Privacy Policy - TailyX AI

Privacy Policy

Effective date: 7 January 2026

This Privacy Policy explains how Tailyx (operated by Discover Up LLP, "Tailyx", "we", "us") collects, uses, discloses, and protects personal data when:

  • You visit tailyx.ai (including pages like our beta sign-up);
  • You use our product as a customer admin (e.g., configuring widgets, scoring, automation); and/or
  • You interact with a Tailyx chat widget embedded on a website (as a website visitor / lead).

We take privacy seriously and aim to comply with applicable laws, including the Singapore PDPA, and where relevant, GDPR-style requirements.

Contents

  1. 1. Roles: Customer vs. Website Visitor
  2. 2. Personal Data We Collect
  3. 3. How We Use Personal Data
  4. 4. Legal Bases
  5. 5. Automated Scoring & Profiling
  6. 6. Sharing & Disclosure
  7. 7. Cookies & Tracking
  8. 8. International Transfers
  9. 9. Data Security
  10. 10. Retention
  11. 11. Your Rights
  12. 12. Changes to This Policy
  13. 13. Contact

1) Roles: Customer vs. Website Visitor (Controller / Processor)

When our widget is used on a customer's website:

  • The customer (the business running the widget) is typically the data controller for lead data collected on their site.
  • Tailyx typically acts as a data processor, processing lead data on the customer's instructions (e.g., scoring, enrichment, routing, automation).

When you use tailyx.ai directly (e.g., beta sign-up or admin console), Tailyx may be the controller for the data you provide to us.

If you are a website visitor / lead and want to exercise rights related to a widget interaction, you should generally contact the business whose website you used. We will assist our customers as required.

2) Personal Data We Collect

A. Data you provide (Customer Admins)

  • Account data: name, email, phone, login credentials (or OAuth identifiers), organization details.
  • Configuration data: widget settings, qualification questions, scoring rules, routing rules, automation templates, calendars/booking links.
  • Support communications: messages you send to support, feedback, bug reports.

B. Data collected from Website Visitors / Leads via the widget

  • Conversation data: chat messages, responses to questions, timestamps, conversation identifiers.
  • Lead capture data: name, email, phone, company, role/title, country/location (if provided).
  • Qualification signals: fit/intent fields (e.g., need, timeline, budget, authority), and any additional fields your customer enables.
  • Engagement events: meeting link shown/clicked, booking events, replies to follow-up (where integrated), delivery/bounce metadata.

C. Lead scoring, segmentation & automation metadata

  • Lead score and tier: numeric score and/or segmentation (e.g., Hot/Warm/Cold).
  • Scoring inputs: which answers/signals contributed to the score (where enabled).
  • Automation actions: emails triggered, pauses on reply, routing outcomes, and audit logs.

D. Enrichment data (where enabled)

If enrichment is enabled by a customer, we may augment lead records using information from: (i) data the lead provides, (ii) public sources, and/or (iii) third-party enrichment providers.

  • Possible enriched fields: company details, website, industry, seniority signals, public professional profile links (e.g., LinkedIn URL if provided), location, and other firmographic/contact context.
  • Confidence: enrichment may include confidence scores or "suggested" fields and may not be perfectly accurate.

E. Automatically collected technical data

  • Log data: IP address, browser type, device identifiers, pages viewed, referring URLs, timestamps.
  • Security data: rate limiting signals, bot detection outcomes, suspicious request patterns, and related diagnostics.
  • Cookies & similar technologies: session cookies, analytics identifiers, and preference cookies (see "Cookies" section).

Children: Our services are intended for professional/business use and are not designed for individuals under 18. We do not knowingly collect personal data from children.

3) How We Use Personal Data

A. Provide and operate the services

  • Create and manage accounts, authenticate users, and provide the admin console.
  • Deliver the widget experience, capture leads, and maintain conversation history.
  • Compute lead scores/segments and apply customer-configured routing and automation.
  • Provide enrichment (where enabled) to improve lead context.

