Tessl | Privacy and Cookie Notice

We are Tessl AI Limited (company number 15532364), a company registered in England and Wales with its registered office at 210 Pentonville Road, London N1 9JY. We are the controller of your personal data for the purposes of applicable data protection laws. This notice also applies where you interact with our brands AI Native Dev and DevCon, which are operated by Tessl AI Limited.

If you have any questions about this notice, including any requests to exercise your legal rights, please contact us at privacy@tessl.io. You can read more about Sharing Usage Data here.

What happens if we update this notice?

We may update this notice at any time. If we make significant changes to this notice, such as adding a new way we use your personal data, we will notify you by updating the date of this notice and posting it on our website.

Any changes to this notice will be effective as soon as we post the updated version (or a later date if we say this at the time of posting). In all cases, your use of our website and services after the effective date of any new notice indicates your acknowledging that the new notice applies to your use of our website and services.

Data protection legislation requires us to have a "lawful basis" to collect and use your personal data. We've identified the lawful bases we rely on for each use in bold below.

When you create your account we will collect your username (which may be your name), company name and email address to enter into a contract with you to use our services. We may then use this personal data for the ongoing provision of our services under our contract with you, including for issuing service messages and authenticating you as a user. Our lawful basis is contract.
When you contact us with a query we will usually collect your name, email address and (if you contact us through our social channels) social media handle, because it’s in our legitimate interest to make sure we can properly respond to your query. Our lawful basis for routine queries is legitimate interests. Where we are facilitating your rights as a data subject, our lawful basis is legal obligation.
To send you marketing information.
- Where you have previously expressed an interest in our services, content, community, or events (and not opted-out of marketing) we may use your name and email address to send you updates because it is in our legitimate interests to promote our products, services, content and events we think you might be interested in. Our lawful basis for this approach to marketing is legitimate interests.
- Where you have opted in via our website or another source to receive updates on our services, content, community, or events (for example through our waitlist or newsletter subscription), we will process your name and email address to provide you with these updates. Our lawful basis for this approach to marketing is consent.

You can withdraw your consent to / opt-out of marketing at any time by contacting us at privacy@tessl.io or, where relevant, by following the unsubscribe link in any marketing communication you receive from us.

When you use our website and consent to our use of cookies we may collect information about how you use our website by processing your:
- device data: such as your device's operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers, language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area; and
- online activity data: such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to our website, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.

We may use your personal data contained within this information to personalise our website (including remembering your preferences as you navigate), and to better understand how to improve our website and marketing communications. More details on the information we collect and how we do this is set out in our Cookie Notice below.

Our lawful basis is consent.

When you give us feedback we may use your name, email address and role to contact you about your feedback, and to understand who is giving us feedback. We may use any personal data contained within your feedback for the improvement and development of our services. Our lawful basis is legitimate interests.
When you register for or attend one of our events (including online webinars and other events) or a third-party event we are co-hosting, we will usually collect your name, email address and role (and may also collect registration details such as your company, job title, location, and any information you choose to provide in registration forms). We collect this personal data because it’s in our legitimate interests to administer and run the event, promote our business and to know who is registering for and attending our events. Our lawful basis is legitimate interests.
When you subscribe to our newsletter or sign up for community updates, we will collect your name (if provided), email address and subscription preferences, and we may record your subscription status and marketing preferences. We use this information to send you the newsletter and related community communications and to manage your subscription. Our lawful basis is consent.
When you use our services, we may view:
1. device directory data which forms part of the path for which your project is installed and is required for the services to be provided;
2. any data, prompts, queries, documents, files, content, or information provided, entered, or submitted by you for processing into (or used in connection with) our Service (Your Input)
3. any tiles, code packages, document specifications created by you through the Service to enable your workflow development (Your Output); or
4. any data which we derive from your use of our services,

which may include statistical data, aggregated data, audit logs, CLI client and version used, and general system parameters like OS type or version) for: the debugging, analysis (including diagnostics), development, adaptation, training (including machine learning), modification, support and operation of our services (Operational and Development Uses). This will be technical data that informs us how you use our services. Our lawful basis for the processing of any ancillary personal data that might be contained within this data which we use for the Operational and Development Uses is legitimate interests.

For more information on this, please see Sharing Usage Data.

When you apply for a job with us we may collect your name, contact details, recruitment information (e.g. right to work documentation and references), test results, qualifications, accreditations and any additional personal data we may receive from our recruitment partners. We will use your personal data to assess your suitability for our available roles. We do this to perform our contract obligations or to take steps at your request, before entering into a contract. Where we process your right to work documentation, we will do so to comply with our legal obligations. Our lawful basis may therefore be contract or legal obligation.
If our business is sold. We process your personal data for this purpose because we have a legitimate interest to ensure our business can be continued by the buyer. If you object to our use of your personal data in this way, the buyer of our business may not be able to provide services to you. Our lawful basis is legitimate interests.
For compliance and protection of our interests. We may process any of your personal data listed above to:
- comply with laws, lawful requests, and legal process, such as to respond to requests from government authorities – our lawful basis will be legal obligation;
- protect our, your or others' rights, privacy, security, safety or property (including by making and defending legal claims and protecting the security of our services) - our lawful basis will be legitimate interests;
- audit our internal processes for compliance with legal and contractual requirements or our internal policies - our lawful basis will be legitimate interests;
- enforce the terms and conditions that govern our website and services - our lawful basis will be legitimate interests; and

prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft - our lawful basis will be legitimate interests, or legal obligation where such processing is required by law.

