Privacy & Trust

What Tether sees. What it doesn't. And why it matters.

Tether only works if employees trust it. That trust requires one thing above everything else: a clear, unbreakable line between individual conversations and organizational reporting.

The line between private and aggregate.

Your conversations

  • Private. Only you see them during your session.
  • No conversation transcript is ever shared.
  • No session-level reporting to your employer.
  • Not visible to your manager or HR team.
  • Sessions start fresh — not stored persistently.

What HR sees

  • Anonymous, aggregate data only.
  • ADKAR stage distribution across the workforce.
  • Emotional tone patterns by department (anonymized).
  • Usage metrics at cohort level — not individual.
  • No names. No attribution. No transcripts.

The privacy boundary isn't a limitation. It's the product.

A coaching tool employees approach with suspicion isn't useful. If employees believe their honest conversations might surface in an HR conversation, they won't use the tool honestly. They'll use it carefully — and that careful, guarded engagement produces meaningless data for HR and no real support for the employee.

The privacy design is intentional: individual conversations stay private so employees can be honest, so they can actually be helped, and so the aggregate signal HR receives reflects genuine organizational sentiment — not managed impressions.

What Tether collects.

What we collect Why Who sees it
Email address Account creation and access Tether only
Coaching session content (during session) To generate coaching responses in real time Tether's AI only — not stored after session ends
Session timestamps Usage analytics HR dashboard (aggregate only)
ADKAR stage signal from conversations To power the HR dashboard insights HR dashboard (aggregate and anonymized)
Safety event flags (if crisis protocol triggered) Compliance and employee safety Logged securely — not linked to individual HR view
Technical data (browser, IP, device type) Security and diagnostics Tether only

How we protect it.

HTTPS encryption All data in transit is encrypted end-to-end via HTTPS.
Row-level database security Database permissions are enforced at the row level — each user can only access their own data.
Magic link authentication No passwords are stored. Access is granted via secure, time-limited email links.
Minimal data collection We only collect what is necessary to provide the service. Session conversation content is not stored after a session ends.
Stripe for payments Payment processing is handled by Stripe. We never store payment card data.
Data processed in the United States All data is stored and processed on servers located in the United States.

For full detail.

This page is a plain-language summary. The legal versions are here:

Privacy Policy Terms of Service AI Disclosure Crisis Escalation Protocol

Questions about our data practices? Contact us at joree@comcast.net — we respond to every inquiry.