Tachi Labs Informational Privacy Policy

Version: 1.0.0

Effective Date: January 23, 2026

Introduction

At Tachi Labs LLC (“Tachi Labs,” “we,” or “us”), we respect your privacy and are committed to protecting it through our compliance with this informational privacy policy (this “Policy”). This Policy describes in general terms how we collect, use, maintain, protect, and disclose information in connection with: (i) Tachi Labs’ proprietary software products, plug-ins, extensions, and any associated mobile or desktop applications (collectively, the “Software”); (ii) related hosted or cloud-based services, maintenance and support, customer portals, and other online services we provide in connection with the Software (together with the Software, the “Services”); and (iii) Tachi Labs’ informational websites and documentation or support portals that link to this Policy (collectively, the “Websites”). For purposes of applicable data protection laws, Tachi Labs may act as a “processor” or “service provider” (or similar term) to our business customers (“Customers”) when we process User Data on their documented instructions through the Software and Services, and as an independent “controller” or “business” (or similar term) when we process Operational Data and other personal information about Customers, Authorized Users, Website visitors, and other business contacts for our own purposes described in this Policy.

This Policy is provided for informational purposes only. It does not modify or replace the terms of any End User License Agreement, master subscription agreement, Order Form, or other written agreement between you or your organization (“Customer”) and Tachi Labs (collectively, the “EULA”), or any separate data processing agreement, data protection addendum, or similar instrument executed by Tachi Labs and Customer (each, a “DPA”). In the event of any conflict or inconsistency between this Policy and the EULA or an applicable DPA with respect to the processing of personal data, the EULA and/or DPA (as applicable) will control, including with respect to whether Tachi Labs acts as a controller or processor and the subject matter, duration, nature, and purposes of such processing.

This Policy applies to information we collect in connection with:

  • Your use of the Software and Services, including through any plug-ins, integrations, or client applications that interact with our hosted components or license/account services.

  • Email, text, in-product messaging, and other electronic communications between you and Tachi Labs relating to the Software, Services, or Websites (for example, account, billing, or support communications).

  • Mobile and desktop applications you download, install, or enable from Tachi Labs that form part of the Software or that otherwise access our hosted Services or license/account services.

  • Your interactions with our content, documentation, or applications on third-party websites and services if they link to or reference this Policy, such as developer documentation, support portals, or marketplace listings.

This Policy does not apply to information collected by:

  • Us offline or through any other means that do not reference or link to this Policy, including through separate websites or online services operated by Tachi Labs that post a different privacy policy.

  • Any third party (including resellers, marketplace providers, analytics vendors, payment processors, or integration partners), including through any application or content (including advertising) that may link to or be accessible from or through the Software, Services, or Websites. Those third parties’ collection and use of information are governed by their own terms and policies.

Please read this Policy carefully to understand our practices regarding your information and how we will treat it. If you do not agree with our practices, your choice is not to use the Software, Services, or Websites. By accessing or using the Software, Services, or Websites, you acknowledge that you have read this Policy. We may update this Policy from time to time (see Changes to Our Privacy Policy). Your continued use of the Software, Services, or Websites after we make changes is deemed to be acceptance of those changes, so please check this Policy periodically for updates.

Children Under the Age of 18

The Software, Services, and Websites are not intended for children under 18 years of age. No one under age 18 may provide any personal information to or through the Software, Services, or Websites. We do not knowingly collect personal information from children under 18. If you are under 18, do not use or provide any information through the Software, Services, or Websites or through any of their features, register for an account, use any interactive or public comment features, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us at [email protected]

Residents of certain jurisdictions may have additional rights regarding the collection and use of their personal information under applicable privacy or data protection laws. Depending on your location, you may receive supplemental notices describing those rights.

Information We Collect About You and How We Collect It

We collect several types of information in connection with your use of the Software, Services, and Websites. For purposes of this Policy, we distinguish between:

  • Content, data, and information that you or your organization submit to, create with, or capture through the Software or Services, such as recordings, transcripts, notes, configuration files, code, project data, and related metadata (“User Data”). As between Tachi Labs and Customer, User Data is owned and controlled by Customer, as further described in the EULA and any applicable DPA.

  • Operational, diagnostic, and account-related information that we collect or generate in connection with the operation, security, licensing, and support of the Software, Services, or Websites, such as device and machine identifiers, account identifiers, license or subscription status, configuration and usage data, performance metrics, and crash reports (“Operational Data”).

  • Other information that identifies or relates to you or your organization, which may include “personal information,” “personal data,” or similar terms as defined under applicable law.

