LEGAL

Privacy Policy

Last updated: May 22, 2026

This Privacy Policy explains what information Tidel ("we", "us") collects, how we use it, and the choices you have. Tidel is an AI-powered review tool for Etsy listings, currently in private beta.

1. Information We Collect

When you use Tidel, we collect the following:

  • Waitlist email — the email address you submit on our marketing site to request beta access. Stored only for the purpose of notifying you when invitations open.
  • Beta session cookie — a single first-party, HTTP-only cookie (tidel_beta) that records that you successfully entered the beta access password. The cookie stores no personal data and expires after 30 days.
  • Etsy listing data — when you connect your Etsy shop, we request, via the Etsy Open API v3, the listing fields needed to review them: titles, tags, descriptions, prices, listing IDs, and image URLs. We do not request or store private buyer data, payment information, messages, or your Etsy password.
  • OAuth tokens — when you authorise Tidel through Etsy's OAuth flow, we store the access token (and refresh token, if granted) needed to read your listings. Tokens are encrypted at rest and used solely to fulfil API requests on your behalf. You may revoke these tokens at any time from your Etsy account settings or by signing out.
  • Usage data — pages visited, features used, and approximate request timing, collected to monitor uptime and improve the product. We do not use third-party advertising or behavioural-tracking analytics.

2. How We Use Your Information

  • To provide and operate the Tidel listing review service.
  • To analyse your Etsy listings via our AI engine and generate optimisation suggestions.
  • To send transactional emails about your beta access and important service notices.
  • To improve the quality of our AI review engine using aggregated, de-identified usage signals.

We do not use your Etsy listing content for training third-party models, and we do not share or sell it for advertising.

3. Data Sharing

We never sell your personal data. We share limited data with:

  • AI service providers — listing text and image URLs may be sent to third-party AI models (currently Anthropic and OpenAI) to generate reviews. Requests are made via their commercial APIs under contractual terms that prohibit using customer content to train their models.
  • Infrastructure providers — hosting (Render), database (Supabase), and email (Resend). All providers act as data processors under written agreements.
  • Legal requirements — we may disclose information when required to comply with a valid legal request.

4. Etsy Data — Specifically

Because Tidel is built on the Etsy API, we want to be explicit about how we handle data sourced from Etsy:

  • We only request the OAuth scopes we need to read your active listings (listings_r, shops_r).
  • We never request scopes that allow writing to your shop, accessing buyer information, or reading messages.
  • Listing data is cached for up to 30 days to power the review interface. After 30 days of inactivity, cached data is purged automatically.
  • Disconnecting your Etsy shop ("Unlink Etsy" in Settings) immediately revokes our access tokens and deletes all cached listing data within 24 hours.
  • Tidel is not affiliated with, endorsed by, or sponsored by Etsy, Inc. "Etsy" is a trademark of Etsy, Inc.

5. Data Retention

We retain account-level information for as long as your beta access is active. Etsy listing data is purged within 30 days of your most recent review. Waitlist emails are kept until you ask us to remove them or the waitlist closes. Server logs containing IP addresses are retained for up to 30 days for security and debugging.

6. Security

We use industry-standard encryption (TLS 1.2+) for data in transit and AES-256 encryption at rest for sensitive fields including OAuth tokens. Access to production user data is restricted to essential engineering personnel and logged. We follow a least-privilege model for service credentials.

7. Your Rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction or deletion of your data.
  • Withdraw consent and close your account at any time.
  • Export your data in a portable, machine-readable format.
  • Lodge a complaint with your local data-protection authority.

To exercise any of these rights, email privacy@tidel.tech and we'll respond within 30 days.

8. Cookies

We use only essential first-party cookies needed to keep you signed in (the beta session cookie described above). We do not use advertising, retargeting, or cross-site tracking cookies, and we do not embed third-party advertising pixels.

9. Children

Tidel is intended for sellers operating an Etsy shop. The service is not directed to children under 16, and we do not knowingly collect data from them.

10. International Transfers

If your data is transferred outside your home jurisdiction, we rely on Standard Contractual Clauses or equivalent safeguards where required by law.

11. Changes

We may update this policy from time to time. Material changes will be announced via email or an in-app notice at least 14 days before they take effect.

12. Contact

Questions about this policy? Email privacy@tidel.tech.