Privacy Policy
Effective date: June 28, 2026
1. Who We Are
Tidal AI is an AI-powered marketing platform for small businesses, operated by tidalai LLC, a Georgia limited liability company ("Tidal," "we," "our," or "us"). We build and operate the software available at tidalai.app. This Privacy Policy explains how we collect, use, share, and protect information about you when you use our website and services.
If you have questions about this policy, contact us at brock@tidalai.app.
2. Information We Collect
Information you give us
- Account information — your name and email address when you sign up.
- Project inputs — business details, website URLs, brand information, campaign goals, and other content you provide to generate marketing assets.
- Bug reports and feedback — messages, page paths, and browser details you submit through our feedback tool.
- Communications — any messages you send us directly.
Information collected automatically
- Usage data — pages visited, features used, build actions taken, and timestamps.
- Device and browser data — IP address, browser type, operating system, and referral URL.
- Cookies and similar technologies — session tokens and analytics identifiers (see Section 6).
Payment information
We use Stripe to process all payments. We never see or store your full credit card number, CVV, or bank account details. Stripe's privacy policy governs payment data: stripe.com/privacy.
3. How We Use Your Information
We use your information to:
- Create and manage your account and authenticate you securely.
- Provide the services you requested, including generating AI-powered marketing assets using your project inputs.
- Process payments, manage your subscription, and send receipts.
- Monitor platform health, debug errors, and improve our product.
- Send you product updates, service notices, and (where you've opted in) marketing communications. You can unsubscribe at any time.
- Detect and prevent fraud, abuse, and security incidents.
- Comply with applicable legal obligations.
We do not sell your personal information. We do not use your project inputs to train AI models without your explicit consent.
4. How We Share Your Information
We share information only in the following circumstances:
Service providers (sub-processors)
We use trusted third parties to operate the platform:
- Supabase — database and authentication (data stored in the United States).
- Stripe — payment processing.
- Vercel — hosting and edge delivery.
- PostHog — product analytics and session data (self-hosted on Vercel or PostHog cloud).
- Anthropic — AI model provider that processes your project inputs to generate marketing content. Anthropic's usage policies apply: anthropic.com/legal/privacy.
Each provider is contractually bound to handle your data only as necessary to provide their services.
Legal requirements
We may disclose information if required by law, court order, or to protect the rights, safety, or property of Tidal.ai, our users, or the public.
Business transfers
If Tidal.ai is acquired or merges with another company, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
5. Data Retention
We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal, tax, or fraud-prevention purposes (typically up to 7 years for financial records).
Analytics and usage logs are retained for up to 24 months and then deleted or aggregated.
6. Cookies and Analytics
We use cookies and similar technologies for:
- Authentication — keeping you logged in between sessions (essential, cannot be disabled).
- Analytics — PostHog sets cookies to track aggregate usage patterns and help us understand how people use the product. You can opt out of analytics tracking by contacting us or by using a browser extension that blocks PostHog.
We do not use advertising cookies or sell cookie data to ad networks.
7. Your Rights
Depending on where you live, you may have the following rights regarding your personal information:
- Access — request a copy of the personal data we hold about you.
- Correction — request that we correct inaccurate data.
- Deletion — request that we delete your personal data ("right to be forgotten").
- Portability — request your data in a machine-readable format.
- Opt-out of marketing — unsubscribe from any marketing emails at any time using the link in the email.
To exercise any of these rights, email us at brock@tidalai.app. We will respond within 30 days. We may need to verify your identity before processing certain requests.
California residents (CCPA / CPRA)
California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information is collected, used, sold, or disclosed; the right to access and delete that information; the right to opt out of sale or sharing; and the right to non-discrimination for exercising any of these rights.
Tidal AI does not sell personal information. See our dedicated Do Not Sell My Personal Information page for the full CCPA disclosure, including how to exercise each right.
Other U.S. state residents (VCDPA, CPA, CTDPA, UCPA, TDPSA, OCPA, DPDPA)
Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Delaware, and other states with comprehensive privacy laws have substantially similar rights to those described above. To exercise any of those rights, email brock@tidalai.app or use the self-serve Download / Delete tools on your Billing page.
EU/UK residents (GDPR)
If you are located in the European Economic Area or United Kingdom, our legal bases for processing your data are: (a) performance of a contract with you; (b) our legitimate interests in operating and improving the service; and (c) compliance with legal obligations. You may lodge a complaint with your local data protection authority.
8. Security
We implement industry-standard security measures including encrypted connections (HTTPS/TLS), database-level Row Level Security policies, and access controls limiting which staff can access production data. However, no system is completely secure. If you discover a security vulnerability, please report it to brock@tidalai.app.
9. Children's Privacy
Tidal AI is not directed to children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the platform at least 14 days before the changes take effect. Your continued use of Tidal AI after that date constitutes acceptance of the updated policy.
11. Contact Us
For privacy questions, requests, or concerns:
This document was last updated on June 28, 2026. This is not legal advice — consult a qualified attorney for advice specific to your business.