Data Controller Identification

The data controller is Gtco SA de CV.. To ensure regulatory compliance, we have appointed a Privacy and Security Committee, which can be contacted directly at info@gtco.wowcapital.com.mx.

1. How is your Data collected?

Data is collected exclusively through direct channels essential for the operation of the software:

• Account Registration: Through subscription forms where the data subject provides basic identification data.
• Product Acquisition: Information generated during the commercial transaction and license activation.
• Installation and Endpoints: Upon installation of our solutions on your devices, the software collects technical diagnostic and security telemetry data necessary for real-time system protection.

2. Why is your Data collected?

We process your data based on the legal grounds of contract performance and our legitimate interest in ensuring the resilience of your infrastructure:

• Resilience Assurance: Execution of backups and ensuring the availability of digital assets.
• Cyberattack Prevention: Analysis of logs and file signatures to identify ransomware and attack vectors.
• License Management: Validation of software validity and provision of critical security updates.
• Specialized Support: Incident resolution based on telemetry reported by the installed software.

3. Nature and Categorization of Data

We distinguish three levels of information to ensure differentiated processing:

• Contractual Data: Tax and contact information for the commercial relationship.
• Technical Metadata: IP addresses, access logs, and critical system events for intrusion monitoring.
• Backup Content: Information contained within backups. The Company acts as a Data Processor, providing encrypted storage without access to content (Zero-Knowledge).

4. Who processes your Data?

At Gtco SA. de CV., access to information is strictly restricted:

• Internal Processing: Your data is processed solely by authorized personnel under industrial confidentiality protocols.
• No Third Parties or Advertising: We guarantee that your data IS NOT shared with external companies, nor is it used to create advertising profiles or to commercialize your network behavior. We do not sell information to third parties under any circumstances.

5. Security Protocols & Military-Grade Encryption

Our protection measures exceed conventional standards:

• AES-256 and TLS 1.3 Encryption: Data protection both at rest and in transit.
• Zero-Knowledge Architecture: Encryption keys remain under the exclusive control of the client; we cannot decrypt your backups.
• RBAC Control: Audited role-based access control to prevent any unauthorized internal access.

6. Retention Policy & Cryptographic Erasure

Data is retained for the duration of the contractual relationship. Upon termination, a 30-day grace period is granted. After this period, cryptographic erasure is applied, destroying access keys and rendering the information irretrievable.

7. What are your rights?

You may exercise your ARCO rights (Access, Rectification, Cancellation, and Objection) by submitting a formal request to our privacy officer. You have the right to request data portability and to withdraw your consent regarding non-essential telemetry at any time.

8. Cookies Policy

Our platform exclusively uses Technical and Security Cookies, necessary to validate your identity and maintain session integrity. We do not use marketing cookies, third-party trackers, or behavioral analytics tools for commercial purposes.