Back to Tiel

Privacy Policy

Last updated: February 23, 2026

This Privacy Policy describes how Tiel ("we," "us," or "our"), operated by Bill Yang, a sole proprietor based in Washington state, USA, collects, uses, stores, and protects your information when you use the Tiel platform at tiel.ai and app.tiel.ai (the "Service").

By using the Service, you acknowledge the practices described in this policy. We process your data as necessary to fulfill our contractual obligations to you (providing the Service), for our legitimate business interests (improving and securing the Service), and where required, with your consent.

1. Information We Collect

1.1 Account Information

When you register, we collect your email address, name (optional), and password. If you sign in with Google OAuth, we receive your email address and basic profile information from Google. We do not store your Google password.

1.2 API Credentials

To connect your third-party services (such as lead data providers, email delivery platforms, and CRM systems), you provide API keys or authorize OAuth access. These credentials are encrypted at rest using industry-standard encryption and are used solely to communicate with those services on your behalf.

1.3 Lead and Contact Data

When you use the Service, we process business contact data retrieved from your connected services. This includes names, business email addresses, job titles, company names, and engagement metrics (opens, replies, clicks). This is B2B contact data, not consumer personal information.

1.4 Usage Data

We collect information about how you interact with the Service, including pages visited, features used, search configurations, and timestamps. This data helps us improve the product and diagnose issues.

1.5 Cookies and Similar Technologies

We use cookies and similar browser storage technologies that are strictly necessary to operate the Service. These include cookies for authentication, session management, security protection (such as CSRF tokens), and user preferences. We may introduce additional functional cookies as we develop new features — these will always serve a legitimate operational purpose.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies to monitor your behavior across other websites. If we ever introduce optional analytics or preference-based cookies in the future, we will update this section and provide appropriate notice and controls.

2. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Authenticate your account, connect to your third-party services, process leads, and deliver search results and campaign data.
  • Improve the product: Analyze usage patterns to build better features and fix bugs.
  • Communicate with you: Send account-related notifications, security alerts, and service updates.
  • Ensure security: Detect and prevent fraud, abuse, and unauthorized access.

3. How We Store and Protect Your Data

Your data is hosted on industry-leading cloud infrastructure in the United States. We implement multiple layers of protection:

  • Encryption at rest: Sensitive credentials and secrets are encrypted using hardware-backed key management with strong encryption algorithms (currently AES-256-GCM via AWS KMS envelope encryption). We continually evaluate and upgrade our encryption as best practices evolve.
  • Encryption in transit: All data transmitted between your browser and our servers, and between our services, is protected with TLS encryption.
  • Password security: Passwords are stored using strong, one-way cryptographic hashing. We never store plaintext passwords.
  • Access control: Principle of least privilege for all infrastructure and application access.
  • Security reviews: We conduct regular security audits and code reviews of our infrastructure and application code.

Your data is stored and processed in the United States. If you access the Service from outside the United States, you understand that your data will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

4. Third-Party Services

Tiel integrates with third-party services to provide its core functionality. These integrations fall into two categories:

  • User-connected services: Services you explicitly connect to Tiel (such as lead data providers, email delivery platforms, and CRM systems). Data is shared with these services only when you connect them and initiate actions. Current integrations include Apollo.io, Instantly.ai, and HubSpot, with additional providers added over time.
  • Infrastructure and authentication services: Services we use to operate the platform, including cloud hosting (Amazon Web Services), authentication providers (Google OAuth), payment processing, email delivery for transactional messages, and other operational tools.

We may add new third-party integrations as the Service evolves. Each third-party service has its own privacy policy and terms of service. We encourage you to review them. Tiel is not responsible for the privacy practices of third-party services.

5. Data Sharing

We do not sell your data. We do not share your personal information or lead data with third parties for their marketing purposes. We share data only in the following circumstances:

  • At your direction: When you push leads to your connected services (Instantly, HubSpot), we transmit that data as you instructed.
  • Service providers: We use AWS for hosting and infrastructure. AWS processes data on our behalf under strict contractual obligations.
  • Legal requirements: We may disclose information if required by law, regulation, or legal process.
  • Business transfers: If Tiel is acquired, merged, or sells substantially all of its assets, your data may be transferred as part of that transaction. We will notify you via email before your data is subject to a different privacy policy.

6. Data Retention

We retain your account data and lead data for as long as your account is active. If you delete your account or request deletion:

  • We will retain your data for 30 days to allow you to request an export.
  • After 30 days, your data will be permanently deleted from our systems.
  • We will make commercially reasonable efforts to remove your data from backups within 90 days of account deletion.

To request a data export before deletion, contact support@tiel.ai.

7. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate personal data.
  • Deletion: Request that we delete your account and associated data.
  • Data export: Request a machine-readable export of your data.

To exercise any of these rights, email us at support@tiel.ai. We will respond within 30 days.

8. GDPR and Data Processing

Tiel processes B2B contact data on your behalf. Under the General Data Protection Regulation (GDPR):

  • You are the data controller for the lead and contact data processed through the Service.
  • Tiel acts as a data processor, processing data according to your instructions via the Service.
  • You are responsible for ensuring that your use of lead data complies with GDPR and other applicable data protection laws, including having a lawful basis for processing.

If you require a Data Processing Agreement (DPA), contact us at privacy@tiel.ai.

9. California Privacy Rights (CCPA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including:

  • The right to know what personal information we collect and how it is used.
  • The right to request deletion of your personal information.
  • The right to opt out of the sale of personal information (we do not sell personal information).
  • The right to non-discrimination for exercising your privacy rights.

To exercise your CCPA rights, contact us at privacy@tiel.ai.

10. Email Compliance (CAN-SPAM)

Tiel is a tool that orchestrates your outbound email workflows. You — not Tiel — are the sender of emails delivered through your connected email service (Instantly.ai or other providers). You are responsible for complying with the CAN-SPAM Act, GDPR, CASL, and any other applicable email regulations, including:

  • Including a valid physical mailing address in your emails.
  • Providing a clear unsubscribe mechanism.
  • Honoring opt-out requests promptly.
  • Not using deceptive subject lines or header information.

11. Children's Privacy

The Service is designed for business users and is not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from a person under 18, we will promptly delete it.

12. Security

We take the security of your data seriously and implement industry-standard protections, including:

  • Strong encryption at rest and in transit for all sensitive data.
  • Secure, one-way password hashing with appropriate cost factors.
  • Principle of least privilege for all system access.
  • Regular security audits and code reviews.
  • Secure session management with appropriate browser protections (httpOnly, SameSite, Secure flags).

No system is perfectly secure. If you discover a security vulnerability, please report it to security@tiel.ai.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Last updated" date at the top of this page. Your continued use of the Service after the changes take effect constitutes your acceptance of the revised policy.

14. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@tiel.ai

For general support inquiries: support@tiel.ai

Terms of Service © 2026 Tiel. All rights reserved.