We collect information in several ways, including:

  • Directly from you or your organization when you provide it to us, for example when you register for an account, configure or use the Software or Services, open a support ticket, or otherwise communicate with us.

  • Automatically as you use the Software, Services, or Websites. Information collected automatically may include usage details, device and environment information, IP addresses, and information collected through cookies, SDKs, logs, telemetry, crash reporting tools, and other similar technologies.

  • From third parties, for example from marketplace providers, resellers, analytics or diagnostic providers, payment processors, or integration partners that assist us in providing or supporting the Software, Services, or Websites.

Information You Provide to Us

The information we collect when you or your Authorized Users interact with the Software, Services, or Websites may include:

  • Information that you provide by filling in forms or fields in the Software, Services, or Websites. This includes information provided at the time of registering for an account or license, signing up for product updates, accessing documentation or developer resources, posting material (such as comments or feedback), or requesting further information or support. We may also ask you for information when you report a problem with the Software, Services, or Websites.

  • Records and copies of your correspondence (including email addresses and any content you choose to include) if you contact us about the Software, Services, or Websites.

  • Your responses to surveys that we might ask you to complete for research or product improvement purposes.

  • Details of your communications and interactions with us through the Software, Services, or Websites (including support portals and documentation pages), including any information you choose to include in support requests, feedback forms, or other submissions.

  • Your search queries on the Websites or within online documentation or support resources.

Information We Collect Through Automatic Data Collection Technologies

As you use and interact with the Software, Services, and Websites, we may use automatic data collection technologies to collect certain information about your equipment, environment, usage, and browsing actions and patterns. This Operational Data may include:

  • Details of your use of the Software, Services, and Websites, including feature usage, performance and reliability metrics, traffic data, location data (where enabled through your or Customer’s settings and which may be approximate), logs, and other communication data and the resources that you access and use.

  • Information about your computer, device, and internet connection, including your IP address, operating system, browser or client type and version, device identifiers, language and region settings, and similar technical information.

We may use these technologies in connection with analytics, telemetry, and diagnostic tools to help us understand how the Software, Services, and Websites are used, to monitor performance, and to detect, prevent, or investigate security incidents or abuse.

The information we collect automatically is generally statistical or technical data, but we may maintain it or associate it with account identifiers, license information, or other information we collect or receive from you or third parties. When we do so, we treat the combined information as personal information to the extent it can reasonably be used to identify an individual or household. We may use this information for purposes such as:

  • Estimating audience size, usage patterns, and capacity needs for the Software, Services, and Websites.

  • Storing information about your preferences, allowing us to customize parts of the Software, Services, or Websites according to your individual interests and usage.

  • Improving performance, such as speeding up searches, loading, or synchronization.

  • Recognizing you when you return to or re-authenticate within the Software, Services, or Websites.

The technologies we use for this automatic data collection may include:

  • Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer or device when you visit certain parts of the Websites or use web-based portions of the Services. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of the Websites or web-based Services.

  • Web Beacons. Pages of the Websites or communications from us may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit Tachi Labs, for example, to count users who have visited those pages or opened emails or for other related statistics (for example, recording the popularity of certain content and verifying system and server integrity).

We do not seek to collect personal information automatically in a way that directly identifies you by name, but we may tie automatically collected information to identifiers or other personal information about you that we collect from other sources or that you provide to us. When we do so, we treat the combined information as personal information.

Third-Party Use of Cookies, Analytics, and Other Technologies

Some content, applications, and analytics tools used in connection with the Software, Services, or Websites are provided by third parties, including analytics providers, hosting and infrastructure providers, and application providers. These third parties may use cookies, SDKs, web beacons, or other technologies to collect information about your use of the Software, Services, or Websites. The information they collect may be associated with your account or device, or they may collect aggregated or de-identified information about your usage over time. They use this information to help us operate, secure, support, and improve the Software, Services, or Websites, and, in some cases on our Websites, to provide or measure advertising or promotional content.

We do not control these third parties’ technologies or how they may be used. Their use of information is subject to their own privacy policies and terms. If you have any questions about a third-party provider’s practices, you should contact that provider directly or review its posted policies. Depending on your browser or device, you may be able to limit or block certain tracking technologies through your settings.

How We Use Your Information

We use information that we collect about you, your organization, and your use of the Software, Services, and Websites, including any personal information, for the following purposes:

  • To provide, operate, maintain, and support the Software, Services, and Websites, including to enable core functionality, process your requests, and deliver features and content you choose to use.

  • To create and manage accounts, licenses, and subscriptions, and to provide you or your organization with information, products, or services that you request from us.

  • To fulfill any other purpose for which you or your organization provide the information to us.

