Privacy Policy

1. Who we are

Data controller for our website and our clients:

For the personal data of our clients' customers, TillTalk acts as a data processoron behalf of the client. The client is the data controller of their own customer data; TillTalk processes that data only on the client's instructions, under a Data Processing Agreement (DPA).

2. What TillTalk does

TillTalk is an AI-managed marketing service for independent hospitality and retail businesses. Our system:

• Runs Meta, Google, and TikTok advertising campaigns on behalf of our clients
• Reads point-of-sale (POS) transaction data from our clients' till systems (Clover, Square, etc.) on a strictly read-only basis
• Pushes hashed conversion events to ad platforms via the Meta Conversions API (CAPI), Google Enhanced Conversions, and TikTok Events API to verify which ads led to real revenue
• Manages Facebook Page and Instagram Business comments, direct messages, and organic publishing under each client's approval
• Generates weekly reports and recommendations for each client

Understanding what TillTalk does is important for understanding how we use personal data.

3. Personal data we collect

4. How we use personal data and why

We never use the personal data of our clients' customers for any purpose other than verifying ad performance for the client whose customers they are. We do not build cross-client profiles of consumers. We do not sell personal data. We do not use one client's customer data to benefit another client. See §5 below for how aggregate, non-identifying outcome signal does inform the service across clients.

5. How merchant data informs the service

Each merchant's data is used to operate that merchant's marketing campaigns. This includes building a per-merchant brand voice profile (the agent's understanding of how the merchant talks, what they value, what they want to convey), per-merchant prompt context (recent decisions, conversation history, recent POS patterns), and per-merchant operational learning (which audiences perform for this merchant, when their restaurant is at capacity, what their customers typically ask about).

Outcomes from each merchant's marketing decisions feed into TillTalk's aggregate decision-policy heuristics. These heuristics are statistical patterns derived from outcomes — for example, “campaigns targeting Tuesday-lunch with audience characteristic X performed Y% better across N merchants in similar businesses.” Heuristics are aggregated across merchants. The aggregation never exposes any individual merchant's data, customer records, campaign specifics, or financial details to any other merchant.

What crosses merchants is statistical signal. What does not cross merchants is personally identifiable information, raw campaign data, customer records, financial figures, or any data that could identify a specific merchant or their customers. No merchant data is sold, licensed, or shared with any party other than the platforms required to operate the merchant's marketing (Meta, Google, TikTok, Anthropic, Supabase, Railway, Vercel, Twilio).

6. Sharing personal data

We share personal data with the following categories of recipients, only as necessary:

7. International data transfers

Some of our service providers are based outside the European Economic Area, primarily in the United States. Where personal data is transferred outside the EEA, we rely on:

• EU Standard Contractual Clauses with the recipient
• Adequacy decisions where the European Commission has determined the destination country provides an adequate level of protection (e.g. EU-US Data Privacy Framework)
• Supplementary measures such as encryption in transit and at rest, and the hashing of customer identifiers before transfer

You can request copies of the safeguards in place by contacting daniel@tilltalk.ie.

8. How long we keep personal data

After these periods, data is deleted or fully anonymised.

9. Your rights under GDPR

If you are in the EEA, UK, or another jurisdiction granting equivalent rights, you have the following rights:

• Access — request a copy of the personal data we hold about you
• Rectification — correct inaccurate personal data
• Erasure — request deletion of your personal data (“right to be forgotten”) via tilltalk.ie/data-deletion
• Restriction — restrict our processing of your personal data
• Portability — receive your personal data in a portable format
• Objection — object to processing based on legitimate interest
• Withdraw consent — where processing is based on consent
• Complaint — lodge a complaint with the Irish Data Protection Commission (dataprotection.ie) or your local supervisory authority

To exercise any of these rights, email daniel@tilltalk.ie. We will respond within one month.

A note on the customers of our clients:if you are a customer of a TillTalk client and want to exercise rights over your personal data, please contact the client directly — they are the data controller and hold the relationship with you. TillTalk will assist the client in fulfilling your request.

10. Security

We implement technical and organisational measures appropriate to the nature of the personal data we process and the risks involved, including:

• Encryption in transit: TLS 1.2 or higher for all communications between TillTalk components and external services
• Encryption at rest: database encryption at rest for all stored data; sensitive credentials are additionally encrypted before storage
• Hashing of customer identifiers: SHA-256 deterministic hashing applied before customer identifiers are persisted or transmitted to ad platforms
• Access controls: access to production systems and personal data is restricted to authorised personnel; at present this is limited to the founder. As TillTalk grows, role-based access controls will be expanded accordingly
• Error monitoring: Sentry monitoring for application errors and anomalies, with alerts to the founder
• Read-only POS access: TillTalk does not write to client POS systems; all POS interactions are read-only by design and enforced in code
• Periodic review: sub-processor agreements and security practices are reviewed at least annually

We are continuing to develop our internal logging and audit capabilities. If you have specific questions about the controls in place at any time, contact daniel@tilltalk.ie.

No system is perfectly secure. If we become aware of a personal data breach affecting your data, we will notify you and the Data Protection Commission as required by GDPR (within 72 hours where feasible).

11. Specific notes on customer data hashing and ad platform matching

This section explains how TillTalk handles your customers' data (when you are a client) and your data (when you are a customer of a TillTalk client).

When a customer pays at a TillTalk client's POS, the transaction may include identifying fields such as email, phone, or name (entered at the till, captured by a loyalty system, or provided through online ordering).

TillTalk's processing pipeline:

1. Read the transaction from the POS API
2. Normalise the identifying fields (lowercase email, strip phone formatting, etc.)
3. Hash each field using deterministic SHA-256
4. Store only the hashes — raw values are never written to disk by TillTalk
5. Push the hashes to the relevant ad platform's conversion API along with the transaction value, so the platform can verify that one of its users became a paying customer
6. Aggregate transaction data older than 24 months into daily summaries; row-level personal data is deleted at that point

Hashing is deterministic, meaning the same input always produces the same hash. This allows ad platforms to match a hash they receive from TillTalk against a hash derived from their own user records, without TillTalk and the platform exchanging raw personal data. As noted in §6.3, hashed identifiers can still constitute personal data under GDPR because a successful match links the conversion to a known user on the receiving platform.

Cash transactions and transactions without identifying fields are never hashed or pushed to ad platforms. Anonymous transactions cannot be attributed and are excluded by design.

If you are a customer of a TillTalk client and want a transaction record relating to you removed, please contact the client directly. The client can instruct TillTalk to remove its hashed record. Where ad platforms expose deletion endpoints (such as Meta's CAPI deletion event or Google's user-data deletion API), TillTalk will use those endpoints to propagate the deletion to the platforms on the client's instruction. Some platforms apply their own processing timelines to deletion requests, which are outside TillTalk's control.

12. Cookies

See our separate Cookie Policy at tilltalk.ie/cookies for details on cookies and similar technologies.

In summary:

• Strictly necessary cookies (authentication, security)
• Functional cookies (remembering your preferences)
• Analytics cookies (only if you consent)
• No advertising or tracking cookies on tilltalk.ie itself

13. Children

TillTalk is a B2B service for businesses. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided personal data to us, please contact daniel@tilltalk.ie and we will delete it.

14. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top will reflect the most recent change. Material changes will be notified to clients via WhatsApp at least 14 days before they take effect; non-material changes (clarifications, typos, structural reorganisation) take effect on publication.

A version history of this policy is available on request.

15. Complaints

If you believe TillTalk has not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with:

We would appreciate the opportunity to address your concern first by emailing daniel@tilltalk.ie before you contact the Data Protection Commission.