Privacy Policy
Effective: May 9, 2026
Our Privacy Commitment
At Tedigo Agency, privacy isn't just compliance—it's fundamental to how we build trust. This document explains our data practices in plain language, focusing on transparency and your control over your information.
📊 The Data Lifecycle at Tedigo
Collection Phase
We gather information through three primary channels:
- •Direct Input: Information you provide when creating accounts, configuring chatbots, or uploading training materials
- •Platform Activity: Usage patterns, feature interactions, and performance metrics
- •Third-Party Integrations: Data from connected services like payment processors and AI providers
Processing Phase
Your data powers these core functions:
- •Training and optimizing your AI chatbots
- •Analyzing conversation patterns for insights
- •Preventing fraud and maintaining security
- •Personalizing your dashboard experience
Storage & Retention
We maintain different retention periods based on data type:
Account Data
Active duration + 90 days
Chat Logs
Based on your plan (30-365 days)
Training Data
Until manually deleted
Analytics
Aggregated indefinitely
🔍 Detailed Data Categories
Identity Information
Names, email addresses, company details, and profile photos you provide. This creates your account identity and enables team collaboration.
Legal basis: Contract fulfillment
Business Content
Documents, knowledge bases, and custom responses you upload to train chatbots. This remains your intellectual property.
Legal basis: Legitimate interest in service provision
Interaction Logs
Conversations between users and your chatbots, including timestamps and metadata. Essential for quality improvement and support.
Legal basis: Legitimate interest in service optimization
Technical Metadata
IP addresses, browser information, device identifiers, and session data. Used for security and performance optimization.
Legal basis: Legitimate interest in platform security
Financial Records
Billing information, transaction history, and payment methods. Securely processed through certified payment partners.
Legal basis: Contract fulfillment and legal compliance
🤝 Data Sharing Framework
Our Sharing Principles
✓We never sell your personal data to third parties
✓Sharing is limited to essential service operations
✓All partners undergo security vetting
✓You maintain ownership of your business content
Subprocessors
The full list of subprocessors that may process customer data is published in Tedigo's Subprocessor List, which we keep current. The categories below summarize who does what.
Hetzner Online GmbH (infrastructure)
Primary cloud infrastructure — compute, networking, and SeaweedFS object storage. Region: Ashburn, Virginia, USA. EU residency available on request for EU customers.
AI providers (Tedigo-managed)
Tedigo Agency is a managed service: we operate the AI provider relationships listed below on your behalf as part of the subscription. Bring-your-own-key (BYOK) arrangements are available off-list under a separate written agreement; when BYOK is configured, prompts and responses go directly from your account to the provider and Tedigo does not retain the AI traffic.
- OpenAI, L.L.C. — chat completions and embeddings. API data not used for model training.
- Anthropic, PBC — Claude API for assistant fallback and code-execution agents.
- Groq, Inc. — low-latency inference for Llama (chat), Whisper (speech-to-text), and Orpheus (text-to-speech). Built with Llama.
- Google LLC — Gemini Live for real-time voice conversations.
- Fixie.ai, Inc. (Ultravox) — voice AI for public chat widget and dashboard voice mode (uses LiveKit transport).
None of these providers train their models on Agency customer data (default API contracts).
Twilio Inc. and Telnyx LLC (voice and SMS carriage)
Tedigo provisions and operates inbound and outbound phone numbers through Twilio and Telnyx. Call and SMS metadata (numbers, timestamps, duration, routing) flows through these carriers as a normal part of voice and messaging service. Tedigo does not delegate billing, identity, or recording-retention decisions to these carriers.
Stripe, Inc. (payments)
Subscription billing and the customer portal. PCI-DSS Level 1. Tedigo never sees your card data.
DNS providers
Cloudflare and DigitalOcean handle DNS resolution for tedigo.com. They do not store customer data — only DNS query logs.
Email (self-hosted)
Transactional email (verification, password reset, notifications) is sent from Tedigo's self-hosted mail server on Hetzner. No third-party email vendor is involved.
Built with Llama. Llama is licensed under the Llama 4 Community License, Copyright © Meta Platforms, Inc. All Rights Reserved.
🛡️ Security Architecture
Encryption Standards
TLS 1.3 encryption for all data in transit. Backups are encrypted (AES-256) and stored off-site; secrets and credentials are encrypted at rest. API communications use signed, expiring tokens (JWT).
Access Controls
Multi-factor authentication available, role-based permissions, and comprehensive audit logging of all data access.
Infrastructure Security
Hosted on Hetzner Cloud (Ashburn, VA) with private-network isolation between application and database tiers, periodic security review, and infrastructure monitoring.
Incident Response
Documented response procedures with 72-hour breach notification commitment and dedicated security team oversight.
⚖️ Your Privacy Rights
Regardless of your location, we provide these fundamental rights:
Access & Portability
Request a complete copy of your data in machine-readable format
Rectification
Correct any inaccurate or incomplete personal information
Erasure
Request deletion of your data, subject to legal retention requirements
Restriction
Limit how we process your data in certain circumstances
Objection
Opt-out of specific data uses like marketing communications
Withdrawal
Revoke consent for data processing at any time
To exercise any right, email privacy@tedigo.net with your request. We respond within 30 days.
🌍 Global Privacy Compliance
European Union (GDPR)
Tedigo's primary infrastructure is in the United States (Ashburn, VA). For EU customers we offer EU residency on request (Hetzner Falkenstein/Helsinki) and we transfer EU personal data under Standard Contractual Clauses plus the EU-US Data Privacy Framework where the subprocessor is DPF-certified.
California (CCPA/CPRA)
Consumer rights honored including sale opt-out — we don't sell personal information.
International Transfers
Cross-border transfers to AI subprocessors (US-based) rely on SCCs and, where available, EU-US Data Privacy Framework certification.
🔄 Policy Updates
This policy evolves with our services and regulations. Material changes trigger email notifications to all users at least 30 days before taking effect. Minor clarifications may be made without notice but are always reflected in the effective date above.
If you do not accept material changes, your sole remedy is to cancel your subscription before they take effect.
🎙️Voice Recording & Caller Consent
Calls placed to or from a Tedigo-provisioned phone number may be recorded and transcribed for the duration of your retention window (default 12 months unless you configure a shorter window). Recording is required for the AI receptionist to operate.
You are responsible for compliance with two-party-consent recording laws, wiretap laws, telemarketing rules (including TCPA), and the adequacy of caller disclosure in the jurisdictions where your callers are located. Tedigo provides standard pre-call disclosure prompts; you remain responsible for their adequacy and for routing changes that may affect compliance.
📞 Contact & Accountability
Data Protection Officer
For privacy-specific inquiries:
privacy@tedigo.net
Response time: 48 hours
General Support
For account and service questions:
support@tedigo.net
Available 24/7
Supervisory Authority:You have the right to lodge complaints with your local data protection authority if you believe we haven't adequately addressed your privacy concerns.
