Privacy Policy

1. Introduction

Tidy Tiger LLC ("Tidy Tiger," "we," or "us") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, process, and disclose your information across our website, browser extensions, and cloud-based applications (collectively, the "Services").

2. Information We Collect

We collect only the data necessary to provide our email management and organization features.

• Account Information: When you register, we collect your name, email address, and authentication tokens to manage your subscription and account settings.
• Google User Data (Restricted Scope): To function, Tidy Tiger requires access to your Gmail account via Google APIs. We access:
  • Message Metadata: Headers, sender addresses, subjects, timestamps, and Gmail category labels to identify subscription emails and newsletters.
  • Gmail Filter Logic: We use Gmail's query-based filtering (e.g., q="from:sender@example.com") to identify and retrieve message IDs that match specific categories. We do not fetch or read message bodies for categorization purposes.
  • Stored Data: We store sender email addresses and metadata about your inbox and senders (message counts, timestamps, Gmail labels, email list detection data, statistical aggregates) to categorize emails and perform bulk actions on your behalf.
  • Unsubscribe Operations: For unsubscribe functionality, we may access email headers (List-Unsubscribe, List-ID) to extract unsubscribe links. Message bodies are not accessed for this purpose.
• Usage Data: We collect technical logs (IP address, browser type, interaction metrics) to monitor system stability and prevent abuse.

3. How We Use Your Information

We use your data strictly to deliver the Services you have requested:

• Automated Inbox Organization: To scan your inbox, identify promotional emails, and categorize them based on your preferences.
• Bulk Management Actions: To execute unsubscribes, deletions, or archiving actions as directed by you.
• Service Continuity: To maintain your settings, preferences, and scan history to ensure the Service remains personalized and functional upon return visits.
• Legal Compliance: To comply with applicable legal obligations or enforce our Terms of Service.

4. Data Protection & Cloud Architecture

We utilize enterprise-grade cloud infrastructure to secure your data.

• Secure Cloud Storage: Service data, including scan results and user preferences, is stored in secure cloud environments (e.g., Google Firebase) protected by robust access controls and encryption at rest.
• Extension Operations: Our browser extension uses Gmail's filter logic to identify messages. Message bodies are not accessed or stored.
• OneClick Scanner: We store sender metadata, message IDs, subjects, timestamps, Gmail category labels, and email list information to enable dashboard functionality. Message bodies are never fetched, read, or stored.
• AI Processing: To provide intelligent email categorization and management features, we utilize third-party AI service providers for certain internal processing operations. Our AI partners include Anthropic (Claude), OpenAI (ChatGPT), and Groq.
  • Limited Data Transmission: Only your account email address may be transmitted to AI providers in some cases. We do not transmit email content, message bodies, or any contact email addresses to AI systems.
  • No Training: Your data is not used to train, improve, or develop AI models. Our AI partners process data solely to generate responses for specific service requests.
  • Data Retention by AI Partners: Our AI service providers maintain data retention policies that typically limit retention to 30 days or less, with most data deleted immediately after processing.
  • Security: Our AI partners (Anthropic, OpenAI, and Groq) operate on enterprise-grade, SOC 2 compliant infrastructure with industry-standard security controls.
• Encryption: All data transmitted between your device, our servers, and Google APIs is encrypted using industry-standard TLS/HTTPS protocols.
• Access Controls: We enforce strict least-privilege access policies. Human access to your data is prohibited except where necessary for security purposes (e.g., investigating abuse) or to comply with applicable law.

5. Google Limited Use Disclosure

Tidy Tiger's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Google API Scopes: Tidy Tiger uses the following Google API scopes:

• https://www.googleapis.com/auth/gmail.modify – Manage and delete Gmail messages, create filters
• https://www.googleapis.com/auth/gmail.settings.basic – Manage basic Gmail settings such as filters and labels
• https://www.googleapis.com/auth/userinfo.email – Identify your account for personalized services
• openid, email, profile – OpenID Connect for secure authentication

No Surveillance: We do not use Google User Data for surveillance or intelligence gathering.

No Advertising: We do not use Google User Data for advertising or marketing purposes.

6. Data Sharing & Disclosure

We do not sell your personal data. We only share information in the following limited circumstances:

• Service Providers: We may share data with trusted third-party vendors (e.g., cloud hosting, payment processors) strictly to provide the Services. These vendors are contractually bound to protect your data.
• Business Transfers: If Tidy Tiger is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction to ensure the continued operation of the Service.
  • Buyer Obligations: Any acquiring entity will be required to honor this Privacy Policy or a policy that provides materially similar protection.
  • Compliance: Where our use of Google APIs requires it, we will provide notice and obtain any explicit consent required by Google's API Services User Data Policy before transferring Google User Data.
• Legal Requirements: We may disclose information if required by law, regulation, or valid legal process (e.g., a subpoena).

7. Data Retention

• Retention for Continuity: To facilitate seamless account reactivation and consistent service performance, we generally retain your account profile, settings, and scan history for the duration of your account's existence.
• Multi-Account Support: If you link multiple Gmail accounts to your subscription, we store separate scan data for each account. All linked accounts are covered under your single subscription.
• User-Initiated Deletion: You may request the full deletion of your personal data at any time by contacting support@trytidytiger.com. Upon verification of your identity, we will permanently delete your data and associated records from our active databases, including all sender metadata, message IDs, and scan history.
• Inactive Accounts: We reserve the right to delete data from accounts that have been inactive for an extended period to optimize system performance, though we are under no obligation to do so.

8. Your Rights (GDPR & CCPA)

Depending on your location, you may have specific rights regarding your data, including the right to access, correct, delete, or restrict the processing of your personal information. To exercise these rights, please contact us at support@trytidytiger.com.

9. Children's Privacy

Our Services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: support@trytidytiger.com.