Draft. This document is the initial pre-launch version of the Nine·Tails Privacy Policy. It will be reviewed by counsel before any paid customer signs up. The legal-entity name, the controller/processor designations, and the subprocessor list will be finalized in that review.
1. Who this covers
This policy describes how Nine Tails ("Nine·Tails," "we") handles the personal information of (a) visitors to ninetailsagency.com, (b) people with Nine·Tails accounts, and (c) end clients of agencies using the Service ("end clients") to the extent we process their information on the agency's behalf.
For end-client data, the agency is the controller and Nine·Tails is the processor — see the Data Processing Addendum at ninetailsagency.com/legal/dpa for the formal terms.
2. What we collect
From visitors to the marketing site
- Browser type, OS, page paths, and referrer — minimal server logs.
- We do not run third-party analytics on the marketing site at this time. We will name the analytics vendor here before turning anything on.
From people with accounts
- Account information you provide: name, email, agency name, password (hashed), and team-membership records.
- Operational records: log-ins, settings changes, billing events, and report-creation events.
- Payment metadata via our payment processor (Stripe): card-brand and last four digits — never the full card number.
From third-party platforms you authorize
When you connect an ad platform or analytics tool to the Service, we receive metric data scoped to the accounts you authorize. We store snapshots of that data so reports can be regenerated. We do not pull personal information about end customers from those platforms — only aggregate metric series.
From end clients
We do not contact your end clients. End-client information appears in our system only as part of a Report that you draft and send. The Report's recipient address is processed by our email vendor solely to deliver the message and is not used for any other purpose.
3. How we use it
- To run the Service: authentication, billing, generating reports, sending you notifications, and customer support.
- To improve the Service: aggregate, de-identified analytics on which features are used. We do not train external models on your data.
- For legal and security obligations: fraud prevention, abuse response, and compliance with subpoenas and legitimate legal process.
We do not sell personal information, share it with advertisers, or use it to target you with ads outside our own product.
4. AI processing
Drafts of report narratives are generated by Anthropic's Claude family at time of writing. The metric snapshots we send to the model are processed under Anthropic's enterprise data terms — Anthropic does not train on the content of those calls. The model's role is limited to drafting; nothing is sent to your end clients without an authorized human review on your team.