Skip to content
Tegendo.AI
Sign inGet Started

Privacy Policy

Last updated: April 2026

1. Introduction

Tegendo.AI LLC ("Tegendo," "we," "us," or "our") is committed to protecting the privacy and security of the personal information entrusted to us. This Privacy Policy describes how we collect, use, store, share, and protect your information when you use the Tegendo.AI platform at tegendo.ai and all associated sub-domains, applications, and APIs (collectively, the "Service").

This policy applies to all users of the Service, including organization administrators, team members, and anyone who interacts with the Service. By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you use the Service on behalf of an organization, you confirm that you are authorized to accept this policy on behalf of that organization.

2. Data We Collect

We collect the following categories of information in connection with your use of the Service:

Account Information

When you register for the Service, we collect your name, email address, organization name, and role. If you sign up using a third-party authentication provider (e.g., Google OAuth), we receive your name and email from that provider.

Conversation Data

The Service processes the content of your conversations with AI models, including prompts, messages, uploaded files, and AI-generated responses. This data is processed to deliver the core Service functionality and is stored in accordance with your organization's retention settings.

Usage Analytics

We collect aggregated usage data including token consumption, models used, feature usage patterns, and response times. This data is used to improve the Service and provide billing information. Usage data is associated with your organization but is aggregated and not linked to individual conversation content.

Device and Access Information

For security purposes, we collect browser type, operating system, IP address, and access timestamps when you use the Service. This information is used to detect unauthorized access, prevent abuse, and maintain audit logs as required by your organization's policies.

Payment Information

Payment processing is handled by Stripe, Inc. We do not store or have direct access to your full credit card numbers. Stripe provides us with a tokenized reference, billing address, and the last four digits of your payment method for transaction records.

3. How We Use Your Data

We use the data we collect for the following purposes:

  • Service Delivery: To process your AI conversations, manage your account, provide customer support, and deliver all features of the platform.
  • Analytics (Aggregated): To understand usage patterns, optimize performance, and inform product development decisions. Analytics are performed on aggregated data and cannot be traced to individual conversations.
  • Security Monitoring: To detect and prevent unauthorized access, abuse, fraud, and other harmful activities through audit logging and anomaly detection.
  • Product Improvement:To improve the Service's user experience, features, and reliability based on aggregated usage patterns. We explicitly do NOT use your conversation data or Customer Data to train, fine-tune, or improve any AI or machine learning models.
  • Billing and Administration: To process payments, generate invoices, calculate usage, and manage subscriptions.
  • Communications: To send transactional emails (account verification, password resets, billing receipts) and, with your consent, product updates and announcements.

4. AI Provider Data Sharing

To deliver the core functionality of the Service, your conversation content (prompts and context) is transmitted to third-party AI model providers for inference processing. The specific provider(s) that receive your data depend on the model(s) you select. Currently, these providers include:

  • Anthropic PBC (Claude models) — Anthropic does not use data submitted via their API to train models. See Anthropic's Privacy Policy.
  • OpenAI, Inc. (GPT models) — OpenAI does not use data submitted via their API to train models by default. See OpenAI's Privacy Policy.
  • Google LLC (Gemini models) — Google does not use data sent through their API for model training. See Google's Privacy Policy.

Conversation content is transmitted to AI providers in real-time for processing and is not persistently stored by these providers beyond their standard API data retention policies (typically 30 days or less for abuse monitoring). We encourage you to review each provider's data policies directly.

5. Third-Party Processors

We use the following third-party services to operate the platform. Each processor handles data in accordance with their own privacy policies and our data processing agreements:

ProcessorPurposeLocation
Supabase, Inc.Database and authenticationUnited States
Vercel, Inc.Application hosting and CDNUnited States
Stripe, Inc.Payment processingUnited States
Inngest, Inc.Background job processingUnited States
Anthropic PBCAI model inference (Claude)United States
OpenAI, Inc.AI model inference (GPT)United States
Google LLCAI model inference (Gemini)United States

6. Data Retention

Conversation data is retained for a default period of 90 days from the date of creation. Organization administrators can configure custom retention periods through the admin dashboard, ranging from immediate deletion to indefinite retention based on their organizational requirements and compliance obligations.

