Privacy Policy

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You

The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

• Names - Your full name when you create an account
• Email addresses - Primary email for account communications
• Usernames - Unique identifier for your account
• Passwords - Encrypted and securely stored credentials
• Payment information - Credit card or payment method details (processed by our payment provider)
• Billing addresses - Required for payment processing and invoicing
• Contact preferences - Your communication and notification preferences
• URLs for analysis - Website URLs you submit for pricing analysis
• Business information - Company name and industry (optional)

Sensitive Information

We do not process sensitive information such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sexual orientation.

Payment Data

We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number and the security code associated with your payment instrument. All payment data is handled and stored by Lemon Squeezy, our third-party payment processor. You may find their privacy notice at: https://www.lemonsqueezy.com/privacy.

We do not directly store or have access to your full credit card information. Only tokenized payment references are stored in our systems.

Social Media Login Data

We may provide you with the option to register with us using your existing social media account details, like your Google, GitHub, or other social media account. If you choose to register in this way, we will collect certain profile information about you from the social media provider, as described in the section called "HOW DO WE HANDLE YOUR SOCIAL LOGINS?" below.

The profile information we receive typically includes your name, email address, and profile picture. We do not receive your social media passwords.

Information About Websites You Submit for Analysis

When you submit a URL for pricing analysis, we collect:

• The URL itself
• Publicly available information from that URL (pricing tiers, features, competitor information)
• Metadata about the analysis request (timestamp, analysis type)
• The generated analysis report and recommendations

Important: We only access publicly available information from the URLs you submit. We do not attempt to access password-protected areas, bypass security measures, or collect any information not publicly visible on the internet.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information automatically collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as:

• IP address - Your device's internet protocol address
• Browser and device characteristics - Browser type, version, operating system
• Language preferences - Your preferred language settings
• Referring URLs - The website that referred you to our Services
• Usage information - Pages viewed, features used, time spent on pages
• Click data - Buttons clicked, links followed

This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

• To facilitate account creation and authentication and otherwise manage user accounts.
• To deliver and facilitate delivery of services to the user. We process your information to provide you with the requested service, including generating AI-powered pricing analysis reports.
• To respond to user inquiries/offer support to users.
• To send administrative information to you.
• To fulfill and manage your orders.
• To request feedback.
• To send you marketing and promotional communications (with your consent).
• To identify usage trends and determine the effectiveness of our campaigns.
• To personalize your experience - We may use feature flags and A/B testing to show you features and content tailored to your usage patterns.
• To improve our Services using AI analysis - We use aggregated, anonymized data from pricing analyses to improve our AI models.
• To comply with legal obligations.

Account Information Management

If you would at any time like to review or change the information in your account or terminate your account, you can:

• Log in to your account settings and update your user account
• Contact us using the contact information provided at ger@tierly.app

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason to do so under applicable law.

If you are located in the EU or UK, this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases:

• Consent. We may process your information if you have given us permission to use your personal information for a specific purpose. You can withdraw your consent at any time.
• Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services.
• Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example:
  • Analyze how our Services are used so we can improve them
  • Diagnose problems and prevent fraudulent activities
  • Understand how our users use our products to improve user experience
• Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with law enforcement or comply with Greek tax and accounting laws.
• Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party.

If you are located in Canada, this section applies to you.

We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We may share information in specific situations described in this section and/or with the following categories of third parties.

Vendors, Consultants, and Other Third-Party Service Providers

We may share your data with third-party vendors, service providers, contractors, or agents ("third parties") who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal information.

The categories of third parties we may share personal information with include: AI service providers (including OpenAI, Anthropic, Perplexity, Google Cloud AI, and others) for generating pricing analysis reports; payment processors (Lemon Squeezy) for handling transactions and billing; cloud infrastructure and data storage providers (including Vercel, Supabase, Trigger.dev, and others) for hosting, database services, and background job processing; and analytics and support services for web analytics, email communications, and customer support.

We also may need to share your personal information in the following situations:

• Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition.
• When legally required. We may disclose your information where we are legally required to do so.
• To protect our rights. We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies or suspected fraud.

