Privacy Policy

Last updated 10 May 2026.

This notice explains how CodeMazes(“we”, “us”) handles personal data on tendari.ai and inside the Tendari product. The Tendari product is in private pilot — running today with three early stores — and is not yet generally available. tendari.ai is the marketing site where interested stores and individuals can join the waitlist.

Sections 1–4 below cover the marketing site (the data we collect when you visit tendari.ai or join the waitlist). Section 5covers the Tendari product itself — the data we process when a store has connected the agent and conversations are flowing through it. If you’re a shopper who chatted with a Tendari-powered agent on a store’s website or in Facebook Messenger, Section 5 is the most relevant.

We are based in Kaunas, Lithuania, and we treat the EU GDPR and Lithuanian data protection law as the baseline for everything below. If anything here is unclear, email us at privacy@tendari.ai — a real person reads it.

Contents

  1. What information do we collect?
  2. How do we process your information?
  3. What legal bases do we rely on?
  4. When and with whom do we share your information?
  5. Tendari product data — when a store connects the agent
  6. Do we use cookies and other tracking technologies?
  7. How long do we keep your information?
  8. How do we keep your information safe?
  9. Do we collect information from minors?
  10. What are your privacy rights?
  11. Controls for Do-Not-Track features
  12. Do we make updates to this notice?
  13. How can you contact us about this notice?
  14. How can you review, update, or delete the data we collect from you?

1. What information do we collect?

In short: the email address you give us, and standard server logs. Nothing else right now on the marketing site. Product-related data is covered in Section 5.

Information you give us voluntarily. When you submit the waitlist or newsletter form, we collect the email address you enter. When you email us directly (for example at hello@tendari.ai or privacy@tendari.ai), we keep the contents of that correspondence so we can reply.

Information collected automatically. Our hosting and DNS providers (see Section 4) generate standard server logs when you visit the site. These typically include your IP address, user-agent string, the page requested, the referring page, and a timestamp. We use these logs to operate the site, debug problems, and detect abuse. We do not run third-party analytics scripts or advertising trackers on tendari.ai at this time.

2. How do we process your information?

In short: to reply to you, to keep the site running, and to comply with the law.

  • To respond to you if you joined the waitlist, subscribed to the newsletter, or wrote to us directly.
  • To operate, secure, and debug the site — rate limiting, abuse prevention, error tracking.
  • To meet legal obligations — for example, replying to lawful requests from supervisory authorities.

We do not sell your data. We do not use your email for advertising profiling.

In short: your consent, our legitimate interest in running the site, and our legal obligations.

  • Consent (Article 6(1)(a) GDPR). When you submit a waitlist or newsletter form, you consent to us emailing you about Tendari. You can withdraw that consent at any time (see Section 10).
  • Legitimate interest (Article 6(1)(f) GDPR). We have a legitimate interest in operating and securing tendari.ai, which covers our use of standard server logs.
  • Legal obligation (Article 6(1)(c) GDPR).Where we’re required to retain or disclose data by law.

4. When and with whom do we share your information?

In short: only with the small set of processors that help us run the site and reply to you. Product-side processors are listed in Section 5.

We don’t share your data with advertisers or analytics providers. The marketing-site processors:

  • Vercel Inc.— hosting and edge delivery for tendari.ai. Server logs are stored on Vercel’s infrastructure.
  • Cloudflare, Inc. — DNS for tendari.ai and email forwarding (Cloudflare Email Routing). When you email an address at tendari.ai, Cloudflare relays that message to our destination inbox.
  • Google LLC (Gmail) — destination inbox for forwarded mail. Once a message reaches us, it is stored in a Gmail mailbox controlled by us.

Planned marketing-site processors (not yet active). When we wire the waitlist form to a backend, we plan to store waitlist entries in Supabase (PostgreSQL hosted in the EU) and send transactional emails via Resend. This notice will be updated before either becomes active.

We may also disclose information in the rare event of a merger, acquisition, or asset sale, or where required by law.

5. Tendari product data — when a store connects the agent

In short:when a store connects Tendari to a Facebook Page or web chat, we receive Page access tokens, the messages exchanged with shoppers, and limited shopper profile information from Facebook. We process all of it on the store’s behalf, store it workspace-isolated, and delete it on request.

This section applies to the Tendari product itself, not to the tendari.ai marketing site. It describes the data flow that takes place once a store has connected Tendari to a Facebook Page or installed the web-chat widget, and conversations start flowing through the agent.

