Privacy Policy

Tactix Labs Inc. ("we," "us," "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, why we collect it, how it is used, and your rights regarding that data.

This policy applies to usetactix.com and all associated services. By using Tactix, you agree to the practices described in this policy.

Account and identity data: When you register, we collect your name, email address, and profile picture (if signing in via Google). This data is managed by WorkOS, our authentication provider.

Tactical content: The plays, formations, phases, and animations you create are stored in our database (Supabase). This content is yours — we store it solely to provide the Service.

Usage and analytics: We track product usage events through PostHog — for example, which features you use, how long sessions last, and which pages you visit. This data is used to improve the product and is not sold.

Payment and billing: Payments are handled entirely by Paddle, our Merchant of Record. We never receive or store your payment card details. We receive from Paddle only your subscription status, tier, and billing email.

Technical data: Our hosting provider (Vercel) may log standard server-access data including IP addresses, browser type, and request timestamps. This data is used for security and infrastructure purposes.

• To create and maintain your account.
• To store and serve your tactical content.
• To process payments and manage your subscription via Paddle.
• To send transactional emails (account verification, receipts) via WorkOS and Paddle.
• To analyze product usage in aggregate to improve features and fix bugs.
• To detect and prevent fraud, abuse, and security incidents.
• To comply with legal obligations.

We do not use your data for advertising, profiling for sale to third parties, or any purpose not described in this policy.

We work with the following trusted service providers who may process your data on our behalf:

Each provider is bound by contractual data processing obligations consistent with applicable privacy law. We do not sell your data to any third party.

We use cookies and similar technologies to operate the Service. See our Cookie Policy for a full breakdown of what cookies we use and how to manage them.

We retain your account and content data for as long as your account is active. If you delete your account, your User Content is marked for deletion and permanently removed within 30 days. Backups may retain data for up to 90 days for disaster recovery purposes.

Analytics events collected via PostHog are retained for up to 24 months. Billing and transaction records are retained by Paddle in accordance with financial regulations, typically 7 years.

If you are located in the European Economic Area or United Kingdom, you have the following rights under GDPR:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate or incomplete data.
• Right to erasure — request deletion of your personal data (subject to legal retention requirements).
• Right to restriction — request that we limit processing of your data in certain circumstances.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interests.
• Right to withdraw consent — where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at contact@usetactix.com. We will respond within 30 days.

The legal basis for processing your data is: (1) contract performance — to provide the Service; (2) legitimate interests — analytics and security; (3) consent — where explicitly obtained (e.g., marketing emails, if any). You may lodge a complaint with your national data protection authority if you believe we have mishandled your data.

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we have collected, used, shared, or sold.
• Right to delete your personal information (subject to exceptions).
• Right to opt out of the sale of your personal information — we do not sell personal information.
• Right to non-discrimination for exercising your privacy rights.

To submit a CCPA request, email contact@usetactix.com with the subject line "CCPA Request." We do not sell personal information to third parties.

We take reasonable technical and organizational measures to protect your data from unauthorized access, disclosure, or destruction. These include encrypted connections (HTTPS/TLS), access controls, and trusted infrastructure providers.

No system is entirely secure. In the event of a data breach that affects your rights, we will notify affected users and relevant authorities in accordance with applicable law.

The Service is not directed at children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a minor has created an account, contact us at contact@usetactix.com and we will promptly delete it.

Tactix operates globally. Your data may be transferred to and processed in countries outside your own, including the United States. When transferring data from the EEA, we rely on applicable transfer mechanisms such as Standard Contractual Clauses (SCCs) and Data Processing Agreements with our service providers.

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email at least 14 days before they take effect. The "Last updated" date reflects the most recent revision.

For privacy-related questions, requests, or concerns, contact us:

Email: contact@usetactix.com

Website: usetactix.com