Privacy

Your data, on a need-to-know basis.

How Tetros collects, uses, and protects personal data — and why permission, not volume, is the whole point.

Last updated

Who we are and what this policy covers

Tetros is a business-to-business platform for consent-native, WhatsApp-first conversational commerce. This policy explains how Tetros (“Tetros”, “we”, “us”) handles personal data in connection with our website at tetros.ai and our platform.

It covers two different relationships. For visitors to our website and the people who administer a Tetros workspace, we act as a data controller. For the contact and conversation data our business customers bring into Tetros, we act as a data processor that acts only on the customer’s documented instructions — that processing is governed by our Data Processing Agreement and by the customer’s own privacy notice.

Data we collect

We collect only what a clear purpose requires:

  • Account & business data — name, work email, company, role, and authentication data of the people who administer a workspace.
  • Billing data — plan, billing contact, and transaction metadata. Card details are handled by our payment processor and are not stored by Tetros.
  • Website & product usage — pages viewed, device and browser type, approximate region, and telemetry used to operate, secure, and improve the service.
  • Contact & conversation data (processed for our customers) — end-customer phone numbers, names, detected language, consent records, message content, and derived interest and intent signals. We process this on our customers’ behalf, never for our own marketing.
  • Support communications — the messages you send us and our replies.

How we use data

We use data to provide, secure, and operate the platform; to authenticate accounts; to take payment; to provide support; to send service (not marketing) messages; to analyze aggregated usage so we can improve the product; and to meet legal obligations.

We apply data minimization and purpose limitation: we collect only what a purpose needs, and we use data only for the purpose it was collected for. Using contact data for a new purpose requires a new, lawful basis.

Tetros exists to make messaging consent-native. Phone numbers are collected, used, and stored only to deliver messaging our customers are permitted to send, and every outbound message is checked against a consent ledger before it leaves.

We honor opt-out in real time. A clear request to stop — by keyword or by meaning, in any language — is recorded and suppressed everywhere for that brand.

We never sell, rent, or share phone numbers or opt-in data for anyone else’s marketing. Consent is specific to the brand and campaign it was given for and never transfers between brands; cross-brand signals are used only as internal ranking scores, never as shared audiences or transferred permission.

In our model, valid consent is freely given, specific, informed, unambiguous, and as easy to withdraw as it was to give.

Where the GDPR applies, we rely on:

  • Contract — to provide the service to account holders.
  • Legitimate interests — to secure, operate, and improve the platform, balanced against your rights.
  • Consent — where required, for example certain cookies or messaging to prospects.
  • Legal obligation — for tax, accounting, and lawful requests.
  • For contact and conversation data we process as a processor, the lawful basis is established and documented by our customer, who is the controller.

Who we share data with

We do not sell personal data. We share it only with:

  • Messaging providers — Meta’s WhatsApp Business Platform and SMS carriers or aggregators, to deliver the messages our customers send.
  • Infrastructure & sub-processors — vetted cloud hosting, storage, and analytics providers, under contract and confidentiality.
  • Payment processor — to take payment for paid plans.
  • Legal & corporate — authorities where the law requires it, and a successor in a merger, acquisition, or financing.

A current list of sub-processors is available on request and through the Data Processing Agreement.

International data transfers

Tetros operates across regions, so personal data may be transferred and processed outside the country where it was collected. Where it is, we rely on appropriate safeguards — such as the EU Standard Contractual Clauses and equivalent mechanisms — to protect it.

How long we keep data

We keep personal data only as long as the purpose requires, then delete or anonymize it.

  • Account data — for the life of the workspace plus a short grace period.
  • Billing records — for as long as tax and accounting law requires.
  • Consent ledger — retained as durable proof of permission even after a contact opts out, so opt-outs can be enforced.
  • Contact & conversation data — under our customer’s instructions; on termination we return or delete it.

We are honest that de-identification (for example, hashing a phone number) reduces but does not eliminate identifiability.

Your rights

Depending on where you live, you may have the right to:

  • access a copy of your personal data;
  • correct data that is inaccurate or incomplete;
  • delete your data;
  • receive your data in a portable, machine-readable format;
  • object to or restrict certain processing;
  • withdraw consent at any time, without affecting prior processing;
  • and, under the CCPA/CPRA, to know, delete, correct, and opt out of the “sale” or “sharing” of personal information.

Tetros does not sell or share personal information, and we will never discriminate against you for exercising a right.

How to exercise your rights

For data we control, contact us at the address below and we will respond within the legal timeframe — within one month under the GDPR and within 45 days under the CCPA, each extendable where the law allows. We may need to verify your identity first.

For contact data Tetros processes on a business customer’s behalf, please contact that business (the controller); we will help them respond.

How we protect data

We use encryption in transit and at rest, role-based access controls, audit logging, and regular security reviews. No system is perfectly secure; if a breach affects your personal data, we will notify the relevant authority and affected people without undue delay and within the timeframes the law requires — within 72 hours of becoming aware, where the GDPR applies.

Cookies

Our website uses a minimal set of cookies: those strictly necessary to run the site, and — with your consent where required — limited analytics to understand how the site is used. You can control non-essential cookies through your browser or our cookie controls.

Children

Tetros is a business tool and is not directed to children. We do not knowingly collect personal data from anyone under 16.

Changes to this policy

We may update this policy as the product and the law evolve. The current version is always posted here with its “Last updated” date, and for material changes that affect account holders we give notice through the product or by email.

Contact us

Questions about privacy, or to exercise a right? Email us at hello@tetros.ai and we will route your request to the right team, including our data-protection contact.