Privacy
notice.

We collect only the information needed to run a membership and process redemptions at partner venues. That includes your name, email, phone number (optional), payment details handled entirely by Stripe, and the date and venue of each redemption you make through your QR.

We use your information to deliver your membership, process payments, prevent abuse of partner offers, and send service emails about your account. We will never sell your data to advertisers, brokers, or third parties.

Aggregate, anonymized usage data may be shared with partner venues so they can understand which offers perform best — never individual member data.

You can request a copy of your data, ask us to correct it, or delete your account at any time by writing to hello@coretulum.com. Account deletion removes all personal information within 30 days, though some records may be retained where required by Mexican tax or accounting law.

We use a small number of carefully chosen vendors to run the service. Each one only receives the data they strictly need.

Data is encrypted in transit and at rest. Access to member records inside Core Tulum is restricted to a small number of staff who need it to support the service. We will notify affected members within 72 hours of discovering any security incident that exposes personal information.

When we make material changes to this notice, we will email all active members and post a banner on the site. The effective date at the top of this page always reflects the latest version.