Important Note on Data Confidentiality

We treat all URLs you submit for analysis and the resulting reports as confidential business information. We will NOT share your specific analysis results with third parties without your explicit consent, publicly disclose which businesses have used our Services, or sell your personal data to data brokers or marketing companies. We MAY use aggregated, anonymized data that cannot be traced back to any individual user for improving our AI models and services.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.

Types of Cookies We Use

• Essential Cookies - Strictly necessary for authentication, security, and session management
• Analytics Cookies - Track usage patterns and help us improve performance
• Preference Cookies - Remember your language and display settings
• Marketing Cookies (Optional) - For targeted advertising on other sites

Managing Cookies

Most web browsers are set to accept cookies by default. You can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services.

To opt-out of interest-based advertising by advertisers visit:

• Your Online Choices (EU): https://www.youronlinechoices.eu/
• Digital Advertising Alliance (US): https://optout.aboutads.info/

6. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?

In Short: We offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies.

As part of our Services, we offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies (collectively, "AI Products"). Tierly's core functionality is built on AI technology - we use advanced AI agents to analyze pricing strategies, benchmark against competitors, and generate actionable optimization recommendations.

Use of AI Technologies

We provide the AI Products through third-party service providers ("AI Service Providers"), including but not limited to OpenAI (GPT models), Anthropic (Claude models), Perplexity, Google Cloud AI, and others. When you use our Services, the following information will be shared with and processed by these AI Service Providers: URLs you submit for analysis, publicly available information scraped from those URLs, your analysis requests and parameters, and the generated reports and recommendations.

These AI Service Providers process this data according to their own privacy policies. You can find their privacy policies on their respective websites.

Our AI Products

Our AI Products are designed for pricing tier extraction, competitive analysis, market research, AI-powered insights, performance scoring, gap analysis, and automation to streamline the entire analysis process from data collection to report generation.

AI Limitations and Disclaimers

You acknowledge and agree that: AI-generated content may contain errors or inaccuracies; analysis is based on publicly available information at the time of processing; recommendations are suggestions, not professional advice; and we do not guarantee specific outcomes.

Your Rights Regarding AI Processing

You have the right to opt out of having your data used to train or improve AI models (aggregated data only), request information about how AI was used to process your data, and challenge AI-generated decisions that significantly affect you. To exercise these rights, contact us at ger@tierly.app.

7. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

In Short: If you choose to register or log in to our Services using a social media account, we may have access to certain information about you.

Our Services offer you the ability to register and log in using your third-party social media account details (like your Google or GitHub logins). Where you choose to do this, we will receive certain profile information about you from your social media provider.

The profile information we receive may vary depending on the social media provider but will often include your name, email address, profile picture, and account identifier. This information is used solely for creating and authenticating your account, and communicating with you via email.

Important: We never receive your social media passwords. Authentication is handled securely by the social media provider through OAuth 2.0 protocols. You can disconnect your social media account from our Services at any time through your account settings.

8. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?

In Short: We may transfer, store, and process your information in countries other than your own.

Our servers are located in the United States and the European Union (through our hosting providers Vercel and Supabase). If you are accessing our Services from outside these regions, please be aware that your information may be transferred to, stored by, and processed by us in our facilities and in the facilities of the third parties with whom we may share your personal information.

If you are a resident in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, these countries may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. However, we will take all necessary measures to protect your personal information in accordance with this Privacy Notice and applicable law.

European Commission's Standard Contractual Clauses

We have implemented measures to protect your personal information, including by using the European Commission's Standard Contractual Clauses for transfers of personal information between our company and our third-party service providers located outside the EEA/UK/Switzerland, between us (based in Greece) and international AI service providers, and for data transfers to cloud infrastructure providers.

These clauses require all recipients to protect all personal information that they process originating from the EEA or UK in accordance with European data protection laws and regulations.

For more information about international data transfers and your rights, please contact us at ger@tierly.app.

9. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).

Retention Periods

Account Information: Active accounts are retained for the duration of your account. Closed accounts have basic account data retained for the period required by Greek tax and accounting laws after closure.

Financial & Transaction Data: Payment records, invoices, transaction history, and credit purchase history are retained for the period required by Greek tax and accounting laws.

Analysis Reports: Reports you've purchased are available in your account while your account is active. After account closure, they are retained for a limited period for customer support purposes, then deleted. Aggregated, anonymized insights are retained indefinitely for service improvement.

