Privacy Policy

1. Introduction

Tandom ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services. By using our services, you also agree to our Terms of Service .

2. Information We Collect

2.1 Information You Provide

• Account information (name, email address, password)
• Profile information (role, industry, company information)
• Payment information (processed securely through third-party providers)
• Communications with us (support tickets, feedback)

2.2 Information We Collect Automatically

• Usage data and interaction patterns with our platform
• Device information (IP address, browser type, operating system)
• Log files and analytics data
• Cookies and similar tracking technologies

2.3 Third-Party Integration Data Access

When you connect third-party services to our platform, we access only the data necessary to perform the specific AI automation tasks you configure. The types of data we may access include:

Core Data Types We Access

• Content Data: Documents, files, messages, emails, notes, presentations, and other content you create or store
• Structured Data: Database records, spreadsheet data, CRM contacts, task lists, and organized information
• Communication Data: Messages, chat history, email threads, meeting information, and collaboration activity
• Scheduling Data: Calendar events, availability, meetings, appointments, and time-based information
• Operational Data: Business processes, workflows, transaction records, and operational metrics
• Profile and Authentication Data: User profiles, permissions, authentication tokens, and account information

How We Access This Data

• Read Access: To analyze, process, and understand your data for AI automation tasks
• Write Access: To create, update, and modify data as directed by your automation configurations
• Metadata Access: To understand data structure, relationships, and context for proper automation

Scope and Permissions: We only access data from services you explicitly connect and authorize. Each integration requests specific permissions that you must approve before any data access occurs.

2.4 Service Data

When you use our services, we may collect data necessary to provide and improve our platform. This may include:

• Service usage patterns and interactions
• Configuration and preference settings
• Content and data you choose to process through our services
• Third-party integration data you authorize us to access

3. How We Use Your Information

We use your information exclusively to provide you with the services you request:

• Provide, operate, and maintain our services
• Process and fulfill your requests
• Improve our platform and develop new features
• Process payments and manage your account
• Communicate with you about our services
• Ensure security and prevent fraud
• Comply with legal obligations
• Provide customer support

3.1 Third-Party Integration Data Usage

We use third-party integration data exclusively to execute the specific AI automation tasks and workflows that you configure. Your automations can perform any legitimate business task you authorize them to do using your connected services and data.

Scope of Automation Tasks: Your automations operate according to the instructions, goals, and parameters you define. They can access, analyze, create, modify, and manage data across your connected services to accomplish the objectives you set for them.

Common categories of tasks include, but are not limited to:

• Productivity and Communication: Managing calendars, emails, documents, presentations, and team communications
• Business Operations: Updating databases, managing customer relationships, processing transactions, and coordinating workflows
• Data Analysis and Reporting: Analyzing information, generating reports, creating dashboards, and providing business insights
• Content and Media Management: Creating, editing, organizing, and distributing various types of content across platforms
• Integration and Automation: Synchronizing data between systems, triggering actions based on conditions, and orchestrating complex multi-step processes
• Custom Business Logic: Any other legitimate business tasks you configure within the capabilities of your connected services

Important: Your automations only perform tasks you explicitly configure and authorize. You maintain full control over what actions they can take and what data they can access within each connected service.

4. Data Storage and Security

We implement comprehensive security measures to protect all your information:

• Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption
• Access Controls: Strict role-based access controls ensure only authorized personnel can access user data
• Authentication: Multi-factor authentication and secure OAuth 2.0 protocols for all integrations
• Infrastructure Security: Cloud-based infrastructure with regular security updates and monitoring
• Regular Audits: Ongoing security assessments and penetration testing
• Data Isolation: User data is logically separated and isolated within our systems
• Secure Storage: All user data is stored in encrypted databases with restricted access
• Limited Access: Only essential systems and authorized personnel have access to user data
• Data Minimization: We only store the minimum amount of data necessary to provide our services
• Secure API Communication: All communication with third-party APIs uses secure, encrypted channels
• Continuous Monitoring: Ongoing monitoring and security assessments of all data handling

4.1 Data Processing Location

Your data is processed and stored primarily in secure data centers in the United States. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable privacy laws.

4.2 Security Incident Response

In the unlikely event of a security incident involving your data:

• Prompt Detection: We maintain continuous monitoring systems to detect potential security incidents
• Immediate Response: Our security team responds immediately to contain and investigate any incidents
• User Notification: We will notify affected users promptly and provide clear information about the incident and any actions you should take
• Regulatory Reporting: We will report security incidents to relevant authorities as required by applicable laws and third-party integration's terms
• Remediation: We will take all necessary steps to remediate the incident and prevent future occurrences

5. Data Sharing and Disclosure

We do not sell, rent, or share your personal information with third parties for their own purposes. Your data is used exclusively to provide the services you request.

