1. Controller
For website, account, billing, support, and service administration data, the controller is Malinda AI UG, Kirschbaumweg 28, 69251 Gaiberg, Germany. Contact: hello@tow.dev. For personal data inside a customer workspace, the customer organisation is usually the controller and Malinda AI UG processes that data as a service provider or processor.
2. Data We Process
We may process account data such as names, email addresses, authentication identifiers, organisation details, and settings; workspace content such as projects, tickets, docs, comments, files, prompts, and AI review items; usage and technical data such as IP address, browser, device, log, and security event data; billing and commercial data where applicable; and communications you send to us.
3. Purposes and Legal Bases
We process personal data to provide, secure, maintain, support, and improve TOW; create and administer accounts and organisations; process payments and licenses; communicate with users; prevent abuse; comply with legal obligations; and, where enabled, provide AI-assisted features. Legal bases include contract performance, legitimate interests, consent where required, and compliance with legal obligations.
4. AI Processing
AI features may use workspace context to generate answers, summaries, proposals, and other outputs. Depending on your configuration, content may be processed by AI providers selected by your organisation or by TOW-managed providers. Admins should configure AI features according to their organisation's policies and provider requirements.
5. Cookies and Similar Technologies
We use cookies or similar technologies that are necessary for login, security, preferences, and service operation. If optional analytics or marketing cookies are introduced, we will request consent where required.
6. Processors and Transfers
We may use trusted service providers for hosting, infrastructure, email, authentication, payment, analytics, support, and AI processing. Where personal data is transferred outside the European Economic Area, we use appropriate safeguards such as adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms.
7. Retention
We keep personal data only as long as needed for the purposes described above, including providing the service, meeting legal obligations, resolving disputes, enforcing agreements, and maintaining security. Workspace data can be deleted or exported according to the product features and applicable agreement.
8. Your Rights
Depending on your location, you may have rights to access, correct, delete, restrict, object to processing, or port your personal data, and to withdraw consent where processing is based on consent. You may also have the right to lodge a complaint with a supervisory authority.
9. Security
We use technical and organisational measures designed to protect personal data. No system is perfectly secure, so users and administrators should also protect credentials, configure permissions carefully, and keep integrations up to date.
10. Changes
We may update this Privacy Policy as TOW changes. Material changes will be reflected on this page or communicated through appropriate channels.