Privacy Policy

Last updated: March 17, 2026

Tirion ("we," "us," or "our") operates tirionforge.com and related products, including Tirion Reach, our outreach workspace and browser extension (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, when we share it, and the choices available to you.

By using the Service, creating an account, or connecting a third-party account such as Google or X, you agree to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Information you provide directly

  • Account information: When you sign in, we collect identifiers such as your name, email address, and profile image from your Google account.
  • Business and workspace information: We collect information you enter into the Service, such as business details, offers, landing page content, campaigns, CRM notes, imported lead lists, contact handles, and reply drafts.
  • Communications: If you contact us, we collect the contents of your emails, support requests, and related correspondence.
  • Billing information: Subscription and payment data is collected and processed by our payment processor, Stripe. We receive status and billing metadata, but not your full card number.

1.2 Information collected automatically

  • Usage data: We collect information about the pages you visit, features you use, requests you make, and actions you take inside the Service.
  • Device and log data: We collect IP address, browser type, operating system, approximate device information, timestamps, and request logs needed to operate and secure the Service.
  • Cookies and local storage: We use essential cookies and browser storage to maintain sessions, authentication, preferences, and product functionality.

1.3 Information from visitors and prospects

  • Conversation data: When a visitor interacts with a Tirion page or when you use Tirion Reach to manage outreach, we may process conversation text, message timestamps, reply drafts, outcomes, and contact records tied to your workspace.
  • Imported CRM data: If you upload lead lists or sync outreach data, we store the data you choose to import, such as names, handles, bios, notes, tags, and campaign history.

1.4 Information from connected third-party services

  • Google OAuth: We receive your basic Google profile details and, if enabled by you, Google Calendar data needed for scheduling features.
  • X OAuth and Direct Messages: If you connect an X account to Tirion Reach, we may receive your X user ID, username, display name, profile image, OAuth tokens, granted scopes, and the direct message content and metadata needed to read, sync, organize, draft, and send messages on your behalf.
  • Stripe: We receive customer IDs, subscription status, invoice metadata, and payment confirmations.

2. How We Use Information

  • To create and manage your account
  • To provide the website, Tirion pages, Tirion Reach, analytics, and messaging workflows
  • To authenticate users and connected accounts
  • To sync, display, organize, and send direct messages when you explicitly connect an X account and request those actions
  • To generate AI-assisted drafts, summaries, and workflow suggestions
  • To process billing and manage subscriptions
  • To monitor product health, prevent abuse, enforce our Terms, and comply with legal obligations
  • To improve the reliability, safety, and performance of the Service

3. Google OAuth

When you sign in with Google, we request only the scopes needed to operate your account and optional calendar functionality:

  • openid, email, profile — To create your account, authenticate you, and show your basic profile information inside the Service.
  • https://www.googleapis.com/auth/calendar — Only if you enable booking features that require calendar availability and event creation.

Tirion's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4. X OAuth and Direct Messages

Tirion Reach offers an optional X integration for users who want to manage direct messages from within the product. This integration is user-controlled and only becomes active if you explicitly connect your X account.

4.1 X scopes we request

  • tweet.read — Required by X for portions of the OAuth flow and related API access.
  • users.read — Used to retrieve your X profile and sender profile details needed to label messages and contacts.
  • dm.read — Used to fetch and sync your direct message conversations when you request a sync or open a conversation.
  • dm.write — Used to send direct messages only when you choose to send a message from Tirion Reach.
  • offline.access — Used to refresh your X authorization without forcing you to reconnect every session.

4.2 How we use X data

  • To confirm the identity of the X account you connected
  • To fetch recent X direct messages and sync them into your Tirion Reach inbox and CRM
  • To show message history, contact profiles, timestamps, and conversation state
  • To send direct messages on your behalf only after you press send or trigger another user-facing action
  • To generate reply drafts or summaries based on the conversation context you choose to process

4.3 What we do not do with X data

  • We do not sell X data.
  • We do not use X direct message data for ad targeting or data brokerage.
  • We do not use your X direct message data to train generalized models for unrelated products.
  • We do not access your X account unless you have explicitly connected it and the requested action requires that access.

4.4 Storage and revocation

  • OAuth tokens for connected X accounts are stored in encrypted form.
  • You can disconnect your X account inside Tirion Reach or revoke Tirion's access from your X account settings.
  • If you disconnect the integration, new X API access stops unless you reconnect.

5. AI Processing and Service Providers

Certain features use AI providers to generate drafts, summaries, and agent responses. When these features run, the relevant prompt context may be sent to our AI provider to produce the requested output.

  • Anthropic — AI-generated replies, summaries, and conversational outputs
  • Stripe — Billing and subscription management
  • Google — Authentication and optional calendar features
  • X — Connected account authentication and direct message operations
  • Vercel, AWS, Neon, and related infrastructure vendors — Hosting, storage, logs, and application delivery

6. Sharing of Information

We share information only in limited circumstances:

  • With service providers that help us operate the Service
  • With platform providers such as Google or X when a feature depends on that provider and you have authorized the connection
  • For legal reasons if required by law, regulation, subpoena, court order, or other lawful request
  • In connection with a business transaction such as a merger, acquisition, or asset sale, subject to appropriate protections

We do not sell your personal information.

7. Data Retention

  • Account data: Retained while your account is active and for a limited period afterward as needed for security, billing, or legal compliance.
  • X tokens: Retained until you disconnect the integration, revoke access, or request deletion, unless longer retention is required by law or for security investigation.
  • Synced CRM and message data: Retained while needed to provide your workspace history, inbox, analytics, and records, unless you delete it or request account deletion.
  • Support and operational logs: Retained for limited periods reasonably necessary for support, auditing, and abuse prevention.

8. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect your data, including HTTPS/TLS in transit, access controls, and encrypted storage for sensitive credentials such as OAuth tokens. No system is perfectly secure, so we cannot guarantee absolute security.

9. Your Choices and Rights

  • You can review and update much of your account information inside the product.
  • You can disconnect connected accounts such as X or revoke permissions directly with the third-party provider.
  • You may request access, correction, export, or deletion of your personal data by contacting us.
  • You may request deletion of synced X data associated with your workspace, subject to operational, contractual, and legal constraints.

10. International Transfers

The Service may be hosted or operated in multiple countries, including the United States. By using the Service, you understand that your information may be transferred to and processed in jurisdictions that may have different data protection rules than your home jurisdiction.

11. Children's Privacy

The Service is not intended for children under 18, and we do not knowingly collect personal information from children.

12. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the date on this page and may provide additional notice where appropriate.

13. Contact

If you have questions, requests, or privacy concerns, contact us at:

Email: support@tirionforge.com
Website: www.tirionforge.com
Related Terms: Terms of Service