Privacy Policy

Effective Date: 25.02.2026

At Tilde, we are committed to protecting the privacy and security of our users. As a leader in European language technologies, we adhere to the highest standards of data protection, ensuring full compliance with the General Data Protection Regulation (GDPR) and other relevant EU data laws.

1. Data controller

SIA “Tilde” (hereinafter – Tilde) acts as the Data Controller in accordance with Article 4(7) of the GDPR.

SIA “Tilde”
Registration No.: 40003027238
Address: Vienības gatve 75A, Rīga, LV-1004, Latvia

Tel.+371 67605001
Email: tilde@tilde.ai

Please feel free to address any questions or concerns regarding data protection or privacy to dpo@tilde.lv

 

2. Scope of Application

This policy applies to all services provided by Tilde.ai including Machine Translation services, Speech recognition services, Website translator, Event assistant and TildeOpen LLM.

This Privacy Policy applies to the following websites and services:
– https://tilde.ai
– https://translate.tilde.ai
– https://transcribe.tilde.ai
– https://events.tilde.ai

 

3. Categories of Personal Data Processed

Depending on the service used, Tilde may process:

Content data (text, documents, audio stream submitted to our translation, transcription, or anonymization tools).

Identification and contact data (name, email, company, telephone number);

Account data (username, authentication information, role);

Technical and usage data (IP address, device identifiers, timestamps, logs);

Website data (cookies, data and time, browser type, operating system);

Support and communication records provided via contact forms

4. Purposes of Processing

Personal data is processed strictly for the following purposes:

• Provision and administration of requested language and AI services;
• Real-time transcription and translation functionality;
• Customer support and service communications;
• System monitoring, cybersecurity, and fraud prevention;
• Compliance with legal and regulatory obligations.

No Model Training: Crucially, we do not use your Content Data (the text you translate or anonymize) to train our public AI models. Your intellectual property remains yours.

When using the Tilde translation service, we don’t use your texts to improve the quality of our services.

5. Legal Basis (GDPR Article 6)

Processing is based on:

• Article 6(1)(b) – performance of a contract;
• Article 6(1)(f) – legitimate interests (security, service integrity);
• Article 6(1)(c) – compliance with legal obligations;
• Article 6(1)(a) – consent (where applicable, e.g., marketing).

6. Data Storage and Location

Tilde is a European company. To ensure maximum data sovereignty and compliance with GDPR all data is processed and stored on secure servers located within the European Union (primarily utilizing Microsoft Azure EU regions).

7. Data Retention

Content Data: For anonymous user content data (texts, files, audio, translation) is automatically deleted immediately after processing. Transcription or translated document data is stored for 30 minutes in order to allow the user to properly download created file.

For registered users content data is stored according to the retention settings defined in your system settings.

Account Data: Retained for the duration of your active account and as required by Latvian/EU tax and legal statutes (typically 5–10 years for financial records).

Technical information and audit logs are stored in accordance with NIS2 directive for 18 months.

6. Data Sharing and Disclosure

All personal data is processed within the European Union.

We use sub-processors as essential service providers (e.g., cloud hosting, payment gateways) who are contractually bound to GDPR standards.

• Microsoft Azure web services https://azure.microsoft.com
• Verda cloud services https://verda.com
• Chargebee payment services https://www.chargebee.com
• Odoo support and knowledge base https://odoo.com

We are obliged share information with law enforcement entities if it is required by law to comply with a subpoena or similar legal process.

7. Security Measures (GDPR Article 32 & NIS2)

Tilde implements appropriate technical and organizational measures to ensure a level of security appropriate to risk, including:

• Encryption: All data in transit is protected via TLS/SSL encryption. Data at rest is encrypted using industry-standard AES-256;
• Role-based access control (RBAC) with strict internal “least privilege” access policies;
• Multi-factor authentication;
• Continuous monitoring and logging;
• Incident response procedures;
• Business continuity and disaster recovery planning;
• Regular risk assessments and vulnerability management.

Tilde aligns its cybersecurity posture with NIS2 Directive requirements for risk management and incident reporting.

Tilde operates and maintains an Information Security Management System (ISMS) and is certified in accordance with ISO/IEC 27001:2022. 

8. Incident Notification

In the event of a security incident affecting service availability, integrity, or confidentiality, Tilde will act without delay in accordance with applicable EU and national regulatory obligations GDPR and NIS2.

9. Data Subject Rights

Data subjects have the right to:

• Access their personal data;
• Rectify inaccurate data;
• Request erasure;
• Restrict processing;
• Data portability (where applicable);
• Object to processing;
• Withdraw consent;
• Lodge a complaint with the competent supervisory authority.

   

10. Personal Data Processing in the Recruitment Process 

    Personal data submitted in connection with job applications, including CVs and related documents, is processed by SIA “Tilde” as described in Section 1 (Data Controller) of this Privacy Policy. 

    For specific questions regarding recruitment data processing, you may contact us at tilde@tilde.ai or the Data Protection Officer at dpo@tilde.lv. 

    Purpose of Processing and Legal Basis 
    When submitting your application, CV or other related documents, your personal data will be processed for the purpose of evaluating your candidacy in the recruitment process and contacting you regarding employment opportunities, if considered necessary. 

    The legal basis for processing your personal data is your consent. 

    You are not legally required to provide your personal data. However, if you choose not to provide the requested information, SIA “Tilde” will not be able to evaluate your application or contact you regarding employment opportunities. 

    Categories of Personal Data Processed 
    We process the personal data that you provide to us, including but not limited to: 

    • identification and contact data; 
    • information on education and qualifications; 
    • employment history and professional experience; 
    • motivation letter and any other information you voluntarily include in your application. 

    Data Retention Period 
    Your personal data will be stored for 6 months from the date of receipt of your application and may be reused for recruitment purposes within this period. 
    Personal data may be deleted earlier where appropriate. 

    Recipients of Personal Data 
    Your personal data may be accessed only by authorised employees involved in the recruitment process. 
    Personal data is not transferred to third countries or international organisations. 

    Your Rights 
    You may exercise your rights as described in Section 11 (Data Subject Rights) of this Privacy Policy, including the right to withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal. 

    No automated decision-making, including profiling, is carried out in the recruitment process. 

     

11. Supervisory Authority

In Latvia, complaints may be submitted to the Data State Inspectorate (Datu Valsts Inspekcija).

 

11. Amendments

Tilde reserves the right to update this Privacy Policy. The most recent version will always be available on the official websites listed above.

 

12. Contact Information

For all privacy and data protection inquiries, please contact:
dpo@tilde.ai