Tessera
ES EN
See pricing

Legal document

Privacy Policy

Version 1.0 · Effective from May 1, 2026

Data controller: Tessera Cloud, S.L.. Last updated: May 1, 2026.

Tessera processes personal data in two distinct roles depending on context: as controller of its customers’ account data (billing, contact, platform usage) and as processor of the data customers process through the API. This policy covers the first role; the second is governed by the DPA.

1. Data we collect

Tessera collects three categories of personal data:

  • Account data: name, work email, organisation, role, billing details.
  • Usage data: requests made, tokens consumed, errors, source IP, user agent. Does not include request content.
  • Communications: support emails, messages in shared Slack, voluntary surveys.

2. How we use it

Data is used solely to: deliver the contracted service, bill, provide support, improve the platform with anonymised aggregated data, and comply with legal obligations (tax, accounting, GDPR). It is not used for advertising profiling and is not sold to third parties.

3. Legal bases

Processing is based on contract performance (account and usage data), compliance with legal obligations (billing), and legitimate interest (service improvement on aggregated data, fraud prevention). Where consent applies, it is withdrawable at any time.

4. Sharing with third parties

Data is shared exclusively with the subprocessors listed at /subprocessors, all subject to a DPA with Tessera. International transfers occur only under appropriate safeguards (Standard Contractual Clauses or adequacy decisions).

5. Retention

Account data: for contract duration plus 7 years for tax compliance. Usage data: 90 days for detailed data, permanent anonymised aggregation. Support communications: 24 months. After these periods, data is irreversibly deleted or anonymised.

6. Data subject rights

The customer has rights of access, rectification, erasure, objection, restriction and portability. Details on how to exercise them and response times are at /gdpr.

7. Cookies and similar technologies

tesseraai.cloud and subdomains use strictly necessary cookies (session, theme and language preference) and anonymised analytics (Plausible, no individual tracking). We do not use marketing cookies or third-party cookies for advertising purposes.

8. Contact and supervisory authority

For any privacy matter, contact privacy@tesseraai.cloud or the DPO at dpo@tesseraai.cloud. The data subject has the right to lodge a complaint with the Spanish Data Protection Agency (aepd.es) or the relevant supervisory authority in their jurisdiction.

Contact

Changelog

Version Date Changes
1.0 2026-05-01 Initial publication.