Teilord

Privacy Policy

Last updated: 3 July 2025 | Effective date: 3 July 2025

Quick summary (the short version)

  • We collect only what we need to run, protect and improve Teilord.
  • Whenever possible we store data in a way that does not identify you personally.
  • We never sell or rent your information.
  • You can access, correct, export or delete your data at any time.
  • Our infrastructure sits in the EU and uses strong encryption.
  • Questions? Email hi@teilord.com.

1. Who we are and why this policy matters

Digitalni Superheroj j.d.o.o. ("Digitalni Superheroj", "we", "us") operates Teilord and related websites, apps and services (collectively, the "Services").

Because we are established in Croatia we comply with the EU General Data Protection Regulation (GDPR) and, when applicable, the California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA), and the EU Digital Services Act (DSA).

By using our Services you agree to this Policy. If you do not agree, please do not use the Services.

2. What information we collect

We collect information from three sources:

Information you provide

  • Account data (name, email, password or OAuth ID)
  • Content you upload or generate in Teilord (prompts, files, messages)
  • Support requests and feedback

Why we need it: Create and secure your account, deliver the core chat functionality, respond to you and improve the product

Information we record automatically

  • Usage events (sign‑in, flow creation, message counts)
  • Device & log data (IP address, browser, OS, timezone)
  • Cookies or similar identifiers
  • Performance metrics & Web Vitals
  • Error logs

Why we need it: Maintain service reliability, detect and fix bugs, understand usage patterns

Information from partners

  • Auth provider (e.g. Google) gives us verified email & profile name
  • Payment processor shares billing status
  • Analytics vendors provide aggregated device insights

Why we need it: Let you sign in securely, process transactions, generate anonymised statistics

Sensitive inputs & session replay

When we record sessions for diagnostics we mask or exclude sensitive fields (passwords, emails, card numbers, etc.).

3. Cookies & similar technologies

We use first‑party cookies and comparable technologies to keep you logged in, remember preferences, measure performance and analyse aggregated usage (PostHog). You can disable cookies in your browser, but parts of the Service may stop working. See allaboutcookies.org for instructions.

4. How and why we use your data (legal bases)

Under GDPR we rely on one of the following bases:

Provide, maintain & personalise the ServicesPerformance of a contract (Art. 6‑1‑b)
Diagnostics, analytics & R&DLegitimate interests (Art. 6‑1‑f)

keeping the service secure and useful, with minimal privacy impact

Send essential account or transaction messagesPerformance of a contract
Send optional marketing emailsConsent (Art. 6‑1‑a)

you may opt out any time

Comply with legal obligations & defend our rightsLegal obligation (Art. 6‑1‑c) or Legitimate interests

No AI model training. We do not use customer‑provided personal data to train foundation or large‑language models.

5. How we share information

We share data only when needed:

  • Service providers: cloud hosting (Azure, AWS, Vercel), database & auth (Supabase), analytics (PostHog), AI infrastructure (OpenAI, Anthropic Claude, Google Gemini, OpenRouter). Providers act under contract and must protect the data.
  • Professional advisers: lawyers, accountants, auditors – bound by confidentiality.
  • Corporate transactions: if we sell or restructure our business, data may transfer under the same protections.
  • Authorities or litigants: when required by law or to protect rights, property or safety.

We never sell or rent your personal information and we do not allow advertising networks to track you.

6. International transfers

Primary servers sit in the European Economic Area (EEA). When we transfer data outside the EEA (e.g. to the United States) we rely on European Commission Standard Contractual Clauses plus technical safeguards such as encryption in transit and at rest.

7. Data retention

Account dataService continuity

Until you delete the account, or 24 months of inactivity

Chat content & uploadsGive you time to reconsider

Until deleted by you or 12 months after account deletion

Analytics & logsDiagnose issues & understand usage

Up to 18 months (aggregated/anonymised sooner)

Billing recordsCroatian accounting law

10 years

When retention ends we delete or irreversibly anonymise the data.

8. Your rights

8.1 If you are in the EEA/UK (GDPR)

You can access, correct, delete, restrict, port or object to processing of your data and may withdraw consent at any time.

8.2 If you are in California (CCPA/CPRA)

You have the right to:

  • Know the categories and specific pieces of personal information we hold;
  • Delete personal information (with some exceptions);
  • Correct inaccurate personal information;
  • Opt‑out of "sale" or "sharing" for cross‑context behavioural advertising (we do not engage in such activities, but we still honour the right);
  • Limit use of sensitive personal information (we already restrict use to that which is necessary to provide the Service).

We do not discriminate against you for exercising any CCPA right.

8.3 How to exercise any right

Email hi@teilord.com from the address associated with your account. We will respond within one month (45 days for CCPA) and may verify your identity before acting.

9. Platform governance (EU Digital Services Act)

Because some users can share flows or conversations publicly, Teilord qualifies as an online platform under the EU Digital Services Act. We therefore:

  • provide a dedicated notice‑and‑action channel at hi@teilord.com for alleged illegal content;
  • act on valid notices without undue delay and inform the notifier of our decision;
  • publish annual transparency reports on content moderation, takedown requests and average monthly active recipients;
  • offer an internal complaint‑handling system and out‑of‑court dispute settlement, as required.

10. Security

  • Encryption in transit (TLS 1.2+) and at rest;
  • Least‑privilege access controls and MFA for staff;
  • Continuous monitoring, logging and automated alerting;
  • Regular penetration testing and timely remediation;

No system is 100 % secure, but we work hard to protect your data.

11. Do Not Track & Global Privacy Control

Our Services currently do not respond to browser Do Not Track signals. We do honour Global Privacy Control (GPC) as an opt‑out of marketing cookies and any sale/sharing of data under CCPA.

12. Children

Teilord is not directed to children under 13. If we learn that a child under 13 has provided personal data, we will delete it promptly.

13. Changes to this policy

When we make material changes we will post the new version here, update the "Last updated" date and, if the changes are significant, notify registered users by email or in‑app message.

14. Contact us

Digitalni Superheroj j.d.o.o.

Arnoldova 1, 10000 Zagreb, Croatia

VAT ID / Business ID: 79823407772

Email: hi@teilord.com

Phone: +385‑99‑602‑0401

Meet the man in charge: Davor Debrecin on LinkedIn

© 2025 Digitalni Superheroj j.d.o.o.