Privacy Policy
Effective Date: November 4, 2025
Last Updated: November 4, 2025
Platform: https://app.usetessera.com
Tessera AI Limited (“Tessera ”, “we”, “us”, or “our”) respects your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you use our platform, including the Tracker Agent and other Tessera products (the “Services”).
1. Who We Are
Tessera (Tessera AI Limited) is a company incorporated in England and Wales with its registered office at Flat 23, 163 Iverson Road, London, England, NW6 2RB. We act as the data controller for information we collect directly from you.
2. Information We Collect
We collect information necessary to deliver and improve our Services, including:
- Account and contact details (name, email, company, billing info)
- Communication data (emails, messages, campaign interactions)
- Integration data from connected systems (Gmail, Outlook, CRM, etc.)
- Usage and analytics data about how you use our platform
- Payment and transaction information processed through secure providers
3. How We Use Information
We use personal data to provide and operate our Services, manage billing, improve functionality, communicate with users, develop features, and comply with legal obligations. Tessera may also use aggregated and anonymised data to train or enhance its AI models. Such data will never identify individual users or customers.
4. Legal Bases for Processing
We process data under one or more lawful bases including performance of a contract, legitimate interests (to improve and secure our platform), compliance with legal obligations, and consent where required (e.g., marketing communications).
5. Sharing of Data
We use the following trusted subprocessors:
OpenAI (Global: United States, Europe, Asia-Pacific) - AI processing for email summarization and campaign insights
Cloudflare (Global: 200+ data centers worldwide) - Infrastructure, CDN, and application platform
Neon (Global: AWS/Azure multi-region) - PostgreSQL database hosting
Google Workspace (Global) - Authentication and file storage (your data remains in your Google Drive)
Postmark (United States) - Transactional email delivery
All subprocessors are subject to written Data Processing Agreements requiring equivalent data protection and security standards. A complete Subprocessor Register with contact details is available upon request at privacy@usetessera.com.
5.1 Third-Party AI Processing (OpenAI)
To provide AI-powered email summarization and campaign tracking features, we use OpenAI's API services. When you use our Services, email content from your connected Gmail or Outlook accounts is transmitted to and processed by OpenAI to:
Generate email thread summaries
Extract dates, deliverables, and pricing information
Track negotiation status and next steps
Aggregate campaign-level insights
OpenAI processes this data under a Data Processing Agreement (DPA) that prohibits using your data to train their models. Your email content is sent to OpenAI only for the specific purpose of providing these features.
OpenAI processes data in multiple regions globally (United States, Europe, and Asia-Pacific) to provide data residency options for compliance with local regulations.
For more information about OpenAI's data practices, see: https://openai.com/policies/privacy-policy
6. International Transfers
Your data may be transferred to and processed in countries outside the UK or EEA. Where such transfers occur, we ensure appropriate safeguards (such as Standard Contractual Clauses) are in place.
7. Data Retention
We retain personal data for as long as necessary to provide the Services, comply with legal obligations, and resolve disputes. When data is no longer needed, it is securely deleted or anonymised in accordance with our internal data deletion procedures.
Specific retention periods:
Active subscription data: Duration of your subscription
Deleted account data: 30 days (to allow for disputes or recovery)
Audit logs: 90 days (for security and compliance)
Anonymized analytics: Indefinitely (cannot identify individuals)
Legal/regulatory data: As required by law (typically 6-7 years)
When you delete your account, we export your data for 30-day retention (in case of disputes), then permanently delete all personal information from our systems.
8. Your Rights
You have the right to access, correct, delete, or restrict the processing of your personal data, and to withdraw consent where applicable. Tessera responds to privacy requests within 30 days of receipt. Requests may be submitted to privacy@usetessera.com.
9. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse. Tessera maintains an Information Security Management System (ISMS) aligned with ISO 27001 and SOC 2 Type II standards. Controls include encryption in transit and at rest, access control, and regular penetration testing. In the event of a confirmed personal data breach, Tessera will notify affected users without undue delay and no later than seventy-two (72) hours after discovery. While we take reasonable steps, no online system can be guaranteed to be 100% secure.
10. Updates to This Policy
We may update this Privacy Policy from time to time and will post updates on our website with a revised effective date.
11. Contact and Complaints
For privacy questions or to exercise your rights, contact us at privacy@usetessera.com.
You may also lodge a complaint with the UK Information Commissioner’s Office (ICO) at https://ico.org.uk/.