← Back to home

Privacy Policy

Last updated: March 13, 2026

1. Introduction

TideReply ("we", "our", "us") operates an AI-powered customer support chatbot platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

We act as a data controller for our business customers' account data and as a data processor for the end-user chat data that flows through our platform on behalf of our business customers. Our business customers are the data controllers for their end users' chat interactions.

For privacy-related inquiries, contact us at support@tidereply.com.

2. Data We Collect

Account Data

When you register for TideReply, we collect your email address, business name, and website URL. This information is necessary to create and manage your account.

Knowledge Content

You may provide knowledge content including website pages (via crawling), uploaded files (PDF, DOCX, Excel, CSV), and FAQ entries. This content is processed to power your AI chatbot's responses.

Chat Data

We collect messages exchanged between your website visitors and the AI chatbot (or human agents during live takeover), session identifiers, conversation metadata, and escalation details. This data is stored on a per-business basis with strict tenant isolation.

Usage & Analytics Data

We collect aggregate usage metrics such as message counts, response times, resolution rates, and escalation frequency. These are used to power your analytics dashboard.

Technical Data

When end users interact with the chat widget, we may collect IP addresses, browser type, device information, and referring page URLs for security, fraud prevention, and service improvement purposes.

Cookies

We use a minimal authentication session cookie for logged-in business users. The embeddable chat widget does not set cookies on the host website. We do not use advertising or tracking cookies.

3. How We Use Your Data

  • To power your AI chatbot with accurate, knowledge-grounded responses.
  • To provide analytics and insights through your admin dashboard.
  • To send escalation notification emails when configured.
  • To enable live human takeover of conversations.
  • To improve and maintain the security of our service.
  • To prevent fraud, abuse, and unauthorized access.
  • To comply with legal obligations.
  • To provide customer support when you contact us.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data under the following legal bases:

  • Performance of a contract: Processing necessary to provide our service to you, including account management, knowledge processing, and chatbot delivery.
  • Legitimate interests: Service improvement, security, fraud prevention, and aggregate analytics, where these interests are not overridden by your data protection rights.
  • Consent: Where you have given explicit consent for specific processing activities. You may withdraw consent at any time.
  • Legal obligation: Processing necessary to comply with applicable laws and regulations.

5. Data Sharing & Third Parties

We share data with the following third-party service providers, solely to deliver our service. We do not sell your data to any third party.

  • Supabase — Database hosting, authentication, file storage, and realtime infrastructure.
  • OpenAI — Text embeddings generation only. Your knowledge content is sent to OpenAI to create mathematical vector representations for semantic search. Chat messages are not sent to OpenAI.
  • Anthropic — Large language model (Claude) for generating chatbot responses. Relevant knowledge context and conversation history are sent to Anthropic to generate responses.
  • Resend — Transactional email delivery for escalation notifications only.
  • Vercel — Application hosting and edge network delivery.

All third-party providers operate under data processing agreements (DPAs) and are contractually required to protect your data.

6. AI & Content Processing

When you add knowledge to TideReply, your content is split into smaller chunks and converted into mathematical vector embeddings using OpenAI's embedding model. These embeddings enable semantic search — they are numerical representations, not human-readable copies of your content.

When an end user sends a chat message, the message is embedded and matched against your knowledge base to find relevant context. This context, along with recent conversation history, is sent to Anthropic's Claude model to generate a response.

No cross-tenant data leakage: All queries are strictly filtered by your business ID, enforced at both the application layer and the database layer via row-level security (RLS). Your knowledge and conversations are never accessible to other businesses on the platform.

7. Data Retention

  • Active accounts: Your data is retained for as long as your account remains active and the service is in use.
  • Account deletion: When you delete your account, all associated data (knowledge sources, embeddings, conversations, messages) is permanently removed within 30 days.
  • Conversations: Conversation data is retained according to your business settings. You may delete individual conversations or all conversation data from your dashboard at any time.

8. Your Rights (GDPR)

If you are located in the EEA, you have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate personal data.
  • Erasure: Request deletion of your personal data.
  • Portability: Request a machine-readable copy of your data.
  • Restriction: Request that we limit processing of your data.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time.
  • Lodge a complaint: You have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at support@tidereply.com. We will respond within 30 days.

9. Data Security

We implement industry-standard security measures to protect your data, including:

  • TLS encryption for all data in transit.
  • Encryption at rest for stored data.
  • Row-level security (RLS) for complete tenant isolation at the database level.
  • Data processing agreements (DPAs) with all sub-processors.
  • Regular security reviews and access controls.

10. International Data Transfers

Our sub-processors may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your data in accordance with GDPR requirements.

11. Cookies

TideReply uses minimal cookies. We set a single authentication session cookie for logged-in business users. This cookie is essential for the service to function and does not require consent under GDPR.

The embeddable chat widget does not set any cookies on the host website. Session identifiers for chat conversations are stored in the widget's iframe context and do not affect the host site's cookie environment.

12. Children's Privacy

TideReply is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the admin dashboard. Your continued use of the service after such notification constitutes acceptance of the updated policy.

14. Contact

If you have any questions about this Privacy Policy or our data practices, contact us at support@tidereply.com.