B. Communications

  • Respond to support requests and product inquiries.
  • Send service notices (security, billing, policy updates, important operational messages).
  • Send product updates/marketing where permitted (with opt-out where required).

C. Analytics, product improvement, and R&D

  • Understand usage patterns and improve reliability, UX, scoring performance, and automation outcomes.
  • Debug, test, and maintain the platform.

D. Security, abuse prevention, and legal compliance

  • Detect and prevent fraud, spam, bot activity, and abuse.
  • Enforce our Terms, protect our rights, and comply with legal obligations.

4) Legal Bases (Where Applicable)

Depending on context and jurisdiction, we may process personal data based on:

  • Contract: to provide the services to customer admins and process lead data per customer instructions.
  • Legitimate interests: to operate, secure, and improve our services (balanced against your rights).
  • Consent: where required for certain marketing communications or non-essential cookies.
  • Legal obligation: where we must comply with laws/regulations.

5) Automated Scoring & Profiling

Tailyx performs automated lead scoring and segmentation (e.g., Hot/Warm/Cold) based on conversation responses and engagement signals. This may affect how a lead is handled, for example:

  • Whether a booking link is shown immediately;
  • Whether a follow-up sequence is triggered or paused;
  • Whether a lead is routed to a team or flagged as low fit.

If you are a website visitor/lead and wish to contest an outcome or request review, please contact the business whose website you interacted with. Customers can also contact us at .

6) Sharing & Disclosure

We may share personal data in the following cases:

  • With the customer (the business using the widget) so they can follow up with leads and operate their sales process.
  • Service providers / subprocessors who help us run the service (e.g., hosting, databases, email delivery, analytics, monitoring, enrichment providers), under contractual confidentiality and security obligations.
  • Legal / compliance where required by law, court order, or to protect rights and safety.
  • Business transfers (e.g., merger/acquisition) where data may transfer subject to safeguards.

We do not sell personal data in the ordinary meaning of "sell".

7) Cookies & Tracking

We use cookies and similar technologies to operate the site (e.g., sessions), remember preferences, measure performance, and improve the service. Some cookies are essential, and others may be optional depending on your configuration and jurisdiction.

You can typically control cookies through your browser settings. Disabling certain cookies may impact functionality.

8) International Transfers

We may store and process data in Singapore and other countries where our service providers operate. Where required, we use appropriate safeguards for cross-border transfers (e.g., contractual protections and security controls).

9) Data Security

We use reasonable administrative, technical, and organizational safeguards, including:

  • Encryption in transit where supported (HTTPS/TLS).
  • Access controls and least-privilege permissions.
  • Monitoring, logging, and incident response procedures.
  • Regular maintenance and vulnerability management practices appropriate for a startup environment.

No method of transmission or storage is 100% secure. We work to protect data, but cannot guarantee absolute security.

10) Retention

We retain personal data only as long as necessary for the purposes described in this policy, unless a longer period is required by law. Typical retention periods (may vary by customer configuration):

  • Lead conversation + scoring records: 12–24 months or as configured by the customer.
  • Security logs and diagnostics: typically 30–180 days.
  • Billing and transactional records: as required by applicable accounting/tax laws.
  • Backups: retained for limited periods and rotated.

11) Your Rights

Depending on your jurisdiction and role (customer admin vs lead), you may have rights such as:

  • Access, correction, deletion, and portability (where applicable).
  • Restriction or objection to certain processing.
  • Withdraw consent (where processing is based on consent).
  • Lodge a complaint with a data protection authority.

If you are a website visitor/lead interacting with a customer's widget, requests should generally be directed to the customer (the business you contacted). If you are a customer admin or otherwise interacting directly with Tailyx, contact us at .

12) Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on our website and update the effective date. If changes are material, we may provide additional notice where appropriate.

13) Contact

If you have questions about this Privacy Policy, contact:

Discover Up LLP

Email:

Address: Singapore