Privacy Policy
Last updated: 14 May 2026
Plain-English summary: We collect the minimum we need to run the Service: an email and password hash to log you in, a record of your credit purchases, and your chat history. Because replies on Tilo are written by real people on our team, your messages are read by the Writer responding to you and by a small number of trained moderators. We don't sell your data, share your conversations with advertisers, or use them outside Tilo. You can ask us to delete everything at any time.
1. Who is the data controller?
The data controller for personal information processed through Tilo is the operator of tilochat.com ("Tilo", "we", "us"). You can reach us at privacy@tilochat.com.
2. What information we collect
Information you give us
- Account data: email address, hashed password, display name (optional), date-of-birth confirmation.
- Billing data: records of credit purchases including amount, date, currency and the last four digits of the card. Full card numbers are handled by our payment processor and never stored on Tilo servers.
- Communications: messages you send to Personas, and emails or support tickets you send us.
Information collected automatically
- Device & log data: IP address, browser type and version, operating system, referring URL, pages visited and timestamps.
- Cookies and similar technologies: small files used for authentication, security, fraud prevention and remembering basic preferences. We don't run third-party advertising trackers.
3. How we use your information
We use personal information to:
- provide, maintain and improve the Service;
- enable our Writers to read your messages and reply in the voice of the Persona you've chosen;
- moderate conversations for safety, policy compliance and quality;
- process payments and credit balances;
- send transactional emails (receipts, account notices, security alerts);
- protect against fraud, abuse and unlawful use;
- comply with our legal obligations.
We do not sell your personal information, and we do not share your chat content with advertisers.
Who at Tilo can see my messages?
Because Tilo replies are written by real people, your messages are visible to (a) the Writer assigned to reply to that Persona, (b) Tilo moderators reviewing for safety and policy, and (c) a limited number of engineers and support staff for technical, security and customer-service purposes. All staff and contractors are bound by written confidentiality and data-handling obligations. Access is logged.
4. Legal bases (UK / EU users)
Where the UK GDPR or EU GDPR applies, we rely on the following legal bases: performance of the contract you have with us (providing the Service); your consent (for optional features); our legitimate interests (running and securing the Service, fraud prevention); and compliance with legal obligations.
5. Who we share information with
- Payment processor — to process card payments. Our payment processor is responsible for handling your card details and is independently certified to PCI DSS.
- Cloud and infrastructure providers — to host the Service and store data securely.
- Writers and moderation contractors — internal staff or vetted contractors who reply to your messages or moderate conversations on Tilo's behalf, under written confidentiality and data-protection obligations.
- AI image and tooling providers — used to generate Persona likenesses and to support internal tools. We do not send your chat content to public generative-AI providers for the purpose of generating replies.
- Professional advisers and authorities — where required by law or to enforce our rights.
6. International data transfers
Some of our service providers operate outside the country where you live. Where personal data is transferred internationally we use appropriate safeguards (such as Standard Contractual Clauses) to protect it.
7. How long we keep your data
- Account & chat data: for as long as your account is open. If you delete your account, we permanently delete this data within 30 days.
- Billing records: retained for up to 7 years to comply with tax and accounting laws.
- Support correspondence: typically retained for 24 months after the case is closed.
8. Your rights
Depending on where you live, you may have rights to access, correct, delete or export your personal information; to object to or restrict certain processing; and to withdraw consent. You can exercise these rights by emailing privacy@tilochat.com. We will respond within the timeframes required by applicable law.
If you are in the UK or EU and believe we have not handled your data properly, you have the right to complain to your local data-protection authority (in the UK, the ICO).
9. Security
We use industry-standard technical and organisational measures to protect your data, including TLS encryption for data in transit, encryption at rest for sensitive fields, and strict access controls. No system is perfectly secure, but we take security seriously and will notify you of any breach that affects your personal data as required by law.
10. Children
Tilo is strictly for adults aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal data, please contact privacy@tilochat.com and we will take prompt steps to delete it.
11. Cookies
We use a small number of strictly-necessary and functional cookies. We don't use third-party advertising cookies. You can control cookies through your browser settings; disabling strictly-necessary cookies may prevent the Service from working properly.
12. Changes to this Policy
We may update this Privacy Policy from time to time. If we make material changes we will give you reasonable notice (for example, by email or an in-app notice). The "Last updated" date at the top of this page reflects the latest version.
13. Contact
If you have questions about this Privacy Policy or want to exercise any of your rights, please email privacy@tilochat.com or call 0330 880 6071 (Mon–Fri, 9am–6pm UK time).