Privacy Policy

Your Privacy Matters

Last updated: February 17, 2026

1. Introduction

Tomo AI, Inc. ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service at trytomo.ai.

By using the Service, you consent to the data practices described in this policy. If you do not agree with any part of this policy, please do not use the Service.

2. Information We Collect

Information you provide directly:

  • Account information (name, email address)
  • Business information you enter into prompts (business name, industry, description)
  • Payment information (processed securely by Stripe — we never store your card details)
  • Communications you send to us (support requests, feedback)

Information collected automatically:

  • Device and browser information (type, operating system, screen resolution)
  • Usage data (pages visited, features used, guide progress)
  • IP address and approximate location
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Personalize your guide experience (e.g., filling in prompt placeholders with your business details)
  • Process your subscription and payment transactions
  • Send you account-related communications (confirmations, security alerts, support messages)
  • Improve and develop new features based on usage patterns
  • Detect, prevent, and address technical issues or fraudulent activity

4. How We Share Your Information

We do not sell your personal information. We may share your information only in the following circumstances:

  • Service providers: We share data with trusted third parties who assist in operating the Service (e.g., Stripe for payments, Supabase for authentication and data storage, Vercel for hosting).
  • Legal requirements: We may disclose information if required by law, regulation, or legal process.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication via Supabase with support for OAuth providers
  • Regular security reviews and updates
  • Limited employee access to personal data on a need-to-know basis

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or legitimate business purposes (e.g., billing records, dispute resolution).

7. Cookies and Tracking

We use cookies and similar technologies to:

  • Essential cookies: Required for authentication and core functionality
  • Analytics cookies: Help us understand how users interact with the Service to improve it

You can control cookie preferences through your browser settings. Disabling essential cookies may affect Service functionality.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data
  • Portability: Request your data in a structured, commonly used format
  • Objection: Object to certain types of data processing

To exercise any of these rights, please contact us at the email address below. We will respond to your request within 30 days.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@trytomo.ai