# Tilkly Privacy Policy

Plain-text mirror of https://tilkly.com/privacy. Last updated May 1, 2026.

Tilkly is operated by EI Jyoti SINGH in Toulouse, France. Privacy questions: privacy@tilkly.com.

## What Tilkly Collects

- Account data: email address, optional profile details, authentication/session data.
- Site content: pages, blocks, media, generated text, and settings users add to their sites.
- Domain purchase data: registrant details, selected domain, purchase status, Stripe checkout IDs, and Name.com order IDs when domains are bought through Tilkly.
- Abuse reports: reported URL, category, description, optional reporter email, and hashed reporter IP for moderation.
- Contact form submissions on published sites: visitor-submitted data, privacy acknowledgement metadata, optional marketing opt-in, and hashed IP for abuse prevention.
- Security and audit logs: IP address, action, and timestamp for authenticated actions.
- AI-generated content data: prompts submitted to AI features are sent to Google Gemini API; raw prompts are not stored in the shared cache, while recent account-scoped history may be kept briefly to support workflow.
- Payment data: Stripe handles card details. Tilkly receives only references such as Stripe customer/session IDs, amount, currency, and user ID.
- Stripe Connect account data: Stripe account ID used to route visitor payments and apply Tilkly's 1.5% platform fee.

## How Tilkly Uses Data

- Authenticate accounts and secure sessions.
- Host and publish user websites.
- Deliver forms, domains, payments, AI features, support, moderation, and abuse prevention.
- Send transactional emails.
- Improve product reliability with aggregated or anonymized usage patterns.

## AI And Google Gemini

Tilkly AI features use the Google Gemini Paid API. Tilkly states that prompts sent through paid API usage are not used to train Google's models. Users should avoid personal, sensitive, or confidential information in prompts.

## Payments And Stripe

Stripe is Tilkly's payment processor. Stripe handles card data directly. For AI credit purchases, Tilkly receives payment references needed to reconcile the purchase. For visitor payments through Stripe Connect, the site owner is the merchant of record, Tilkly routes the payment, and Tilkly deducts a 1.5% platform fee.

## Published-Site Forms

For forms on a user's published Tilkly site, the site owner is the data controller and Tilkly acts as processor. Site owners are responsible for having a legal basis and privacy notice for their own visitors.

## Cookies And Analytics

Tilkly uses first-party cookies for authentication, preferences, CSRF protection, and consent. First-party analytics on published sites are consent-gated. Site owners may add GA4 to their own published sites, also gated by analytics consent. Tilkly says it does not load Google AdSense or advertising scripts on Tilkly marketing, policy, dashboard, or published-site pages.

## Retention

- OTP codes are short-lived.
- Form submissions and chat data follow the retention periods described in the rendered Privacy Policy and related feature policies.
- Security and audit logs are kept for security and compliance needs.
- Users can request access, correction, export, or deletion of personal data.

## Rights And Contact

Users may request access, correction, export, deletion, restriction, objection, or withdrawal of consent where applicable. Contact privacy@tilkly.com for privacy requests and support@tilkly.com for general support.