How fast can we go live?

Teams typically ship first integrations in weeks using templates and AI mappings. Timelines depend on data quality and scope.

How do you ensure compliance?

Encryption, RBAC, audit logs, and BAA support are standard. See the Security Guide for controls and processes.

Can we extend the platform?

Yes. Use APIs, webhooks, and custom processors to fit your environment. SDKs are on the roadmap.

Privacy Policy

Last updated: 5 November 2025

This Privacy Policy explains how TietAI OÜ (“TietAI”, “we”, “us”) processes personal data on tiet.ai and related services. We do not collect personal data in order to sell, “share,” or transfer it to unrelated third parties for their own advertising, profiling, or resale. Read this together with our Cookie Policy and Terms of Service.

1) Who we are and how to contact us

Controller (website, support, sales, account admin):
TietAI OÜ, Estonia, EU • Reg: 14249878 • VAT: EE102609839
Privacy: privacy@tiet.ai • General: hello@tiet.ai or Contact page.

Processor (platform integrations): For healthcare/enterprise data you integrate into our platform, TietAI acts as a processor under your instructions and a Data Processing Agreement (DPA). Your organization remains the controller.

2) Scope

This Policy applies to personal data we process as controller via our website, contact forms, support, sales/marketing operations, account administration, and platform telemetry needed to provide the service. It does not replace your organization’s privacy notice for patient/member data processed through integrations, where we act as processor.

3) Categories of personal data (controller context)

Contact & account data: name, work email, role, organization; credentials and admin details.
Usage & device data: basic device info, page views, referrer, general location from IP, event logs.
Support communications: tickets, emails, call notes.
Billing & contract data: plan, invoices, payment status (limited payment info handled by our payment processor).
Recruitment data: if you apply for roles.
Cookie/analytics data: as described in our Cookie Policy.

4) Purposes and legal bases

We process personal data only where a lawful basis applies:

Provide and secure the service / account admin (create/manage accounts, auth, support, troubleshooting, security/availability).
Legal basis: Contract performance and/or legitimate interests.
Analytics and product improvement (measure performance, improve UX, detect abuse; privacy-preserving methods where feasible).
Legal basis: Legitimate interests; where cookies/similar tech are not strictly necessary, consent via our banner (see Cookie Policy).
Sales & customer communications (respond to inquiries, service notices).
Legal basis: Contract or legitimate interests.
Marketing (B2B) (only where appropriate; you can opt out anytime).
Legal basis: Legitimate interests or consent where required.
Compliance & record-keeping (legal/financial/tax obligations; defend legal claims).
Legal basis: Legal obligation and/or legitimate interests.

Where we rely on consent, you can withdraw it at any time through our cookie settings or by contacting us. Withdrawal does not affect processing carried out before withdrawal.

5) What data we collect

We collect and process the following types of information:

Website analytics: pages viewed, device information, and usage patterns to help us understand performance and improve the Services (see our Cookie Policy for cookie/consent details).
Contact details: information you submit through forms (e.g., name, email, message) so we can respond to enquiries.
Customer account data: information necessary to deliver, secure, and support the Services (e.g., account profile, role, organization, authentication, logs).

6) How we use data

We use personal data for the following purposes:

Provide, maintain, and improve the Services (including account management, feature delivery, reliability, and product improvement).
Respond to enquiries and support requests (including troubleshooting and customer success).
Security monitoring and fraud prevention (protecting the platform, users, and Customer Data from abuse or unauthorized access).
Comply with legal obligations (e.g., tax, accounting, regulatory, and lawful requests).

Where non-essential cookies or similar technologies are involved (e.g., certain analytics), we request your consent via our banner and honor your preferences as described in the Cookie Policy.

7) Cookies and similar technologies

We use cookies and similar technologies as explained in our Cookie Policy, including categories, purposes, retention, and how to manage preferences. Non-essential cookies are used only with your consent; strictly necessary cookies do not require consent.

8) No sale or third-party advertising use

We do not sell personal data or “share” it with unrelated third parties for their own advertising or profiling. Where we use vetted service providers (e.g., hosting, security, email delivery), they act under our instructions only and are bound by confidentiality and data-processing terms.

9) Recipients and disclosures

Service providers/subprocessors (cloud hosting, security, email, CRM/support) limited to what’s necessary to provide the service.
Professional advisors (legal, accounting) under confidentiality.
Authorities where required by law or to protect rights, security, and integrity.
Corporate transactions (e.g., merger/acquisition) with appropriate safeguards.

For processor-context Customer Data, disclosures occur only under your documented instructions (e.g., to infrastructure subprocessors listed in the DPA).

10) International transfers

If personal data is transferred outside the EEA, we use lawful transfer mechanisms—such as the European Commission’s Standard Contractual Clauses (SCCs) or adequacy decisions—together with technical and organizational safeguards appropriate to the risk.

11) Retention

We keep personal data only as long as needed for the purposes above, then delete or anonymize it. Typical periods:

Account & support records: life of the account + a limited period (e.g., up to 24 months) for audit/security/defense.
Web logs & security events: typically 12–24 months, unless needed longer for investigations.
Marketing contacts: until you opt out or after a period of inactivity, then minimized or deleted.
Contracts, invoicing, accounting: retained for the period required by applicable law.

If a longer statutory or contractual retention applies (e.g., tax, regulatory, or litigation holds), we retain only what is necessary and restrict access.

12) Security

We apply administrative, physical, and technical safeguards appropriate to the risk (e.g., access controls, encryption in transit/at rest where applicable, network security, audit logging, backups, vulnerability management). No method is 100% secure, but we continuously improve measures consistent with industry and legal expectations.

13) Your rights

Subject to conditions and applicable law, you can request to: access, rectify, erase, or restrict your data; port your data; object to processing based on legitimate interests or to direct marketing; and to not be subject to certain automated decision-making (including profiling).

How to exercise your rights: email privacy@tiet.ai with enough information to verify your identity and locate your data. We will respond within applicable timelines.

You also have the right to lodge a complaint with a supervisory authority. In Estonia, this is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

14) Children

Our site and services are not directed to children under 16. We do not knowingly collect personal data from children for the website. If you believe a child has provided personal data, contact privacy@tiet.ai.

15) Third-party links and integrations

Our website may contain links to third-party sites or embedded content. Those services are governed by their own privacy policies; we are not responsible for their practices.

16) Role-specific information (processor context)

When you connect systems and send Customer Data into our platform, we act as processor and your organization is the controller. Processing is governed by the DPA, including confidentiality, security, and subprocessor terms. We process Customer Data only on your documented instructions and do not use it for third-party advertising or unrelated purposes.

17) Changes to this Policy

We may update this Policy to reflect changes in technology, our practices, or law. We will post updates here with a new “Last updated” date and, where legally required, re-prompt for consent or provide additional notice.

18) Contact us

TietAI OÜ, Estonia, EU • Reg: 14249878 • VAT: EE102609839
Privacy: privacy@tiet.ai • General: hello@tiet.ai