Communication Data: Support tickets and email correspondence are retained as necessary for customer support and legal purposes. Marketing emails are retained until you unsubscribe, then deleted promptly.

Usage & Analytics Data: Individual usage logs are retained for a reasonable period for security and service improvement. Aggregated analytics data is retained indefinitely in anonymized form.

Cookies and Tracking Data: Session cookies are deleted when you close your browser. Persistent cookies are retained according to cookie-specific expiration periods. Analytics data is retained for a reasonable period.

When We Have No Ongoing Legitimate Business Need

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Early Deletion Requests

You may request early deletion of your personal information at any time by contacting us at ger@tierly.app. However, we may need to retain certain information to complete transactions or provide services you requested, comply with legal obligations, resolve disputes and enforce our agreements, or prevent fraud and protect security.

10. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

Our Security Measures

We employ industry-standard security measures to protect your personal information, including:

• Encryption of data in transit and at rest using secure protocols
• Secure password storage using modern hashing techniques
• Secure hosting infrastructure with reputable cloud service providers
• Access controls requiring authentication for account access
• Regular security updates and patches to our systems
• Organizational safeguards including security policies, vendor assessments, and contractual protections
• Payment security through our PCI-DSS compliant payment processor (Lemon Squeezy)

We do not directly store or process full credit card information. Only tokenized payment references are maintained in our systems.

Data Breach Procedures

In the unlikely event of a data breach that affects your personal information, we will investigate and contain the breach immediately, notify affected users within 72 hours as required by GDPR, notify relevant supervisory authorities as required by law, provide clear information about what data was affected, offer guidance on protective steps you can take, and take corrective measures to prevent future incidents.

Your Security Responsibilities

You can help keep your account secure by using a strong, unique password, not sharing your password or account credentials with anyone, logging out when using shared or public devices, keeping your contact information up to date, and reporting any suspicious activity immediately to ger@tierly.app.

11. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 years old.

If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records.

If you become aware of any data we may have collected from children under age 18, please contact us at ger@tierly.app.

Tierly is a business-to-business (B2B) SaaS platform designed for business owners, marketing professionals, product managers, pricing strategists, and executives. Our Services are intended solely for use by adults in a professional business context.

12. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: Depending on your location, you have rights that allow you greater access to and control over your personal information.

In some regions (like the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada), you have certain rights under applicable data protection laws. These rights may include:

• Right to access - Request a copy of the personal information we hold about you
• Right to rectification - Request correction of inaccurate or incomplete personal information
• Right to erasure (right to be forgotten) - Request deletion of your personal information
• Right to restrict processing - Request that we limit how we use your personal information
• Right to data portability - Receive your personal information in a structured, machine-readable format
• Right to object - Object to our processing of your personal information
• Right to withdraw consent - Withdraw consent where we rely on consent to process your information
• Right not to be subject to automated decision-making - Object to decisions based solely on automated processing

If you are located in the EEA, UK, or Switzerland, you also have the right to complain to your local data protection authority. You can find their contact details here:

• EEA Data Protection Authorities: https://edpb.europa.eu/about-edpb/board/members_en
• UK Information Commissioner's Office: https://ico.org.uk/make-a-complaint/
• Switzerland Federal Data Protection Authority: https://www.edoeb.admin.ch/
• Greece (Hellenic Data Protection Authority): https://www.dpa.gr/

Withdrawing Your Consent

If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. You can withdraw your consent by logging into your account settings and updating your preferences, unsubscribing from marketing emails using the unsubscribe link, or contacting us at ger@tierly.app.

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can log in to your account settings and update your user account, or contact us using the contact information provided.

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files as permitted or required by law.

Opting Out of Marketing Communications

You can unsubscribe from our marketing email list at any time by clicking on the unsubscribe link in the emails that we send, updating your email preferences in your account settings, or contacting us at ger@tierly.app. You will then be removed from the marketing email list. However, we may still communicate with you for service-related purposes that are necessary for the administration and use of your account.

How to Exercise Your Rights

To exercise any of your privacy rights, you can email us at ger@tierly.app with "Privacy Rights Request" in the subject line, log in to your account and update your settings directly, or contact us using the details in "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?".

