Legal
Privacy Policy
Last updated: March 3, 2026
Overview
Ties is a local-first personal CRM. Your contacts, journal entries, and reminders are stored as plain Markdown files on your own device. The free tier requires no account and transmits no data to us whatsoever.
The optional Sync and Plus tiers add cloud backup and additional features. This policy describes what data those tiers collect, why, and how it is protected.
Information we collect
Account data
When you create an account you provide an email address, a display name, and a password. Passwords are hashed using bcrypt and are never stored in plaintext.
Session data
When you sign in we record the IP address and user-agent string of the request to detect unusual activity. Session tokens are stored in a secure, HTTP-only cookie.
Vault files
If you enable cloud sync, your vault files — contacts, journal entries, reminders, and any attached photos — are uploaded to our servers. We do not read, index, or process the content of your vault beyond what is required to store and return it to you.
Payment information
Billing is handled entirely by Polar, our merchant of record. We never receive or store your card number or other payment credentials. Polar provides us with subscription status and the customer email used at checkout.
Usage analytics
The landing site uses Umami, a self-hosted, cookie-free analytics tool. It records page views and referrers in aggregate. No personally identifiable information is collected or shared with third parties.
How we use your information
- To authenticate you and maintain your session
- To store and synchronise your vault files across devices
- To enforce storage quotas and subscription tier limits
- To send transactional emails (sign-in links, subscription confirmations)
- To detect and prevent abuse and unauthorised access
We do not sell, rent, or share your personal data with advertisers or data brokers.
Third-party services
| Service | Purpose | Data shared |
|---|---|---|
| Polar | Payments, merchant of record, subscription management | Email, subscription tier |
| Cloudflare Turnstile | Bot protection on sign-up and sign-in forms | IP address, browser signals |
| Resend | Transactional email delivery | Email address, message content |
| Umami (self-hosted) | Anonymous page-view analytics on this site | None — no PII, no cookies |
| Google Fonts | Font delivery for the landing site | IP address (browser request) |
Each third-party service operates under its own privacy policy. We encourage you to review those policies if you have concerns about how they handle data.
Cookies
We use a single, HTTP-only session cookie to keep you signed in to your account. This cookie is set only when you log in and is cleared when you log out. We do not use advertising cookies, third-party tracking cookies, or persistent analytics cookies.
Data storage and security
Account data and vault files are stored on servers hosted at Hetzner in the European Union. All data in transit is encrypted with TLS. We apply rate limiting, input validation, and standard security practices throughout the application.
Data portability
Your data is always yours. Vault files are plain Markdown and are stored locally on your device first. You can copy, move, or delete them at any time without using our service. If you cancel a paid subscription, your local files are completely unaffected.
AI and MCP access
The Plus tier includes a hosted Model Context Protocol (MCP) server that allows AI assistants to read and write your vault with your explicit authorisation. Access is granted through an OAuth 2.1 consent flow — you decide which tools to allow and to which client. You can revoke access at any time from your account settings. We do not use your vault content to train AI models.
Children
Ties is not directed at children under the age of 16. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with their information, please contact us and we will delete it promptly.
Your rights
You have the right to:
- Access — request a copy of the personal data we hold about you
- Correction — ask us to correct inaccurate or incomplete data
- Deletion — request that we delete your account and associated cloud data
- Export — download your vault files at any time
To exercise any of these rights, email us at support@ties.md. We will respond within 30 days.
Changes to this policy
We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will notify account holders by email. Your continued use of the service after a change takes effect constitutes acceptance of the updated policy.
Contact
If you have questions about this policy or how we handle your data, please reach out at support@ties.md.