Privacy Policy - Tiller AI
Last Updated: May 29, 2025
In this privacy policy, we inform you about the processing of personal data of our customers of our software (hereinafter referred to as the "platform").
Tiller AI Ltd ("Tiller", "us", "we", or "our") is a company incorporated under the laws of the United Kingdom with company number 15236382.
Introduction
When using Tiller, you are trusting us with potentially sensitive information about yourselves, and your prospective customers. We are committed to protecting your privacy and your information. This Privacy Policy describes the data we collect, how it's used and shared and the rights you as a user have to control the use of your information.
This policy explains how we, as data controller, collect, use and share the information that we receive or collect about you (that may include personal information) through our website and our App "Tiller" (collectively referred to as "the Site") which you can use in your commercial conversations (referred to as "the Services"), and through other interactions you may have with us.
Throughout this policy, we refer to "Users" (individuals who use our Services) and "Prospects" (individuals who may be interested in purchasing our Services or have been provided to us by prospecting services for contact).
This website is not intended for children (under 18 years old) and we do not knowingly collect data relating to children.
It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.
This privacy policy is governed by and complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below.
ISO27001 Certification and Information Security
Tiller AI maintains ISO27001 certification, the international standard for information security management systems (ISMS). This certification demonstrates our commitment to protecting your data through a comprehensive set of policies, procedures, and controls designed to identify and minimize information security risks. Key components of our ISO27001 compliance include:
Systematic Risk Management: We conduct regular, formal risk assessments to identify, evaluate, and address information security risks specific to our services and your data.
Comprehensive Security Controls: We implement technical, administrative, and physical safeguards based on international best practices to protect your information throughout its lifecycle.
Security Incident Management: We maintain detailed procedures for detecting, reporting, and responding to security incidents, including data breaches, with clear response timelines and notification protocols.
Continuous Improvement: Our ISMS undergoes regular internal audits and annual third-party assessments to ensure ongoing compliance and identify areas for enhancement.
Staff Training and Awareness: All Tiller employees receive regular security awareness training and are bound by confidentiality obligations.
Supplier Security Management: We assess and manage the security practices of our third-party service providers to ensure they meet our security standards.
A copy of our ISO27001 certificate is available upon request.
Changes to the privacy policy and your duty to inform us
We keep our privacy policy under regular review.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal or company data changes during your relationship with us.
Personal information we collect
Personal data, or personal information, means any information about an individual that allows that person to be identified either directly or indirectly. It does not include data where the identity has been removed (anonymous data). Due to the nature of our services, when recording and processing your video meetings we may collect, use, store and transfer different personal data relating to both Users and Prospects which we have grouped together as follows:
Identity data includes first name, last name, email and User password details.
Payment card details of Users to manage payment for Services.
Technical data includes internet protocol (IP) address, your login data (password), browser type and version, time zone setting and location, browser plug-in types and versions, cookie data, operating system and platform and other technology on the devices you use to access the Site.
Operational data including interaction with the Services and transcripts from meetings, messages from within meetings.
Marketing and communications data including preferences in receiving marketing from Tiller and our third parties.
Usage data including information on how Users use our Site, Services, and features.
Product usage activity data such as the pages or screens you view, and how long you spent on a screen or meeting.
Profile data for when using Tiller includes your browsing history, demographic information, feedback and survey responses, preferences, interests and any data you have made available on our platform.
Aggregated data including data that is collected, used and shared such as statistical or demographic data for any purpose, such as to analyse trends. Aggregated Data is not considered by the law as personal data because it does not reveal your identity.
Work related data - We work with businesses to deliver our Services to their employees. If you are employed by one of those businesses, to use the Services you will need to sign up with us. We will collect information from you directly when you do this and we will also be able to associate this with information provided by your employer, such as your job title and email address.
If the user chooses to connect to Google Calendar, we collect information via the Google API about your upcoming calendar meetings.
If the user chooses to connect to Microsoft Outlook Calendar, we collect information via the Microsoft Graph API about your upcoming calendar meetings.
If the company chooses to connect their CRM, we collect information about deals and contacts to connect your recorded meetings to those deals or contacts and publish them to your connected CRM.
How we use the information
We will use this information to administer the Services and for internal operations, including troubleshooting, data analysis, testing research and statistical survey purposes. We will also use this information to measure the effectiveness of how we present content and deliver our Services and how we market and advertise. This information will also be used to allow you to continuously receive improvements to your conversations. It is always your choice whether or not to provide information. When our in-meeting recording bot joins meetings, it can be removed. If you do not provide certain information however, you may not be able to use certain features of the website or app or be provided with certain Services.
