Legal

Privacy Policy

Last updated: March 18, 2026 — Effective date: March 18, 2026

Tagmatic ("Tagmatic", "we", "our", or "us") operates the annotation platform available at tagmatic.app (the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect information about you when you use our Service.

By using Tagmatic, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

Email address — used for authentication via magic link, account communications, and support
Company or team name — if provided during onboarding
Account preferences — theme settings, notification preferences stored locally

1.2 API Usage Data

When you use the Tagmatic annotation API, we collect:

API request metadata — timestamps, endpoint called, response times, HTTP status codes, IP address
Token usage — number of annotations processed per request and per billing cycle
API key identifiers — the masked key prefix (e.g., tmk_xxxx...xxxx); your full API key is never stored in plaintext after creation
Rate limit counters — rolling request counts used to enforce plan limits

1.3 Annotation Data (Input Text)

The text or data you submit to the /api/annotate and /api/annotate/batch endpoints is processed by our AI pipeline to return annotation results. Specifically:

Your input text is passed to the underlying large language model (LLM) solely to produce the annotation response
Input text is not stored persistently beyond the duration of the API request, except when you explicitly save it (e.g., within a project or review queue)
Annotation results and metadata (labels, confidence scores, schema configurations) are stored in your account to support audit logs, review queues, and analytics
Gold set examples you upload are stored as part of your project until you delete them

1.4 Payment Information

Subscription billing is processed by Stripe, Inc. Tagmatic does not store credit card numbers or full payment details. We receive:

Stripe customer ID and subscription status
Plan tier, billing cycle, and renewal dates
Last-four digits of the card on file and card brand (provided by Stripe for display purposes)

1.5 Log and Technical Data

When you access the Service, our servers automatically record:

IP address and approximate geographic location (country/region)
Browser type and version, operating system
Pages viewed, time spent, referring URL
Error logs and crash reports

1.6 Communications

If you contact us via email or support channels, we retain those communications to respond to inquiries and improve the Service.

2. How We Use Your Information

We use the information we collect to:

Provide and operate the Service — authenticate you, process annotation requests, store your projects and results
Process billing — track annotation quotas, enforce plan limits, handle upgrades and downgrades via Stripe
Improve the platform — analyze aggregated usage patterns to identify bugs, improve latency, and prioritize features
Send transactional communications — magic link emails, billing receipts, API quota warnings, and service status alerts
Provide customer support — respond to requests, diagnose issues
Ensure security — detect fraud, abuse, or unauthorized API access; enforce rate limits and acceptable use policies
Comply with legal obligations — respond to lawful requests from regulatory or law enforcement authorities

We do not sell your personal information or annotation data to third parties. We do not use your annotation input data to train our own models.

3. Data Retention

3.1 Account Data

Your account data (email, API keys, subscription information) is retained for the duration of your account and for up to 90 days after account deletion, to allow for recovery and to fulfill any outstanding contractual or legal obligations.

3.2 Annotation Results and Projects

Annotation results, project data, gold set examples, and review queue items are retained while your account is active. You can delete individual items or entire projects at any time from your dashboard. Upon account deletion, all project data is permanently deleted within 30 days.

3.3 API Request Logs

Technical access logs are retained for up to 90 days for security and debugging purposes, after which they are automatically purged.

3.4 Payment Records

Transaction records are retained for 7 years to comply with financial recordkeeping requirements.

4. Third-Party Services

Tagmatic uses the following third-party services:

Service	Purpose	Data Shared
Stripe	Payment processing	Email, billing address, payment method
Anthropic Claude API	LLM powering annotation	Annotation input text (per request only)
Render	Cloud hosting	All data stored on hosted infrastructure
Neon (PostgreSQL)	Database	All persistent user and annotation data
Google Fonts	Typography	IP address (standard CDN request)

Each third-party service is governed by its own privacy policy. We encourage you to review those policies if you have concerns.

5. Cookies and Local Storage

Tagmatic uses minimal client-side storage:

Authentication token — a JWT stored in localStorage to keep you signed in across sessions. This is a functional necessity; the Service cannot operate without it.
Theme preference — your dark/light mode selection stored in localStorage for a consistent experience.
Session cookies — Stripe Checkout may set cookies during the payment flow, governed by Stripe's cookie policy.

We do not use third-party advertising cookies, cross-site tracking cookies, or behavioral analytics pixels.

6. Data Security

We implement industry-standard security measures to protect your data:

All data in transit is encrypted via TLS 1.2+
API keys are hashed before storage; full keys are only displayed once at creation
Database access is restricted to application servers via private networking
Authentication uses short-lived magic links — no passwords to compromise
Infrastructure hosted on SOC 2-compliant cloud providers

No method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it to tagmatic@polsia.app before public disclosure.

7. Your Rights and Choices

7.1 Access and Portability

You may request a copy of the personal data we hold about you at any time by emailing tagmatic@polsia.app. We will provide your data in a machine-readable format (JSON) within 30 days.

7.2 Correction

You may update your email address by contacting support. Other account information can be updated directly in your dashboard.

7.3 Deletion

You may request deletion of your account and all associated data at any time by emailing tagmatic@polsia.app with the subject line "Delete my account." We will process the request within 30 days. Note that:

Transaction records may be retained for up to 7 years as required by law
Data in automated backups will be purged within 90 days

7.4 Opt-Out of Communications

You can unsubscribe from non-essential emails (product updates, newsletters) by clicking the unsubscribe link in any such email. Transactional emails (magic links, billing receipts, security alerts) cannot be opted out of while your account is active.

7.5 Residents of the EEA, UK, and California

If you are located in the European Economic Area, United Kingdom, or California, you have additional rights under the GDPR, UK GDPR, and CCPA respectively, including the right to object to processing and to lodge a complaint with your local supervisory authority. Contact us at tagmatic@polsia.app to exercise these rights.

8. International Data Transfers

Tagmatic is operated from the United States. If you access the Service from outside the United States, your data may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using the Service, you consent to this transfer.

9. Children's Privacy

The Service is not directed to children under 16 years of age. We do not knowingly collect personal data from children under 16. If we learn that we have inadvertently collected such data, we will delete it promptly. If you believe a child under 16 has provided us with personal information, contact us at tagmatic@polsia.app.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users or via a notice on the Service at least 14 days before taking effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related questions, data requests, or concerns, contact us at:

Tagmatic Privacy

Email: tagmatic@polsia.app
We aim to respond to all inquiries within 5 business days.