Privacy Policy

1. Introduction

This Privacy Policy explains how Tinfoil, Inc. ("we", "our", "us") handles your information when you use our AI chat and API services. We take privacy seriously. We update this policy when our practices change or as required by law.

2. Data Protection Officer

Tinfoil is headquartered in San Francisco, in the United States. Tinfoil has appointed an internal Data Protection Officer for you to contact if you have any questions or concerns about Tinfoil's personal data policies or practices. If you would like to exercise your privacy rights, please direct your query to Tinfoil's Data Protection Officer at privacy@tinfoil.sh.

3. How we collect and use (process) your personal information

We collect personal information about our customers and aggregated visitor metrics on our website. Website visitor metrics are provided by Plausible and do not contain any personally identifiable information. With a few exceptions, customer information is typically limited to name, email address, IP address, and payment details. We use this information to provide and secure our services. We never sell this personal information and only share it with third parties who are facilitating the delivery of our services (e.g., Clerk, Stripe).

3.1. Legal Basis for Processing

We only collect and process personal data that is strictly necessary for providing our services. This processing is based on the necessity to perform our contract with you (when you use our services) and our legitimate interests in maintaining and improving our services. We do not process personal data for any purposes beyond what is essential for service delivery and maintenance.

3.2. What We Can and Cannot Access

In order to provide and support our services, we can access only the following types of information: Account information (e.g., your name, email address, IP address), usage metrics (e.g., number and frequency of requests made, timestamps), and billing or payment details if you have subscribed to paid features. We cannot access any confidential data that you share with our AI during chat sessions or through the API. All chat content is processed within secure enclaves and never stored on any persistent system accessible by our staff or cloud infrastructure providers. This ensures that your prompts, messages, file uploads, and AI-generated responses remain invisible to us and cloud administrators at all times.

3.3. Categories of information we collect

• Identifiers: name, email address, account ID
• Account and billing information: subscription tier, payment status (payment details handled by Stripe)
• Internet/network activity: IP address, device/browser type, general region, request timestamps
• Support communications: messages you send to us
• Usage metrics: aggregated counts like number of requests and feature usage

3.4. Sources of information

We collect information directly from you (e.g., when you sign up), automatically from your device when you use our Site and Services (e.g., IP and logs), and from service providers that help us run the service (e.g., Clerk for authentication and Stripe for billing).

3.5. How we use your information

• Provide, secure, and maintain the Services
• Authenticate accounts and prevent fraud and abuse
• Process payments and manage subscriptions
• Provide support and communicate about the Services
• Comply with legal obligations and enforce our Terms
• Improve the Services using aggregate, non-identifying analytics

3.6. No “sale” or “sharing” of personal information

We do not sell your personal information and we do not “share” it for cross‑context behavioral advertising as defined under California’s CPRA and similar U.S. state laws. We also do not use targeted advertising cookies.

3.7. Sensitive personal information

We do not seek to collect sensitive personal information. If you choose to provide it to us (for example, in a support email), we will use it only as necessary to provide the Services and will not use it for any additional purposes.

4. Use of the Tinfoil Website

We automatically collect basic log information (IP address, general region, browser, operating system, and usage info) to keep the service secure and working. We use it for billing and authentication and to diagnose issues. Disclosure is limited to trusted providers who help deliver the service.

4.1. Cookies and tracking technologies

We use only essential cookies (e.g., for authentication). We do not use tracking or advertising cookies. Learn more at tinfoil.sh/cookie.

We use Plausible Analytics to gather aggregate usage metrics that help us improve our services. This tool does not track individual users, does not place cookies, and does not store personal data. It collects aggregate metrics (like page views, visit duration, and referral sources) in a privacy-friendly manner and cannot be linked back to you. To learn more, review Plausible's data policy.

5. Use of Tinfoil's Services

We use a confidential computing architecture to protect your interactions with our AI services, whether through our chat interface or API. All AI prompts and generated responses ("interaction data") are processed exclusively within secure enclaves that prevent access by our own staff or any external party. No persistent storage of your interaction data is ever maintained, and any data needed for processing is immediately discarded once the response is generated. As a result, we do not log, monitor, or otherwise access the content of your AI interactions. This zero-access design ensures your prompts and responses remain private to you.

We provide strong privacy safeguards, including confidential computing. You are responsible for meeting any industry-specific rules (e.g., HIPAA, FERPA). We do not claim compliance with those frameworks unless we explicitly say so.

