Security & Privacy
Data handling
See the major categories of information Tideflow processes and why they exist in the product.
Last updated: 2026-04-06
What data Tideflow processes
Tideflow processes the information it needs to handle calls, deliver notifications, manage your workspace, and provide the features you use day to day. This page describes the major categories.
Data categories
Business account details
Your business name, owner name, contact details, subscription plan, and Tideflow phone number. This information identifies your workspace and shapes how callers are greeted.
Caller metadata
Phone numbers, timestamps, and contact records for people who call or text your Tideflow number. This lets you see who called and when.
Call recordings and transcriptions
Audio recordings and text transcriptions of voicemails and AI receptionist calls. These are the core artifacts that let you review what callers said without listening to every message.
Lead summaries and scores
AI-generated summaries, priority scores, and status information for each caller. These help you decide which calls to return first.
Messages and self-notes
SMS conversation threads, owner self-notes, and in-app assistant chat history. See self-notes and in-app assistant for details.
Booking data
Requested dates, times, status, and notes for bookings created during AI receptionist calls. See calendar for details.
AI agent configuration
System prompts, voice settings, business facts, and agent memory items that shape how the AI receptionist behaves on calls.
Team membership
User identities, invited emails, roles, and acceptance timestamps for team members. See team and admin for details.
Integration configuration
Webhook endpoint URLs, signing secrets (encrypted at rest), Slack webhook URLs, calendar OAuth tokens (encrypted at rest), and delivery logs.
Billing references
Stripe customer IDs, subscription IDs, and checkout metadata. Tideflow does not store card numbers or payment credentials — those are managed entirely by Stripe.
Notification preferences
Your SMS, email, and push notification settings, including quiet hours configuration.
Where data is stored
Tideflow uses managed cloud infrastructure from the following providers:
- Supabase— Primary database, authentication, and row-level security
- Twilio— Telephony, SMS delivery, and call routing
- OpenAI— Voice AI processing, transcription, and analysis
- Stripe— Billing and payment processing
- Vercel— Application hosting
Access controls
All customer data tables are protected by row-level security policies that scope access through your workspace membership. Server-side operations use a service role for administrative tasks like webhook delivery processing.
Encryption
- Calendar OAuth tokens are encrypted at rest before storage.
- Webhook signing secrets are encrypted at rest.
- All data in transit uses HTTPS/TLS.
Related
- Retention and deletion— How long data is kept and how to request removal.
- Security overview— High-level security posture.
- Contact and questionnaires — How to reach the security team.
Next up
Contact and questionnaires→Know how to request more detail for security reviews, questionnaires, or follow-up trust conversations.