Information we may collect from other sources
Information may be gathered from our affiliates and third-party sources, including without limitation:
Third-Party Service providers including if you link, connect, or login to the Site with a third party service you direct the service to send us information such as your name, email address, and calendar information as controlled by that service or as authorised by you via your privacy settings at that service.
Referrals including if you are invited to the Site on a referral, the person who invited you can submit personal information about you such as your email address or other contact information.
Other Sources such as the type of internet browser or mobile device you use, any website from which you have come to the Site, your IP address, and your operating system. We may collect personal details from available sources to which you give your details or from your company's website to contact you in our legitimate business interests with business opportunities which we think might be required from you.
Note: Please be aware that any background checks conducted by Tiller AI are strictly limited to our employee hiring processes and never involve customer data.
How we collect your data
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
create an account on our website;
subscribe to our service or publications;
request marketing to be sent to you;
enter a competition, promotion or survey;
connect your social media or other accounts with our platform, or
give us feedback or contact us.
Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy section below for further details.
Third parties or publicly available sources. We will receive personal data about you from various third parties as set out below:
Technical Data from the following parties:
analytics providers;
advertising networks; and
search information providers.
Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as Stripe Payments UK Limited based inside the UK.
Identity and Contact Data from data brokers or aggregators.
Identity and Contact Data from publicly available sources.
Tiller's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Our Cookie Policy
Cookies are small text files that are placed on your computer or mobile device when you visit our website. We use cookies and similar technologies for the following purposes:
Essential cookies: These are necessary for the website to function properly and cannot be switched off.
Performance cookies: These help us understand how visitors interact with our website by collecting and reporting information anonymously.
Functional cookies: These enable the website to provide enhanced functionality and personalisation.
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.
For more detailed information about the specific cookies we use and the purposes for which we use them, please contact us at hello@gotiller.com.
How we use your personal data
We use personal information to:
identify Users when they sign in to their account;
to process bookings scheduling of meetings, send confirmation of meetings, reschedules or cancellations;
provide customer service;
perform analytics, debug and conduct research to improve and expand our offerings;
provide, improve, develop, and personalise the Services, including testing, research, analysis and product development;
send messages, updates, security alerts, notifications and reminders;
administer User accounts;
personalise the experiences based on the Users and Prospect interactions with the Site, search and meeting history, meeting recording, transcriptions, preferences and any other content submitted;
where you have not objected, send you information which we think you may find useful or which you have requested from us, including marketing communications such as emails about any improvements to the Services, special offers or promotions, events, competitions, new Services, with the option to unsubscribe;
send you promotional messages, marketing, advertising and other information based on your preferences through our social media platforms with the option to unsubscribe;
detect and prevent fraud, spam, abuse, security and safety incidents, regulatory compliance, risk assessment and other harmful activity.
where we need to perform the contract we are about to enter into or have entered into with you.
where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
where we need to comply with a legal obligation.
We may from time to time collect other types of personal information including information you voluntarily give us. If you are a User, you are responsible for any misuse of personal information that you may collect in the course of your receipt of the Services. Tiller does not accept any responsibility for this processing of personal data.
AI and your information
As a business that focuses on making sure you get the best possible outcomes from your conversations, we make use of various different AI models developed on our own as well as those available as services.
What information we process with AI
We process the following information to provide our services:
Meeting transcripts where available
Meeting chat conversations
Meeting ratings provided by users
Meeting comments provided by users
Recordings of historical meetings when provided by users at the time of meeting/call creation
How we use AI with your data
This information is processed in order to provide our core services, including:
Analysing conversation patterns and effectiveness
Generating insights and recommendations for improvement
Creating summaries of meeting content
Identifying key moments or action items from conversations
AI data sharing and safeguards
When working with AI models that sit outside of our own control, the above information may be transmitted to our subprocessors in order to provide our services. We implement the following safeguards:
All data transfers to AI service providers are governed by appropriate data processing agreements
We conduct regular security assessments of our AI subprocessors
We limit the data shared to only what is necessary for service provision
Where possible, we anonymise or pseudonymise data before sharing with AI systems
We make use of hosted cloud service AI providers (AWS) so that the underlying foundational models do not store and are not trained using your data, and not transmitted back to their creators.
By using our services, you provide your explicit consent for this AI processing to take place. Our services are based on using AI as a tool to help you improve your conversations, and if this is not something you're comfortable with, you may withdraw consent as mentioned below and we will have all your information removed.
