Privacy Policy

Last updated: April 6, 2025

At Tillion, protecting privacy is a key priority. The purpose of this privacy policy (the “Privacy Policy”) is to set out how Tillion Inc. (“Tillion”, “we”, “our” or “us”) collects, uses, stores, discloses or otherwise processes personal information about customers and other individuals (collectively “you”) who access or use Tillion’s website (the “Website”), and / or any of our products or services (collectively, the “Services”).

We encourage you to read this Privacy Policy carefully to understand how we handle your personal information and learn about your privacy rights. By using our Services, you acknowledge and agree that we may collect and use your personal information as described in this Privacy Policy.

Specifically, this Policy describes our privacy practices as follows:
1. Personal Information We Collect
2. How We Use Information Collected and Lawful Basis for Processing
3. Disclosure of Personal Data
4. Retaining Personal Information
5. Transfer of Personal Information
6. Cookies and Tracking Technologies
7. Security Measures and Data Protection
8. Your Choices and Data Subject Rights
9. Children’s Privacy
10. Updates and Amendments
11. How to Contact Us

Our Services are designed for businesses. Accordingly, we treat all personal information covered by this Policy, including information about any visitors to our Website, as pertaining to individuals acting as business representatives, rather than in their personal capacity.

Any capitalized but undefined term in this Policy shall have the meaning given to it in our Terms of Service (“Terms”).

1. Personal Information We Collect

When we use the terms “Personal Data” or “Personal Information” in this Privacy Policy, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an individual. It does not include aggregated or anonymized information that is maintained in a form that is not reasonably capable of being associated with or linked to an individual.

When you use or access the Services, we collect certain categories of information about you from a variety of sources, as described below.

A. Information you provide us

Some features of the Services may require you to directly provide us with certain information about yourself. You may elect not to provide this information, but doing so may prevent you from using or accessing these features. Information that you directly submit through our Services includes:‍

Account Information. When you create an account or otherwise use the Services, we collect information associated (“Account Information”) with your account, including your name, email address, telephone number, password, title, payment information and any optional information you choose to add. If you choose to register an account, you are responsible for keeping your account credentials safe. We recommend you do not share your access details with anyone else. If you believe your account has been compromised, please contact us immediately at support@tillion.ai.
User Account. To provide you with the Services, we may collect Personal Data that you provide as input to our Services (“User Content”), depending on the features you use.
Communication Information. If you communicate with us, such as via email or our pages on social media sites, we may collect Personal Data like your name, contact information, and the contents of the messages you send‍ (“Communication Information”).
Payment information. We use information such as credit or debit card information and billing address, which we collect using a third-party payment processor (“Payment Information”), where necessary to perform our contract with you to process your payment and provide the Services.
Job Applications. We may post job openings and opportunities on the Site. If you reply to one of these postings by submitting your application, CV or additional information to us, we will collect and use your information to assess your qualifications and to communicate with you.
Service Interaction Information. Your input and output, such as questions, prompts and other content that you input, upload or submit to the Services, and the output that you create, and any collections or pages that you generate using the Services (“Service Interaction Information”). This content may constitute or contain Personal Information, depending on the substance and how it is associated with your account. We use this information where necessary to perform our contract with you to generate and output new content as part of the Services.
Other Information You Provide. Any other information you choose to include in communications with us when necessary to perform our contract with you, for example, when sending a message through the Services or providing your size when purchasing certain products.

B. Information we collect automatically

‍Through your interaction with our Services, we automatically collect (including through the use of analytics and system monitoring tools) Personal Information that may include the following (“Usage Data”):

Log Data: we collect information that your browser or device automatically sends when you use our Services. Log data includes your internet protocol address, browser type and settings, the date and time of your request, and how you interact with our Services.
Location Information: we may determine the general area from which your device accesses our Services based on information like its IP address for security reasons and to make your product experience better, for example to protect your account by detecting unusual login activity or to provide more accurate responses.
Device Information: we collect information about the device you use to access the Services, such as the name of the device, device identifiers, and browser you are using.
Usage Data: We collect information about your use of the Services, including the content you view or interact with, features you use, actions taken, time zone, country, access dates and times, device type, user agent and version, and connection details.
Cookies and Similar Technologies: We use cookies and similar technologies to operate and administer our Services, and improve your experience. For more information on how we use Tracking Technologies and your choices, see section 6 below (“Cookies and Other Tracking Technologies”) as well as our Cookies policy.

