← Back to signup

Privacy Policy

Taide CRM Privacy Notice

1. Who this notice applies to

This Privacy Notice applies to:

  • people who visit our website;
  • people who create or use a Taide CRM account;
  • business customers and their authorized users; and
  • people who contact us for support, demos, billing, or sales.

This notice does not replace the privacy notices that our business customers give to their own clients, leads, or contacts. If you are a Taide CRM customer, you are responsible for informing your own clients how you use Taide CRM and any related service providers in your business.

2. Who we are

Controller:

  • Trading name: Taide CRM
  • Registered address: Barcelona, Spain
  • Contact email: info@taide.app

If required by law, you may also contact our data protection officer or privacy lead at dpo@taide.app

3. What we do

Taide CRM is a customer relationship management platform for photographers and similar businesses. It helps customers manage bookings, clients, workflows, communications, and subscriptions. The product currently relies on third-party providers including:

  • Supabase for database hosting, authentication, and related infrastructure;
  • OpenAI for AI features such as intent recognition, attribute extraction, and speech-to-text; and
  • Stripe for subscriptions, billing, and payment-related services.

These providers are necessary to operate the service. If you do not want your data processed through these providers, you should not use Taide CRM.

4. The personal data we collect

Depending on how you use Taide CRM, we may collect and process:

  • account data, such as your name, business name, email address, login details, and role;
  • customer relationship data, such as client names, email addresses, phone numbers, WhatsApp or other contact details, notes, booking details, payment status, and workflow records;
  • AI and voice input data, such as text prompts, transcribed speech, extracted attributes, and related metadata needed to generate results;
  • subscription and billing data, such as billing contact details, subscription status, invoices, transaction identifiers, and limited payment-related information;
  • support and communications data, such as messages you send to us, bug reports, and support attachments;
  • technical and usage data, such as IP address, device/browser information, authentication events, timestamps, logs, and feature usage events;
  • cookie and similar technology data as described in the Cookies section below.

We do not intend to collect or store full payment card numbers or card security codes in Taide CRM. Where card payments are used, card details should be collected and processed directly by Stripe or other PCI-compliant payment flows.

Please do not upload special category data or highly sensitive personal data to Taide CRM unless we have explicitly agreed to support that use case in writing.

5. How we use personal data

We use personal data to:

  • provide, host, secure, and maintain Taide CRM;
  • create and manage user accounts and business workspaces;
  • process subscriptions, invoices, upgrades, downgrades, renewals, and payment-related events;
  • provide AI and voice features requested by users;
  • respond to support requests, troubleshoot issues, and improve service reliability;
  • prevent fraud, abuse, unauthorized access, and security incidents;
  • communicate about the service, changes, incidents, billing, and support;
  • comply with legal, accounting, tax, and regulatory obligations;
  • improve the service through product analytics and operational metrics, where permitted by law.

6. Our legal bases

We use one or more of the following legal bases under the GDPR, depending on the processing activity:

  • performance of a contract, where processing is necessary to provide Taide CRM or manage the business relationship;
  • legitimate interests, where processing is necessary for service security, fraud prevention, internal administration, support, product improvement, or related business operations, and those interests are not overridden by your rights;
  • legal obligation, where we must keep records, respond to lawful requests, or comply with tax, accounting, anti-fraud, or other regulatory duties;
  • consent, only where consent is legally required, such as for certain non-essential cookies or certain optional communications.

We do not rely on optional consent for processing that is strictly necessary to deliver the core Taide CRM service.

7. Important role split

For much of the client, lead, booking, and workflow data that our business customers enter into Taide CRM, we expect to act as a processor on behalf of that customer, and the customer acts as the controller. For our own account, billing, support, security, and direct business relationship data, we generally act as controller.

This means:

  • if you are a Taide CRM customer, you are responsible for having an appropriate legal basis for the personal data you put into the service; and
  • if you are an end client of one of our business customers, you should first contact that business customer about how your data is used in Taide CRM.

