Privacy Policy

Last updated: April 6, 2026

1. Introduction

Tilk AI (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Tilk AI platform at app.tilkai.com (the “Platform”) and visit our marketing website at tilkai.com (the “Site”).

This policy covers both the marketing website at tilkai.com and the Tilk AI application at app.tilkai.com, including all third-party integrations (such as Google Calendar) accessed through the Platform.

2. Information We Collect

Information You Provide

  • Email address (newsletter subscription, demo booking form)
  • Name and company (demo booking form)
  • Use case selection (demo booking form)

Automatically Collected Information

  • Page views and referral sources (via Plausible Analytics — see Section 6)
  • UTM parameters from marketing campaigns
  • Device type and browser (aggregated, non-identifying)

3. How We Use Your Information

  • To send you newsletter updates you subscribed to
  • To facilitate demo bookings and follow up on your request
  • To understand how visitors use our Site and improve it
  • To attribute marketing campaigns to conversions
  • To comply with legal obligations

4. Third-Party Processors

We share data with the following service providers:

  • Plausible Analytics — privacy-friendly, cookieless web analytics. No personal data is collected. Fully GDPR-compliant. Plausible data policy
  • Cal.com — demo scheduling. Processes your name, email, and booking details when you schedule a demo.
  • Resend — transactional email delivery. Processes your email address for newsletter and demo confirmation emails.
  • Cloudflare — content delivery and DDoS protection. May process IP addresses and request metadata.
  • Google (Calendar API) — calendar integration for appointment scheduling. Processes calendar availability and event data via OAuth 2.0. See Section 5 for full details.

5. Google Calendar Integration

Tilk AI integrates with Google Calendar via the Google Calendar API and Google OAuth 2.0 to enable AI phone agents to check availability and book appointments on behalf of callers. This section describes how we handle data received from Google APIs.

What Data We Access

  • A list of your Google Calendars (names and IDs) so you can choose which ones to use
  • Google Calendar event details (title, time, duration, location, attendees, busy/free status)
  • Calendar availability and working hours
  • Calendar settings (timezone, working hours configuration)
  • Your Google account name and email address — used to identify and display the connected account in the Tilk AI dashboard so you can manage multiple connections

OAuth Scopes Requested

During the authorization flow, Tilk AI requests the following Google OAuth scopes:

  • calendar.events — read and write calendar events (to create, update, and cancel appointments)
  • calendar.readonly — read calendar list and settings (to display available calendars and read working hours/timezone)
  • calendar.freebusy — read free/busy availability (to offer open time slots to callers)
  • openid, userinfo.email, userinfo.profile — identify the connected Google account (to display the account name and email in the Tilk AI dashboard)

Why We Access It

We access Google Calendar data solely to enable AI phone agents to check real-time availability and book appointments on behalf of callers during phone conversations.

How We Use the Data

Calendar data is used only to perform scheduling operations during phone calls. We do not use Google Calendar data for advertising, marketing, training AI models, or any purpose unrelated to appointment scheduling.

What We Store

  • A local record of bookings made through Tilk AI (confirmation codes, appointment details, and linkage to the originating phone call)
  • OAuth access and refresh tokens, encrypted at rest, for ongoing calendar access
  • Connected calendar metadata (calendar names, IDs, timezones) for the calendar picker
  • Google account name and email of the connected account

We do not store copies of your full calendar data. Calendar availability is queried in real time and is not cached or persisted.

Data Sharing

Google Calendar data is not sold, rented, or shared with any third parties. It is accessed only between the caller, the Tilk AI agent, and the connected Google Calendar account. We do not sell any user data, including data obtained through Google APIs.

Token Management

OAuth refresh tokens are stored encrypted at rest. Users can disconnect their Google account at any time from the Tilk AI dashboard, which requests revocation of access from Google and deletes stored tokens from our systems.

Data Retention

  • OAuth tokens are deleted immediately when a user disconnects their Google account
  • Booking records created through the Google Calendar integration are retained for operational purposes and will be deleted upon request. To request deletion, email [email protected] or disconnect your Google account from the Tilk AI dashboard settings

Human Access to Google Data

Tilk AI employees and contractors do not read your Google Calendar data unless: (a) you give us specific permission to do so for a support request, (b) it is necessary for security purposes (such as investigating abuse), or (c) it is required to comply with applicable law.

Google API Services User Data Policy

Tilk AI’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy , including the Limited Use requirements.

Limited Use Disclosure

In accordance with Google’s Limited Use requirements, Tilk AI confirms that:

  1. We only use Google Calendar data to provide and improve user-facing features that are prominent in the application’s user interface (checking availability and booking appointments during phone calls).
  2. We do not transfer Google Calendar data to third parties, except: (a) with the user’s explicit consent, (b) as necessary for security purposes (e.g. investigating abuse), or (c) to comply with applicable law.
  3. We do not use Google Calendar data for serving advertisements, including retargeting, personalized, or interest-based advertising.
  4. Tilk AI employees and contractors do not read Google Calendar data unless the user has given affirmative consent for a specific message, it is necessary for security purposes, it is required by law, or the data has been aggregated and anonymized for internal operations.

6. Analytics and Cookies

We use Plausible Analytics, a privacy-friendly analytics tool that does not use cookies, does not collect personal data, and is fully GDPR-compliant by design. No cookie consent banner is required for Plausible.

Our demo booking widget (Cal.com) may set functional cookies necessary for the booking process. These are first-party cookies and are not used for tracking.

7. Data Retention

  • Newsletter subscriptions: until you unsubscribe
  • Demo booking data: 12 months after the booking date
  • Analytics data: aggregated data retained indefinitely (no personal data)

8. Your Rights (GDPR)

If you are in the European Economic Area (EEA), you have the following rights:

  • Access: Request a copy of the data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data
  • Portability: Request your data in a machine-readable format
  • Objection: Object to processing of your data
  • Restriction: Request restriction of processing

To exercise any of these rights, contact us at [email protected] .

9. Data Controller

The data controller responsible for your personal data is:

1001560455 Ontario Inc., operating as Tilk AI
Suite 685 – 145 Church St, Unit 5
Toronto, ON M5B 1Y4
Canada

1001560455 Ontario Inc., operating as Tilk AI is incorporated in the Province of Ontario, Canada.

10. Contact

For privacy-related questions or requests, contact us at:

[email protected]