C. Information we collect from other sources

We may obtain data from partners, such as security providers, to safeguard our Services against fraud, abuse, and other security risks. Additionally, we may collect information from marketing vendors who identify potential customers for our business solutions.

2. How We Use Information Collected and Lawful Basis for Processing

Subject to applicable laws, we will use your Personal Information as necessary to provide our Services and develop it (“Performance of Contract”); to comply with our legal and contractual obligations (“Legal Obligations”); to support our legitimate, such as maintaining and improving our Services, promoting our products and services, developing marketing, protecting and securing our customers, ourselves and our Services from misuse and law violations (“Legitimate Interests”). Where we rely on Legitimate Interests as the lawful basis for processing Personal Data, we have conducted Legitimate Interest Assessments (LIAs) to ensure that such interests do not override your rights and freedoms.

Use of Google Workspace API Data

We do not use Google Workspace API data to develop, improve, or train generalized or non-personalized AI/ML models, such as large language models (LLMs). Specifically:

AI/ML Model Development: We do not use any Google user data for developing AI/ML models.
Third-Party Transfers: We do not transfer Google user data to third-party AI tools for the purpose of training generalized AI/ML models.

‍
‍If you reside or are using the Services in a territory governed by privacy laws under which consent is the only or most appropriate legal basis for the processing of Personal Information as described herein (in general, or specifically with respect to the types of Personal Information you expect or elect to process or have processed by us) (“Consent”), your acceptance of our Terms and this Privacy Policy will be deemed as your consent to the processing of your Personal Information for all purposes detailed in the Policy. If you wish to revoke such consent, please contact us via privacy@tillion.ai.

‍

The table below provides more specific information on our purposes, the types of information that may be processed and the legal basis on which we process it:

Purpose of Processing	Type of Personal Data Processed	Lawful Basis for Processing
To facilitate, operate, provide, analyze and maintain our Services	Account Information User Content Communication Information Other Information You Provide Log Data Usage Data Device Information Location Information Cookies and Similar Technologies	Performance of Contract - Where necessary to perform a contract with you, such as processing your prompts to provide an output Legitimate Interests
To communicate with you, including sending you information about new features, products or special events	Account Information Communication Information Social Media Information Other Information You Provide Log Data Usage Data Device Information Cookies and Similar Technologies	Consent - where required under applicable law Performance of Contract - Where necessary to perform a contract with you, such as processing your contact information to send you a technical announcement about the Services
Improve and develop our Services	Account Information User Content Communication Information Other Information You Provide Log Data Usage Data Device Information Cookies and Similar Technologies	Performance of Contract Legitimate Interests
Prevent, investigate, and respond to fraud, unauthorized access to or use of our Services, breaches of terms and policies, or other wrongful behavior	Account Information User Content Communication Information Social Media Information Other Information You Provide Data We Receive From Other Sources Log Data Usage Data Device Information Cookies and Similar Technologies	Legitimate interests - where necessary for our legitimate interests and those of third parties, including in protecting our Services from abuse, fraud, or security risks, such as processing data from security partners to protect against fraud, abuse and security threats in our Services Legal Obligations
Enforce our Terms, this Policy and other contractual arrangements, to comply with court orders and warrants and to take any action in any legal dispute and proceeding	Account Information Communication Information Payment Information User Content Log Data Usage Data Device Information Location Information Cookies and Similar Technologies Data We Receive From Other Sources	Performance of Contract Legitimate Interests Legal Obligations
Invoice and process payments	Payment Information Account Information Communication Information Log Data Usage Data Device Information Location Information Cookies and Similar Technologies Data We Receive From Other Sources	Performance of Contract Legitimate Interests
Comply with legal obligations and protect the rights, privacy, safety, or property of the Company, our users or third parties	Account Information User Content Communication Information Social Media Information Other Information You Provide Data We Receive From Other Sources Log Data Usage Data Device Information Cookies and Similar Technologies	Legal Obligations Legitimate Interests
Create aggregated statistical data, inferred non-personal data, or anonymized or pseudonymized data (rendered non-personal and non-identifiable), which we or our Service Providers may use to provide and improve our Service, or for any other purpose	Usage Data Log Data Device Information Cookies and Similar Technologies Service Interaction Information Account Information Communication Information User Content Location Information Data We Receive From Other Sources	Performance of Contract Legitimate Interests

‍

3. Disclosure of Personal Data

I. Service Providers: We may engage selected third parties to perform Services complementary to our Services. Such service providers may include hosting and server co-location services, communications and content delivery networks (CDNs), data security services, fraud detection and prevention services, analytics services, e-mail distribution and monitoring services, session, call or activity recording and analysis services, remote access services, performance measurement, data optimization and marketing services, social and advertising networks, content providers, e-mail, voicemails, support and customer relation management systems, and our legal, financial and compliance advisors (collectively, “Service Providers”). Our Service Providers may have access to Personal Information, depending on each of their specific roles and purposes in facilitating and enhancing the Services, and may only use the information for such limited purposes and commit to protect your privacy as determined in our agreements with them. All third-party service providers processing Personal Data on our behalf are bound by Data Processing Agreements (DPAs) that align with GDPR and other relevant privacy regulations. These agreements ensure that your data is processed securely and only for the intended purposes.

II. Advertising Partners: We do not disclose or use your information to advertise any third party’s products or services via the Services. However, we may disclose your information to third-party advertising partners to market our own Services and grow our Services’ user base, such as to provide targeted marketing about our own Services via third-party services. Please see the “Your Choices” and “Data Subject Rights” sections below for additional information.
‍
III. Legal Compliance: We may disclose or allow government and law enforcement officials access to your Personal Information, in response to a subpoena, search warrant or court order (or similar requirement), or in compliance with applicable laws and regulations. Such disclosure or access may occur if we believe in good faith that: (a) we are legally compelled to do so; (b) disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing; or (c) such disclosure is required to protect the security or integrity of our Services.
‍
IV. Protecting Rights and Safety: We may share your Personal Information if we believe in good faith that this will help protect the rights, property or safety of our Company, any of our users, or any members of the general public.

‍
V. Merger, sale, or other structural change: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of some or all assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.

VI. Professional Advisors: As necessary, we will share your Personal Data with professional advisors such as auditors, law firms, or accounting firms.

4. Retaining Personal Information

We will retain your Personal Data for only as long as necessary to provide our Services to you or fulfill the purposes for which it was collected. This includes legitimate business purposes, such as resolving disputes, ensuring safety and security, complying with legal obligations, or protecting our rights, property, or products, prevent harm, promote safety, security and integrity or to have proof and evidence concerning our relationship in case of legal issues following the termination of Services.

When determining the length of time to retain your information, we consider various criteria, including the following factors:

our purpose for processing the data (e.g., whether it is required to continue providing our Services);
the amount, nature, and sensitivity of the information;
the potential risk of harm from unauthorized use or disclosure; and
any applicable legal or contractual requirements.

If the retention purpose has been fulfilled, we will securely delete, restrict access to, or de – identify your Personal Information unless further retention is required by law. If deletion is not possible due to legal or technical constraints, we will ensure that your Personal Data is securely archived and access is restricted. Additionally, under applicable privacy laws, you have the right to request deletion of your Personal Data, subject to legal or contractual obligations.

Except as required by applicable law or specific agreements with you, we are not obligated to retain your Personal Information for any particular period and may securely delete, restrict access to, or de-identify it at our sole discretion.

5. Transfer of Personal Information

We may store and process Personal Information by using third parties in the European Union, the United States and other countries, as reasonably necessary for the performance of our contract with you and for the proper performance and delivery of our Services, or as may be required by law. While privacy laws may vary between jurisdictions, we require our Service Providers to provide us with adequate security commitment to protect your privacy as required under the applicable law and this Privacy Policy.

The Personal Information we collect may be transferred to, stored at, processed in, or accessed from countries outside the jurisdiction in which you are based, including in jurisdictions where our servers, affiliates, service providers, or other third parties are located. Specifically, we have servers for our Services in the United States and support, engineering, and other operational teams who may process your Personal Information from various locations, including the United States. We only transfer Personal Data outside the European Economic Area (EEA) to jurisdictions with an adequacy decision by the European Commission or using Standard Contractual Clauses (SCCs) where applicable. You can contact us at privacy@tillion.ai for further details about our data transfer mechanism

‍If you are located in the European Economic Area (EEA), Switzerland or the UK, please note that in case of transfer of Personal Information related to you to other jurisdictions, we will use appropriate safeguards by way of entering into the European Union (EU) Standard Contractual Clauses with the relevant recipients of such information.

By using our Services and acknowledging this Privacy Policy, you consent to the transfer of your Personal Information across borders to jurisdictions where we have databases or affiliates.

While data protection laws vary between countries, we apply the protections described in this Privacy Policy to your Personal Data regardless of where it is processed. If you wish to inquire further about our data transfer mechanisms, please contact us at support@tillion.ai.

6. Cookies and Tracking Technologies

We use cookies and other technologies for performance, tracking, analytics and personalization purposes. Non-essential cookies will only be deployed after receiving your explicit consent via our Cookie Consent Banner. We may share aggregated and anonymized cookie data with our service partners for our legitimate business purposes.

‍
Cookies are packets of information sent to your web browser and then sent back by the browser each time it accesses the server that sent the cookie. Some cookies are removed when you close your browser session. These are the “Session Cookies”. Some last for longer periods and are called “Persistent Cookies”. We use both types.

We use Persistent Cookies to remember your log-in details and make it easier for you to log-in the next time you access the Platform. These cookies may also be used for analytics, personalization, and improving user experience.‍

While we respect Global Privacy Control (GPC) signals and other opt-out mechanisms where legally required, we currently do not respond to older "Do Not Track" signals in the HTTP header from a browser or mobile application. However, you can manage your cookie preferences—including whether or not to accept cookies and how to remove them—through your browser settings or via our Cookie Consent Banner. Please note that disabling cookies may affect the availability and functionality of certain features on our Site.

‍Additional information and a list of the cookies we use can be found in our Cookies Policy.

7. Security Measures and Data Protection

We are committed to securing your Personal Information and employ industry-standard physical, procedural, and technical security measures, including encryption where appropriate, to safeguard your data. However, no method of transmission over the internet or electronic storage is one – hundred percent secure, and therefore, we cannot guarantee absolute protection of your Personal Information.

While we take all reasonable steps to protect your data, we cannot ensure or warrant that our Services will be entirely immune to unauthorized access, malfunctions, unlawful interceptions, security breaches, or misuse by third parties.

In the event of a data breach affecting your Personal Information, we will notify relevant supervisory authorities and affected individuals as required by applicable law within the legally mandated timeframes.

To the fullest extent permitted by applicable law, we disclaim liability for unauthorized disclosure or access to your Personal Information resulting from circumstances beyond our reasonable control.

By using our Services or providing your information to us, you consent to receiving electronic communications from us regarding security, privacy, and administrative updates related to your use of the Services.

8. Your Choices and Data Subject Rights

If you do not agree to the collection, use, or sharing of Personal Information as described in this Policy, please do not use the Services or provide us with such information. By using the Services or providing us with Personal Information through the Services, you are "opting in" to the collection, use, and sharing of that information as described in this Policy.