We do not process your personal data as part of automated decision-making and/or profiling, which produces legal or similarly significant effects. We will let you know if that changes by updating this notice.

Service providers (processors). We share personal data with trusted third-party service providers who process it on our behalf to help us operate our business and provide our website and services (for example, hosting, security, analytics, customer support tools, authentication, and communications services). These providers are contractually required to protect your personal data and to process it only in accordance with our instructions and applicable law. See a list of our sub-processors here.
CRM, marketing automation, and email delivery providers. We use customer relationship management and marketing platforms to manage contacts, record communications, administer our relationship with business contacts, and send service-related messages and, where permitted, marketing communications.
Event and webinar partners. Where we run or co-host events, we may share limited attendee information (such as name, company, role and email address) with co-hosts and event service providers only where necessary to administer the event. We will tell you at the point of registration when this applies and provide you with any available choices (for example, an opt-out from sharing with co-hosts/sponsors where feasible).
Professional advisors such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
Regulators/ Authorities/ Enforcement Agencies if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect our, our customers' and others' rights. This includes exchanging your personal data with other companies and organisations for the purposes of fraud protection.
Prospective buyers of our business under our legitimate interest to ensure our business can be continued by the buyer.

We store and process your personal data on systems operated by us and our service providers. Our primary hosting and supporting infrastructure may be located in the United States (and we may also process data in other countries where we or our service providers operate).

Individuals in the EU, EEA, Switzerland, and the UK

Where we transfer personal data from the UK, EU/EEA, or Switzerland to countries that do not provide an adequate level of data protection under applicable law (including, where applicable, the United States), we rely on appropriate safeguards, such as:

the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses (as applicable);
the EU Standard Contractual Clauses (SCCs); and/or
other lawful transfer mechanisms recognised under applicable data protection law, together with supplementary measures where appropriate (for example, technical and organisational measures designed to protect data in transit and at rest).

You can request more information about the safeguards we use (including copies of relevant contractual commitments, where appropriate) by contacting us at privacy@tessl.io.

Where a customer requests it, we can enter into a data processing agreement (DPA) governing our processing of personal data on that customer’s behalf. Our DPA is made available via OneDPA (please contact privacy@tessl.io to request access or execution).

We will only retain your personal data for as long as we need it unless we are required to keep it for longer to comply with our legal, accounting or regulatory requirements.

In some circumstances we may carefully anonymise your personal data so that it can no longer be associated with you, and we may use this anonymised information indefinitely without notifying you. We use this anonymised information to improve the way we work and our services.

You have various other rights under applicable data protection laws, including the right to:

access your personal data (also known as a “subject access request”);
correct incomplete or inaccurate data we hold about you;
ask us to erase the personal data we hold about you;
ask us to restrict our handling of your personal data;
ask us to transfer your personal data to a third party;
object to how we are using your personal data; and
withdraw your consent to us handling your personal data.

You also have the right to raise a complaint with us or your local data protection regulator. In the UK, this is the Information Commissioner's Office.

We have appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:

∙ European Union

Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website.

Our website may contain links to third party websites, and other online services operated by third parties. In addition, our content may be built into web pages or other online services that are not associated with us. We do not control third parties' sites, and we are not responsible for their actions. We encourage you to read the privacy notices of the other sites you use to find out how they collect and use your personal data.

Cookie Notice

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also helps us make improvements.

A cookie is a small file of letters and numbers that we store on your browser or in your device's storage. We only use (and store) non-essential cookies if you provide your consent.

Name of the cookie	Type / Purpose	Duration	Who serves the cookies	How to control them
ph_current_instance ph_current_project_token ph_current_project_name ph_phc_X_posthog ph_X_posthog posthog_csrftoken	Performance, Analytics and feature flags	365 days	posthog.com	We use PostHog, an open source platform for product analytics, to help us understand how to improve our website and product. This may involve processing device and online activity data and, depending on your settings and implementation, may include identifiers that are treated as personal data under applicable law. You can learn how PostHog protects your data here.
wos-session	Authentication		WorkOS	Blocking this will mean you are unable to access parts of the product or website that require a login
__cf_bm	Strictly necessary	30 minutes	.replit.com .anthropic.com .learn.castsoftware.com	This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.
sp_landing	Strictly necessary	1 day	.spotify.com	Required to ensure the functionality of the integrated Spotify plugin. This does not result in any cross-site functionality.
_Secure-ROLLOUT_TOKEN VISITOR_PRIVACY_METADATA VISITOR_INFO1_LIVE	Functionality	6 months	.youtube.com	This cookie is set by Youtube to keep track of user preferences for Youtube videos embedded in sites;it can also determine whether the website visitor is using the new or old version of the Youtube interface.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access all or parts of our website.

Privacy and Cookie Notice

Who is Tessl?

How do you use my data?

Do you carry out any automated decision making?

Who do you share my data with?

Where do you store my data?

How long do you keep my data for?

What are my rights under data protection law?

What about other sites that Tessl mentions / mention Tessl?