Last updated: April 2026
TiedUp ("we", "us", "our") is a rule and accountability tracker for adults. This policy explains what personal data we collect, how we use it, who we share it with, and what rights you have. By creating an account you acknowledge this policy.
Who we are
TiedUp is the platform at tiedup.app. For data protection questions, contact us at support@tiedup.app.
Age requirement
TiedUp is strictly for adults aged 18 and over. By creating an account you confirm you are at least 18 years old. We do not knowingly collect data from anyone under 18. If we become aware that a user is under 18, we will immediately close the account and delete all associated data.
Data we collect
Account information: email address, display name, username, and a securely hashed password. Required to create and secure your account.
Content you create: rules, check-in entries, journal notes, tags, consequences, and any other text you enter in the app. This forms the core of the service.
Partner relationship data: account links and the shared-visibility settings you choose to enable.
Usage data: pages visited, features used, and event timestamps. Used to improve the product and is never sold.
Payment information: we never store card numbers. Payment handling is managed by Stripe, Inc. under their own privacy policy (stripe.com/privacy). We receive only confirmation of subscription status and transaction identifiers.
Sensitive personal data
The content you create in TiedUp may reflect personal lifestyle preferences and relationship structures. Under the UK GDPR and EU GDPR this may constitute "special category" personal data — specifically, data concerning a person's sex life or sexual orientation (Article 9). We process this data solely on the basis of your explicit consent, given when you agree to our Terms of Service. You may withdraw consent at any time by deleting your account. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.
We treat all content with heightened discretion. Access to user content by team members is restricted and logged, as described below.
Lawful basis for processing
For users in the EEA and UK we rely on the following lawful bases under the GDPR: - Contract (Article 6(1)(b)): processing your account information and app content to deliver the service you signed up for. - Legitimate interests (Article 6(1)(f)): usage analytics and fraud prevention, where our interests are not overridden by your rights. - Explicit consent (Articles 6(1)(a) and 9(2)(a)): processing of special category personal data (lifestyle content); optional analytics cookies.
Analytics and cookies
We use the following analytics services to understand how the site is used. For a full list of cookies set, see our Cookie & Storage Policy.
Google Analytics (GA4) — sets cookies _ga and _ga_D0MQJ5B3LX with a two-year lifespan. Data is processed by Google LLC in the United States under standard contractual clauses.
Matomo — self-hosted analytics operated on our own infrastructure. Sets short-lived session cookies (_pk_ses.*) and a visitor identifier cookie (_pk_id.*). Data does not leave our infrastructure.
Cloudflare Web Analytics — cookieless performance beacon. No personal identifiers are collected or transmitted.
Brevo — used to deliver transactional emails only. Does not set any website cookies. Emails may include an open-tracking pixel to confirm delivery.
You may accept or decline optional analytics cookies on our Cookie & Storage Policy page. Declining does not affect any core app functionality.
Who we share your data with
We do not sell your personal data. We share data only with the following service providers who act strictly on our instructions: - Cloudflare, Inc. — infrastructure, CDN, database and KV storage hosting - Stripe, Inc. — payment processing - Brevo (Sendinblue SAS) — transactional email delivery - Google LLC — website analytics (GA4) - Jumpstart Labs — self-hosted Matomo analytics infrastructure
International data transfers
Some of our processors, including Google LLC and Stripe, Inc., are located in the United States. Where required, we rely on standard contractual clauses approved by the European Commission to lawfully transfer personal data outside the EEA.
Admin access
Team members with administrative access can view account information and user content for the purpose of customer support, safety review, and abuse prevention. We access user data only when necessary. All admin access to user content is logged. We do not proactively monitor content; access is triggered only by user reports or technical investigation.
Data retention
We retain your data for as long as your account is active. You may request deletion of your account and all associated data by emailing support@tiedup.app or through Settings in the app. We will process the request within 30 days. Some records may be retained for a further period where required by law (for example, billing records) or for legitimate fraud-prevention purposes.
Security
We protect your data using HTTPS/TLS for all connections, Argon2id password hashing, and access controls on production systems. No system is perfectly secure. In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify affected users without undue delay and within the timeframe required by applicable law.
Your rights
If you are in the EEA or UK, you have the following rights under the GDPR: - Access: request a copy of the personal data we hold about you. - Rectification: request correction of inaccurate or incomplete data. - Erasure: request deletion of your personal data. - Restriction: request that we restrict how we process your data in certain circumstances. - Portability: request your data in a structured, machine-readable format. - Objection: object to processing carried out under legitimate interests. - Withdraw consent: for consent-based processing (including special category data), withdraw at any time without affecting the lawfulness of prior processing.
To exercise any right, email support@tiedup.app. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority (in the UK, the ICO at ico.org.uk).
If you are a California resident, you have rights under the CCPA, including the right to know what personal information we collect about you, to request deletion, and to opt out of the sale of personal information. We do not sell personal data.
Changes to this policy
We will post material changes on this page and update the "last updated" date. For significant changes we will notify you by email or in-app announcement before they take effect.