Account information is retained for the duration of your active account and for a reasonable period thereafter as necessary for legal, billing, and compliance purposes. Usage analytics and aggregated statistical data may be retained indefinitely, as they cannot be used to identify individual users.

You may request deletion of your personal data at any time by contacting us at privacy@tegendo.ai. Upon receiving a verified deletion request, we will delete or anonymize your personal data within 30 days, except where retention is required by law. Conversation data will be purged from active systems and backups according to our data lifecycle management procedures.

7. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

  • Right of Access (GDPR Art. 15): You have the right to request a copy of the personal data we hold about you, including the purposes of processing, categories of data, and recipients.
  • Right to Rectification (GDPR Art. 16): You have the right to request correction of inaccurate personal data or completion of incomplete personal data.
  • Right to Erasure (GDPR Art. 17): You have the right to request deletion of your personal data, subject to certain exceptions (e.g., legal retention obligations, defense of legal claims).
  • Right to Data Portability (GDPR Art. 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
  • Right to Object (GDPR Art. 21): You have the right to object to the processing of your personal data for direct marketing purposes or processing based on legitimate interests.

To exercise any of these rights, please contact us at privacy@tegendo.ai. We will respond to verified requests within 30 days, or within the timeframe required by applicable law. We may request additional information to verify your identity before processing your request.

8. Cookies

Tegendo.AI uses only essential session cookies that are strictly necessary for the operation of the Service. These cookies maintain your authentication session and ensure secure access to your account. Session cookies are automatically deleted when you close your browser or your session expires.

We do not use tracking cookies, advertising cookies, or any third-party cookies that track your browsing activity across websites. We do not participate in any advertising networks or sell user data. No cookie consent banner is required because we only use cookies that are strictly necessary for the Service to function.

9. Security Measures

We implement and maintain robust technical and organizational security measures to protect your data:

  • Encryption at Rest: All stored data is encrypted using AES-256 encryption. BYOK API keys receive additional application-level encryption.
  • Encryption in Transit: All data transmitted between your browser, our servers, and third-party providers is encrypted using TLS 1.3.
  • Row-Level Security (RLS): Database-level access controls ensure that users can only access data belonging to their own organization, enforced at the database query level.
  • Audit Logging: Comprehensive audit logs track access to sensitive data, administrative actions, and security-relevant events for monitoring and compliance.
  • BYOK Encryption: API keys provided in BYOK mode are encrypted with AES-256 and stored separately from other data, with access restricted to the processing layer.

For more information about our security practices, please visit our Security page.

10. International Transfers

Tegendo.AI and its infrastructure providers are located in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States.

For transfers of personal data from the European Economic Area (EEA), United Kingdom (UK), or Switzerland to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by additional technical and organizational measures where appropriate. Customers requiring executed SCCs may contact us at privacy@tegendo.ai to request a copy of our Data Processing Agreement, which includes the applicable SCCs.

11. Children's Privacy

The Service is not directed to, and is not intended for use by, individuals under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have inadvertently collected personal data from a child under 18, we will take prompt steps to delete such information from our systems.

If you are a parent or guardian and believe that your child has provided personal data to us, please contact us immediately at privacy@tegendo.ai so that we can take appropriate action.

12. Changes to Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. For material changes, we will provide at least 30 days' advance notice via email to the address associated with your account or through a prominent notice on the Service.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy. The "Last updated" date at the top of this page indicates when this policy was most recently revised.

13. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Tegendo.AI LLC

Privacy Inquiries: privacy@tegendo.ai

Data Protection Officer: Joel Tavarez

Website: tegendo.ai