8. AI and voice features

When you use AI or voice-enabled features, the content needed to provide those features may be sent to our AI service provider, currently OpenAI, for processing.

This may include:

  • names;
  • email addresses;
  • phone numbers;
  • WhatsApp or other contact identifiers;
  • booking information;
  • free-text notes;
  • payment method or payment status descriptions; and
  • speech audio or transcripts.

We configure third-party services as narrowly as reasonably possible, but AI processing still involves sending relevant content to an external provider. Use of these features requires that processing.

Where available and appropriate for our account tier and product configuration, we aim to use business settings that reduce retention and limit secondary use of API data. However, the exact processing configuration may depend on the specific endpoint or feature used.

9. Who we share personal data with

We share personal data only where necessary, including with:

  • Supabase, for hosting, database, authentication, and infrastructure;
  • OpenAI, for AI, language, and speech-to-text processing;
  • Stripe, for subscription billing, invoicing, payments, fraud prevention, and related financial services;
  • professional advisers, auditors, insurers, and legal counsel where necessary;
  • courts, regulators, law enforcement, or public authorities where legally required;
  • future replacement or additional subprocessors listed in our Subprocessor List.

Some of these providers may in turn use their own approved subprocessors or affiliates to support their services. We assess those providers as part of our vendor management process, but we do not reproduce every onward subprocessor in this notice.

You can find our current direct provider list in the Subprocessor List.

10. International data transfers

Some of our providers may process personal data outside the European Economic Area. Where that happens, we rely on appropriate safeguards such as adequacy decisions, the EU Standard Contractual Clauses, or another valid transfer mechanism recognized under applicable law.

We do not promise that all processing always stays in one country or only within the EU unless we expressly state that in a contract for a specific configuration.

11. Retention

We keep personal data only for as long as reasonably necessary for the purposes described above, including to:

  • provide the service;
  • maintain security, backups, and business continuity;
  • resolve disputes and support issues;
  • comply with legal, tax, accounting, and regulatory obligations; and
  • enforce our agreements.

Retention periods vary by data type and contractual relationship. Our operational retention rules should be documented internally and reviewed regularly.

Suggested operational baseline for internal review:

  • account and workspace records: for the active contract period and a defined post-termination period;
  • support tickets and business correspondence: for a limited support and compliance period;
  • security logs: for a limited security and audit period;
  • billing records: for the period required by applicable accounting and tax law;
  • AI input/output records: only as long as needed for the relevant feature, support, or abuse prevention settings in place at that time.

12. Security

We use technical and organizational measures designed to protect personal data, including access controls, authentication controls, encryption in transit, tenant separation, logging, and vendor management. No system is completely secure, and we cannot guarantee absolute security.

If you believe your data has been accessed without authorization, contact us immediately at info@taide.app.

13. Your rights

Subject to applicable law, you may have the right to:

  • access your personal data;
  • correct inaccurate personal data;
  • delete personal data in certain circumstances;
  • restrict processing in certain circumstances;
  • object to processing based on legitimate interests in certain circumstances;
  • receive a copy of certain personal data in a portable format;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with your supervisory authority.

If we process personal data as a processor for one of our business customers, we may need to direct your request to that customer.

14. Cookies and similar technologies

We use cookies and similar technologies for the following purposes:

  • essential cookies needed for login, session management, security, and core product functionality;
  • optional analytics, performance, or marketing technologies, if enabled.

Where consent is required by law for non-essential cookies or similar technologies, we will request it before placing them. Essential cookies are necessary for the operation of the service and do not require optional consent where the law provides an exemption.

15. Children's data

Taide CRM is intended for business use and is not directed to children. We do not knowingly market Taide CRM directly to children.

16. Changes to this notice

We may update this Privacy Notice from time to time. If we make material changes, we will post the updated version and update the effective date above. Where required, we will also provide additional notice.

17. Contact us

For privacy questions, requests, or complaints, contact:

  • Email: privacy@taide.app

You may also have the right to lodge a complaint with the supervisory authority in the EU/EEA country where you live, work, or where the alleged infringement took place.

Back to signup