Privacy Policy
This Privacy Policy governs the collection and processing of personal data by Tagable.io
Last Update: 01 April 2026
Registered: Chamber of Commerce (KvK) No. 42036352, Amsterdam
Contact:
Tagable.io
1095 ME Amsterdam, the Netherlands
Article 1. Introduction
This Privacy Policy explains how Tagable.io ("Tagable", "we", "us", or "our") collects, uses, and protects personal data when you visit our website (tagable.io), use our platform (app.tagable.io), or engage us for advertising services. This policy applies to all visitors, clients, and users of Tagable's products and services.
Article 2. Information We Collect
We collect information necessary to provide and improve our services, including:
Account and identity: Name, email address, billing details, and profile information you provide; user identifiers and subscription status.
Usage data: Access logs, device information, IP address, and how you use our services, including which features and pages you interact with.
Payment: Payment information processed securely via Paddle. We do not store full card details.
Connected third-party services: When you connect a third-party account or service to Tagable, we receive the access credentials and data necessary to deliver that integration on your behalf (such as OAuth tokens, refresh tokens, account identifiers, and related metadata). We access and store only what is required to provide the integration, solely to the extent necessary to deliver those integrations. The specific data we access depends on the permissions you grant during the connection flow. Currently supported integrations include Google, Meta and TikTok services and may expand over time as new integrations are added.
Marketing services: If you engage Tagable for advertising services, we collect business contact details, campaign briefs, ad account access credentials, and any data you share with us to deliver those services. This may include data about your customers or advertising audiences where necessary to manage campaigns on your behalf.
Website visitors: When you visit tagable.io, we automatically collect your IP address, browser type, device information, and behavioural data through analytics tools. If you submit a contact form or enquiry, we collect your name, email address, company name, and the content of your message.
Communications: If you contact us by email or through support channels, we retain the content of that communication and your contact details for support and record-keeping purposes.
Article 3. How We Use Your Information
We use the information we collect to:
Provide, maintain, and improve our services, including the Tagable platform and any advertising services we deliver on your behalf.
Process payments, manage subscriptions, and enforce plan and usage limits via Paddle.
Enable and personalise your connected integrations, including Google, Meta, TikTok services and other third-party services you authorise.
Deliver marketing services to clients, including managing advertising campaigns, producing reports, and optimising performance on your behalf.
Communicate with you about your account, purchases, service updates, and important notifications.
Respond to enquiries, contact form submissions, and customer support requests.
Improve our services and user experience through analytics and usage data.
Sync data with third-party services you choose to connect, solely to the extent necessary to deliver those integrations.
Comply with legal obligations and enforce our terms of service.
Article 4. Data Sharing
We do not sell or rent your personal data. We share data with third parties only as necessary to provide our services:
Payment processing: Payment information is shared with our payment provider to process transactions securely.
Connected services: We share data with Google, Meta and TikTok services as necessary to deliver integrations you authorise, including for AI processing, storage, and advertising account management. The advertising platform's privacy policy and terms apply to these services.
Infrastructure and operations: We use third-party providers for cloud hosting, database storage, error monitoring, and platform observability. These providers process data only on our behalf and are bound by appropriate data processing agreements.
Analytics: We use analytics tools to understand how our services are used and to improve the user experience.
Customer support: We use a third-party support platform to manage customer communications and resolve support requests.
Email communications: We use third-party providers for transactional and service-related email delivery.
Internal CRM and marketing: We use third-party tools internally to manage client relationships and send service communications. Data shared with these tools is limited to what is necessary for those purposes.
Sub-processors: Where we process personal data on behalf of clients under a Data Processing Agreement, a list of approved sub-processors is available upon written request at privacy@tagable.io.
Legal obligations: We may share data when required by applicable law, regulation, or legal process, or to protect the rights, property, or safety of Tagable, our clients, or others.
Business transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. We will notify affected users in advance where required by law.
Article 5. Where Your Data Is Stored
Tagable.io is established in the Netherlands and operates from Amsterdam. Our primary infrastructure is hosted within the European Union.
Personal data processed in connection with our services is stored on EU-based cloud infrastructure. Where we use third-party service providers that operate outside the European Economic Area, we ensure appropriate safeguards are in place, including Standard Contractual Clauses adopted by the European Commission, in accordance with Article 46 GDPR.
Article 6. Data Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it, including:
Encryption of personal data in transit and at rest where applicable.
Access controls ensuring personal data is accessible only to authorised personnel on a need-to-know basis.
Confidentiality obligations for all staff and contractors with access to personal data.
Secure handling and storage of OAuth tokens and third-party access credentials.
Regular review and testing of our security measures to ensure their continued effectiveness.
Pseudonymisation of personal data where appropriate and reasonably practicable.
In the event of a personal data breach, we will notify affected parties and relevant supervisory authorities in accordance with our obligations under applicable Data Protection Laws.
No method of transmission over the internet or electronic storage is completely secure. While we do our best to protect your data, we cannot guarantee absolute security.
