How we handle personal data
This Privacy Policy describes how Tilford Investments Inc. (“Tilford,” “we,” “us”) collects, uses, discloses, and protects information in connection with our websites and cloud service (the “Service”). By using the Service, you agree to this policy. If you do not agree, do not use the Service.
Tilford Investments Inc. (“Tilford”) operates the Service. For the purposes of the EU/UK General Data Protection Regulation (“GDPR”), Tilford Investments Inc. is typically the controller of personal data described below, unless we process data solely as a processor on behalf of your organization under a separate agreement.
Account and contact data: Name, email address, company name, password (hashed), and similar registration details.
Service usage: Log data, device/browser type, approximate location derived from IP, pages or features used, and diagnostic information.
Customer content: Information you or your organization submit or connect to the Service, including messages or files from integrated tools (e.g. Slack) when you authorize integrations.
Payment data: Billing address and transaction identifiers are handled by our payment provider; we do not store full payment card numbers on our servers.
Communications: Content of emails or support tickets you send us.
We use information to: provide, operate, and improve the Service; authenticate users and secure accounts; process payments and fulfill subscriptions; communicate about the Service, including transactional and (where permitted) product messages; analyze usage in aggregate; comply with law and enforce our terms; and detect, prevent, and address fraud, abuse, and technical issues.
Where GDPR applies, we rely on: contract (necessary to provide the Service); legitimate interests (security, improvement, analytics in non-intrusive form), balanced against your rights; consent where required (e.g. certain cookies or marketing); and legal obligation where applicable.
We may use third-party AI or machine-learning providers to process Customer content to generate summaries, classifications, or insights. Processing is performed under our instructions and contractual safeguards. Output is assistive; you should not treat it as a sole basis for high-risk decisions without human review where appropriate.
We share information with: service providers who host infrastructure, process payments, provide analytics, email delivery, or AI inference, bound by confidentiality and processing terms; professional advisors under confidentiality; authorities when required by law or to protect rights, safety, and security; and successors in a merger, acquisition, or asset sale, subject to this policy. We do not sell personal information as “sale” is defined under the California Consumer Privacy Act / CPRA.
We may process data in the United States and other countries. Where we transfer personal data from the EEA, UK, or Switzerland, we use appropriate safeguards such as Standard Contractual Clauses or other mechanisms approved by regulators.
We retain information for as long as your account is active, as needed to provide the Service, and as necessary to comply with law, resolve disputes, and enforce agreements. Retention periods may vary by data category; contact us for more detail about specific processing.
We implement technical and organizational measures designed to protect personal data against unauthorized access, loss, or alteration. No method of transmission or storage is completely secure.
Depending on your location, you may have the right to access, correct, delete, or port your personal data; object to or restrict certain processing; withdraw consent where processing is consent-based; and lodge a complaint with a supervisory authority. California residents may have additional rights under the CPRA (including disclosure, deletion, and opt-out of sale/sharing—see Section 6). To exercise rights, contact ai@tilford.com. We may verify your request before responding.
We use cookies and similar technologies for session management, security, preferences, and analytics. You can control cookies through browser settings; disabling some cookies may affect functionality.
The Service is not directed to children under 16 (or the age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it.
We may update this Privacy Policy from time to time. We will post the revised policy at https://tilford.cloud/privacy-policy and update the “Last updated” date. Material changes may require additional notice where required by law.
Privacy inquiries: ai@tilford.com. Website: https://tilford.cloud.
Last updated: March 31, 2026