Privacy Policy
Effective date: September 29, 2025
This policy applies to the website hosted at tyle.ca (the "Site") and services provided by the operator based in Ontario, Canada ("we", "us", "our"). We operate for Canadian users and do not target EU residents. This page explains what we collect, why, and what your rights are under Canadian privacy law (including PIPEDA).
1. Quick summary — in plain language
- We collect the chat text you send to the AI frontend so the service works and for short-term troubleshooting/moderation.
- We do not sell your personal information.
- We keep temporary logs only as long as strictly necessary (default: 30 days), then delete or anonymize them.
- If you are in the EU and believe we target you, contact us — we will handle that specifically. We do not actively target EU residents.
2. What we collect
We collect information you provide directly and technical/operational data necessary to provide the Site:
- Chat content: everything you type into the chat interface (prompts, follow-ups). This may include personal data if you type it.
- Session/technical data: temporary session identifiers, timestamps, IP address (for abuse prevention), user agent string, and basic request metadata.
- Optional analytics: aggregated, non-identifying site usage metrics (page views, errors). We do not use third-party trackers for behavioural ad‑profiling unless disclosed below.
3. Why we collect it (legal basis / purpose)
- Service operation: to route requests to Llama2 / Gemma3 backends and return results.
- Moderation & safety: to detect abuse, spam, or content policy violations.
- Debugging & improvement: to troubleshoot incidents and improve the service (only when necessary).
- Legal & security: to respond to legal requests, enforce our terms, or investigate security incidents.
4. Retention & deletion
We keep chat logs and related technical data only as long as needed for the purposes above. Our default retention periods are:
- Temporary chat logs:
30 days (automatically deleted or anonymized after this period unless flagged for investigation).
- Security logs / abuse reports: up to
1 year where necessary for investigations or to comply with legal obligations.
- If you request deletion of your data, we will act on that request and remove identifiable data unless we are legally required to retain it.
5. Sharing & third parties
We do not sell personal data. We may share or disclose information in the following limited cases:
- Service providers / processors: cloud hosting, backups, analytics providers, and ML infrastructure operators. These parties act as processors and are contractually restricted to process data only as instructed.
- Legal requests: when required by law or to respond to valid government/legal process.
- Security / abuse investigations: where necessary to prevent fraud or harm.
If we integrate third-party analytics or advertising in the future, we will disclose that here and provide an opt-out path.
6. Cookies, local storage, and client-side data
We use minimal, first-party cookies or session storage only for essential functionality (session continuity, CSRF protection). We do not use cookie-based third-party tracking for behavioural profiling targeted at EU residents. Because our audience is Canadian, we do not show an EU-style cookie consent banner — but you may configure or clear cookies via your browser at any time.
7. Security
We take reasonable technical and organizational measures to protect personal information, including:
- Transport encryption (HTTPS/TLS) for all data in transit.
- Access controls and least-privilege for production systems.
- Encrypted backups where applicable, and retention minimization.
- Logging and monitoring for suspicious activity.
No system is perfect — if a breach occurs that risks personal information, we will follow applicable breach notification rules and notify affected parties when required.
8. Your rights (Canada)
Under Canadian privacy law (PIPEDA) you have the right to:
- Access personal information we hold about you and receive a copy of it.
- Request correction of inaccurate or incomplete personal information.
- Request deletion of personal information (subject to legal retention obligations).
- Withdraw consent where processing is based on consent — withdrawal does not make past processing unlawful but prevents future processing under that basis.
To exercise these rights, contact us at the address below. We aim to respond promptly and in any event within the timeframes required by applicable law.
9. Data subject requests & contact
If you want to access, correct, or delete data we hold about you, or if you have a privacy question or complaint, contact:
Email: tyler.spiffy@gmail.com
If we cannot resolve your complaint, you may contact the Office of the Privacy Commissioner of Canada or the relevant provincial authority.
10. Children
Our Site is not intended for children under 13. We do not knowingly collect personal information from children. If a parent or guardian believes we have collected such information, contact us to request deletion.
11. Changes to this policy
We may update this policy. The "Effective date" at the top will reflect when changes were made. Substantial changes will be posted on this page and, where appropriate, notified to users.