tideflow
Log in Request access

Legal

Privacy Policy

Last updated: 24 April 2026

Summary: We collect only what we need to run the Service. We never sell your data. You can request a copy or deletion of your data at any time by emailing [email protected].

1. Who we are

Tideflow ("we", "us", "our") operates the Tideflow platform — a task management and profitability tracking tool for service businesses. This Privacy Policy explains how we collect, use, and protect your personal information when you use our Service.

For any privacy-related questions, contact us at [email protected].

2. What data we collect

Account information

When you create an account or request early access, we collect your name, email address, and optionally your company name. This is used to set up and manage your account.

Usage data

We collect information about how you use the Service — such as pages visited, features used, and actions taken — to understand how the product is used and to improve it. This data is anonymised where possible.

Content you create

Tasks, projects, time entries, client data, and financial information you enter into Tideflow are stored on our servers to provide the Service. You own this data — we do not use it for any purpose beyond operating the Service for you.

Technical data

We collect standard server logs including your IP address, browser type, and timestamps. This is used for security, debugging, and service reliability.

Cookies

We use session cookies to keep you logged in, and analytics cookies (Google Analytics) to understand how visitors use the site. Analytics cookies are only set in production and can be blocked by browser extensions.

3. How we use your data

  • To provide, operate, and improve the Service.
  • To send you account-related emails (welcome, notifications, billing).
  • To respond to support requests and enquiries.
  • To monitor security and prevent fraud or abuse.
  • To understand how the product is used and inform development decisions.

We will never sell your personal data to third parties, and we will never use your data to train AI models.

4. Legal basis for processing (UK/EU users)

Where the UK GDPR or EU GDPR applies, we process your personal data under the following legal bases:

  • Contract — processing necessary to deliver the Service you have requested.
  • Legitimate interests — analytics, security monitoring, and service improvement.
  • Consent — non-essential cookies and marketing communications, where you have opted in.

5. Data sharing

We do not sell, rent, or share your personal data with third parties for their own marketing purposes. We share data only with:

  • Infrastructure providers — cloud hosting, database, and email delivery services that process data on our behalf under data processing agreements.
  • Analytics — Google Analytics receives anonymised usage data to help us understand how the Service is used.
  • Legal requirements — if required by law, court order, or to protect the safety of users or the public.

6. Data retention

We retain your account data for as long as your account is active, or as needed to provide the Service. If you close your account, we will delete your personal data within 90 days, unless we are required by law to retain it for longer. Anonymised usage statistics may be retained indefinitely.

7. Security

We take reasonable technical and organisational measures to protect your data, including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews. No system is completely secure, and we cannot guarantee absolute security.

If you discover a security vulnerability, please disclose it responsibly by emailing [email protected].

8. Your rights

Depending on where you are located, you may have the right to:

  • Access a copy of the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Request deletion of your data ("right to be forgotten").
  • Object to or restrict how we process your data.
  • Receive your data in a portable, machine-readable format.
  • Withdraw consent where processing is based on consent.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

9. Children's privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with their personal data, please contact us and we will delete it promptly.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice within the Service. The "Last updated" date at the top of this page reflects when the policy was last revised.

11. Contact

For any questions about this Privacy Policy or how we handle your data, contact us at:

Tideflow

[email protected]