Privacy Policy
Last updated:
1. Introduction
At Tether ("Tether," "Company," "we," "us," or "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your information when you use our customer engagement tracking platform, including all related websites, applications, APIs, and services (collectively, the "Service").
This Privacy Policy applies to all users of the Service, including account holders and visitors to our website. Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.
This Privacy Policy should be read in conjunction with our Terms of Service.
2. Data Controller and Data Processor
Tether operates in two capacities with respect to personal data:
- Data Controller: For personal data of our account holders (our users), we act as the data controller. This means we determine the purposes and means of processing your account information, usage data, and communications with us.
- Data Processor: For personal data about our users' customers ("End User Data") that our users submit to the Service, we act as a data processor (or "service provider" under CCPA). Our users are the data controllers for their customers' data. We process End User Data solely on behalf of and under the instructions of our users, as described in our Terms of Service and any applicable Data Processing Agreement.
If you are a customer of one of our users and have questions about how your data is processed, please contact the Tether user (the business that manages your relationship) directly.
3. Information We Collect
3.1 Information You Provide Directly
- Account Information: Name, email address, and password when you create an account
- Profile Information: Company name, role, industry, and other optional profile details
- Customer Data (End User Data): Information about your customers that you choose to import or track through Tether, including customer names, email addresses, engagement metrics, health scores, and associated business data
- Payment Information: Billing name, billing address, and payment card details. Payment card information is processed and stored directly by our PCI-compliant payment processor (Stripe) and is not stored on our servers
- Communications: Messages you send us, including support requests, feedback, and survey responses
- Integration Data: Data transmitted through API connections, MCP integrations, or third-party service integrations you configure
3.2 Automatically Collected Information
When you access or use the Service, we automatically collect:
- Usage Data: Features you use, pages you visit, actions you take, time spent on the Service, frequency and duration of your activities
- Device Information: IP address, browser type and version, operating system, device type, screen resolution, and unique device identifiers
- Log Data: Server logs, access times, pages viewed, referring URLs, error reports, and diagnostic data
- Location Data: Approximate location derived from your IP address (country and region level only)
3.3 Information from Third Parties
We may receive information about you from third-party services you integrate with Tether, authentication providers, and payment processors.
4. How We Use Your Information
We use the information we collect for the following purposes and on the following legal bases:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide, operate, and maintain the Service | Performance of contract |
| Process transactions and send billing information | Performance of contract |
| Send technical notices, updates, security alerts, and support messages | Performance of contract; Legitimate interest |
| Respond to your comments, questions, and support requests | Performance of contract |
| Generate and deliver engagement reports, health scores, and analytics | Performance of contract |
| Process Your Data through AI-powered features (health scoring, churn prediction, automated insights) | Performance of contract |
| Monitor and analyze trends, usage, and activities to improve the Service | Legitimate interest |
| Detect, investigate, and prevent fraud, abuse, and security incidents | Legitimate interest; Legal obligation |
| Send marketing and promotional communications (with opt-out) | Consent; Legitimate interest |
| Create aggregated and anonymized analytics and benchmarks | Legitimate interest |
| Comply with legal obligations, respond to legal process | Legal obligation |
5. AI-Powered Processing
The Service uses artificial intelligence and machine learning to provide certain features, including but not limited to customer health scoring, churn prediction, engagement analysis, automated campaign recommendations, and AI-assisted chat. In connection with these features:
- Your Data (including End User Data you submit) may be processed by third-party AI model providers to generate insights, scores, and recommendations
- We use third-party AI providers (such as Anthropic) to process data for AI features. These providers process data under strict contractual terms and are prohibited from using Your Data for their own training or purposes
- AI-generated outputs (health scores, predictions, recommendations) are probabilistic and informational only. They do not constitute professional advice and should not be the sole basis for business decisions
- We do not use AI to make fully automated decisions with legal or similarly significant effects on individuals without human involvement
- You may opt out of specific AI features by adjusting your account settings or contacting us
6. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to collect and track information about your use of the Service. The types of cookies we use include:
- Strictly Necessary Cookies: Required for the Service to function (e.g., authentication, security, session management). These cannot be disabled
- Functional Cookies: Enable enhanced functionality and personalization (e.g., remembering preferences, theme settings)
- Analytics Cookies: Help us understand how visitors interact with the Service (e.g., pages visited, time on site). We use privacy-focused analytics
We do not use third-party advertising cookies or cross-site tracking cookies. We do not sell data collected through cookies.
Managing Cookies
Most web browsers allow you to control cookies through browser settings. You can set your browser to refuse all or some cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, some parts of the Service may become inaccessible or not function properly.
Do Not Track
Some browsers include a "Do Not Track" ("DNT") feature. There is currently no uniform standard for interpreting DNT signals. We do not currently respond to DNT signals. If a standard for DNT is adopted that we must follow, we will update this Privacy Policy accordingly.