For shoppers who chat with a Tendari-powered agent, the legal data controller is the store you’re chatting with, not Tendari. We act as a data processor under GDPR Article 28 — we process data only on the store’s instructions and only for the purposes set out in the store’s own privacy policy.

What Tendari receives via the Facebook Messenger integration

When a store grants Tendari access to a Facebook Page, Facebook’s Messenger Platform sends us:

  • A Page Access Token. A credential that lets Tendari send and receive messages on behalf of the connected Page. Stored encrypted at rest. Used only to deliver the Service. Revoked the moment the store disconnects the Page.
  • Page metadata.Page name, ID, and category — used to display the connected Page in the store’s Tendari dashboard.
  • Inbound message content. The text, attachments, and stickers sent by shoppers in conversations with the Page. Stored so the agent can respond in context and so the store can review the conversation.
  • Outbound message content.What the agent (or a human operator on the store’s side) sends back. Stored alongside inbound messages.
  • Shopper profile information.Limited to first name, last name, profile picture, locale, and timezone, where the shopper’s privacy settings allow Facebook to share that information. This is the data Facebook makes available via the Messenger Platform’s user-profile API. We don’t request additional permissions or scrape any data outside the Messenger conversation itself.
  • Page-Scoped User IDs (PSIDs).The identifier Facebook uses to refer to the shopper inside this one Page’s context. PSIDs are unique per Page; they don’t reveal the shopper’s actual Facebook account ID.

What Tendari does not receive

  • The shopper’s email address, phone number, or address book — unless the shopper voluntarily types it into the chat.
  • The shopper’s friend list, posts, photos outside the conversation, or anything from outside the Messenger thread.
  • Data from any Facebook account the connected store doesn’t administer.

Web-chat integration

When a store installs the Tendari web-chat widget on its website, the data flow is similar but does not go through Facebook. We receive the messages the shopper types into the widget, plus whatever identifying information the store passes to the widget (typically nothing — most stores let shoppers chat anonymously). The same storage, retention, and deletion rules below apply.

How we use this data

  • To deliver the Service: pass the inbound message to the language model that drafts the agent’s response, and send the response back to the shopper via Messenger or web chat.
  • To let the store review and adjust the agent’s behaviour in the Tendari dashboard.
  • To provide aggregated metrics to the store about how their Tendari instance is performing — volume, response time, escalation rate.

We do not train foundation models on your Customer Data.We don’t use shopper data to advertise to shoppers. We don’t share it with other Tendari Customers.

How long we keep it

  • Page Access Tokens. Kept while the integration is connected. Revoked immediately when the store disconnects the Page or deletes their Tendari workspace.
  • Conversations and shopper profile data.Kept while the store’s workspace is active. Deleted on workspace deletion (within 30 days from the active systems, with backups rotated within 90 days — see Data Deletion Instructions).
  • Aggregated, anonymised operational metrics.Retained indefinitely; these don’t identify any individual shopper or store.

Where it’s stored

  • Workspace-isolated PostgreSQLon Supabase, with row-level security ensuring no Tendari Customer can read another Customer’s data.
  • Encrypted at rest by the database provider; encrypted in transit between every link in the chain.
  • EU-region by default.The Tendari database (Supabase) is hosted in the EU. The OpenAI API call that generates the agent’s response may be served from outside the EU; for stores requiring strict EU-only processing, including model inference, please ask — we can discuss alternative model providers.

Sub-processors specific to the Tendari product

  • Meta Platforms (Facebook Messenger Platform).Receives the messages we send and delivers the messages we receive. Subject to Meta’s Platform Terms and Developer Policies.
  • OpenAI, L.L.C.Generates the agent’s responses. Conversation messages are sent to OpenAI’s API for inference. Per OpenAI’s API terms, OpenAI does not use API data to train its models.
  • Supabase (Supabase, Inc., EU region). Stores the workspace-isolated conversation and configuration data.

Deletion of product data

See Data Deletion Instructions for the routes shoppers and stores can use to request deletion. In summary:

  • Shoppers can request deletion either through the store directly (the proper data-controller route) or by emailing privacy@tendari.ai. We delete the conversation history and shopper profile data we hold for that PSID.
  • Stores can disconnect the Page integration in their dashboard (which immediately revokes Page Access Tokens and queues conversation data for deletion), or email privacy@tendari.ai to delete the entire workspace.

