Introduction
Welcome to Tod.ai ("we", "our", "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you use our website and services.
Tod.ai is a conversational shopping assistant that helps UK consumers find the perfect technology and appliances through natural conversation.
Company Details:
Service Name: Tod.ai
Website: https://tod.ai
Contact: hello@tod.ai
Location: United Kingdom
Information We Collect
1. Information You Provide Directly
Waitlist Registration
- Email address – Required to send you access when available
- Request timestamp – To manage waitlist order
Newsletter Subscription
- Email address – To send you blog updates and product recommendations
- Subscription date & status – To track subscriptions
Blog Comments
- Name & comment content – For comment display
- Email (optional) – Not displayed publicly
- IP address & user agent – For spam prevention only
What We DON'T Collect
❌ No analytics or tracking cookies
❌ No browsing history
❌ No permanent chat logs
❌ No personal profiles across sessions
❌ No location tracking
❌ No third-party advertising data
How We Use Your Information
We use your information to provide Tod's conversational recommendations, send you blog updates if subscribed, enable blog comments, prevent spam, and improve our service.
We never sell your data, share it with advertisers, or use it for purposes unrelated to providing our service.
Legal Basis (UK GDPR)
Under UK GDPR, we process your data based on:
- Consent – When you sign up for the waitlist or newsletter
- Legitimate interests – To prevent spam and improve our service
- Contract – To provide the service you requested
Third-Party Services
We use trusted third-party services to operate Tod.ai:
- Supabase – Database hosting (EU-based)
- Vercel – Website hosting and deployment
- OpenAI – AI conversation processing (data not stored)
These providers have their own privacy policies and data protection measures. We only share the minimum data necessary for each service.
Data Processing Agreements
We have Data Processing Agreements (DPAs) in place with our service providers where required under UK GDPR. These agreements ensure your data is processed securely and in compliance with data protection law.
Data Retention
- Waitlist emails – Retained until you gain access or unsubscribe
- Newsletter subscriptions – Until you unsubscribe
- Blog comments – Indefinitely (or until you request deletion)
- Chat conversations – Not stored – processed in real-time only
Your Rights
Under UK data protection law (UK GDPR), you have the right to:
- Access your data – Request a copy of what we hold
- Correct inaccurate data – Ask us to fix mistakes
- Delete your data – Request erasure ("right to be forgotten")
- Restrict processing – Limit how we use your data
- Data portability – Receive your data in a machine-readable format
- Object to processing – Challenge how we use your data
- Withdraw consent – Unsubscribe from newsletters anytime
To exercise your rights, email us at hello@tod.ai. We'll respond within 30 days.
Data Security
We implement appropriate security measures including:
- HTTPS encryption for all data transfers
- Secure database hosting with encrypted connections
- Regular security updates and monitoring
- Access controls limiting who can view data
International Transfers
Some of our service providers are based outside the UK. When we transfer data internationally, we ensure appropriate safeguards are in place, including:
- EU-US Data Privacy Framework compliance
- Standard Contractual Clauses where applicable
- Adequacy decisions by the UK government
Contact Us
If you have questions, concerns, or requests regarding this privacy policy or your personal data:
You also have the right to lodge a complaint with the UK's supervisory authority:
Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Telephone: 0303 123 1113