Privacy Policy

Last Updated: May 13, 2026 · Effective: April 15, 2026

Contents

  1. Introduction
  2. Information We Collect
  3. How We Use Your Information
  4. How We Share Your Information
  5. Data Security
  6. Data Retention
  7. Your Rights
  8. Children's Privacy
  9. International Data Transfers
  10. Contact Us

1. Introduction

Tether, LLC ("Tether," "we," "us," or "our") operates the Tether mobile application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We built Tether because we believe your contact information belongs to you — and so does your data. We don't sell your personal data. We don't use it for advertising. We don't use advertising networks or ad-tech trackers. Your address book is encrypted at rest and in transit, and no human at Tether has routine access to it.

2. Information We Collect

Account Information

  • Phone number (for authentication)
  • Name and profile information you choose to share
  • Profile photo (optional)

Contact Data

  • Contact names, phone numbers, emails, addresses
  • Notes, tags, and custom fields you create
  • Relationship information and circle memberships
  • Health information you choose to store (allergies, medical conditions, emergency designations)
  • Event data (titles, dates, RSVPs, co-host assignments)

Usage Data

  • App feature usage and interaction patterns
  • Sync timestamps and frequency
  • Error logs and crash reports (via Sentry, with PII redaction)

Device Information

  • Device type, OS version, app version
  • Unique device identifier (user-scoped, not hardware-based)

3. How We Use Your Information

  • Provide and maintain the Service
  • Sync your contacts across linked devices
  • Detect and resolve duplicate contacts
  • Enable shared directories and circles
  • Automatically connect you with mutual contacts (see "Automatic Connections" below)
  • Create and manage events, including invitations and RSVPs
  • Process subscription payments (via RevenueCat)
  • Send authentication codes and security alerts
  • Enable contact card broadcasts to selected circles
  • Provide an accessible experience (WCAG 2.1 AA, screen readers, Dynamic Type, dark mode)
  • Improve the Service through aggregated, anonymized analytics
  • Comply with legal obligations

Automatic Connections (Autoconnect)

When you import or sync your device contacts with Tether, we compare your contacts' verified phone numbers against those of other Tether users. When two users each have the other's verified phone number saved in their respective contact lists, Tether may automatically create a connection between them ("Autoconnect").

What happens when an Autoconnect occurs:

  • A mutual connection is established between both users
  • Each user's shared profile information becomes visible to the other, governed by their respective sharing tier settings (see "Default Sharing" below)
  • If neither user has assigned the other to a specific circle, the Unassigned tier defaults apply

How to control Autoconnect:

  • You can review and remove any connection at any time via your Connections list
  • You can adjust what information is visible to connections by updating your tier defaults in Settings → Privacy → Tier Defaults
  • Removing a connection immediately revokes the other user's access to your shared data and removes their shared data from your device

Autoconnect does not expose your contact list to other users — only mutual phone number matches trigger a connection.

4. How We Share Your Information

With Other Users

When you join shared directories or circles, other members may see information you choose to share based on your sharing tier settings (Close, Professional, Community, or Unassigned).

Default Sharing & Unassigned Contacts

When you connect with another Tether user but have not assigned them to a specific circle (Close, Professional, or Community), they are placed in the Unassigned tier. The Unassigned tier has its own set of default sharing rules that determine what the other user can see about you.

By default, the Unassigned tier may share the following fields:

  • Your name and profile photo
  • Your primary phone number
  • Your primary email address
  • Your home address

You are in full control of these defaults. You can review and modify exactly which fields are shared at the Unassigned tier — and at every other tier — at any time in Settings → Privacy → Tier Defaults. If you do not customize your Unassigned tier defaults, newly connected users (including those created via Autoconnect) will see the default fields listed above.

Data on Disconnect

When you block or remove a connection, all data received through that connection is automatically removed from your device. Your locally-entered data about that contact remains unaffected.

Events and Co-hosts

When you invite another Tether user to co-host an event with you, the co-host can see the event's guest list. For contacts you've invited, the co-host sees only the display name and email address you attached to each invitation — captured as a per-RSVP snapshot at invite time — and nothing else from your address book (no phone numbers, addresses, or notes).

If a host or co-host reuses a past event's guest list to invite guests to a new event, invited guests who aren't already in the inviter's address book will be saved there as new contacts, populated from the name and email snapshot. This lets co-hosts re-invite the same people to follow-up events without re-entering them.

