Tensflare Ltd. ("Tensflare," "we," "our," or "us") builds trust infrastructure for consequential AI. We are registered in Nigeria and committed to compliance with the Nigeria Data Protection Act 2023 (NDPA). This Privacy Policy explains how we collect, use, disclose, and process your personal data when you visit our website, use our products and services (including Truss, Docfide, RuyQA, Glawly, HalluCase, MCP-Law, LegalVerify, Condicio, Duct, and TenantBox), or interact with us as a customer or visitor.
This Privacy Policy does not apply where Tensflare acts as a data processor on behalf of commercial customers — for example, when your organisation has provisioned you access to our products. In those cases, the commercial customer is the data controller, and you should review their policies for information about how they handle your personal data.
1. Collection of Personal Data
Personal Data You Provide to Us Directly
We collect the following categories of personal data when you provide it directly:
- Identity and Contact Data: name, email address, company name, job title, and phone number when you create an account, contact us, or subscribe to our newsletter.
- Payment Information: billing details if you purchase access to our products.
- Inputs and Outputs: documents, contracts, prompts, and data you submit to our products for analysis ("Inputs"), and the resulting analysis, extractions, and reports ("Outputs"). If you include personal data in your Inputs, we will collect that information.
- Feedback: ratings, reviews, ideas, and suggestions you provide about our products, including through feedback mechanisms.
- Communication Information: contents of messages you send us, including support requests and inquiries.
Personal Data We Collect Automatically
When you use our website or services, we automatically collect:
- Device and Connection Information: browser type, operating system, IP address (including location derived from IP), device identifiers, and internet service provider.
- Usage Information: pages visited, features used, dates and times of access, links clicked, and interactions with our products.
- Log and Troubleshooting Information: error logs, performance data, and application state when errors occur.
- Cookies and Similar Technologies: as described in our Cookie Policy.
Personal Data We Collect to Train and Improve Our Models
Tensflare uses data from the following sources to train and improve our AI models:
- Publicly available legal documents and contracts
- Datasets obtained through commercial agreements
- Inputs and Outputs from our Services (unless users opt out)
- Feedback explicitly provided by users
- Materials flagged for safety, security, or policy review
- Data generated internally
For more information about how we use personal data to develop our models and your choices, see Section 5 (Rights and Choices).
2. Uses of Personal Data
We use your personal data for the following purposes:
- Provide and maintain services: operate our products, process your requests, and deliver the features you use, governed by our Terms of Service.
- Improve and develop: analyze usage patterns to enhance our products, conduct research, and train our models.
- Communicate with you: send technical notices, updates, security alerts, support messages, and marketing communications (with your consent where required).
- Account administration: create and manage your account, facilitate payments.
- Security: detect, prevent, and respond to fraud, abuse, violations of our Acceptable Use Policy, and unauthorised access.
- Debugging and error repair: identify and fix errors that impair existing functionality.
- Compliance: fulfil legal obligations, resolve disputes, and enforce our agreements.
We may use your Inputs and Outputs to train our models unless you opt out through your account settings. Even if you opt out, we will use Inputs and Outputs for model improvement when conversations are flagged for safety review or when you have explicitly provided feedback.
3. How We Disclose Personal Data
We do not sell your personal data. We may share your information in the following circumstances:
- Service providers: with trusted third parties who help us operate our services, including hosting, analytics, payment processing, and customer support, bound by confidentiality agreements.
- Affiliates: between and among Tensflare and its related entities.
- Legal requirements: when required by law, court order, or governmental regulation, or to protect our rights and the rights of others.
- Business transfers: in connection with a merger, acquisition, or sale of assets.
- With your consent: when you have explicitly agreed to the sharing.
Our Subprocessor List identifies the third parties Tensflare engages to help process personal data.
4. Data Security
We implement administrative, technical, and physical security measures designed to protect your personal data from loss, misuse, and unauthorised access, disclosure, alteration, or destruction. These include encryption at rest and in transit, access controls, and regular security audits. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
5. Rights and Choices
Depending on your location and applicable law, you may have the following rights regarding your personal data:
- Access and portability: request a copy of the personal data we hold about you.
- Correction: request that we correct inaccurate or incomplete information.
- Deletion: request that we delete your personal data, subject to certain exceptions.
- Objection: object to processing of your personal data for direct marketing or on legitimate interest grounds.
- Restriction: request that we restrict processing of your personal data in certain circumstances.
- Withdrawal of consent: where processing is based on consent, you may withdraw it at any time.
- Opt-out of model training: you may opt out of having your Inputs and Outputs used for model training through your account settings.
- Opt-out of marketing: unsubscribe from marketing communications using the link in any such communication.