We will respond to your request within 30 days as required by GDPR and other applicable laws. To protect your privacy and security, we may need to verify your identity before processing your request.

13. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected.

At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.

14. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: If you are a resident of certain US states, you may have the right to request access to and receive details about the personal information we maintain about you and how we have processed it, correct inaccuracies, get a copy of, or delete your personal information.

State-Specific Privacy Laws

Residents of California, Virginia, Colorado, Connecticut, Utah, and other states with applicable privacy laws have specific privacy rights.

Categories of Personal Information We Collect

We have collected the following categories of personal information in the past twelve (12) months:

• Identifiers (names, email, IP address, account name) - YES
• Commercial information (transaction information, purchase history) - YES
• Internet activity (browsing history, interactions with our Services) - YES
• Geolocation data (approximate location based on IP address) - YES
• Professional information (business contact details, job title) - YES (optional)
• Inferences (preferences and characteristics, feature usage patterns for personalization) - YES
• Sensitive personal information - NO

How We Use and Share Personal Information

Learn more about how we use your personal information in "HOW DO WE PROCESS YOUR INFORMATION?" and how we share it in "WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?".

Important: We do not sell your personal information to third parties. We do not share your personal information for cross-context behavioral advertising.

Your Rights

You have rights under certain US state data protection laws, including:

• Right to know whether we are processing your personal data
• Right to access your personal data
• Right to correct inaccuracies in your personal data
• Right to request deletion of your personal data
• Right to obtain a copy of the personal data you previously shared with us
• Right to non-discrimination for exercising your rights
• Right to opt out of targeted advertising, sale of personal data, or profiling

How to Exercise Your Rights

To exercise these rights, you can email us at ger@tierly.app with "US Privacy Rights Request" in the subject line, or call us or write to us at the contact details provided below.

Request Verification

Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. We will only use personal information provided in your request to verify your identity.

If you submit the request through an authorized agent, we may need to collect additional information to verify your identity and the agent will need to provide written and signed permission from you.

Appeals

Under certain US state data protection laws, if we decline to take action regarding your request, you may appeal our decision by emailing us at ger@tierly.app with "Privacy Rights Appeal" in the subject line.

15. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Last Updated" date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification.

We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

Your continued use of our Services after any changes to this Privacy Notice constitutes your acceptance of such changes.

16. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may email us at ger@tierly.app or contact us by post at:

Data Protection Officer: For privacy-related inquiries, please email ger@tierly.app with "Privacy Inquiry" or "DPO Request" in the subject line.

For EU/EEA residents: You have the right to lodge a complaint with the Hellenic Data Protection Authority (https://www.dpa.gr/) or your local supervisory authority if you believe we have not handled your personal data properly.

17. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

In Short: You have the right to request access to the personal information we collect from you, change that information, or delete it.

Based on the applicable laws of your country, state of residence in the US, or region (EU/EEA, UK, Switzerland, etc.), you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information.

How to Submit a Request

To request to review, update, or delete your personal information, please:

Email us at ger@tierly.app with your request. Use the subject line "Data Subject Access Request" or "GDPR Request" and include the following information:

• Your full name
• Email address associated with your account
• Specific request (access, correction, deletion, etc.)
• Any additional information to help us verify your identity

You can also log in to your account at https://tierly.app to update your profile information directly or change your email preferences.

Response Time

We will respond to your request within 30 days for EU/EEA/UK residents (GDPR requirement) or 45 days for US residents (state privacy law requirement). If we need more time, we will inform you of the reason and extension period.

What You Can Request

• Access - A copy of your personal data in a portable format
• Correction - Updates to inaccurate or incomplete information
• Deletion - Removal of your personal information (subject to legal retention requirements)
• Restriction - Limitation on how we process your data
• Objection - Stop processing for specific purposes
• Data portability - Transfer your data to another service
• Withdraw consent - Remove consent for consent-based processing

Limitations

We may deny your request if we need to retain information to comply with legal obligations, the information is necessary to establish, exercise, or defend legal claims, we need the information to provide services you've requested, or deletion would cause disproportionate effort or is technically impossible.

If we deny your request, we will explain why and inform you of your right to appeal or lodge a complaint with a supervisory authority.