Legal

Privacy notice

How Komma collects, uses, and protects personal data — with the same care we bring to every dossier.

Last updated: July 08, 2026

Data controller

SUPPLY CODING HUB, S.A.P.I. DE C.V. (“Komma”), with address at Bolivia 103 DEPTO 4E, Col. Balcones de Galerías, Monterrey, Nuevo León, Postal Code 64623, is responsible for collecting your personal data, for the use made of such data, and for their protection.

This Privacy Notice covers all aspects related to the processing of personal data that Komma carries out as controller through the website https://www.usekomma.com (the “Website”) and the Komma Platform. If the User (after reading this document) continues to use the Website or the Platform, the User will be expressing full and express acceptance of this Privacy Notice and its contents. Otherwise, the User must leave the Website and/or cancel any contracting of services with Komma.

Types of data collected and purposes

Komma will collect Users’ data through the processes established on the Website and the Platform in order to provide access and a more complete and secure service. “Personal data” means any information concerning identified or identifiable natural persons (including email address and/or IP address where they unequivocally identify the data subjects), and “User” means any identified or identifiable natural or legal person who communicates personal data through this site and/or the services available on it, such as (without limitation) email, completion of forms collecting personal data, participation in promotional campaigns, creation of User profiles, connection of mailboxes, selection of tracked services, and in general use of any service on the Website or Platform that involves communication of personal data.

Purposes:

To fulfill contractual obligations undertaken with our customers, such as: receiving and processing payments; issuing tax invoices; creating and using accounts in our systems; notifications related to the contract; sending documents; customer support; connecting mailboxes on a read-only basis; identifying logistics services; building and maintaining tracked dossiers; and providing AI-assisted consultation features on dossier content.

Komma may collect Users’ personal data when they provide it directly and/or when they visit its Website or use its online services. By way of example and without limitation, the following personal data may be collected: name, address, telephone, nationality, federal taxpayer registry (RFC), digital seals, email, expiration dates, billing data, and account identifiers.

In connection with the Platform’s operation, Komma may also process Customer Data that includes personal data of third parties contained in emails, documents, and logistics identifiers associated with Tracked Services. Such processing is carried out as necessary to provide the contracted service, under the Customer’s instructions as controller of those data.

If the User contacts Komma to make inquiries, request information, or obtain support, such data processing will be carried out for the purpose of attending to and answering the communications received, as well as sending the requested information when expressly required.

The information collected by the Website and the Platform consists of personal data and not sensitive personal data of the User; accordingly, under the Federal Law on Protection of Personal Data Held by Private Parties, express consent is not required to obtain such information, without prejudice to other rights the User may exercise.

Komma will not distribute, transfer, or sell the personal data provided by the User for the purpose of making available the services offered on the Website or the Platform.

Notwithstanding the foregoing, Komma may process Users’ personal data internally for administration, internal audits, to evaluate, develop, and improve the quality of the services offered, and to generate information relating to the customer portfolio. In addition, when Users visit the Website, Komma may automatically obtain statistical information about Users’ visits in order to measure and monitor the number of people who visit the Website.

Komma may send the User electronic communications, such as email or another equivalent electronic means of communication, in order to properly manage its relationship with the User of the Website and the Platform.

Mailbox processing and artificial intelligence

Where the Customer connects a mailbox (for example Gmail or Microsoft), access is configured on a read-only basis for the purpose of identifying logistics services and building dossiers. Komma does not use mailbox access to send email on the Customer’s behalf or to modify messages in the mailbox.

For certain features (operation validation and “Ask Komma”), Komma may send limited excerpts of content associated with Tracked Services to artificial intelligence / large language model (LLM) providers, solely to provide the contracted functionality. Full mailbox exports, unrelated messages, OAuth tokens, mailbox credentials, or payment data are not sent for those purposes.

Retention of data by third-party LLM providers is governed by each provider’s terms. Komma will seek providers with appropriate contractual safeguards for production environments.

User identity

Under these terms, upon subscribing and obtaining access to the Website or the Platform, the User accepted that the personal data corresponding to the User’s own identity are adequate, relevant, current, accurate, and true. The User is solely responsible for ensuring that such data are correct, truthful, and up to date; if a modification occurs, the User agrees to notify Komma through the means set out in this notice.

The User is advised that, except for a legally constituted representation, no User may use another person’s identity or communicate that person’s personal data; therefore, the User must at all times bear in mind that, if using email, the User may only include personal data corresponding to the User’s own identity, which must be adequate, relevant, current, accurate, and true.

For such purposes, the User will be solely liable for any direct and/or indirect damage caused to third parties or to Komma by the use of third-party personal data, or of the User’s own personal data when they are false, erroneous, outdated, inadequate, or irrelevant.

Likewise, a User who communicates a third party’s personal data will be liable to that third party for any damages caused by using them; therefore, the User agrees to hold Komma harmless from any dispute, proceeding, damage, or loss brought against the User arising from the processing of third-party personal data.

Use of cookies

Cookies are text files that are generated and stored on the hard drive of the User’s computer when browsing or visiting a given Internet page and that allow the Internet server to remember certain user data. Through this Privacy Notice we inform you that Komma uses certain cookies to obtain data about the place from which information regarding the services we provide is requested.

The User may configure the browser to be notified on screen of the receipt of cookies and to prevent cookies from being installed on the hard drive.

Revocation of consent

At any time the User may revoke the consent granted to Komma regarding the processing of personal data, so that Komma ceases to use them. To do so, the User must submit a request by email to hola@usekomma.com, with the subject “BAJA”.

The request must be accompanied by the following information: email, first name, paternal surname, maternal surname, and the concept of: revocation of consent granted for the processing of personal data.

However, it is important to note that if the User revokes consent, Komma will be unable to provide certain Website or Platform services and the User must complete the account cancellation process.

Security

In accordance with the Federal Law on Protection of Personal Data Held by Private Parties, Komma has adopted the necessary security measures in all areas in order to guarantee the security of personal data and to prevent alteration, loss, processing, or unauthorized access.

Updates to the Privacy Notice

Komma reserves the right to make modifications or updates to this Privacy Notice at any time, to address legislative or case-law reforms, internal policies, new requirements for the provision or offering of our services or products, and market practices.

In any case, it will be the User’s responsibility to periodically access the privacy notice published on the Website in order to know the latest version at all times. These modifications will be available to the public through the following means: on our Internet page https://www.usekomma.com/privacy.

The User is reminded that access to this Website, registration on the site and/or use of its services entails the User’s express acceptance of this privacy notice and processing of personal data, and that reading it is the User’s responsibility. If the User disagrees with this document, the User must refrain from browsing and/or using the services offered on Komma’s Website and Platform.

Date of last update to this privacy notice: July 8, 2026.

You can also review our Terms and Conditions.