Login
Get started
Tacit AI Navigation
Tacit AI Logo
Get started

Last updated: 7 December 2025

This Privacy Policy explains how Tacit AI (“Tacit AI”, “we”, “us”, “our”) collects, uses, discloses and protects personal data when you visit https://www.tacitx.ai or use our products and services (together, the “Services”).

If you do not agree with this Policy, you should not use the Services.

 

1. Who we are and how to contact us

The controller of your personal data for the purposes described in this Policy is:

Tacit AI, Inc.
Email: admin@tacitx.ai

If you are located in the UK or EEA, we may appoint a representative or DPO as required by law. Their details, if applicable, will be published here or in a separate notice.

 

2. Scope of this Policy

This Policy applies to:

    • Visitors to our websites (including tacitx.ai and any subdomains).

    • Users of our hosted SaaS platform and APIs.

    • Participants in pilots, proofs of concept and trials.

    • People who interact with us by email, contact forms, events, or social media.

This Policy does not override any separate contract or data processing agreement (“DPA”) we sign with a customer. In case of conflict, the signed contract or DPA will control for that relationship.

 

3. Roles: controller and processor

We act in different capacities depending on the context:

    • Controller:
      For data about website visitors, prospects, account owners, billing contacts and our own business operations, we decide the purposes and means of processing. In that context we are a data controller.

    • Processor:
      For data that our business customers upload to or generate in the Services (for example work orders, equipment data, manuals, FMEAs and related records that may contain personal data about their staff), we generally process it only on our customers’ documented instructions. In that context we are a data processor and the customer is the controller. The customer’s own privacy notice applies to that data.

When in doubt, the description of roles in your contract or DPA with us prevails.

 

4. Personal data we collect

We may collect the following categories of personal data.

4.1 Data you provide to us

    • Account and profile data:
      Name, job title, company, email address, password, user settings and preferences.

    • Contact and communications data:
      Content of emails or messages you send us, support requests, meeting notes, survey responses, event registrations.

    • Customer content and industrial data:
      When you use the Services, you and your organization may upload or provide:
        • Work orders, maintenance logs, CMMS exports.

        • Equipment lists, asset hierarchies, FMEAs, manuals and drawings.

        • Free text notes, comments and tags that may incidentally include personal data about employees or contractors.

    • Marketing and sales data:
      Your marketing preferences, form submissions, and information you provide in demos or sales calls.

4.2 Data we collect automatically

When you visit our sites or use the Services, we may automatically collect:

    • Technical data:
      IP address, device identifiers, browser type and version, operating system, language settings.

    • Usage data:
      Pages viewed, features used, clickstream data, login timestamps, error logs, and similar usage metrics.

This information is collected using server logs, cookies and similar technologies. See section 7 (Cookies and similar technologies).

4.3 Data we receive from third parties

We may receive personal data from:

    • Your employer or colleagues who set up your account.

    • Integration partners and vendors (e.g. CMMS or ERP providers, SSO providers).

    • Public sources, such as LinkedIn or your company website, for B2B outreach.

    • Conference and event organizers where you interact with us.

 

5. How we use personal data and legal bases

Where applicable law (such as UK GDPR or EU GDPR) requires a legal basis, we typically rely on the following:

5.1 To provide and operate the Services

We process personal data to:

    • Create and manage user accounts.

    • Provide, configure, maintain and support the Services.

    • Process and analyze Customer Data as instructed by our customers.

    • Provide demos, pilots and proofs of concept.

Legal basis: performance of a contract with you or your organization, and steps taken at your request before entering into a contract.

5.2 To secure and protect the Services

We process personal data to:

    • Monitor, detect and prevent security incidents and abuse.

    • Troubleshoot and fix technical issues.

    • Maintain system logs and backups.

Legal basis: our legitimate interests in securing our systems and complying with legal obligations.

5.3 To improve the Services

We may use aggregated or de-identified data derived from Customer Data and usage data to:

    • Understand how the Services are used.

    • Develop new features and improve performance.

    • Benchmark and create statistics, provided they do not identify individuals or customers.

Where we use identifiable data for product improvement in a way that goes beyond what is necessary for operating the Services, we will rely on your consent or put proper contractual controls in place.

5.4 To communicate with you

We use contact details to:

    • Respond to inquiries and support requests.

    • Send operational communications, such as security, maintenance or policy updates.

    • Manage trials, pilots and customer relationships.

Legal basis: performance of a contract and our legitimate interests in running our business and supporting users.

5.5 Marketing

We may use your contact details to send you:

    • Product updates, newsletters and invitations to events.

    • Information about features and services that may be relevant to you.

