Privacy Policy

1. Who we are

Tennessy (“we,” “us,” or “our”) operates the website and services available at tennessy.com and related properties (collectively, the “Service”). This Privacy Policy describes how we handle personal information when you use the Service.

2. What we collect

Depending on how you use the Service, we may process the following categories:

• Account and authentication. If you create or access an account, sign-in and sign-up are handled by our authentication provider (Kinde). We receive identifiers and profile details they share with us after you authenticate, such as your email address and, if available, your name.
• Sign-up record. When you first reach the app after registering, we may store a minimal record in our database, including a username derived from your email, your email, the date of the event, and a coarse device category (for example, mobile or desktop) inferred from technical data sent by your browser.
• Technical and usage data. Our hosting infrastructure may automatically log information such as IP address, user agent, request timestamps, and error diagnostics. We use this to operate, secure, and improve the Service.

3. How we use information

We use personal information to:

• Provide, maintain, and secure accounts and the Service;
• Communicate with you about the Service when needed (for example, support);
• Detect, prevent, and address fraud, abuse, or technical issues;
• Comply with legal obligations and enforce our terms.

We do not sell your personal information.

Tennessy does not charge end users for access to the Service in its current form.

4. Automated processing, AI-generated outputs, and related data

Parts of the Service may use artificial intelligence, machine learning, or similar automated systems to process information you submit (for example, prompts, scenarios, or messages) and to generate responses, transcripts, summaries, perspectives, or other material (“Outputs”). Outputs are machine-generated, may be wrong, incomplete, biased, or inappropriate for your situation, and are not reviewed by a human unless we expressly say otherwise for a specific feature.

Outputs are not professional, legal, financial, medical, psychological, or therapeutic advice. You are solely responsible for how you interpret, use, or rely on Outputs and for any decisions or actions you take after using the Service.

To deliver these features, we may send relevant portions of your inputs and related technical metadata to third-party model or inference providers. Their processing is governed by their own terms and privacy policies in addition to this Policy.

Administrative access. Only authorized personnel may access systems, logs, or account-related information when reasonably necessary to operate, secure, debug, or support the Service, comply with law, or investigate abuse. Access is limited by role, monitored where feasible, and used only for legitimate operational purposes—not for unrelated surveillance of your private scenarios.

5. Legal bases (EEA, UK, CH)

Where the GDPR or similar laws apply, we rely on appropriate bases such as: performing our contract with you (providing the Service); legitimate interests (security, reliability, and product improvement, balanced against your rights); and consent where required (for example, for certain cookies or marketing, if we offer them and you opt in).

6. Cookies and similar technologies

We and our authentication provider use cookies and similar technologies that are essential for sign-in sessions, security, and basic functionality. If we introduce non-essential analytics or marketing cookies, we will describe them and, where required, obtain your consent before use.

7. Service providers

We use trusted third parties who process data on our behalf under contractual safeguards, including:

• Kinde — authentication and identity;
• Vercel — hosting and delivery of the web application;
• Neon — managed database infrastructure for application data.

Those providers maintain their own privacy notices. We encourage you to read them to understand how they handle information in their systems.

8. Retention

We retain personal information only as long as needed for the purposes described in this policy, unless a longer period is required or permitted by law (for example, for tax, security, or dispute resolution). Retention periods can vary based on the type of data and how you use the Service.

9. Security

We implement reasonable technical and organizational measures designed to protect personal information. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

10. International transfers

We may process and store information in countries other than your own. Where required, we use appropriate safeguards (such as standard contractual clauses) for transfers of personal data from the EEA, UK, or Switzerland.

11. Your rights

Depending on your location, you may have rights to access, correct, delete, or export certain personal information, or to object to or restrict certain processing. You may also have the right to lodge a complaint with a supervisory authority. To exercise rights, contact us using the details below. We will respond in line with applicable law.

12. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe we have collected information from a child, please contact us and we will take appropriate steps to delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the “Last updated” date. Where changes are material, we will provide additional notice as required by law.

14. Disclaimers; limitation of liability

No warranties. To the fullest extent permitted by applicable law, the Service (including any AI-generated or automated Outputs) is provided on an “AS IS” and “AS AVAILABLE” basis without warranties of any kind, whether express, implied, or statutory, including any implied warranties of merchantability, fitness for a particular purpose, title, quiet enjoyment, accuracy, and non-infringement. Tennessy does not warrant that the Service will meet your requirements, be uninterrupted, timely, secure, or error-free, or that Outputs will be reliable or suitable for any purpose.

Limitation of liability. To the fullest extent permitted by applicable law, in no event shall Tennessy, its owners, operators, affiliates, successors, assigns, directors, officers, employees, contractors, agents, advisors, licensors, or service providers (collectively, the “Tennessy Parties”) be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, or any loss of profits, revenues, data, goodwill, or other intangible losses, arising out of or related to your access to or use of (or inability to use) the Service, including any reliance on Outputs, personal injury, property damage, or privacy-related claims, whether or not the Tennessy Parties have been advised of the possibility of such damages, and even if a remedy fails of its essential purpose.

To the fullest extent permitted by applicable law, the aggregate liability of the Tennessy Parties for any claim arising out of or relating to the Service or this Privacy Policy shall not exceed one hundred U.S. dollars (USD $100). Because the Service is offered without charge to end users in its current form, this amount is intended only as a nominal aggregate cap where permitted by law. Some jurisdictions do not allow certain limitations or exclusions; in those jurisdictions, the Tennessy Parties’ liability is limited to the maximum extent permitted by law. If you do not agree with these limitations, you must not use the Service.

Nothing in this Policy limits liability that cannot be limited under applicable law (for example, liability for gross negligence or intentional misconduct where such limits are void).

15. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

info@tennessy.com