  • To provide you with notices about your account, license, or subscription, including usage alerts, security notices, and expiration and renewal notices.

  • To carry out our obligations and enforce our rights arising from any contracts entered into between you (or your organization) and us, including for billing, payment processing, collections, and license or subscription enforcement.

  • To notify you about changes to the Software, Services, Websites, or any products or services we offer or provide through them.

  • To allow you to participate in interactive features of the Software, Services, or Websites, such as collaboration, feedback, or community features, if and when they are made available.

  • In any other way we may describe when you provide the information, consistent with this Policy, the EULA, and applicable law.

  • For any other purpose with your consent, where required by applicable law.

  • For clarity, with respect to User Data (including any recordings, transcripts, notes, code, or other content generated or processed through the Software or Services), Customer is solely responsible for: (i) determining the suitability of the Software and Services for Customer’s intended use; (ii) providing all notices and obtaining any consents, authorizations, or permissions required under applicable privacy, data protection, wiretapping, employment, or similar laws before collecting, recording, transmitting, or otherwise processing User Data using the Software or Services; and (iii) ensuring that its Authorized Users and other data subjects are informed about Customer’s use of the Software and Services. Tachi Labs processes User Data on behalf of Customer in accordance with the EULA and, where applicable, a DPA.

  • We may use Operational Data and, where configured by Customer, certain elements of User Data in aggregated, anonymized, and/or de-identified form that does not identify Customer or any individual to operate, analyze, and improve our products and services, develop new features, understand usage trends, and perform benchmarking and industry research. This may include using such aggregated or de-identified data to train, test, or improve machine learning models, algorithms, or artificial intelligence features that enhance the functionality, performance, or security of our products. We do not sell User Data or use User Data to market third-party products directly to Customer’s end users.

Disclosure of Your Information

We may disclose aggregated, anonymized, or de-identified information about our users and customers, and information that does not identify any individual or Customer, without restriction.

We may disclose personal information and other information that we collect or that you or your organization provide, as described in this Policy, in connection with the following:

  • To our subsidiaries and affiliates, for purposes consistent with this Policy and the EULA.

  • To contractors, service providers, and other third parties we use to support our business or to provide, operate, secure, or support the Software, Services, or Websites, and who are bound by contractual obligations to keep information confidential and use it only for the purposes for which we disclose it to them.

  • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Tachi Labs LLC’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which information held by Tachi Labs LLC about users of the Software, Services, or Websites is among the assets transferred.

  • To third-party providers that assist us with our own marketing, communications, or analytics activities relating to the Software, Services, or Websites, subject to appropriate confidentiality and use restrictions, and not for such third parties’ independent sale of your personal information.

  • To fulfill the purpose for which you or your organization provide the information.

  • For any other purpose disclosed by us when you provide the information.

  • With your consent.

We may also disclose your information:

  • To comply with any court order, law, or legal process, including to respond to any government or regulatory request, lawful subpoena, or similar demand.

  • To enforce or apply our EULA, Website terms of use, Order Forms, or other agreements, including for billing, collection, license enforcement, and security purposes.

  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Tachi Labs LLC, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection, security monitoring, and credit risk reduction.

Choices About How We Use and Disclose Your Information

Depending on your location and how you interact with the Software, Services, or Websites, you may have certain choices regarding how we use and disclose your personal information. For example, you may be able to control cookies and similar technologies through your browser or device settings, manage in-product telemetry or analytics settings (where available in the Software or Services), or manage communication preferences through your account or by using unsubscribe links in emails. Additional choices and rights, where applicable, may be described in supplemental notices, the EULA, a DPA, or the “Jurisdiction-Specific Notices and Supplemental Disclosures” section of this Policy.

  • You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, some parts of the Websites or web-based portions of the Services may then be inaccessible or not function properly.

We do not control third parties’ collection or use of your information. However, those third parties may provide you with mechanisms to opt out of certain collection or uses, such as through their own privacy controls, browser add-ons, or industry opt-out tools where available.

Residents of certain jurisdictions may have additional personal information rights and choices under applicable law. These may be described in supplemental state- or country-specific notices, in a DPA, or in the “Jurisdiction-Specific Notices and Supplemental Disclosures” section below, or as otherwise communicated to you.

