Privacy Policy
Last updated: June 29, 2026
Your privacy matters. This Policy explains what information Thala collects, how we use it, and the choices you have.
1. Introduction
This Privacy Policy explains how Ailoitte (“Ailoitte”, “we”, “us”) collects, uses, discloses, and protects personal information in connection with the Thala application and related services (the “Service”).
It applies to information we process as a controller (for example, account and billing data) and describes how we handle information you submit to the Service. Where we process personal data on your behalf as a processor, that processing is also governed by your agreement with us. By using the Service, you agree to this Policy.
2. Scope and Roles
For data about your own end customers and prospects that you load into or generate within the Service (“Customer Content”), you are the controller and we act as your processor. For data about your account, your Authorized Users, and your use of the Service, we are the controller. This Policy focuses on the latter and on the practices common to both.
3. Information We Collect
We collect the following categories of information:
- Account information — name, email, organization, role, and credentials.
- Billing information — plan, transaction records, and limited payment details handled by our payment processor.
- Usage and device information — log data, IP address, browser and device identifiers, and interactions with the Service.
- Integration data — information exchanged with third-party tools you connect, such as CRM, email, and calendar.
- Customer Content — the prospect, contact, and communication data you submit or generate, which may include personal data of third parties.
4. How We Use Information
We use information to:
- provide, operate, secure, and improve the Service;
- authenticate users, process payments, and manage Subscriptions;
- provide support and communicate about the Service, including service and security notices;
- monitor performance, prevent abuse, and enforce our Terms; and
- comply with legal obligations and establish, exercise, or defend legal claims.
We do not sell personal information. We do not use Customer Content to train shared, cross-customer models except where you have instructed or permitted us to do so.
6. Storage and Retention
We retain personal information for as long as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Customer Content is retained according to your settings and our documentation; after termination, we make it available for export for a limited period and then delete it in the ordinary course.
7. Legal Bases for Processing
Where data protection law requires a legal basis, we rely on: performance of our contract with you; our legitimate interests in operating and securing the Service; your consent (where applicable, such as certain cookies and marketing); and compliance with legal obligations. You may withdraw consent at any time where processing is based on consent.
9. Data Security
We maintain administrative, technical, and organizational measures designed to protect personal information against unauthorized access, loss, or misuse. While we work to protect your information, no system is completely secure, and you share responsibility by safeguarding your credentials and configuring access appropriately.
10. Your Rights
Depending on your location, you may have rights to access, correct, delete, or port your personal information, to object to or restrict certain processing, and to lodge a complaint with a supervisory authority. To exercise these rights, contact us using the details below.
If your personal data is held as Customer Content on behalf of one of our customers, please direct your request to that customer; we will assist them in responding as required.
11. International Transfers
We may process and store information in countries other than your own. Where we transfer personal data across borders, we use appropriate safeguards, such as standard contractual clauses, to protect it in accordance with applicable law.
12. Children's Privacy
The Service is intended for business use and is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will take appropriate steps to delete it.
13. Changes to this Policy
We may update this Policy from time to time. If we make material changes, we will provide notice through the Service or by other reasonable means and update the “Last updated” date above.
14. Contact Us
For privacy questions or to exercise your rights, contact us at privacy@ailoitte.com.