We may share your information only in these limited circumstances:

• With your explicit consent: When you specifically authorize us to share data with third-party services you connect to your AI workflows
• For service provision: With trusted service providers who help us operate our platform, but only to the extent necessary to provide our services and under strict confidentiality agreements
• Legal compliance: When required by law, regulation, or valid legal process
• Security and safety: To protect our users, platform, or the public from harm, fraud, or illegal activity
• Business transactions: In connection with a merger, acquisition, or sale of assets, subject to the same privacy protections

All data sharing is subject to the same strict privacy protections and security measures regardless of the data source.

6. Your Privacy Rights and Control

6.1 Your Privacy Rights

You have comprehensive control over all your personal information, including data from integrated services:

• Explicit Consent: We will only access your data after obtaining your explicit, informed consent
• Granular Control: You can choose which specific services to connect and what data to authorize
• Revoke Access: You can disconnect services at any time from your account settings or the service provider directly
• Transparency: We clearly explain what data we're requesting and why before asking for permission
• No Surprise Changes: We will obtain new consent if we need to access additional data or use data for new purposes
• Access and Review: Access and review your personal information
• Correct Information: Correct inaccurate or incomplete information
• Request Deletion: Request deletion of your personal information (subject to legal requirements)
• Control Processing: Control certain data collection and processing activities
• Privacy Preferences: Manage your privacy preferences and settings
• Data Export: Request a copy of your data in accessible formats
• Object to Processing: Object to certain processing of your personal information
• Withdraw Consent: Withdraw consent where applicable at any time

6.2 Exercising Your Rights

To exercise any of these rights:

• Access your account settings for self-service privacy controls
• Contact us at privacy@tandom.ai with specific requests
• For third-party data, use your third-party account settings to manage permissions directly
• We will respond to your requests within timeframes required by applicable law

7. Data Retention and Deletion

7.1 Third-Party Integration Data Retention

We retain third-party integration data only for as long as necessary to provide the services you have requested:

• Active Services: Integration data is retained while your account is active and you are using the connected services
• Cached Data: Temporary caches of integration data are automatically deleted within 30 days
• Access Tokens: OAuth tokens are refreshed regularly and expired tokens are immediately deleted
• Account or Integration Deletion: When you delete your account or disconnect a service, all associated integration data is deleted within 30 days

7.2 Data Deletion Rights

You have the right to request deletion of your data at any time:

• Account Deletion: You can delete your entire account, which removes all data including integration data within 30 days
• Selective Deletion: You can request deletion of specific data categories by contacting our support team

7.3 Legal Compliance and Data Retention

We retain all user data, for as long as necessary to:

• Provide and maintain our services to you
• Comply with legal obligations in jurisdictions where we operate, including applicable privacy and data protection laws
• Resolve disputes and enforce our agreements
• Meet regulatory requirements including tax, accounting, and audit obligations
• Comply with law enforcement requests and legal proceedings

7.4 Minimum Retention Periods

Even when you request deletion, we may retain certain data for legally required minimum periods:

• Financial and Tax Records: As required by applicable tax and accounting laws
• Security and Authentication Data: For periods necessary for security and fraud prevention purposes
• Legal Compliance Data: As required by applicable laws and regulations in relevant jurisdictions
• Dispute Resolution: Until resolution of any ongoing legal matters

Note: These retention requirements apply to all user data, including third-party integration data, when retention is required for legal compliance. However, we will delete integration data as soon as legally permissible and will not retain it longer than necessary for legitimate business or legal purposes.

7.5 Data Portability and Export

In compliance with applicable data protection laws, you have the right to export your data:

• Account Data Export: You can export your account information, worker configurations, and run histories through your account settings
• Integration Data Access: Your third-party integration data remains accessible through the respective service providers and can be exported directly from their platforms
• Bulk Export: Contact our support team for assistance with bulk data exports in commonly used formats
• Export Accessibility: We provide data exports in reasonable timeframes and accessible formats

7.6 How to Request Data Deletion

To request deletion of your data:

• Visit your account settings to manage connected services and data
• Contact us at privacy@tandom.ai with your deletion request
• For third-party integration data, you can also manage permissions directly through the respective service provider's account settings
• Include specific details about what data you want deleted and any applicable legal requirements

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection laws.

9. Children's Privacy

Our services are not intended for children under 16 years of age (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may also provide additional notice such as email notification.

11. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at: