Legal
Privacy Policy
Last updated: 5 July 2026
This Privacy Policy explains how Tidbit ("Tidbit", "we", "us") collects, uses, and shares information when you use our website at usetidbit.ai and our software service (the "Service"). By using the Service you agree to this policy.
1. Information we collect
- Account and contact information - name, work email, company, and similar details you provide when you request access or correspond with us.
- Authentication credentials - API keys and tokens you configure so the Service can operate on your behalf. These are stored securely and used only to provide the Service.
- Usage and metering data - request counts, volumes, timestamps, cost and savings metrics, and diagnostic logs generated when you use the Service.
- Billing information - when paid plans launch, payments are processed by Stripe; we receive limited billing details (such as the last four digits of a card and billing status) but do not store full card numbers.
- Website data - basic server logs (such as IP address and user agent) collected when you visit this site.
2. How we use information
We use information to provide, operate, secure, and improve the Service; to meter usage and calculate billing; to communicate with you about your account and support requests; and to comply with legal obligations. We do not sell your personal information.
3. Subprocessors and third parties
We rely on a small set of vetted third-party providers to run the Service. Current subprocessors include:
- Anthropic - AI model provider used to fulfil AI requests made through the Service.
- Google Cloud Platform (Google LLC) - cloud hosting, compute, storage, and networking infrastructure.
- Amazon Web Services - Simple Email Service (AWS SES) - transactional and account email delivery.
- Stripe - payment processing and subscription billing (once paid plans are active).
Each subprocessor is bound by its own terms and data-protection commitments. We will update this list as our providers change.
4. Data retention
We retain account and metering data for as long as your account is active and as needed to provide the Service, then delete or anonymize it within a reasonable period unless a longer retention is required by law. Server and diagnostic logs are typically retained for a limited window (for example, up to 90 days) and then rotated out. You may request deletion of your data as described below.
5. Security
We use industry-standard measures - encryption in transit, access controls, and secure secret storage - to protect information. No method of transmission or storage is completely secure, but we work to protect your data and to notify you of material incidents as required by law.
6. Your rights
Depending on where you live, you may have the right to access, correct, export, or delete your personal information, and to object to or restrict certain processing. To exercise any of these rights, email nibble@usetidbit.ai and we will respond within the time required by applicable law.
7. International transfers
We and our subprocessors may process data in the United States and other countries. Where required, we use appropriate safeguards for such transfers.
8. Children's privacy
The Service is intended for businesses and is not directed to children under 18. We do not knowingly collect information from children.
9. Changes to this policy
We may update this policy from time to time. Material changes will be posted here with an updated date.
10. Contact
Questions or requests? Email nibble@usetidbit.ai.