Article 7. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to operate our services, analyse usage, and remember your preferences.
Website: When you first visit tagable.io, a cookie consent banner will appear allowing you to accept or decline non-essential cookies. You can change your preferences at any time via the cookie settings link in the footer.
Platform: When using our platform, you can manage your cookie preferences via Settings, which will open the consent panel for you to review or update your choices.
We use the following categories of cookies:
Essential: Required for the website and platform to function, including session, security, and authentication cookies. These cannot be disabled.
Functional: Used to remember your preferences, login state, and settings to improve your experience.
Analytics: Used to collect information about how visitors use our services, such as which pages are visited and how users interact with the platform, to help us measure performance and improve the site.
Marketing & Social Media: Used by advertising and social media partners to personalise your experience, show relevant ads, measure campaign results, and enable sharing features.
You can also manage cookies directly in your browser settings. Note that disabling essential cookies may affect the functionality of our services.
Article 8. Data Retention
We retain personal data for as long as necessary to provide our services and meet our legal obligations. We do not retain data longer than necessary for those purposes.
Specific retention periods include:
Account data: Retained for the duration of your account and deleted upon verified account closure.
Connected service tokens: If you disconnect a third-party integration, access tokens are deleted promptly. We may retain limited metadata for a short period for support or audit purposes.
AI agent data: Conversation data, saved memory, and usage statistics are retained for the duration of your subscription. Upon cancellation you may request full deletion by contacting privacy@tagable.io.
Support communications: Retained for two years from the date of last interaction.
Financial records: Retained for seven years in accordance with Dutch fiscal law.
To request deletion of your personal data, contact us at privacy@tagable.io. You can also revoke access to connected services at any time via the relevant third-party account settings.
Article 9. AI Processing
When using AI-powered features, your data is processed by our AI infrastructure providers. We do not use your proprietary data — including advertising account data, chat history, or saved memory — to train foundation AI models. Your data remains isolated to your service instance to protect your competitive insights.
Article 10. Your Rights
If you are located in the European Economic Area, you have the following rights in relation to your personal data:
Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate or incomplete data.
Erasure: Request deletion of your personal data, subject to any legal retention obligations.
Restriction: Request that we restrict processing of your data in certain circumstances.
Portability: Receive your data in a structured, commonly used, and machine-readable format where processing is based on consent or contract.
Objection: Object to processing based on our legitimate interests.
Withdraw consent: Where processing is based on your consent, withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at provacy@tagable.io or, where applicable, via the Settings in your account. We will respond within one month in accordance with applicable Data Protection Laws.
You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl, or with the supervisory authority in your country of residence.
Article 11. Legal Basis for Processing (EEA)
Where we process personal data of individuals in the European Economic Area, we do so on one of the following legal bases under Article 6 GDPR:
Performance of a contract: Processing necessary to provide our services, manage your account, process payments, and deliver integrations you have requested.
Legitimate interests: Processing necessary for our legitimate business interests, including platform security, fraud prevention, improving our services, analytics, and managing client relationships — where those interests are not overridden by your rights and freedoms.
Consent: Processing based on your consent, including non-essential cookies, marketing communications, and optional features. You may withdraw consent at any time without affecting the lawfulness of prior processing.
Legal obligation: Processing necessary to comply with applicable laws, including Dutch fiscal and administrative requirements.
Where we process personal data on behalf of clients in the context of marketing services, we do so as a data processor acting on the client's instructions. The client is responsible for establishing the appropriate legal basis for that processing.
Article 12. International Transfers
Tagable.io is based in the European Union and processes personal data primarily within the EEA. Where we engage sub-processors or service providers that operate outside the EEA, we ensure that any such transfer is subject to appropriate safeguards in accordance with Chapter V of the GDPR, including:
Adequacy decisions: Transfers to countries recognised by the European Commission as providing an adequate level of data protection.
Standard Contractual Clauses (SCCs): Where no adequacy decision applies, we rely on the standard contractual clauses adopted by the European Commission under Article 46(2)(c) GDPR.
Details of the transfer mechanisms applicable to each sub-processor are available upon written request at privacy@tagable.io.
Article 13. Changes to This Policy
We may update this Privacy Policy to reflect changes in our services, legal obligations, or data processing practices.
Where changes are material — including changes to the purposes for which we process personal data, the categories of data we collect, or the third parties we share data with — we will notify you by email and by posting the updated policy with a revised "Last updated" date.
For minor changes, we will update the policy and revise the date without separate notification. We encourage you to review this policy periodically.
Continued use of our services after the effective date of any update constitutes acceptance of the revised policy.
Article 14. Controller and Contact
The data controller responsible for your personal data is:
Tagable.io
Amsterdam 1095ME, the Netherlands
KvK: 42036352
For any questions about this Privacy Policy, your personal data, or to exercise your rights, contact us at privacy@tagable.io. We will respond within one month of receiving your request.
Tagable has not appointed a Data Protection Officer. If you have unresolved concerns, you have the right to contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
error 404