Legal
Privacy Policy
How we collect, store, and use your data.
Last updated: 2026-06-16. This policy describes how Tilo handles your data. Tilo is an early-access product; we will update this policy as the product grows and notify you via email when material changes occur.
What we collect
- Account information. When you sign in with Google or GitHub we receive your name, email address, and avatar URL from the provider. We never see your provider password.
- Canvas content. The shapes, drawings, and text you place on a canvas are stored on our infrastructure so they sync across your devices and collaborators.
- Diagnostic logs. We record requests to our API endpoints (IP, timestamp, path) for up to 30 days for abuse prevention.
What we do not collect
We do not track your browsing outside Tilo, sell your data to advertisers, or analyse canvas content for marketing or training purposes.
Where data lives
All persistent data is stored in AWS DynamoDB in the us-east-1 region. The application runs on Vercel; some requests may be served from edge locations around the world but content is only written to the primary region.
How long we keep data
Canvas data persists until you delete the canvas or your account. Diagnostic logs are auto-deleted after 30 days. If you delete your account, all data associated with your userId is removed within 30 days.
Contact
For privacy questions, email privacy@tilo.app.