Tethered Consulting

Privacy Policy

Effective Date: May 1, 2026

1. Introduction

This Privacy Policy describes how Tethered Consulting ("Tether," "we," "us," or "our") collects, uses, stores, and shares information in connection with the Tether platform — an AI-powered change management coaching tool deployed by organizations for their employees.

This policy covers two categories of people:

Customers — Organizations (employers, enterprises, institutions) that license the Tether platform and whose administrators interact with Tether directly.
Authorized Users — Employees and other individuals who access Tether through a link or access method provided by their employer (the Customer).

The Customer contracts with Tethered Consulting. Authorized Users access the platform as a benefit provided by their employer. By using the Tether platform, you agree to the practices described in this policy.

2. Data Controller

The data controller responsible for personal data processed under this policy is:

Contact Information

Tethered Consulting
California, United States
Email: joree@comcast.net

For Customers subject to GDPR or other data protection frameworks requiring a Data Processing Agreement (DPA), please contact us at the address above. A DPA is available on request.

3. What We Collect

From Customers (Organizations)

Company information: Organization name, industry, size, and billing address
Admin contact information: Name, work email address, job title of the Customer's designated administrator(s)
Payment information: Billing details processed securely via Stripe (Tether does not store payment card numbers)
Usage and access data: License seat counts, access provisioning records, admin login activity
Aggregate reporting data: Anonymized, de-identified usage metrics and ADKAR stage data generated from Authorized User activity

From Authorized Users (Employees)

Email address: Used for authentication via magic link (no password stored)
Coaching session content: Messages and responses exchanged during a coaching session. Session content is processed in real time to generate coaching responses and is not persisted to long-term storage after the session ends, except where safety events trigger logging (see below).
Session metadata: Timestamps, session count, session duration, ADKAR stage signal derived from coaching interaction
Safety event logs: If a Tier 2 or Tier 3 safety protocol is activated, the event is logged by timestamp and protocol level. Conversation content is not retained in the safety log in a form linked to an identifiable individual.
Technical data: Browser type, device type, IP address (used for security and infrastructure purposes, not linked to coaching content)

4. How We Use Data

Purpose	Data Type	Legal Basis
Providing the coaching platform to Authorized Users	Session content, email, session metadata	Performance of contract (with Customer); legitimate interest (Authorized Users)
Authenticating Authorized Users	Email address	Performance of contract
Generating aggregate reports for Customer HR/admins	Anonymized session metadata, ADKAR stage signals	Performance of contract
Operating safety protocols (Tier 2 and 3)	Session content (real-time), safety event logs	Vital interests; legitimate interest in user safety
Billing and account management	Customer company and payment data	Performance of contract
Security, fraud prevention, and compliance	Technical data, logs	Legitimate interest; legal obligation
Improving the platform (aggregate, non-identifying)	Anonymized usage patterns	Legitimate interest

5. The Aggregate Reporting Boundary

Critical Distinction — What HR Sees vs. What Stays Private

HR administrators and managers who access the Tether dashboard see only anonymized, aggregated data — aggregate ADKAR stage distribution, session frequency, and engagement trends across the workforce. Individual employee conversations are never shared with the Customer organization, HR, or management. No one at your employer can read what you said to Tether.

What HR / Admins See

Total active users (aggregate count)
Session frequency and engagement trends (aggregate)
ADKAR stage distribution across the workforce (aggregate, not per individual)
Aggregate safety event activation rates (number of Tier 2/3 events — not linked to specific employees)
Departmental breakdowns, where group size meets de-identification thresholds

What HR / Admins Never See

Individual employee coaching conversations
Individual employee session content or transcripts
Which specific employee triggered a safety event
Any data that can be used to identify an individual employee's coaching activity

The Customer has contractually agreed not to attempt to de-anonymize any employee data. Any such attempt is a material breach of the Customer's Terms of Service with Tethered Consulting.

6. AI Processing

Tether's coaching engine relies on the following third-party AI providers:

Anthropic (Claude)

Authorized User message content is transmitted to Anthropic's API to generate coaching responses. Anthropic processes this data subject to its own privacy policy. By default, Anthropic does not use API-submitted content to train its models. For details, see anthropic.com/privacy.

OpenAI (Embeddings)

For retrieval-augmented generation (RAG), message content is transmitted to OpenAI's embeddings API to retrieve relevant coaching knowledge. OpenAI processes this data subject to its own privacy policy. By default, OpenAI does not use API-submitted content to train its models. For details, see openai.com/policies/privacy-policy.

Both providers are engaged as data processors. Neither receives Customer or Authorized User data for any purpose beyond providing the API services that power Tether's coaching responses.

7. Data Sharing

We do not sell personal data. We share data only in the following circumstances:

Service Providers

We engage the following categories of service providers who process data on our behalf, under data processing agreements:

Supabase — Database and authentication infrastructure
Anthropic — AI model API (session content)
OpenAI — Embeddings API (session content)
Cloudflare Workers — Edge API and request routing
Stripe — Payment processing (Customer billing data only)
Resend — Transactional email (magic links, notifications)

Legal Requirements

We may disclose data if required to do so by law, regulation, legal process, or governmental request, including to meet national security or law enforcement requirements.

Business Transfers

In the event of a merger, acquisition, financing, or sale of all or a portion of Tethered Consulting's assets, data may be transferred to the relevant third party, subject to confidentiality obligations.

Customer Aggregate Reports

Aggregate, anonymized reporting data is shared with the Customer organization's designated administrators as described in Section 5.

8. Data Retention

Data Type	Retention Period
Customer account and billing data	Duration of contract + 3 years
Authorized User email (authentication)	Duration of Customer's active license; deleted upon contract termination upon request
Coaching session content	Not persisted after session ends (processed in real time only)
Session metadata (timestamps, ADKAR stage signals)	Duration of Customer contract + 12 months for reporting purposes
Safety event logs (Tier 2 and Tier 3)	Minimum 3 years (California SB 243 compliance)
Technical and security logs	90 days

9. Security

Tethered Consulting implements industry-standard technical and organizational measures to protect personal data, including:

HTTPS: All data in transit is encrypted using TLS
Row-Level Security (RLS): Database access controls ensure Authorized Users can only access their own session data
Magic link authentication: No passwords are stored; access is granted via secure, time-limited email links
Stripe: Payment data is handled entirely by Stripe; Tether does not store card numbers or full payment credentials
Access controls: Internal access to production data is restricted to authorized Tethered Consulting personnel on a need-to-know basis

No security measure is perfect. In the event of a data breach that poses a risk to Authorized Users, we will notify affected Customers in accordance with applicable law.

10. Children

Tether is intended for adults aged 18 and older. The platform is not directed at or designed for use by minors. Customers are required under their Terms of Service to ensure that all Authorized Users are at least 18 years of age. If we become aware that we have collected data from a minor, we will take steps to delete that information promptly.

11. California Privacy Rights

California residents who are Authorized Users of the Tether platform have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: The right to request information about the personal data we have collected about you, how it is used, and with whom it has been shared.
Right to Delete: The right to request deletion of personal data we hold about you, subject to certain exceptions.
Right to Correct: The right to request correction of inaccurate personal data.
Right to Opt Out of Sale: Tether does not sell personal data. No opt-out is required.
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at joree@comcast.net. We will respond within 45 days. We may need to verify your identity before processing a request. Note that because coaching session content is not persisted, there may be limited data available to access or delete.

Note for Authorized Users: Because the Customer is the contracting entity, some privacy rights related to your employment records may need to be directed to your employer rather than to Tethered Consulting.

12. Data Processing Agreements

Customers who require a Data Processing Agreement (DPA) for GDPR compliance, HIPAA compliance, or other regulatory requirements should contact us at joree@comcast.net. A standard DPA is available on request and can be customized to meet specific compliance requirements.

Note: Tether is not a HIPAA-covered entity and does not provide services in a healthcare context. Tether is not designed for, and should not be used for, processing protected health information (PHI).

13. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes that affect how we handle personal data, we will provide at least thirty (30) days' notice to the Customer's designated admin contact before the changes take effect. Continued use of the platform after the effective date constitutes acceptance of the revised policy.

For non-material changes (such as clarifications, formatting, or updated contact information), we may update the policy without advance notice. The "Effective Date" at the top of this page reflects the date of the most recent revision.

14. Contact

For privacy questions, data requests, DPA inquiries, or concerns about how your data is handled, contact:

Tethered Consulting
joree@comcast.net