Privacy Policy

Last updated: September 1, 2025

Controller

Carl Assmann - ccssmnn
Muellritterstr. 10
80995 Munich
Germany
Email: assmann@hey.com

Data Tilly Processes

User-Entered Data

• Personal information you add to Tilly (names, relationships, notes, reminders)
• Data is encrypted in your browser before it is synced to Jazz Cloud
• Encryption keys are stored with your authentication credentials so the Tilly server can:
  • Decrypt reminders when sending push notifications
  • Process chat content and forward it to Google for Tilly Chat features

Authentication Data

• Authentication method and session information stored by Clerk
• Encryption keys stored in Clerk to enable access from new devices
• Tilly does not collect personal data for analytics purposes

Payment Data

• Payment processing handled by Stripe
• Tilly does not store your payment card details

Third-Party Services

Clerk (Authentication)

• Processes authentication and stores encryption keys
• Privacy policy: https://clerk.com/privacy

Stripe (Payments)

• Processes subscription payments
• Privacy policy: https://stripe.com/privacy

Jazz Cloud (Data Storage)

• Stores your encrypted relationship data
• Receives only ciphertext; decryption happens on Tilly servers using keys provided by Clerk when needed for service features

Google Gemini (AI Services)

• Processes chat content and tool results sent through Tilly servers
• Data sent only when you actively use Tilly Chat features
• Privacy policy: https://policies.google.com/privacy

Legal Basis (GDPR Article 6)

• Contract performance (Article 6(1)(b)): Providing Tilly services
• Legitimate interests (Article 6(1)(f)): Service improvement and security

Data Retention

• Data is stored until you delete your account
• Account deletion removes all data and encryption keys
• Backups are automatically deleted within 30 days

Your Rights (GDPR)

• Access your data anytime using the free tier and downloading your data
• Rectify (correct) inaccurate data by editing it directly in Tilly
• Erase your account and all data by deleting your account through the account dashboard. This will erase the stored encryption keys and make your data inaccessible
• Export your data through the settings menu anytime. You can also import your data there
• Object to processing by exporting your data and deleting your account (since Tilly cannot function without processing your relationship data)
• Withdraw consent anytime by exporting your data and deleting your account

Data Security

• Client-side encryption with keys managed via Clerk for multi-device access; Tilly servers access decrypted data only to deliver notifications and AI features
• Industry-standard security measures
• Regular security updates

Data Processing Locations

• Push notifications and Tilly Chat: Processed in Germany; decrypted data handled only for the duration of these operations
• Encrypted sync data: Stored in the Jazz Cloud node closest to your location
• Third-party services: May process data outside the EU with adequate safeguards

Cookies

Tilly only uses essential cookies for authentication. No tracking or analytics cookies are used.

Data Protection Officer

Carl Assmann
Muellritterstr. 10
80995 Munich
Germany
Email: assmann@hey.com

Contact

For privacy questions or to exercise your rights:
Email: assmann@hey.com

Supervisory Authority

You can file complaints with the Bavarian State Office for Data Protection Supervision (BayLDA).