Privacy Policy
1. Scope and Controller/Processor Roles
This Privacy Policy applies to personal data processed by Tanuly Incorporated doing business as Tanuly ("Tanuly," "we," "our," or "us") in connection with our websites, applications, and related services.
For workspace account administration, product operations, billing, and support, Tanuly generally acts as a controller of personal data. When customers use Tanuly to process data from their own users or contacts through workflows and integrations, Tanuly generally acts as a processor or service provider on customer instructions.
2. Personal Data We Collect
We collect personal data directly from you, automatically from your use of the Services, and from connected third-party providers when you authorize integrations or social sign-in.
Account and profile data may include:
- Name, email address, password hash, avatar, timezone, company name, and job title.
- Account security information, including sign-in history, MFA status, and session metadata (for example IP address and user agent).
Workflow and operational data may include:
- Workflow definitions, trigger settings, integration mappings, run logs, error diagnostics, and notification records.
- Support requests, ticket content, and communications with our support systems.
Integration and identity data may include:
- OAuth account identifiers, provider email address, and profile details returned by identity providers.
- Connected service metadata and encrypted connection credentials needed to maintain authorized integrations.
3. Social Sign-up and Connection Confirmation
If you sign up or sign in using a social provider (for example Google, Microsoft, Apple, or Facebook), we receive provider account identifiers and profile attributes that the provider shares under your authorization.
We use this information to verify account control, reduce fraud, and securely link your identity to your Tanuly account. We may require provider-verified email data before creating a new account.
This process helps ensure that social registration is tied to confirmed account ownership and follows the same core account model as email-based registration.
4. How We Use Personal Data
We use personal data to operate, secure, and improve the Services, communicate with users, and meet legal obligations.
Primary uses include:
- Providing account access, authentication, and workspace administration.
- Executing workflows, maintaining integrations, and delivering notifications and analytics.
- Detecting abuse, preventing fraud, enforcing security controls, and maintaining audit trails.
- Providing customer support, troubleshooting incidents, and responding to inquiries.
- Sending service communications (for example product updates, security notices, and administrative messages).
- Complying with legal requirements and resolving disputes.
5. Legal Bases (where required)
Where required under applicable law (such as GDPR/UK GDPR), we rely on one or more legal bases: contractual necessity, legitimate interests, legal obligation, and consent (where applicable).
Examples: we process account and workflow data to provide contracted services; we process security telemetry under legitimate interests in platform protection; and we may rely on consent for certain optional communications or cookies, depending on jurisdiction.
6. Disclosure of Personal Data
We disclose personal data only as needed to provide the Services and run the business responsibly.
We do not sell personal data for monetary consideration. We also do not knowingly share personal data for cross-context behavioral advertising in a manner that would trigger "sale" or "sharing" under U.S. state privacy laws as of this policy date.
Recipients may include:
- Service providers and subprocessors (for hosting, security, support tooling, communications, and analytics).
- Connected third-party integration providers when you enable and authorize those integrations.
- Professional advisors, auditors, insurers, and corporate affiliates where reasonably necessary.
- Law enforcement or regulators where required by law or valid legal process.
- Parties involved in a merger, acquisition, financing, or sale of assets, subject to appropriate confidentiality protections.
7. Cookies, Similar Technologies, and Analytics
We use cookies and similar technologies to provide core functionality, secure sessions, measure usage, and improve product experience.
Depending on jurisdiction, you may be able to manage non-essential cookie preferences through a consent mechanism and browser controls.
8. AI-Related Processing
Some product features may include AI-assisted capabilities. Personal data submitted to those features is processed to deliver requested functionality, improve safety, and enforce policy controls.
Tanuly does not use Customer Content from paid workspace features to train generalized foundation models unless we clearly disclose that use and obtain any required consent.
Customers are responsible for deciding whether to submit sensitive information to AI-assisted features and for configuring appropriate internal policies.
9. Data Retention
We retain personal data only for as long as needed to provide Services, satisfy legal obligations, resolve disputes, enforce agreements, and maintain security and reliability records.
Retention periods vary by data type (for example account records, session metadata, support tickets, audit logs, and billing records). When retention is no longer necessary, we delete or anonymize personal data subject to legal and backup constraints.
10. International Data Transfers
Tanuly may process personal data in countries other than where you reside. When we transfer personal data across borders, we implement appropriate safeguards required by applicable law, which may include standard contractual clauses and supplementary security measures.
11. Security Measures
We maintain administrative, technical, and physical safeguards designed to protect personal data, including access controls, encryption controls where appropriate, monitoring, and incident response procedures.
No method of transmission or storage is fully secure. You should also use strong credentials, enable MFA, and apply least-privilege access within your workspace.
12. Your Privacy Rights
Depending on your location, you may have rights to access, correct, delete, or export personal data, and to object to or restrict certain processing.
You may also have rights to withdraw consent where processing is based on consent, and to appeal denied privacy requests where required by law.
To exercise rights, contact us at privacy@tanuly.com. We may need to verify your identity before fulfilling a request.
13. U.S. State Privacy Disclosures
Residents of certain U.S. states (for example California, Colorado, Connecticut, Virginia, and others as applicable) may have specific rights regarding access, correction, deletion, portability, opt-out, and non-discrimination.
If you submit a rights request, we will process it consistent with applicable state law. Authorized agents may submit requests where legally permitted and properly documented.
14. EEA, UK, and Swiss Notice
Individuals in the EEA, UK, and Switzerland may have additional rights, including the right to lodge a complaint with a supervisory authority in their habitual residence, place of work, or place of the alleged infringement.
Where required, Tanuly will identify a representative or additional contact mechanism for these regions.
15. Children Privacy
The Services are not directed to children under 13 (or higher age where required by local law), and we do not knowingly collect personal data directly from children for independent use of the Services.
If you believe a child has provided personal data in violation of this policy, contact us so we can investigate and take appropriate action.
16. Changes to this Policy and Contact Details
We may update this Privacy Policy from time to time. If changes are material, we will provide notice through the Services or by other reasonable means before or when changes become effective.
Privacy inquiries and rights requests: privacy@tanuly.com. General support: hello@tanuly.com. Mailing address: Tanuly Inc., 548 Market Street, San Francisco, California 94104, United States.