Privacy Policy

Effective: February 14, 2026

1. Data Controller

Ioannis Spyridis ("we", "us", "Company") is the data controller for personal data processed through Tekton AI. Contact: privacy@tektonai.com

2. Data We Collect

Account Data

• Name, email address, organization name
• Billing information (processed by Stripe; we do not store full card numbers)
• Account preferences and settings

Usage Data

• Feature usage, pages visited, actions taken
• Browser type, operating system, device information
• IP address, approximate location (country/region)
• Session duration and frequency

User Content

• Dashboards, documents, and files you create
• Data you import (CSV, Excel, JSON, etc.)
• AI chat conversations (processed to provide the Service)

3. Legal Basis (GDPR)

• Contract performance: Processing necessary to provide the Service
• Legitimate interest: Analytics, security, service improvement
• Consent: Marketing communications, non-essential cookies
• Legal obligation: Tax records, compliance requirements

4. How We Use Data

• Provide, maintain, and improve the Service
• Process payments and manage subscriptions
• Send transactional communications (receipts, service updates)
• Provide customer support
• Analyze usage patterns to improve features
• Detect and prevent fraud, abuse, and security threats
• Marketing communications (with consent, opt-out available)

5. Data Sharing

We do not sell your personal data. We share data only with:

• AI providers (Anthropic): To process AI requests. Governed by data processing agreements.
• Payment processor (Stripe): To process payments.
• Infrastructure providers: Cloud hosting, CDN, email delivery.
• Legal requirements: When required by law, regulation, or legal process.

6. Cookies

We use cookies as described in our Cookie Policy. You can manage cookie preferences through your browser settings or our consent banner.

7. Data Retention

• Account data: Retained while your account is active, plus 30 days after deletion request.
• User content: Retained while your account is active. Exportable before deletion.
• Usage data: Aggregated and anonymized after 24 months.
• Billing records: Retained for 7 years per tax regulations.

8. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to:

• Access: Request a copy of your personal data.
• Rectification: Correct inaccurate data.
• Erasure: Request deletion ("right to be forgotten").
• Portability: Receive your data in a structured, machine-readable format.
• Restriction: Restrict processing in certain circumstances.
• Object: Object to processing based on legitimate interest.
• Withdraw consent: For consent-based processing, at any time.

Exercise your rights by contacting privacy@tektonai.com. We will respond within 30 days.

9. International Transfers

Data may be transferred outside the EU/EEA. We ensure adequate protection through Standard Contractual Clauses (SCCs) or equivalent safeguards.

10. Security

We implement appropriate technical and organizational measures including encryption in transit (TLS) and at rest, access controls, and regular security assessments.

11. Children

The Service is not intended for users under 16. We do not knowingly collect data from children.

12. Changes

We may update this policy with notice via email or in-app notification. Material changes take effect 30 days after notice.

13. Contact

Data protection inquiries: privacy@tektonai.com