5.1. Sharing information with third parties

The personal information Tinfoil collects from you is stored in one or more databases hosted by third parties located in the United States. These third parties do not use or have access to your personal information for any purpose other than cloud storage and retrieval. On occasion, Tinfoil uses third parties (e.g., Resend) to send information to you via email. This includes information about our products, services, and events.

Our third-party subprocessors include Amazon Web Services, Cloudflare, Clerk, Google Workspace, Plausible, Stripe, Tigerdata, and Vercel. We do not share your personal data for others' independent use. We may share it: (1) at your request; (2) to comply with law; (3) with our agents, vendors, or service providers; (4) to protect rights, property, or safety; (5) to address emergencies; or (6) to resolve disputes or when someone has legal authority to act for you. We may also share aggregated, non-identifying statistics.

In the event that Tinfoil undergoes a merger, acquisition, divestiture, restructuring, reorganization, or sale of some or all of its assets, your personal data may be transferred to the acquiring or surviving entity. Should such a transfer occur, Tinfoil will use reasonable efforts to ensure that the new entity follows the terms of this Privacy Policy (or provides you notice of any significant changes). We will notify you if any ownership changes happen and whether your personal data is subject to a different Privacy Policy as a result.

5.2. Payment Processing

For handling subscription payments or other paid features, we use Stripe, a leading third-party payment processor. When you provide your payment information, it is transmitted directly to Stripe's secure systems; we never store your full credit card information on our own servers. Stripe is certified as PCI DSS Level 1 compliant, which is the highest standard of payment data security. For more information on how Stripe processes personal data, please reviewStripe's Privacy Policy.

5.3. Data Processing Addendum (DPA)

For business and enterprise customers, we offer a Data Processing Addendum (including Standard Contractual Clauses, where applicable) describing our role as a processor for customer data. To request a DPA, contact privacy@tinfoil.sh.

6. Transferring personal data to the U.S.

Tinfoil has its headquarters in the United States. Information we collect about you will be processed in the United States. By using Tinfoil's services, you acknowledge that your personal information will be processed in the United States. If you are in the EEA or UK, we use Standard Contractual Clauses (SCCs) and other safeguards for these transfers.

Depending on the circumstance, Tinfoil also collects and transfers to the U.S. personal data with consent; to perform a contract with you; or to fulfill a compelling legitimate interest of Tinfoil in a manner that does not outweigh your rights and freedoms. Tinfoil endeavors to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with Tinfoil and the practices described in this Privacy Policy. Tinfoil also enters into data processing agreements and model clauses with its vendors whenever feasible and appropriate. As of yet, Tinfoil has received zero government requests for information. For more information or if you have any questions, please contact us at privacy@tinfoil.sh.

7. Data Subject rights

The European Union's General Data Protection Regulation (GDPR) and other laws provide certain rights for data subjects. These include:

• Right to be informed
• Right of access
• Right to rectification
• Right to erasure
• Right to restrict processing
• Right to data portability
• Right to object
• Rights related to automated decision making, including profiling

To exercise your rights, email privacy@tinfoil.sh. We respond within 30 days and will explain any limits that apply.

8. Security of your information

In the unlikely event of a security incident that affects your personal data, we will notify you (and any relevant supervisory authorities) no later than 72 hours after becoming aware of the incident, as required by the GDPR. Our notification will include details about the nature of the incident, the data affected, and the steps we are taking to secure your information and prevent further incidents. We may also provide guidance on any precautionary measures you can take to protect yourself.

8.1. Data storage and retention

Your personal data is stored by Tinfoil on its servers and on the servers of cloud-based database management services Tinfoil engages, located in the United States. Tinfoil retains service data for the duration of your relationship with Tinfoil and for a limited period thereafter for operations, security, and archival purposes associated with Tinfoil's services. Tinfoil retains prospect data until such time as it no longer has business value and is purged from Tinfoil's systems. All personal data that Tinfoil controls can be deleted upon verified request from Data Subjects or their authorized agents. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at: privacy@tinfoil.sh.

9. Children's data

Our Services are for users 13 years and older (or higher where required by local law). We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us personal data, please contact us so we can delete it.

10. Questions, concerns or complaints

If you have questions, concerns, complaints, or would like to exercise your rights, please contact us at: privacy@tinfoil.sh.