Trust Center policy

TyriaCore Service Privacy Policy (Customer Data)

How Provider processes customer data when acting as service provider/processor.

Back to Trust CenterBack to the Engine
Document type
Published policy
Public policy page
Last updated
May 31, 2026
Current published revision
Access
Public
No authentication required

TyriaCore Service Privacy Policy (Customer Data)

Last Updated: May 31, 2026

This Service Privacy Policy describes how Provider processes Customer Data in providing the Subscription Services. This policy is intended for business customers and is separate from Provider's website/consumer marketing privacy policy.

This policy is incorporated by reference into the Agreement between Provider and Customer to the extent referenced in an Order Form or otherwise incorporated into the Agreement. If a DPA applies, the DPA controls for Personal Data processing to the extent of conflict.

1. Roles

  • Customer controls what data is submitted to the Platform and how it is used.
  • Provider processes Customer Data to provide and support the Subscription Services.

2. How Provider Uses Customer Data

Provider processes Customer Data only to:

  • provide, maintain, and secure the Subscription Services;
  • provide support and respond to Customer requests;
  • prevent fraud, abuse, and security incidents; and
  • meet contractual and legal obligations.

3. What Provider Does Not Do

Provider does not:

  • sell Customer Data or Personal Data;
  • use Customer Data for advertising or cross-context behavioral advertising; or
  • use Customer Data for unrelated profiling.

4. Subprocessors

Provider may use subprocessors under written agreements designed to protect Customer Data. Provider's current subprocessor list is available on the Subprocessor List page.

The current production product stack is hosted on AWS infrastructure. Customer Data may also be processed through feature-specific providers when Customer or an authorized user enables the relevant feature, including communications providers, email providers, payment and billing providers, Google integrations, browser/OS push notification providers, and AI providers listed on the Subprocessor List.

Customer-managed data sources, endpoints, credentials, or third-party systems connected by Customer remain Customer-directed integrations. Provider processes data through those integrations to provide the configured Platform functionality, but those third-party systems are not Provider subprocessors solely because Customer connects them.

5. Google User Data

If Customer or an authorized user connects Google Sign-In, Google Calendar, Google Sheets, or another Google API integration, Provider processes Google user data only to provide the requested authentication or integration functionality, maintain security, and support the Subscription Services. Provider does not sell Google user data or use it for advertising.

6. AI Features

If Customer enables AI Features, Inputs and AI Output are processed as described in the AI Features Addendum and the DPA, where applicable. AI Features may be limited, disabled, or configured separately from non-AI Platform functionality.

7. Data Subject Requests

Customer is responsible for responding to data subject requests. Provider provides reasonable assistance as required by applicable law and/or the DPA, to the extent Customer cannot fulfill requests through self-service functionality.

8. Security

Provider maintains safeguards designed to protect Customer Data as described in the Security Addendum. No security measures can guarantee absolute security.

9. International Transfers

Customer Data may be processed in the United States and other locations where Provider or its subprocessors operate. Where required by law, Provider uses appropriate legal mechanisms for cross-border transfers as described in the DPA (if applicable).

10. Retention and Deletion

Retention and deletion are described in the Data Retention & Deletion Policy and in the DPA/BAA where applicable.

11. Contact

Questions: support@tyria.app