Depending on where you live, you may have certain rights under applicable privacy laws, including but not limited to the EU or UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the California Privacy Rights Act (CPRA). These rights may include:

Right to Access / Know: You may have the right to access the Personal Information we hold about you, including information about our collection, use, and disclosure of your Personal Information.
Right to Delete: You may have the right to request that we delete Personal Information we maintain about you.
Right to Correct: You may have the right to request that we correct inaccurate Personal Information we maintain about you.
Right to Portability: You may have the right to receive a copy of the Personal Information we hold about you in a structured, machine-readable format and request that we transfer it to a third party.
Right to Restrict Processing: You may have the right to ask us to stop, suspend, or restrict our processing of your Personal Information.
Right to Object: You may have the right to object to our processing of your Personal Information, including for direct marketing purposes or where processing is based on our legitimate interests.
Right to Withdraw Consent: Where we rely on consent as the legal basis for processing your Personal Information, you may have the right to withdraw your consent at any time. Please note that withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. You can withdraw your consent for data processing activities based on consent at any time by contacting us at privacy@tillion.ai. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority.

If you wish to exercise any of these rights, please contact us at privacy@tillion.ai.

When you make a request to exercise your rights, we may need to verify your identity. This could include asking you to provide identifying information, such as your email address or a government-issued ID. If you authorize someone else to make a request on your behalf, we will require proof of authorization (e.g., a power of attorney) and may still require you to verify your identity directly with us.

If we decline your request to exercise your rights, you may appeal our decision by contacting us at privacy@tillion.ai. Appeals will be reviewed, and we will respond within 30 days from receipt of your appeal. If you wish to unsubscribe from promotional communications or newsletters, you can do so by following the “unsubscribe” instructions included in those communications or by contacting us at privacy@tillion.ai.

Please note:

In the event of an erasure request, we may retain a copy of your Personal Information for record-keeping purposes and to prevent re-entering your data into our systems after deletion.
When providing data in response to an access request, we may redact Personal Information related to others to protect their privacy.
If you wish to delete your account, you may request account deletion via privacy@tillion.ai , and we aim to delete your data from our servers within 30 days, subject to legal and regulatory obligations.

For more details about your privacy rights under applicable data protection laws, you can refer to the following resources:

For EU Residents (GDPR): Visit the European Commission’s Website.
For UK Residents (UK GDPR): Visit the Information Commissioner's Office (ICO) Website.
For California Residents (CCPA/CPRA): Visit the California Privacy Protection Agency.
For Canadian Residents (PIPEDA): Visit the Office of the Privacy Commissioner of Canada.

If you have specific questions about your privacy rights in your region, please contact us at privacy@tillion.ai.

9. Children’s privacy

Our Services are intended for general audiences and are not directed at individuals under the age of 18. We do not knowingly collect, use, or store Personal Information from individuals under 18 without verifiable parental or legal guardian consent, where required by applicable law.

If we become aware that we have inadvertently collected Personal Information from an individual under 18 without proper consent, we will take immediate steps to delete such information from our records.

If you believe that we might have inadvertently collected Personal Information from someone under the age of 18, please contact us immediately at privacy@tillion.ai.

Parents and legal guardians: If you become aware that your child has provided us with Personal Information without your consent, please contact us immediately. We will take all reasonable steps to verify your identity as the child’s parent or legal guardian before processing your request.

10. Updates and Amendments

We may modify this Privacy Policy from time to time, in which case we will update the “Last Updated” date at the top of this Privacy Policy. If we make material changes to the way in which we use or disclose information we collect, we will use reasonable efforts to notify you (such as by emailing you at the last email address you provided us, by posting notice of such changes on the Services, or by other means consistent with applicable law) and will take additional steps as required by applicable law. If you do not agree to any updates to this Privacy Policy, please do not continue using or accessing the Services.

11. How to contact us

If you have questions regarding this Privacy Policy or wish to exercise your privacy rights, you may contact our Data Protection Officer (DPO) at: privacy@tillion.ai.