Privacy Policy

Placeholder. This page is a stub. A full, jurisdiction-aware privacy policy will replace this copy before general availability. The practices described below reflect what the system actually does today.

What we collect

• Account data: email, hashed password, display name.
• Workspace content: the notes, sources, entities, and questions you put into Tidbit.
• Usage telemetry: per-call token counts and timestamps, used for billing and product improvement.
• Billing data: Stripe handles card numbers; we store only the Stripe customer/subscription identifiers.

How we use it

• To run the product (storage, embedding, search, LLM calls).
• To bill you and prevent fraud.
• To investigate bugs and abuse. Detailed logs are retained 30 days.

Sub-processors

We pass your content to third-party services to run features:

• Anthropic, OpenAI, Google — LLM and embedding inference.
• Voyage AI — embedding inference.
• Cloudflare R2 — blob storage.
• Neon — Postgres database.
• Fly.io — application hosting.
• Vercel — frontend hosting.
• Stripe — payments.

Your data, your call

You can close your subscription from the settings UI; account deletion and data export are handled by emailing hello@tidbit.work while we finish building self-serve flows. Deletions remove workspace data within 30 days; backups age out on the same window.

Security

Sessions use HTTP-only cookies. Passwords are hashed with Argon2. Connections to the API are TLS only in production. Production secrets are stored in the hosting platform's secret manager.

Contact

Privacy questions: hello@tidbit.work.