Privacy Policy

Tidebox Privacy Policy

This Privacy Policy explains how Tidebox handles personal data collected through tidebox.ai, including the early-access waitlist and demo request flows. Tidebox is operated by Eigensource S.L.

Last updated: March 6, 2026

1. Data controller

Eigensource S.L.
NIF: B55497267
Carrer d'Avila, 32 - 08005 Barcelona, Spain
Email: privacy@tidebox.ai

For enterprise privacy, procurement, or data protection questions, contact us at the email address above.

2. Data we collect

When you submit the Tidebox early-access form or contact us, we may collect:

  • Work email address
  • First name, if you choose to share it
  • Company name
  • Team size
  • Your described use case or project context
  • Pricing-plan interest when inferred from the CTA you clicked (for example Builder or Teams)
  • Technical and attribution metadata such as page path, referrer, UTM values, language, and timestamp
  • Security and anti-abuse metadata such as request origin, referer, and user agent

3. Why we process your data

  • To review and prioritize early-access requests
  • To contact you about your Tidebox request, waitlist status, onboarding, or a relevant demo
  • To understand which channels, plans, and messages generate qualified interest
  • To generate concise internal fit summaries or recommended first workflows for the waitlist experience
  • To prevent spam, abuse, or fraudulent submissions
  • To keep internal records of inbound business leads and conversations

4. Legal bases

We process personal data on the following bases under the GDPR:

  • Consent: when you tick the waitlist checkbox and submit your details so we can review your request and contact you about Tidebox early access.
  • Legitimate interests: to protect the site from abuse, measure aggregate demand, and manage inbound B2B lead operations responsibly.
  • Legal obligations: where we must retain or disclose data to comply with applicable law.

You can withdraw your consent at any time by emailing privacy@tidebox.ai.

5. Analytics and measurement

We use privacy-focused analytics tooling to understand page usage, campaign performance, and funnel behavior. We currently use Plausible Analytics for website analytics and may use event tracking related to CTA clicks, time-on-page proxies, waitlist opens, and submissions.

Analytics data is used to evaluate product-market interest and improve the landing experiment. We do not use this analytics layer to make automated decisions about you.

We may also use AI assistance to summarize the use case you submit and generate a suggested first workflow or fit explanation inside the waitlist success experience. This is used only to personalize the landing flow and support internal lead review. It does not produce legal or similarly significant effects.

6. Processors and recipients

We may share data with service providers that help us run the landing and waitlist, including:

  • Supabase for database and serverless processing
  • Plausible Analytics for website analytics
  • Zapier for workflow notifications and internal routing
  • Google Workspace / Gmail for business communications
  • OpenAI for optional AI-assisted summarization and fit copy generation

We only share data to the extent necessary for these services to perform their role for us.

7. International transfers

We are EU-based, but some service providers may process limited data outside the European Economic Area. Where this happens, we rely on appropriate safeguards such as contractual protections and equivalent transfer mechanisms where required.

8. Retention

We keep waitlist and inbound lead data only for as long as needed to run the early-access program, evaluate demand, and follow up on genuine business interest. As a working rule, we aim to delete or review stale waitlist records within 12 months of the last meaningful interaction, unless a longer retention period is required for legal, security, or dispute reasons.

9. Your rights

Subject to applicable law, you may request:

  • Access to your personal data
  • Correction of inaccurate data
  • Deletion of your data
  • Restriction of processing
  • Objection to processing based on legitimate interests
  • Data portability where applicable
  • Withdrawal of consent at any time

You also have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD) if you believe your data has been handled unlawfully.

10. Updates to this policy

We may update this Privacy Policy as Tidebox evolves, our tooling changes, or legal requirements change. We will publish the latest version on this page and update the date above.

This page is intended to cover the current Tidebox landing and early-access experiment as of March 6, 2026. If you need a procurement-ready or controller/processor-specific document, email privacy@tidebox.ai.
Back to tidebox.ai