Back

Privacy Policy for Tailride

Last updated: March 31, 2026

This Privacy Policy describes how Tailride S.à r.l., 6 rue M. Schnadt, L-2530 Luxembourg, RCS B303779, VAT LU37209474 ("Tailride", "we", "us") collects, uses, stores, and discloses personal data when you use https://tailride.so and the Tailride application.

1. Data we collect
- Account data: name, email address, authentication data.
- Billing data: customer/subscription identifiers and payment metadata from our payment providers.
- Service data: invoices, receipts, extracted fields, scan history, connected account metadata, and settings.
- Integration data: when you connect email providers (for example Google or Microsoft), we receive authorized tokens and read-only mailbox access needed to locate relevant financial documents.
- Technical data: logs, device/browser information, IP-related diagnostics, and cookie/session data.

2. How we use data
We process data to (a) provide and maintain the service, (b) extract and structure invoice/receipt information, (c) secure accounts and prevent abuse, (d) process billing and subscriptions, (e) provide support, and (f) improve reliability and performance.

3. Legal bases (where applicable)
Depending on your jurisdiction, we process personal data on one or more of these bases: contract performance, legitimate interests (security, fraud prevention, product reliability), legal obligations, and your consent (for example certain integrations/cookies).

4. Integrations and restricted use of mailbox data
If you connect an inbox, Tailride uses granted permissions only to identify and process relevant financial documents for your workspace. We do not send email on your behalf through this access. Tailride does not use customers' data to develop, improve, or train generalized AI/ML models.

5. Sharing and processors
We do not sell personal data. We may share data with service providers acting on our instructions, with your authorized collaborators, or when required to comply with law, legal process, or enforceable requests.

6. International transfers
Your data may be processed in countries other than your own. Where required, we use appropriate safeguards for cross-border transfers.

7. Retention
We retain personal data for as long as needed to provide the service, maintain legitimate business records, and comply with legal obligations.

8. Deletion of account and data
You can delete your account directly in the product:
- Go to Settings.
- Open the Delete account section.
- Enter your account email for confirmation.
- Click Permanently delete.

When completed, Tailride initiates deletion of your workspace data (including invoices, extracts, connected accounts/integrations, and settings), revokes available provider tokens, deletes associated stored files, and logs you out. Some limited records may be retained where legally required (for example fraud prevention, accounting, or dispute obligations).

If you cannot access your account, request deletion at mike@tailride.so from your registered email.

9. Security
We implement reasonable technical and organizational safeguards, including encryption in transit and access controls. No system can be guaranteed fully secure.

10. Your rights
Subject to applicable law, you may request access, correction, deletion, objection/restriction, or portability of your personal data by contacting mike@tailride.so. You may also manage cookies through browser controls.

11. Children's data
Tailride is not directed to children under 13, and we do not knowingly collect personal data from children.

12. Provider list (subprocessors and external services)
The following list reflects providers used by Tailride as of the Last updated date:

A) Core infrastructure and operations
- MongoDB (database storage).
- Amazon Web Services (object storage and document processing, including S3 and Textract where used).
- Microsoft Azure AI Vision (OCR/image text extraction where used).
- OpenAI (embedding/AI processing features where used).
- Google Cloud / Google AI services (OCR/AI document processing features where used).
- Stripe (payments, subscriptions, billing portal, tax-related checkout fields).
- Resend (transactional email delivery and contact sync).
- Mailgun (inbound email/webhook processing where configured).

B) Analytics, attribution, and marketing
- PostHog (product analytics).
- Google Tag Manager and Google Analytics (web analytics and event measurement).
- DataFast (attribution and conversion tracking).
- Affonso (affiliate attribution).
- Ahrefs Analytics (website analytics).

C) User-enabled integrations (activated only if you connect them)
- Google services (for example Gmail, Drive, Sheets).
- Microsoft services (for example Microsoft 365/Outlook/Graph, OneDrive).
- QuickBooks.
- Xero.
- WhatsApp Cloud API.
- Telegram Bot API.
- Microsoft Dynamics 365 Business Central.
- AppSumo (authentication/licensing flow where applicable).

13. Cookies and similar technologies
Tailride uses first-party and third-party cookies. Current cookies include:

A) Strictly necessary
- next-auth.session-token / __Secure-next-auth.session-token: keeps you signed in; session/authentication.
- next-auth.csrf-token / __Secure-next-auth.csrf-token: CSRF protection for auth flows.
- next-auth.callback-url / __Secure-next-auth.callback-url: stores post-login redirect target.
- NEXT_LOCALE: remembers your selected language (up to 1 year).
- appsumo_oauth_state: short-lived OAuth security state for AppSumo sign-in (about 10 minutes).

B) Functional and attribution
- initialReferrer: stores first known referrer domain for attribution/support context (about 30 days).
- utm_source, utm_medium, utm_campaign, utm_term, utm_content: stores UTM campaign parameters from landing URL (about 30 days).

C) Marketing/analytics cookies (set by enabled third-party scripts)
- datafast_visitor_id, datafast_session_id: DataFast attribution/session identifiers.
- affonso_referral: affiliate referral identifier used at checkout attribution.
- Google Analytics/Tag Manager cookies (for example _ga and related measurement cookies).
- PostHog cookies/local storage keys (for example keys prefixed with ph_).
- Other vendor cookies from enabled analytics scripts (for example Ahrefs), which may vary by vendor implementation.

You can control non-essential cookies through your browser settings and, where available, consent controls.

14. Policy changes
We may update this Privacy Policy from time to time. Material updates will be posted on this page with a new "Last updated" date.

15. Contact
Privacy questions or requests: mike@tailride.so.
Tailride SARL
6 rue Henri M. Schnadt2530Fentange
+352661622171mike@tailride.so
Tailride