7. Data Sharing and Disclosure
We do not sell your personal information or End User Data. We do not share personal data with third parties for their own marketing purposes. We may share your information in the following limited circumstances:
- Service Providers (Sub-Processors): We share information with trusted third-party vendors who perform services on our behalf. These providers are contractually bound to use your information only for the purposes of providing services to us and to maintain appropriate security measures. Our current sub-processors include:
- Supabase — database hosting and authentication
- Vercel — application hosting and CDN
- Stripe — payment processing
- Anthropic — AI model provider for AI features
- Resend — transactional and notification emails
- Customer.io — customer messaging and campaign automation
- Legal Requirements: We may disclose information if we believe in good faith that disclosure is required by law, regulation, legal process, or governmental request (including subpoena, court order, or other legal process)
- Protection of Rights: We may disclose information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of these Terms, suspected fraud, situations involving potential threats to the safety of any person, or illegal activities
- Business Transfers: If Tether is involved in a merger, acquisition, bankruptcy, reorganization, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service of any change in ownership or uses of your personal information
- With Your Consent: We may share information with your explicit consent or at your direction, such as when you connect third-party integrations
- Aggregated and De-identified Data: We may share aggregated or de-identified information that cannot reasonably be used to identify you, for industry analysis, benchmarking, and other purposes
8. Data Security
We implement appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit (TLS 1.3) and at rest (AES-256)
- Access controls and role-based permissions
- Regular security assessments
- Server-side authorization for all data access
- Monitoring and logging of access and security events
No method of transmission over the Internet or electronic storage is 100% secure. While we use commercially reasonable measures to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account.
9. Data Retention
We retain personal information for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods are as follows:
- Account data: Retained for the duration of your account, and deleted within 30 days of account termination (unless required by law)
- End User Data: Retained for the duration of your account, and deleted within 30 days of account termination. You may delete specific End User Data at any time through the Service
- Payment records: Retained for up to 7 years after the last transaction for tax, accounting, and legal compliance purposes
- Server logs and access logs: Retained for up to 90 days for security and debugging purposes
- Support communications: Retained for up to 3 years after the last communication
- Aggregated and anonymized data: May be retained indefinitely as it cannot be used to identify you
When data is no longer needed, we securely delete or anonymize it.
10. Your Rights and Choices
Depending on your location, you may have certain rights regarding your personal information under applicable data protection laws (including GDPR, CCPA, and other state/national privacy laws):
- Right of Access: Request a copy of the personal information we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete personal information
- Right to Erasure: Request deletion of your personal information, subject to legal retention requirements
- Right to Data Portability: Request a copy of your data in a structured, commonly used, machine-readable format
- Right to Object: Object to processing of your personal information based on legitimate interests
- Right to Restrict Processing: Request restriction of processing in certain circumstances
- Right to Withdraw Consent: Where we process data based on consent, you have the right to withdraw consent at any time (without affecting the lawfulness of processing prior to withdrawal)
- Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your jurisdiction if you believe we have violated applicable data protection laws
To exercise any of these rights, please contact us at privacy@tether.so. We will respond to your request within the timeframes required by applicable law (generally within 30 days). We may verify your identity before fulfilling your request.
We will not discriminate against you for exercising your privacy rights.
11. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):
- Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting, and the categories of third parties with whom we share it
- Right to Delete: You have the right to request deletion of personal information we collected from you, subject to certain exceptions
- Right to Correct: You have the right to request correction of inaccurate personal information
- Right to Opt-Out of Sale/Sharing: We do not sell your personal information and do not share it for cross-context behavioral advertising. Therefore, there is no need to opt out
- Right to Limit Use of Sensitive Personal Information: We only use sensitive personal information as necessary to provide the Service
- Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights
Categories of Personal Information Collected
In the preceding 12 months, we have collected the following categories of personal information from our users: Identifiers (name, email, IP address); Commercial information (subscription and billing records); Internet or electronic network activity (usage data, log data); Professional or employment-related information (company name, role); Inferences drawn from the above categories.
To submit a request, contact us at privacy@tether.so. You may designate an authorized agent to make a request on your behalf.
12. European Economic Area, UK, and Swiss Users (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following additional provisions apply:
- Legal Bases: We process your personal data based on one or more of the legal bases described in Section 4 (performance of a contract, legitimate interests, consent, or legal obligation)
- Data Processing Agreement: If you submit personal data of EU/EEA/UK/Swiss data subjects to the Service, our Data Processing Agreement applies and is available upon request
- Data Protection Officer: For privacy-related inquiries, contact us at privacy@tether.so
- Supervisory Authority: You have the right to lodge a complaint with a data protection supervisory authority in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement
13. International Data Transfers
Your information may be transferred to and processed in the United States and other countries where our service providers operate. These countries may have data protection laws that are different from the laws of your country of residence.
When we transfer personal data from the EEA, UK, or Switzerland to countries not deemed to provide an adequate level of data protection, we rely on appropriate safeguards, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- The UK International Data Transfer Agreement or Addendum, as applicable
- Adequacy decisions where available
- Contractual protections with sub-processors requiring them to maintain appropriate security and data protection standards
You may request a copy of the applicable transfer mechanisms by contacting us at privacy@tether.so.
14. Children's Privacy
The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and become aware that your child has provided us with personal information, please contact us at privacy@tether.so. If we discover that we have collected personal information from a child under 18 without parental consent, we will promptly delete that information from our systems.
15. Data Breach Notification
In the event of a security breach that affects your personal information, we will:
- Notify affected users without undue delay and in accordance with applicable laws
- Notify relevant supervisory authorities within 72 hours of becoming aware of the breach, where required by GDPR
- Provide clear information about the nature of the breach, the data affected, and the steps we are taking to address it
- Provide guidance on steps you can take to protect yourself
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated Privacy Policy on this page, updating the "Last updated" date, and sending you an email notification. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.
17. Contact Us
If you have any questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us:
- Privacy inquiries: privacy@tether.so
- General support: hello@tether.so
- Legal inquiries: legal@tether.so
- Security concerns: security@tether.so