web Beacons

Unlike any other website, tukutoi.com tries to not use ‘cookies’. The Website is built using WordPress and CloudFlare as Domain Name Registrar, but we do not deploy any CDN, and unless you log in to this Website (which you can’t), no cookies are stored by any of these services. All our web fonts, styles, scripts are self-hosted.

Third Party Privacy Policies

We do not see, send, or share any information about this website, or its visitors, with any third party. However, we do check the email you use to subscribe to our Newsletter against an Online Spammer Database, which allows us to stop (known) spammers from subscribing. None of your data is however retained in any way, and if you are not a spammer, of course you will be able to subscribe to the newsletter (which has an OPT IN mechanism enabled, meaning you MUST confirm your email before we even save your email in our Newsletter Database. Which is, needless to say, also self-hosted, and you can OPT OUT anytime).

When it comes to contacting us, using the contact form, we deploy a similar email check against known spammer emails, and additionally we moderate the “message” you send us using OpenAI’s Generative Pre Trained Transformer model GPT 4. This means, your message is sent to the API of OpenAI (anonymised, without any other personal data connected). However, none of that data is used for training by OpenAI and is forgotten right after the interaction with the GPT Model. In case the model detects abuse, spam, or else unsolicited content, it will not allow you to send the message.

If your message goes through, it is stored indefinitely on our own server, unless you request us to delete it. See also the General Data Protection Regulation (GDPR) section in regard.

If you require to have insight into the DPA signed between OpenAI and TukuToi Co Ltd, you may contact us.

Online Privacy Policy Only

Our Privacy Policy applies only to our online activities and is valid for visitors to our website with regards to the information that they shared and/or collect in tukutoi.com. This policy is not applicable to any information collected offline or via channels other than this website.

Consent

By using our website, you hereby consent to our Privacy Policy and agree to its terms.

Addendum to Privacy Policy: Enhanced Web Security and Privacy Measures

Or, also known as the stuff that really matters and no one cares about.

It’s simple to yell “Cookies”. You’ve no idea what else is done you are not even aware of. And we at TukuToi do not only not do those things, but also actively educate our visitors, colleagues and partners about.

At TukuToi Co Ltd, we value your privacy and strive to ensure the security and confidentiality of your personal data. In addition to our existing data protection measures, we have implemented advanced web security headers to provide an added layer of protection when you interact with our website. Here’s what we’ve put in place:

  • Strict Content Security: We’ve defined a strict content security policy that restricts the sources from which content can be loaded, ensuring that only trusted and safe content is delivered to your browser. Only content from our server is allowed, with the exception of SonarCloud Badges, TrustPilot “Stars” Image and the WebsiteCarbon API.
  • Referrer Policy: We’ve implemented measures to limit the amount of referral data sent to other websites, ensuring that only necessary data is shared, and your browsing habits remain private. Contrary to common practice, we apply a “no-referrer” policy. None, but none of this website’s data is sent to the website you visit next after ours. Goodbye “user history tracking”.
  • Permissions Policy: To further protect your privacy and ensure you have control over what our website can access, we’ve restricted several browser features, including:
    • Geolocation: Our website won’t request or access your geographical location.
    • Microphone & Camera: We won’t request access to your microphone or camera.
    • Magnetometer & Gyroscope: We won’t access data about the local magnetic field or rate of rotation of your device.
    • Payment Requests: We won’t initiate payment requests using the Payment Request API.

How to Verify Our Claims:

We understand the importance of transparency and want you to be confident in our measures. Here’s how you can verify the above security and privacy enhancements:

  • Inspect Response Headers:
    • Visit our website using a modern browser.
    • Right-click anywhere on the page and select “Inspect” or “Inspect Element” to open the browser’s developer tools.
    • Go to the “Network” tab and refresh the page.
    • Click on the main request for our website (usually the top item in the list). In the right pane, you should see a section called “Headers.”
    • Under “Response Headers”, you can see the headers sent by our server. Look for headers like “Content-Security-Policy”, “Referrer-Policy”, and “Permissions-Policy” to verify our claims.
  • Browser Tools:
    There are browser extensions and online tools that can analyze website headers and provide insights into security measures. Tools like SecurityHeaders.com can give a quick overview.
  • Functional Verification:
    • For features like geolocation, microphone, and camera: Our website won’t trigger any browser prompts requesting access to these features.
    • For the referrer policy: If you click on external links from our site, the destination site should not have complete knowledge of the exact page you came from.

We’re committed to providing a safe and private browsing experience. If you have any questions or concerns about our security measures, please don’t hesitate to contact us.

Did you even know that there is data to be collected about your devices rotation or magnetic field around it?! Well, we didn’t, not until we got serious about privacy!