  • Co-hosts are only added with your explicit invitation and their acceptance
  • Co-hosts see only the guests of the specific event they co-host, not your address book
  • Auto-created contacts from a past-event re-invite are tagged internally and can be edited or deleted at any time from your Contacts
  • Removing a guest from the event also removes the snapshotted name and email from the co-host's view of that event

With Service Providers

  • Supabase — Database, authentication, and sync infrastructure (data stored on AWS servers in the United States)
  • Sentry — Error tracking with PII redaction
  • RevenueCat — Subscription billing via Apple/Google
  • Telnyx — SMS delivery for authentication codes (OTP) and, at signup, a carrier lookup to confirm your number is served by a recognized mobile carrier (so we can refuse VoIP, landline, and toll-free numbers, which are the dominant vector for automated abuse). The carrier name, line type, and country returned by Telnyx are cached locally — keyed by the SHA-256 hash of the number, not your account — so we do not re-incur a paid lookup on a repeat signup. For full SMS terms, visit tetherup.app/sms
  • Cloudflare — Edge network, DNS, and Cloudflare Turnstile bot-detection on tetherup.app/request-access (the soft-launch access-request form). If you submit that form, your name, mobile number, email, optional “how did you hear about us?” text, your IP address, and your browser's user-agent string are stored in our database as part of the eligibility audit trail.
  • Resend — Delivery of contact card broadcasts, event invitations, connection requests, and other email communications
  • Expo — Push notification delivery

We do NOT sell your personal information. We do NOT share your contact data for advertising purposes.

5. Data Security

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Row-Level Security (RLS) on all database tables
  • Biometric authentication processed locally on device
  • EXIF metadata (including GPS) automatically stripped from uploaded photos
  • TLS 1.2+ encryption for all data in transit
  • Rate limiting and abuse detection
  • Regular security audits and penetration testing

6. Data Retention

We retain your data for as long as your account is active. When you delete contacts or your account:

  • Deleted contacts are soft-deleted (hidden but recoverable) for 30 days, then permanently and irreversibly deleted by a scheduled server-side cleanup job
  • Your account enters a 30-day cooling-off period during which you may cancel by signing back in
  • After 30 days, all personal data — including your profile, contacts, circles, connections, notes, CRM logs, photos, sync history, and device registrations — is permanently hard-deleted
  • When you initiate account deletion, connections with other users are severed immediately and they lose access to your shared profile data right away
  • Encrypted backups are purged within 90 days
  • Anonymized, aggregated analytics data (which cannot be linked back to you) may be retained indefinitely

If your account is inactive for 12 months, we may contact you before deleting your data.

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and data
  • Export your data (Settings → Download My Data)
  • Opt out of non-essential communications
  • Restrict or object to certain processing

Data We Retain After Account Deletion

Most data is permanently erased when you delete your account. Two categories of data are retained for limited, lawful purposes:

  • A hashed version of your phone number is retained indefinitely in our anti-abuse list to prevent the same phone from claiming a free trial repeatedly via re-signup. This hash cannot be reversed to recover your phone number.
  • Health-data consent records (the fact that someone using a given device accepted our health waiver, plus the version, timestamp, and waiver text hash) are retained as a legal audit trail. Your user ID is removed from these records — they cannot be used to re-identify you.
  • A deletion audit log retains your user ID and the deletion timestamp. This satisfies our regulatory obligation to demonstrate that erasure occurred. No identifying details (name, email, phone) are kept.
  • When you send invites, the recipient's phone number is hashed and stored on the referral record for funnel analytics. If the recipient never joins Tether, that hash is automatically anonymized 12 months after the invite was sent. If you delete your account before then, all your referral records (including those hashes) are erased immediately.

For EEA/UK Users (GDPR)

You have additional rights under GDPR, including the right to data portability, the right to withdraw consent, and the right to lodge a complaint with a supervisory authority. Contact [email protected] to exercise your rights.

For California Users (CCPA/CPRA)

You have additional rights under California law, including the right to know, right to delete, right to correct, and right to limit use of sensitive personal information. We do NOT sell personal information. We honor the Global Privacy Control (GPC) signal. Contact [email protected] to exercise your rights.

For U.S. State Residents

Residents of Texas, Virginia, Colorado, Connecticut, Montana, Utah, Iowa, and other states with privacy laws have rights including access, correction, deletion, portability, and appeal. Contact [email protected].

For Brazilian, Australian, and Canadian Users

We honor rights under Brazil's LGPD, Australia's Privacy Act 1988, and Canada's PIPEDA / Quebec Law 25. Contact [email protected] for jurisdiction-specific inquiries.

Machine Learning and Automated Processing

Tether uses machine learning for duplicate detection, circle auto-suggestion, and spam/fraud detection. These produce suggestions for your review — you retain control over all suggestions. We do not use your contact data to train general-purpose AI models for sale or licensing to third parties.

Data About Non-Users

When you import or store contacts who are not Tether users, their data is subject to the same security protections as all other data. We do not use non-user data to send marketing communications. You are responsible for having a lawful basis for storing their information.

8. Children's Privacy

Tether is not directed at children under 13. Children are not Tether users — they may appear as contact entries managed by a parent or guardian, but they do not create accounts. If you believe a child under 13 has created a Tether account, please contact [email protected].

9. International Data Transfers

Tether is operated from the United States. If you are located outside the United States, your data may be transferred to and processed in the United States. We use appropriate safeguards including Standard Contractual Clauses (SCCs) for international transfers.

10. Contact Us

Privacy Inquiries: [email protected]
General Support: [email protected]
In-App: Settings → Help & Support → Contact Us

This is a summary of key provisions. The full Privacy Policy document is available at tetherup.app/privacy. Effective April 15, 2026.