Privacy Policy

Effective: April 27, 2026 · Last updated: April 27, 2026

1. Introduction

Tangle Technologies, Inc. ("Tangle," "we," "us," or "our") respects the privacy of our users ("you" or "your"). This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our websites (tangle.tools, app.tangle.tools, ai.tangle.tools, cloud.tangle.tools), APIs, and related services (collectively, the "Services").

2. Information We Collect

Information you provide

  • Account information. Email address, name, and authentication credentials when you create an account.
  • Payment information. Payment details processed by our third-party payment processor (Stripe). We do not store full payment card numbers.
  • Communications. Messages you send to us via support channels.

Information collected automatically

  • Usage data. Pages visited, features used, API calls made, timestamps.
  • Device information. Browser type, operating system, IP address.
  • Log data. Server logs including IP addresses, request timestamps, and HTTP methods.

Information we do not collect

  • We do not collect biometric data.
  • We do not sell personal information.
  • We do not use tracking cookies for advertising purposes.

3. How We Use Your Information

  • To provide and maintain our Services.
  • To process transactions and send billing notifications.
  • To respond to support requests.
  • To detect and prevent fraud, abuse, and security incidents.
  • To comply with legal obligations.

4. Data Inside Sandboxes

When you run code, files, or AI agents inside a Tangle sandbox, the content you place inside the sandbox (including files, environment variables, and prompts) is processed only as required to operate the Services you have requested. Before that content leaves the sandbox to any third party — including the model vendor you have selected (OpenAI, Anthropic, etc.) — Tangle's egress filter automatically scrubs authentication credentials, payment-card numbers, and government identifiers (SSN, ITIN, IBAN). Names, email addresses, phone numbers, and postal addresses are not scrubbed because they are typically required for the agent to perform the task you asked for. Customers can fetch a live snapshot of the redaction posture from any sandbox at GET /privacy.

5. Data Retention

We retain personal information only as long as necessary to provide the Services and fulfill legal obligations. Account data is deleted within 30 days of an account-deletion request. Logs are retained per our Logging and Monitoring Policy. For OpenAI Chat Completions, Tangle automatically requests no retention (store: false) on every request unless you have explicitly opted in.

6. Data Sharing and Sub-processors

We do not sell your data. We share data only with our sub-processors as necessary to operate the Services, and when required by law. Our active sub-processors include: Hetzner (cloud hosting), Cloudflare (edge security and object storage), Stripe (payments), Google Workspace (staff email), Sentry (error reporting), Resend (transactional email), OpenAI and Anthropic (LLM inference, when you select them as your model vendor). The current list, with regions and legal basis, is published at our sub-processor page. Customers can subscribe to change notifications by emailing [email protected].

7. Security

We protect your data using encryption in transit (TLS 1.2+), encryption at rest, access controls, and continuous monitoring. The runtime redactor scrubs credentials, payment-card numbers, and government identifiers from internal logs and outbound model-vendor calls before transmission. We run automated secret-scanning on our source repositories. For more, see our Security Information Page.

8. Your Rights

Depending on your jurisdiction, you may have the right to access your personal data, correct inaccurate data, delete your data, export your data, or object to processing. To exercise these rights, contact [email protected].

9. International Transfers

Your information may be transferred to and processed in jurisdictions outside your own, including the United States and Germany. Where such transfers involve personal data of EU/UK residents, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Children's Privacy

Our Services are not directed to children under 13. We do not knowingly collect data from children. If you believe we have inadvertently collected information from a child, please contact us at [email protected] and we will delete it.

11. Changes to This Policy

We may update this policy and will notify users of material changes via email or in-app notice. Continued use of the Services after a change constitutes acceptance.

12. Contact

Tangle Technologies, Inc.
Email: [email protected]

For DPA, sub-processor change subscriptions, or SOC 2 Type II report requests: [email protected].