Legal basis:

    • Consent where required (e.g. certain email marketing in the UK and EU).

    • Otherwise, our legitimate interests in promoting the Services to business contacts, with the ability to opt out at any time.

You can opt out of marketing emails by using the unsubscribe link in the email or contacting us.

 

6. AI functionality

Our Services include AI features that generate outputs based on Customer Data and other inputs.

    • We process Customer Data to generate outputs solely on your or your organization’s instructions.

    • We may log prompts and outputs for security, debugging and product improvement, subject to our contracts and DPAs.

    • You and your organization are responsible for reviewing AI outputs before using them in safety critical, regulatory or operational decisions.

We do not use Customer Data submitted to our enterprise Services to train public foundation models.

 

7. Cookies and similar technologies

We use cookies and similar technologies to:

    • Keep you signed in and provide core functionality.

    • Understand usage of our sites and Services.

    • Support marketing and analytics, where allowed.

Where required by law, we will obtain your consent before placing non-essential cookies and you can withdraw consent at any time through our cookie management tool or browser settings.

A more detailed description of the cookies and similar technologies we use may be provided in a separate Cookie Notice.

 

8. How we share personal data

We may share personal data with:

    • Service providers and subprocessors
      IT hosting providers, cloud infrastructure, analytics providers, email and CRM platforms, and similar vendors that process data on our behalf under written contracts.

    • Integration partners
      Where you or your organization choose to connect Tacit AI to third party systems (e.g. CMMS, ERP, or identity providers), we may share data as necessary to enable the integration.

    • Professional advisers
      Lawyers, auditors, insurers and other advisers, under confidentiality obligations.

    • Corporate transactions
      In connection with a merger, acquisition, financing, reorganization or sale of all or part of our business, personal data may be shared with relevant parties subject to appropriate safeguards.

    • Legal and regulatory authorities
      Where required to comply with law, enforce our terms, or protect rights, property or safety.

We do not sell personal data in the ordinary meaning of that term.

 

9. International transfers

We may transfer personal data to countries outside your own, including to the United States and other jurisdictions where our infrastructure or providers are located.

Where required by law, we use appropriate safeguards for such transfers, which may include:

    • Standard contractual clauses approved by the European Commission or UK authorities.

    • Other relevant transfer mechanisms permitted by applicable data protection law.

Details of the specific safeguards in place can be provided upon request or in our DPA with your organization.

 

10. Data retention

We retain personal data for as long as necessary for the purposes set out in this Policy, in particular:

    • Account and profile data: for the duration of your account and a reasonable period thereafter, unless we are required to keep it longer.

    • Customer Data: as specified in our contracts or DPAs, and for a limited period after termination for backup, audit and dispute resolution.

    • Logs and security data: for periods appropriate to security and audit requirements.

    • Marketing data: until you opt out or we determine that it is no longer accurate or relevant.

We may retain certain information longer if required by law or to establish, exercise or defend legal claims.

 

11. Security

We implement technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

These measures include access controls, encryption in transit and at rest where appropriate, logging and monitoring of production systems, and staff training. No system can be guaranteed to be 100 percent secure, but we work to maintain a level of security appropriate to the risk.

 

12. Your rights

Depending on where you are located and subject to certain conditions, you may have rights including:

    • Access to your personal data.

    • Rectification of inaccurate or incomplete data.

    • Erasure of your data.

    • Restriction of processing.

    • Data portability.

    • Objection to certain processing, including direct marketing.

    • Withdrawal of consent where processing is based on consent.

To exercise these rights, contact us at admin@tacitx.ai. We may need to verify your identity before responding.

If we process your data on behalf of a business customer, we may redirect your request to that customer as the controller.

You also have the right to lodge a complaint with a supervisory authority, such as the Information Commissioner’s Office (ICO) in the UK or your local data protection authority.

 

13. Children

The Services are not intended for use by children under the age of 16 and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, contact us so we can take appropriate steps.

 

14. Third party links

Our sites and Services may contain links to or integrations with third party websites, services or content. We are not responsible for the privacy practices of those third parties. You should review their policies before providing them with personal data or using their services.

 

15. Changes to this Policy

We may update this Policy from time to time. We will post the updated version on this page and update the “Last updated” date. In case of material changes, we may provide additional notice, for example by email or in the Services.

Your continued use of the Services after the effective date of the updated Policy means you accept the changes.

 

16. Contact

If you have questions about this Policy or how we handle personal data, contact:

Email: admin@tacitx.ai

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from - Youtube
Vimeo
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Spotify
Consent to display content from - Spotify
Sound Cloud
Consent to display content from - Sound
Save