Privacy

Privacy Policy

Last updated

Our guiding principle: collect what we need to run the service, nothing more. We do not sell your data. We do not run third-party trackers. We do not train models on your content. This policy explains what we do collect, why, and what rights you have over it.

1. Who we are

The data controller for personal data processed in connection with the Telos service is:

  • Telos Foundry ApS
  • CVR-nr. 46483561
  • Teglholmsgade 10B, 3. th., 2450 København SV, Denmark
  • Contact: info@telos-app.com

When we say "Telos", "we", or "us" in this policy, we mean Telos Foundry ApS. For privacy questions, data subject requests, or breach reports, email info@telos-app.com. A named human reads that inbox.

2. What we collect

2.1 Account data

When you sign up, we store your name, work email, a hashed password, and the organization you created or joined. We use this to log you in, to bill the right entity, and to keep your workspace separated from everyone else's.

2.2 Content you create

Telos stores the documents, comments, files, customer records, opportunities, projects, tasks, and other artifacts you and your teammates create inside your workspace. This content is owned by your organization, not by Telos.

2.3 Operational logs

We log technical events needed to operate the service: API requests, error traces (via Sentry, with PII scrubbing enabled), background job runs, webhook deliveries, and authentication events. These logs may include your IP address for the time needed for security and abuse prevention.

2.4 Bring-your-own LLM

Telos does not host a language model. When you connect a provider (Anthropic, OpenAI, Ollama, or another), Telos constructs the prompt, attaches the workspace context you have selected, and routes the request to that provider under your API key. The provider receives the data under your direct contract with them, not under ours. We store your API key encrypted and only decrypt it at request time. We do not log prompt or completion bodies on Telos servers beyond what is needed to render the response back to you in your session.

2.5 What we do not collect

  • No third-party analytics. No PostHog, Mixpanel, Google Analytics, no equivalent.
  • No ad tracking. No pixels, no remarketing, no fingerprinting.
  • No session replay. We do not record your screen or keystrokes.
  • No model training on your content. Your data does not improve any model, ours or anyone else's.
  • No data sale. Ever.

3. Why we collect it (GDPR Article 6)

  • Performance of a contract. Processing account data and content you create so we can deliver the service you signed up for.
  • Legitimate interest. Operational logs, security monitoring, abuse prevention, and product reliability. We balance this against your privacy and document the assessment internally.
  • Legal obligation. Retaining billing and tax records as required by Danish and EU law.
  • Consent. Currently unused, because we do not run non-essential trackers. If we ever add product analytics, we will ask first and you will be able to decline.

4. Cookies and local storage

Telos uses only strictly necessary cookies and local storage. Under the EU ePrivacy Directive, strictly necessary cookies are exempt from the consent banner requirement because the service could not function without them. We disclose them here in full.

What we set

  • Session cookie (authjs.session-token, HTTP-only, Secure). Keeps you logged in across page loads. Lawful basis: performance of contract. Expires on logout or after inactivity.
  • CSRF cookie (authjs.csrf-token). Protects sign-in and form submissions against cross-site request forgery. Lawful basis: legitimate interest (security).
  • Callback URL cookie (authjs.callback-url). Returns you to the page you started on after sign-in. Lawful basis: performance of contract.
  • UI preferences (localStorage). Sidebar state, filter selections, and view preferences so your workspace remembers how you left it. Lawful basis: performance of contract. Stays on your device. Never leaves your browser.

You can clear all of these via your browser settings. Doing so logs you out and resets UI preferences. Nothing else breaks.

5. Who we share data with (sub-processors)

We use a small set of vendors to operate the service. Each is bound by a data processing agreement and processes data only on our instructions. The current list:

  • Railway. Application hosting, Postgres database, background workers, and file storage (Tigris-backed S3 buckets). All hosted in the EU; see Section 6.
  • Resend. Transactional email (invites, password resets, notifications). EU region.
  • Sentry. Error monitoring. We configure the SDK to scrub IP addresses and avoid PII bodies.
  • Stripe. Payment processing. Card details and billing data live at Stripe; we store only the Stripe customer and subscription identifiers needed to bill you and reconcile invoices.
  • Your chosen LLM provider.When you enable AI features, prompts and completions are routed through Telos to the provider you configured. The provider acts under your direct contract with them and your API key; Telos's processing ends at the handoff. Supported providers are listed in our DPA Exhibit B.

We will notify account owners at least 15 days in advance of any addition or replacement of a sub-processor. The active list lives in our DPA.

6. Where your data lives

Application servers, the Postgres database, and the file storage bucket all run in the EU. Your content, account data, and operational logs stay in the EU.

Where data leaves the EEA (for example, when you connect a non-EU LLM provider), the transfer relies on the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, an adequacy decision. For data subjects in the United Kingdom, transfers outside the UK rely on the UK ICO's International Data Transfer Addendum to the SCCs. We document each transfer in our DPA.

7. Retention

  • Active workspaces. Content is retained for the life of your subscription.
  • After cancellation. Your workspace remains fully accessible through the end of the paid period. Export anything you want to keep before then. After the paid period ends, production rows are deleted within 7 days; backups rotate out within 90 days.
  • Operational logs. Retained for 90 days unless tied to an ongoing security incident.
  • Billing records. Retained for 5 years to meet Danish bookkeeping law (Bogføringsloven).

8. Who at Telos sees your data

We try hard to leave your content alone. Telos personnel access customer data only in a small set of cases:

  • When you ask us to (a support request that requires it).
  • To investigate suspected abuse, fraud, or a security incident.
  • To diagnose a bug we cannot reproduce otherwise.
  • When legally compelled by a valid order from a court of competent jurisdiction.

We push back on overbroad legal requests and, where the law allows, notify the customer before we disclose.

9. Your rights

Under GDPR you have the right to access, rectify, erase, restrict, port, and object to processing of your personal data. To exercise any of these, email info@telos-app.com. We respond within 30 days.

If you are not happy with our response, you can complain to your local data protection authority. For Denmark this is Datatilsynet.

10. Security

We use TLS 1.2 or higher for all transit, encrypt secrets at rest, scope every database query by tenant, store passwords with bcrypt (or equivalent), and require strong passwords. Files live in object storage with private ACLs; uploads use short-lived presigned URLs. Detailed measures live in our DPA.

11. Children

Telos is a workplace tool and is not directed to children under 16. We do not knowingly collect personal data from children.

12. Changes to this policy

We will update this policy as the product changes. Material changes go to account owners by email at least 30 days before they take effect. The version date at the top of this page tells you when we last touched it.