If you want Facebook’s own record of the conversation deleted, you’ll need to do that through Facebook’s tools (Settings & Privacy → Activity Log on facebook.com) — Tendari can’t reach into a shopper’s Facebook account.

6. Do we use cookies and other tracking technologies?

In short: only the minimum needed to load the site safely. No analytics cookies, no advertising cookies.

Our hosting and DNS providers may set strictly-necessary cookies for load balancing, security, and basic site operation. We do not run Google Analytics, Meta Pixel, or any comparable tracker on tendari.ai. If we add one, this section will be updated and the change will be visible above.

7. How long do we keep your information?

In short: only as long as we have a reason to.

  • Waitlist and newsletter emails. Until you ask us to remove your address, or until we close the waitlist and a reasonable transition period passes — whichever is sooner.
  • Direct correspondence. Kept while the conversation is relevant. Deleted on request.
  • Server logs. Retained for the period set by our hosting and DNS providers (typically up to a few weeks) for operational and security purposes.
  • Tendari product data (Messenger / web-chat integrations) follows its own retention rules — see Section 5.

8. How do we keep your information safe?

In short: standard organisational and technical safeguards, with the honest caveat that no system is unbreakable.

We use HTTPS everywhere. We rely on reputable processors (see Section 4 and Section 5) for hosting, email, model inference, and data storage. Access to any inbox or workspace containing your data is restricted to people who need it. The Tendari product runs on workspace-isolated Postgres with row-level security.

That said, no transmission over the internet and no electronic storage is 100% secure. We cannot guarantee absolute security against unauthorised access, but we’ll act quickly and notify affected users if something goes wrong.

9. Do we collect information from minors?

In short: no. Tendari is intended for ecommerce store operators.

We do not knowingly collect personal data from anyone under 18. If you believe we have collected data from a minor, please contact us at privacy@tendari.ai and we will delete it.

10. What are your privacy rights?

In short: you can ask us what we hold, correct it, delete it, or take it elsewhere. You can also complain to a supervisory authority.

If you are in the EEA, the UK, or Switzerland, you have the following rights under GDPR / UK GDPR:

  • The right to access the personal data we hold about you.
  • The right to have inaccurate data corrected.
  • The right to have your data deleted (the “right to be forgotten”).
  • The right to restrict or object to our processing.
  • The right to data portability.
  • The right to withdraw consent at any time, where processing is based on consent.
  • The right to lodge a complaint with a supervisory authority. In Lithuania this is the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija).

To exercise any of these rights, email privacy@tendari.ai. We will reply within the timeframes required by law.

Shoppers chatting with a Tendari-powered agent. Because the store you chatted with is the legal data controller, the cleanest way to exercise your rights is to contact that store directly. That said, we’ll act on direct requests from shoppers too — email us with which store you chatted with and approximately when. See Data Deletion Instructions for details.

Withdrawing consent.You can withdraw consent for waitlist or newsletter emails at any time — either by clicking the unsubscribe link in any email we send you, or by emailing us. Withdrawing consent doesn’t affect the lawfulness of processing we did before you withdrew.

11. Controls for Do-Not-Track features

In short:we don’t respond to DNT signals, because there is no agreed standard for what “respect” means.

Most browsers include a Do-Not-Track (“DNT”) feature, but no industry consensus has emerged for how sites should respond to it. We do not currently change behaviour based on the DNT header. If a uniform standard is adopted in the future, we’ll revisit this section. (In the meantime, the practical answer to DNT on tendari.ai is simple: we don’t track you across sites in the first place.)

12. Do we make updates to this notice?

In short: yes, when we need to. The date at the top is always the source of truth.

We may update this notice as the product evolves — for example, when we wire the waitlist backend, add analytics, or open new channels. The updated version takes effect when we post it, and we’ll change the “Last updated” date accordingly. For material changes (anything that meaningfully affects how we process your data), we’ll do our best to notify you directly.

13. How can you contact us about this notice?

In short: email or post.

Privacy questions: privacy@tendari.ai.
General questions: hello@tendari.ai.

Postal address:
CodeMazes
K. Baršausko g. 59
Kaunas 51423
Lithuania

14. How can you review, update, or delete the data we collect from you?

In short:ask us. We’ll do it.

Email privacy@tendari.aiwith what you’d like — a copy of the data we hold, a correction, or a deletion. We’ll confirm and act within the timeframes required by law.

For Tendari product data (Messenger / web-chat conversations and shopper profile data), see Data Deletion Instructions for the self-serve and email-escalation routes.