Privacy Notice

We collect the following categories of personal data from different user types:

Your data is used for the following primary purposes (required to deliver the service):

• Creating and managing your Muro user account.
• Generating QR-code access passes (visitor passes and personal resident codes).
• Validating access when a guard or gate device scans a QR code.
• Logging entries and exits in the community access log.
• Sending transactional email notifications: pending registration, membership approval or rejection, admin permission changes, pass revocations.
• Enabling HOA administrators to manage residents, units, guards, and passes from the control panel.

We do not process your data for secondary purposes (marketing, advertising, or commercial prospecting) without your explicit consent.

To operate Muro we rely on the following processors and sub-processors, all bound by strict confidentiality agreements:

• Supabase, Inc. — Database infrastructure and authentication (servers on AWS us-east-1).
• Resend, Inc. — Transactional email delivery.
• Google LLC — Google OAuth sign-in (optional, if the user chooses this method).
• Vercel, Inc. — Web application hosting.
• Sentry, Inc. — Error monitoring (technical data; PII only in exceptional stack-trace cases).

We do not sell, rent, or share your personal data with third parties for purposes other than those described here. We do not perform transfers requiring your consent under Article 37 of the LFPDPPP, except as required by law.

You have the right to Access, Rectify, Cancel, or Object to the processing of your personal data (ARCO rights), as well as to revoke any consent granted and to limit the use or disclosure of your data.

To exercise any of these rights, send a request to privacidad@deltaurbano.com including:

• Your full name and a government-issued ID (image or scan).
• A clear description of the right you wish to exercise and the data involved.
• The email address registered in Muro to verify your identity.

We will respond within 20 business days of receiving your request. If the request is approved, we will act on it within the following 15 business days.

We implement technical and organisational measures to protect your personal data, including:

• Encryption in transit (TLS 1.2/1.3) for all communications.
• Encrypted at-rest storage provided by Supabase/AWS.
• Row-Level Security (RLS) policies in the database: each user can only access data from their own community.
• Opaque QR tokens (UUIDs) that contain no personal information.
• Passwords and PINs stored only as bcrypt hashes.
• Immutable audit logs for administrative actions.

Muro uses strictly necessary cookies to maintain the authenticated user session. We do not use tracking cookies, behavioural advertising cookies, or share browsing data with third parties for advertising purposes.

The muro_hoa_id cookie stores the identifier of the active community selected by the user. It does not contain directly identifiable personal data.

Delta Urbano may update this Privacy Notice as needed. Any significant change will be communicated via a notice on this page and, where possible, by email to registered users.

We recommend reviewing this notice periodically. Continued use of Muro after changes are published constitutes your acceptance of those changes.

If you believe your personal data protection rights have been violated, you may contact the Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI): www.inai.org.mx.