Privacy Policy
Last updated: May 7, 2026
Tenon ("we", "us") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights under PIPEDA, Quebec's Law 25, and applicable privacy legislation.
1. What We Collect
Account data: Name, email address, password (hashed), company name, role.
Usage data: Pages visited, features used, timestamps, IP address, browser/OS.
Business data: Projects, tasks, invoices, contacts, documents, and other content you input into the platform.
Payment data: Handled by Stripe; we do not store credit card numbers. We receive billing status and last-4 card digits only.
Communications: Emails you send to us or through the platform.
Behavioral analytics events: Page views, feature first-use, form submissions, and client-side errors captured via our self-hosted PostHog instance running on the same Canadian infrastructure as the rest of Tenon. Used to understand which product surfaces are valuable and to find bugs. Events are linked to your account internally so we can debug a specific user's session when they ask us to; no event data is shared with PostHog Inc. or any other third-party analytics provider.
2. How We Use Your Data
- To provide and improve the Service
- To send transactional emails (invoices, password resets, notifications)
- To process billing and prevent fraud
- To comply with legal obligations
- To monitor uptime, security, and performance
We do not sell your data. We do not use your data for advertising.
3. Data Storage & Security
Your data is stored on servers in Canada. We use TLS encryption in transit and AES-256 encryption at rest for sensitive fields. Passwords are hashed using bcrypt. We perform daily automated backups.
Access to production data is restricted to authorized personnel only. We log all access to sensitive systems.
4. Cookies
We use only essential cookies required for authentication and session management (JWT stored in localStorage). We do not use tracking cookies or third-party advertising cookies. Behavioral analytics events (described in §1) are captured by our self-hosted PostHog instance and never leave our infrastructure; no analytics cookies are dropped on third-party domains and there is no cross-site tracking.
5. Third-Party Services
- Stripe — payment processing (PCI-DSS compliant)
- Resend — transactional email delivery
- DigitalOcean — cloud hosting (Canadian data center option)
- PostHog (self-hosted) — product analytics; runs on our infrastructure under
posthog.usetenon.com. No event data is sent to PostHog Inc.; the software is open-source and self-hosted purely for the dashboarding UI on top of events we already control.
Each sub-processor is bound by appropriate data processing agreements. We review them for compliance regularly.
6. Data Retention
We retain your account and business data for as long as your subscription is active, plus 90 days after termination (to allow data export). Backups are retained for 30 days. After that, data is securely deleted.
Behavioral analytics events (§1) are retained for 12 months at full granularity, then aggregated into trend summaries and the per-event detail is purged. Aggregated metrics (counts, retention curves) are kept for trend analysis without an end date, since they no longer identify individuals.
7. Your Rights
Under PIPEDA and Quebec Law 25, you have the right to:
- Access your personal information
- Correct inaccurate information
- Withdraw consent (may limit your ability to use the Service)
- Request deletion of your data (subject to legal retention requirements)
- Port your data (export in JSON or CSV)
- File a complaint with the Office of the Privacy Commissioner of Canada
To exercise these rights, email legal@usetenon.com. We respond within 30 days.
8. Children's Privacy
The Service is not directed at children under 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently done so, contact us immediately.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 14 days before they take effect. The "Last updated" date at the top reflects the most recent revision.
10. Contact
Privacy Officer: Tenon
Email: legal@usetenon.com