Your Privacy Rights

Under applicable privacy or data protection laws, you or your organization may have certain rights regarding personal information we process, such as rights to access, correct, delete, or receive a copy of certain personal information, or to object to, restrict, or withdraw consent to certain processing. Because we primarily process User Data on behalf of Customer, requests relating to User Data should generally be directed to Customer, not to Tachi Labs. Where we act as a controller of personal information under applicable law, you may contact us using the information below to exercise available rights, subject to legal limitations. When you contact us to exercise a privacy right, please (i) identify the type of request you are making (for example, access, correction, deletion, or objection), (ii) provide sufficient information for us to reasonably verify that you are the individual (or an authorized agent of the individual) whose personal information we hold, and (iii) describe your relationship with Tachi Labs (for example, Customer contact, Authorized User, or Website visitor) so that we can locate the relevant records. We may request additional information from you as necessary to verify your identity or authority and to respond to your request, and, where permitted by law, we may deny or limit a request if we cannot verify your identity or if an exception or limitation applies. We will not discriminate against you for exercising any privacy rights that apply to you under applicable law.

Data Security

We have implemented measures designed to secure personal information we process from accidental loss and from unauthorized access, use, alteration, and disclosure. Where appropriate, we use encryption and other safeguards to help protect certain transactions and communications, and we maintain processes to detect, respond to, and investigate suspected security incidents. Where required by applicable law or by our contractual commitments to Customer, we will notify affected Customers or individuals of certain security incidents involving personal information and may provide information about steps you can take to protect yourself.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password or other credential for access to certain parts of the Software, Services, or Websites, you are responsible for keeping this password or credential confidential. We ask you not to share your credentials with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we use reasonable measures to protect personal information, we cannot guarantee the security of personal information transmitted to or through the Software, Services, or Websites. Any transmission of personal information is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained in the Software, Services, or Websites.

Changes to Our Privacy Policy

It is our policy to post any material changes we make to this Policy on this page or in another reasonably accessible location. The date this Policy was last revised is identified at the top of the page. We may also provide additional notice of material changes, such as by email or in-product notifications, where required by law. You are responsible for periodically reviewing this Policy to check for any changes.

Miscellaneous

For User Data that we process on behalf of a Customer through the Software or Services, we retain such User Data for as long as instructed by Customer and as described in the applicable EULA and/or DPA. Subject to those agreements, we generally delete or return User Data within a reasonable period after termination or expiration of the applicable Services, or earlier upon Customer’s documented instruction, unless we are required or permitted by law to retain it for a longer period (for example, to comply with legal obligations, resolve disputes, or enforce our agreements).

For Operational Data and other personal information that we process as a controller (such as account information for Customer contacts, Authorized Users, and Website visitors), we retain information for as long as necessary to fulfill the purposes described in this Policy, including to provide and support the Software, Services, and Websites, comply with our legal obligations, resolve disputes, and enforce our agreements. As a general guide, we typically retain:

  • Account and profile information (such as account credentials, contact details, and preferences) for the duration of your or your organization’s relationship with us, plus a reasonable period (often up to 7 years) after closure to comply with legal, tax, and accounting requirements.

  • Billing and transaction records (such as invoices and payment records) for periods required under applicable tax, accounting, and financial regulations (often 7—10 years, depending on jurisdiction).· Telemetry, diagnostic, and log data for shorter operational periods (often from several days to a few years), depending on the nature of the data and our security and analytics needs.

In some cases, we may anonymize or de-identify personal information so that it can no longer reasonably be associated with an identified or identifiable individual or household. In that case, we may use such information without further notice to you. Where you have a right to request deletion or erasure of your personal information, we will take reasonable steps to honor such requests, subject to applicable exemptions and our need to retain certain information for legitimate business or legal purposes.

Tachi Labs is headquartered in the United States, and the Software, Services, and Websites are generally operated from the United States. If you access or use the Software, Services, or Websites from outside the United States, your information may be transferred to, stored in, or accessed from the United States and other countries that may have data protection laws that differ from those in your jurisdiction. Where required by applicable law (such as in the EEA, UK, or Switzerland), we implement appropriate safeguards for such transfers, which may include reliance on adequacy decisions, the execution of European Commission-approved standard contractual clauses (SCCs), UK International Data Transfer Agreements (IDTAs), or other approved transfer mechanisms recognized under applicable law, or other lawful bases for cross-border transfers such as your explicit consent or the necessity of the transfer to perform a contract with you.

With respect to User Data that we process on behalf of Customer, Customer is responsible for ensuring that any international transfers, including transfers to Tachi Labs, have an appropriate legal basis and that relevant notices have been provided to, and consents (if required) obtained from, data subjects. Our obligations with respect to such transfers are further described in the applicable EULA and/or DPA.

The following supplemental notices apply to individuals located in certain jurisdictions and should be read together with the rest of this Policy. If there is any conflict between this section and another part of this Policy as it applies to you, this section will control to the extent of the conflict.