To exercise your rights, email us at privacy@tensflare.com. We will verify your identity before processing your request. You also have the right to lodge a complaint with your local data protection authority.
6. Data Transfers
Your personal data may be transferred to and processed in countries other than your own, including the United States. When we transfer data, we ensure appropriate safeguards are in place through:
- Adequacy decisions: where the relevant authority has recognised a country as providing adequate data protection; or
- Standard contractual clauses: approved contractual clauses under Article 46 GDPR, their equivalent for the UK and Switzerland, or the Nigeria Data Protection Act 2023 (NDPA); or
- Other lawful transfer mechanisms: including your consent, contract performance, or public interest grounds as permitted under applicable law.
7. Data Retention
We retain your personal data for as long as reasonably necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. When we no longer need your information, we will securely delete or anonymise it. Aggregated or de-identified data may be retained for research and analytics purposes.
8. Children
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us at privacy@tensflare.com.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Previous versions are available upon request.
10. Contact Information
If you have questions about this Privacy Policy or our data practices, please contact us:
- Email: privacy@tensflare.com
- Registered Address: Tensflare Ltd., Abuja FCT, Nigeria
Tensflare Ltd. (Nigeria) is the sole data controller responsible for your personal data under this Privacy Policy.
11. Legal Bases for Processing
| Purpose | Type of Data | Legal Basis (GDPR / NDPA) |
|---|---|---|
| To provide, maintain, and facilitate our services | Identity and Contact Data, Payment Information, Inputs and Outputs, Feedback, Technical Information | Contract (Article 6(1)(b) GDPR / Section 30 NDPA) |
| To communicate with you and send marketing | Identity and Contact Data, Communication Information, Technical Information | Consent / Legitimate interests (Article 6(1)(a) and (f) GDPR / Section 30 NDPA) |
| To create and administer your account | Identity and Contact Data, Payment Information, Feedback | Contract (Article 6(1)(b) GDPR / Section 30 NDPA) |
| To facilitate payments | Identity and Contact Data, Payment Information | Contract (Article 6(1)(b) GDPR / Section 30 NDPA) |
| To prevent fraud, abuse, and policy violations | Identity and Contact Data, Inputs and Outputs, Technical Information | Legitimate interests / Legal obligation (Article 6(1)(c) and (f) GDPR / Section 30 NDPA) |
| To investigate and resolve disputes | Identity and Contact Data, Inputs and Outputs, Feedback | Legitimate interests / Legal obligation (Article 6(1)(c) and (f) GDPR / Section 30 NDPA) |
| To debug and repair errors | Identity and Contact Data, Feedback, Technical Information | Legitimate interests (Article 6(1)(f) GDPR / Section 30 NDPA) |
| To improve services and conduct research (including model training) | Feedback, Inputs and Outputs, Technical Information | Consent / Legitimate interests (Article 6(1)(a) and (f) GDPR / Section 30 NDPA) |
| To enforce our Terms of Service and Acceptable Use Policy | Identity and Contact Data, Inputs and Outputs, Technical Information | Contract / Legitimate interests (Article 6(1)(b) and (f) GDPR / Section 30 NDPA) |
12. Regional Supplemental Disclosures
Supplemental Disclosures for Residents of Canada
By providing us with personal data, you consent to the collection, use, and disclosure of your personal data in accordance with this Privacy Policy. You may withdraw consent at any time, subject to legal or contractual restrictions. Your personal data may be transferred outside Canada, including to the United States, where data protection laws may differ from those in Canada.
Supplemental Disclosures for Residents of Brazil
Under the Brazilian General Data Protection Law (LGPD), you have the rights described in Section 5, as well as the right to: (a) confirmation of whether your data is being processed; (b) anonymisation, blocking, or erasure of unnecessary or excessive data; and (c) information about entities we have shared your data with. International data transfers are governed by standard contractual clauses approved by the ANPD.
Supplemental Disclosures for Residents of Nigeria
Under the Nigeria Data Protection Act 2023 (NDPA) and the Nigeria Data Protection Regulation (NDPR), you have the following rights in addition to those described in Section 5:
- Right to be informed: about the collection and use of your personal data
- Right of access: to obtain confirmation of whether your data is being processed and access to such data
- Right to rectification: to request correction of inaccurate or incomplete personal data
- Right to erasure: to request deletion of your personal data, subject to legal exceptions
- Right to restrict processing: to request restriction of processing in certain circumstances
- Right to data portability: to receive your data in a structured, commonly used format
- Right to object: to object to processing based on legitimate interests or for direct marketing
Where we process your personal data based on consent, you may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. International transfers of your personal data from Nigeria are carried out in accordance with Section 43 of the NDPA, with appropriate safeguards in place. You have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC).