Tethral

← Back to Tethral

Privacy Policy

Last updated: 2026-04-29

1. Overview

Tethral, Inc. ("Tethral," "we") respects your privacy and is committed to handling your data responsibly. This Policy explains what we collect, how we use it, who we share it with, and what choices you have. By using Tethral, you agree to the practices described here.

2. Data we collect

Account data

  • Email address (for sign-in and notifications)
  • Display name (optional, set by you)
  • Phone number (optional, only when you enable SMS notifications or phone voice)
  • Timezone (auto-detected; used for scheduling)
  • Region code (derived from sign-up IP for billing routing)
  • Plan tier and subscription status

Usage data

  • Content of conversations with Tethral (text, voice transcriptions) and any tool calls invoked on your behalf
  • Composition runs you start, their status, and their outputs ("artifacts")
  • Energy ledger entries (usage accounting)
  • Notification delivery records (audit log)
  • IP address, user agent, and browser/device fingerprint (for rate-limiting, fraud detection, and security)

Connected service data

When you connect a third-party service (Gmail, Google Calendar, Home Assistant, etc.), we receive only the data scopes you explicitly grant. We store OAuth tokens encrypted at rest and use them only to fulfill your requests.

Payment data

Payment processing is handled by Stripe. We do not store full card numbers; Stripe issues tokenized payment methods to us. We retain transaction metadata (amount, SKU, timestamp) for financial record-keeping.

3. How we use your data

  • To deliver the Service (process your requests, run Compositions, send notifications)
  • To bill paid users and provide receipts
  • To communicate transactional matters (welcome, payment events, refund confirmations, run paused alerts)
  • To improve the Service (aggregate analytics, calibration; we do not train models on your individual content without explicit opt-in)
  • To comply with law and respond to lawful requests from authorities
  • To detect, prevent, and respond to fraud, abuse, or security incidents

4. AI processing

Tethral uses third-party AI providers (currently Anthropic's Claude and Hume EVI for voice) to generate responses. Your content may be sent to these providers to fulfill your requests. We have data processing agreements with our AI providers requiring them to process your data only for the purpose of delivering the Service and not to retain it for model training (subject to provider-specific policies and applicable law).

5. Cookies and similar technologies

We use a single first-party cookie (tinyagents_session) for authentication. We do not use third-party advertising cookies or cross-site tracking. We use Vercel's analytics for aggregate performance monitoring (page-load times, error rates) — these do not identify individual users.

Cloudflare Turnstile (anti-abuse on signup) may set short-lived challenge tokens; these are not user-tracking cookies.

6. Sharing your data

We do not sell your personal data. We share data only with:

  • Service providers who process data on our behalf (Anthropic, Hume, Stripe, Resend, Cloudflare, Vercel, Honeycomb, CockroachDB Cloud) under data processing agreements
  • Legal authorities when required by law (subpoena, court order, regulatory request)
  • Business transferees in the event of a merger, acquisition, or asset sale (subject to this Policy continuing to apply)

7. Data retention

  • Account data: retained while your account is active; deleted within 30 days of account deletion
  • Conversation/run history: retained for 90 days by default; longer if you've opted into longer history
  • Notification audit log: retained for 12 months for ops/compliance
  • Energy ledger: retained for 7 years for financial record-keeping
  • Compliance log (transparency log): append-only, hash-chained, retained per applicable law (typically 7 years)
  • Connected service tokens: retained while the connection is active; deleted when you disconnect or delete your account

You can request earlier deletion by emailing privacy@tethral.ai; we honor such requests subject to legal retention requirements.

8. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access a copy of the data we hold about you
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data in a machine-readable format
  • Object to certain processing or withdraw consent
  • Lodge a complaint with a data protection authority (e.g., your country's DPA in the EU)

Account deletion is self-service from the profile menu. For other requests, email privacy@tethral.ai from the address associated with your account.

9. Security

We use industry-standard security practices: TLS 1.2+ for data in transit, AES-256 encryption for sensitive data at rest, OAuth tokens encrypted with envelope encryption, and serverless-only architecture (no long-lived servers to compromise). Access to production systems is restricted to authorized personnel and audited.

No security system is perfect. If you become aware of a security issue, please report it to security@tethral.ai.

10. International transfers

Tethral operates from the United States. If you access the Service from outside the U.S., your data may be transferred to and processed in the U.S. and other jurisdictions where our service providers operate. Where required, we use standard contractual clauses or other lawful transfer mechanisms.

11. Children

Tethral is not intended for users under 18. We do not knowingly collect data from children. If you believe a child has provided us with data, contact privacy@tethral.ai and we will delete it.

12. California privacy rights

California residents have additional rights under the California Consumer Privacy Act (CCPA / CPRA), including the right to know what personal information we collect, the right to delete, and the right to opt out of "sale" or "sharing" of personal information. We do not sell or share your personal information for cross-context behavioral advertising. To exercise CCPA rights, email privacy@tethral.ai.

13. Changes

We may update this Policy from time to time. Material changes will be communicated via email and noted in the "Last updated" date above.

14. Contact

Privacy questions: privacy@tethral.ai
Security issues: security@tethral.ai
Data Protection Officer (EU/UK): dpo@tethral.ai

Tethral, Inc.
[Mailing address — to be added before launch]
United States