If you are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”), Tachi Labs will generally act as a “data processor” when processing User Data on behalf of a Customer and as a “data controller” when processing Operational Data and other personal data for the purposes described in this Policy (for example, account management, security monitoring, and Website analytics). Our legal bases for processing personal data as a controller typically include: (i) performance of a contract with you or your organization; (ii) our legitimate interests in providing, securing, and improving the Software, Services, and Websites; (iii) compliance with legal obligations; and (iv) your consent, where we rely on consent (such as for certain optional cookies or marketing communications).

Subject to applicable law, you may have the following rights in relation to personal data that we process as a controller: the right to request access, rectification, or erasure; the right to restrict or object to processing; the right to data portability; and, where we rely on consent, the right to withdraw consent at any time (without affecting the lawfulness of processing before withdrawal). You also have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or where an alleged infringement has occurred. To the extent we engage in automated decision-making or profiling that produces legal or similarly significant effects, we will provide you with meaningful information about the logic involved and the significance and envisaged consequences of such processing, and you may have the right to contest such decisions, express your point of view, and obtain human intervention. To exercise your rights, please follow the process described in the “Your Privacy Rights” and “Contact Information” sections above.

Where required under EEA/UK law, we will obtain your consent before setting non-essential cookies or similar technologies on the Websites or using certain analytics or marketing tools. You may withdraw or change your cookie preferences at any time using the mechanisms available in your browser, device settings, or (where implemented) a cookie banner or preference center on the Websites.

If you are a resident of California, the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), may provide you with additional rights regarding your “personal information” (as defined in the CCPA/CPRA). For most User Data that we process on behalf of a Customer, we act as a “service provider” or “contractor” to that Customer, and our collection and use of such information are governed by our agreements with the Customer. For Operational Data and other information we collect for our own purposes (for example, business contact information for Customer personnel, Authorized Users, or Website visitors), we may act as a “business” under the CCPA/CPRA.

In the last 12 months, depending on how you interact with us, we may have collected the following categories of personal information about California residents in our role as a business: identifiers (such as name, email address, account ID, IP address, and device identifiers); customer records (such as billing and payment information); commercial information (such as records of products or services purchased or considered); internet or other electronic network activity information (such as usage data and log information); geolocation data (such as approximate location derived from IP address or, where enabled, device settings); professional or employment-related information (such as job title and organization); and in limited cases, inferences drawn from the above categories to help us improve and secure the Software, Services, and Websites. We collect these categories of personal information for the business purposes described in the “How We Use Your Information”, “Information We Collect Through Automatic Data Collection Technologies”, and “Third-Party Use of Cookies, Analytics, and Other Technologies” sections of this Policy.

Tachi Labs does not “sell” your personal information or “share” it for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA. We also do not use or disclose “sensitive personal information” (as defined under the CCPA/CPRA) for purposes other than those permitted by the CCPA/CPRA, such as to provide the Services you request, ensure security and integrity, prevent fraud, and comply with law. We may permit certain third-party analytics or service providers to collect information on our Websites and through the Services, but only to help us operate, secure, or improve our offerings and not for those providers’ own independent selling or cross-context behavioral advertising purposes.

Subject to applicable law and certain exceptions, California residents acting as consumers may have the right to: (i) request to know more about the categories and specific pieces of personal information we collect, use, disclose, and (if applicable) sell or share; (ii) request deletion of their personal information; (iii) request correction of inaccurate personal information; (iv) request to limit the use or disclosure of certain sensitive personal information (if applicable); and (v) not be retaliated against for exercising these rights. To exercise your California rights with respect to personal information we process as a business, you may contact us using the methods described in the “Contact Information” section and indicate that you are making a request under the CCPA/CPRA. We may need to verify your identity (and, if applicable, your authority as an authorized agent) before fulfilling your request, including by matching information you provide with information we maintain. We will respond to verified requests within the time frames required by law.

California residents may also manage certain cookie, analytics, or tracking preferences through their browser or device settings or, where provided, through a cookie banner or preference center on the Websites. Because we do not sell or share personal information for cross-context behavioral advertising, we do not currently respond to browser “Do Not Sell or Share” signals as such.

Contact Information

To ask questions or comment about this Policy or our privacy practices, or to contact us regarding personal information where we act as a controller, you may contact us at:

[email protected]

If Customer is an organization and requires a separate DPA governing Tachi Labs’ processing of personal data on Customer’s behalf, Customer may request one using the contact information above. Where a DPA is in effect between Tachi Labs and Customer, the DPA is incorporated into and forms part of the applicable EULA or master agreement. In the event of a conflict between this Policy and the DPA with respect to Tachi Labs’ processing of personal data on behalf of Customer, the DPA will control.