For a complete and up-to-date list of our subprocessors, including those used for AI processing, please visit: https://trust.gotiller.com/subprocessors
Opting Out
You can ask us or third parties to stop sending you marketing messages or notifications at any time by:
Following the opt-out links on any marketing message sent to you
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of service purchase, service experience or other transactions.
Change of Purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Disclosing your information
We may need to share the following personal data with the following parties:
affiliates, consultants and contractors who support our business and operations including, inter alia, processing transactions, fulfilling requests for information or assistance, receiving and sending communications, analysing data, providing other support services such as advertising, PR, events related services and other web related services such as web hosting and web-monitoring services including analytics providers and search information providers;
prospective partners, advertisers, sponsors and other reputable third parties and for other lawful purposes;
third parties to whom we may sell, transfer, or merge our business or assets;
courts, regulators or authorities if legally entitled or required to do so.
Data retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Specifically, we maintain the following retention periods when a User cancels their account with the Service:
Account information and basic customer data: 6 years after you cease being a customer
Payment information: 7 years (for tax and accounting purposes)
Meeting recordings and transcripts: 90 days.
Usage analytics: 90 days
In some circumstances you can ask us to delete your data: see Your Data Protection Rights below for further information.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Payment Processing
All payments transactions made through the Services are conducted through our payment provider(s). You will be providing credit or debit card information directly to these providers who process payment details, encrypting your credit/debit card information and authorising payment. When you use a provider to process your payment, you will stay on our Site but will provide your information directly to the payment providers. The processing of your payment information is done so in accordance with these third parties' own privacy policies and terms.
Your Data Protection Rights
Under the UK GDPR and Data Protection Act 2018, you have several important rights regarding your personal data. These include:
Right to access - You have the right to request copies of your personal information.
Right to rectification - You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
Right to erasure - You have the right to request that we erase your personal data, under certain conditions.
Right to restrict processing - You have the right to request that we restrict the processing of your personal data, under certain conditions.
Right to object to processing - You have the right to object to our processing of your personal data, under certain conditions, particularly when based on legitimate interests or for direct marketing.
Right to data portability - You have the right to request that we transfer the data we have collected to another organisation, or directly to you, under certain conditions.
Rights related to automated decision making and profiling - You have rights regarding automated decision making and profiling.
You can exercise these rights by:
Accessing and updating basic personal information through your profile settings
Contacting us at hello@gotiller.com to request deletion of your account or exercise other rights
Using the account deletion process available in your account settings
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of the other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
External Links
The Site may contain links to external websites. Clicking on those links or enabling those connections may allow third parties to collect or share information about you. We have no control over these third parties and we are not responsible for the content of such websites or for the privacy policies or practices of such third parties.
Security
We place great importance on the security of all personal information associated with both Users and Prospects. We have implemented appropriate technical and administrative measures to help protect your information against unauthorised access, destruction, loss, or alteration. In addition, we limit access to this information to only those who have a business need to know. They will only process it on our instructions and they are subject to a duty of confidentiality.
We have put in place detailed procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. These procedures include:
Incident detection and classification protocols
A defined response team with clear roles and responsibilities
Containment and recovery measures
Assessment of risks to individuals' rights and freedoms
Notification procedures for affected individuals and authorities
Documentation and analysis for future prevention
Our commitment to protecting your information is supported by compliance with the UK GDPR, the Data Protection Act 2018, and the security certifications we uphold. However, no electronic data transmission over the internet or storage of information can be guaranteed to be completely secure or error free and we therefore cannot warrant or guarantee the security of information you submit via the Site or Service transmitted to our Site or Service and any such submission is at your own risk.
Data Storage And International Transfers
All personal data we collect is stored on secure servers located within the UK and European Economic Area (EEA). We do not actively transfer personal data outside the UK/EEA as part of our normal operations.
Please be aware that if you access our Services from locations outside the UK/EEA, your information will necessarily need to be transmitted to where you are accessing the service from, but this occurs at your initiation and is not considered a transfer for regulatory purposes.
We work with various third-party service providers to deliver our Services, all of whom are either based within the UK/EEA or subject to appropriate safeguards. We have signed data processing addendums (DPAs) with all our subprocessors to ensure your data remains protected.
If you would like further information about our data storage practices, please contact us at hello@gotiller.com.
Changes To This Privacy Policy
We reserve the right to modify this Privacy Policy at any time in accordance with the applicable law. If we do so, we will notify you before they take effect either through the Site or by sending you a notification. Any material changes will only apply to personal information collected after the revised Privacy Policy takes effect.
Contact Us
If you have any questions about our Privacy Policy or any questions about the security of our Site, please contact us at hello@gotiller.com
Tiller AI Ltd
124 City Road
London, England
EC1V 2NX