Privacy notice

Who this notice applies to

This notice applies to website visitors, prospective customers, account holders, and authorised users of customer accounts. Where Telltide processes personal information on behalf of a customer (for example, an inbound email delivered to a monitoring address you have configured), Telltide acts as a processor and the customer is the controller. Customers and Telltide enter a Data Processing Addendum that governs that processing.

Information we collect

Account information. When you create an account or are added to one by an administrator, we collect your name, email address, the company you represent, and your role in the workspace. Authentication credentials are handled by our identity provider; Telltide does not store passwords.

Billing information. Plan tier and billing contact details. Payment card information is collected and stored by our payment processor and is not stored by Telltide.

Customer data. Inbound emails delivered to monitoring addresses you configure, including sender, subject, body, attachments, timestamps, and authentication results. This is processed on your behalf and treated as customer data, not Telltide's data.

Operational data. Server logs, error reports, performance metrics, and request metadata required to operate, secure, and improve the service.

Website information. When you visit telltide.io we receive standard request metadata such as IP address, user agent, and referrer. We use a small number of cookies and analytics tags to understand site traffic and to operate the marketing forms; details are listed in our cookie disclosures on those forms.

How we use information

• To provide and operate the Telltide service, including monitoring the email journeys you configure and delivering alerts and reports to the recipients you nominate.
• To create and administer accounts, authenticate users, and enforce plan limits.
• To bill you, process payments, prevent fraud, and recover unpaid amounts.
• To communicate with you about the service, including incident notifications, security alerts, product updates, and responses to support requests.
• To investigate abuse, enforce our Terms, and comply with legal obligations.
• To improve the product, including by analysing aggregate usage patterns. We do not use customer email content to train third-party AI models. AI-assisted content checks, when enabled by the customer, send the email body only to a model provider configured for zero data retention.

Legal bases (UK and EU users)

Where the GDPR or UK GDPR applies, we rely on the following legal bases: contract, where processing is necessary to provide the service you have signed up for; legitimate interests, where processing is necessary to operate, secure, and improve the service in a way that does not override your rights; legal obligation, where we must process information to comply with applicable law; and consent, where we ask for it (for example, marketing emails to non-customers).

Sharing and sub-processors

We share personal information with a small number of third-party providers who help us operate the service, such as our hosting, database, identity, inbound and outbound email, payments, error reporting, and (when enabled) AI content-check providers. The current list, with each provider's role, the data they process, and their hosting region, is published at telltide.io/security/sub-processors.

We do not sell personal information. We do not share customer data with advertisers, data brokers, or any party other than the sub-processors we engage to deliver the service or as required by law.

International transfers

Telltide's primary infrastructure is hosted in the United States. If you access the service from another jurisdiction, your information will be transferred to and processed in the United States. Where required, we rely on standard contractual clauses or other transfer mechanisms permitted under applicable law to safeguard those transfers.

Retention

Monitored email content and delivery metadata are retained for up to 90 days by default, long enough to investigate incidents and trends. Account, incident, and audit records are retained for the life of the account. Billing records are retained as required by tax and accounting law. Extended retention is available on request for customers with specific compliance needs.

Customer data is deleted within 30 days of account closure, except where law requires us to retain it for longer (for example, billing records).

Security

We design Telltide with security in mind. Inbound email bodies are encrypted at rest using AES-256-GCM. Access to production systems is limited to a small number of authorised personnel and protected by multi-factor authentication. We log administrative access for review. For more, see our security overview.

Your rights

Depending on where you live, you may have rights under data protection law to access, correct, delete, restrict, or object to certain processing of your personal information, and to receive a copy of your information in a portable format. You may also have the right to lodge a complaint with a supervisory authority.

For information you provided to Telltide directly (for example, your account profile), email privacy@telltide.io. For information processed by Telltide on behalf of a customer (for example, monitored emails in a workspace you do not control), please contact the customer that operates the workspace; Telltide will support that customer in honouring the request.

Cookies and analytics

The marketing site uses cookies and analytics tags to understand site traffic and to operate forms. The application uses cookies that are strictly necessary for authentication and session management. Where required by law, we ask for consent before setting non-essential cookies. You can control cookies through your browser settings.

Children

Telltide is a business product. The service is not directed at children under 16, and we do not knowingly collect personal information from children.

Changes

We may update this notice from time to time. The current version is always published on this page with a "last updated" date. Material changes will be communicated to account holders by email at least 30 days in advance, except where a shorter notice period is required by law or by an urgent security or legal matter.

Contact

Questions about this notice or about how Telltide handles personal information can be sent to privacy@telltide.io. For procurement and security questions, including requests for our Data Processing Addendum, contact security@telltide.io.