tealytics logotealytics

Privacy Policy

Effective date: [YYYY-MM-DD]
Last updated: [YYYY-MM-DD]

This Privacy Policy explains how Tealytics(“Tealytics”, “we”, “us”) collects, uses, shares, and protects personal data when you use our website and web app (the “Service”).

If you have questions, contact: [privacy@yourdomain.com].

1) Who is responsible (Controller)

Controller (data protection law):
[Legal name / Company name]
[Address]
[Email]

If you have a DPO (Data Protection Officer), list them here: [DPO contact].

2) What data we collect

2.1 Data you provide

  • Account data: name, email address, password hash (never your plaintext password).
  • Billing data (if paid plans): billing contact details, billing address (if collected), tax IDs (if provided). Payment card details are processed by our payment provider, not stored by us.
  • Support communications: messages you send us, attachments, feedback.

2.2 Data you upload or generate in the Service

  • User Content: data you enter, import, or generate in Tealytics (may include personal data depending on what you upload).

2.3 Data collected automatically

  • Usage data: feature usage, page views, clicks, logs, diagnostics, performance metrics.
  • Device/technical data: IP address, browser type, device identifiers, OS, referrer URL, timestamps.
  • Cookies and similar technologies: see Section 8.

3) How we use data (purposes)

We use personal data to:

  • Provide and operate the Service (authentication, core functionality).
  • Secure the Service (fraud prevention, abuse detection, monitoring).
  • Process subscriptions and invoices (if applicable).
  • Communicate with you (support, important notices).
  • Improve the Service (debugging, product analytics, feature development).
  • Meet legal obligations (tax, accounting, compliance).

We do not sell personal information.

4) Legal bases (GDPR/UK GDPR, where applicable)

Where GDPR/UK GDPR applies, our legal bases include:

  • Contract (Art. 6(1)(b)): to provide the Service you requested.
  • Legitimate interests (Art. 6(1)(f)): to secure and improve the Service, prevent abuse, and operate our business.
  • Consent (Art. 6(1)(a)): where required (e.g., certain cookies/marketing).
  • Legal obligation (Art. 6(1)(c)): e.g., tax/accounting compliance.

5) Sharing data (processors and recipients)

We share personal data only as needed to run Tealytics, including with:

  • Vercel — hosting, CDN, and edge functions (US).
  • Convex — database, file storage, and backend functions (US).
  • Brevo (Sendinblue) — transactional email for magic link authentication (EU/France).
  • Google — OAuth 2.0 authentication and Gemini API for AI-powered label scanning (US).

We may also share data:

  • To comply with law or legal requests.
  • To protect rights, safety, and security (fraud, abuse, incidents).
  • In connection with a merger, acquisition, or asset sale (with appropriate safeguards).

6) International transfers

We may process data in countries outside your country of residence (including the US). Where required by GDPR/UK GDPR, we rely on appropriate safeguards such as:

  • EU Standard Contractual Clauses (SCCs) and/or UK addendum,
  • Adequacy decisions (where applicable),
  • Additional technical/organizational measures as appropriate.

7) Data retention

We keep personal data only as long as necessary:

  • Account data: while your account is active, plus a reasonable period after deletion.
  • Billing/invoices: as required by tax/accounting laws.
  • Logs/security data: typically a limited period, unless needed for incident investigation or compliance.
  • Backups: retained on a rolling schedule, then deleted.

You can request deletion where legally permitted (see Section 9).

8) Cookies and tracking

We use cookies and similar technologies for:

  • Essential: login sessions, security.
  • Preferences: language, settings.
  • Analytics (optional): to understand usage and improve the Service.
  • Marketing (optional): only if you enable/consent.

Where required by law, we use a consent banner and honor your choices.

9) Your rights

9.1 GDPR/UK GDPR rights (EEA/UK users)

Depending on your situation, you may have rights to:

  • Access your data, correct it, delete it.
  • Restrict or object to processing.
  • Data portability.
  • Withdraw consent (where processing is based on consent).
  • Lodge a complaint with a supervisory authority.

9.2 US privacy rights (state laws, where applicable)

Depending on your state, you may have rights to:

  • Access, delete, correct certain personal information.
  • Opt out of certain processing (e.g., targeted advertising) where applicable.
  • Non-discrimination for exercising privacy rights.

How to exercise rights: email [privacy@yourdomain.com].

10) Children

The Service is not intended for children under 16 (or older if required by local law). We do not knowingly collect personal data from children.

11) Security

We use reasonable technical and organizational measures to protect data (access controls, encryption in transit, monitoring). No system is 100% secure, so we cannot guarantee absolute security.

12) Changes

We may update this policy. If changes are material, we will provide notice (email or in-app) and update the effective date.

13) Contact

Privacy questions or requests: [privacy@yourdomain.com]
Controller: [Legal name / Company name]

Back to login