Log In

Privacy Statement

Last updated: 2nd March 2026

Your privacy is important to us. We would never sell your data. Our Service collects only the information needed to provide, secure, and improve Tailo, including basic account information, the content you upload, error monitoring, and product analytics. To help us build a better experience, we also collect data on how you best read, understand, and learn content.

Introduction

Tailo is provided by Estendio Ltd (“we”, “us”, or “our”), a company registered in Scotland with its registered office at Office 1, Technology House, 9 Newton Place, Glasgow, G3 7PR.

For the purposes of UK data protection law, Estendio Ltd is the Data Controller for personal data collected through direct Tailo accounts.

If you have any questions about this Privacy Statement or how we handle your personal data, you can contact us at: support@tailoapp.co.uk

This Privacy Statement explains how we collect, use, store, and share your personal data when you use Tailo through:

  • Direct sign-ups (including DSA students and early access / beta users) – Estendio Ltd is the Data Controller of your personal data.
  • Institutional access (for example, through a university or college) – your institution is the Data Controller, and Estendio Ltd acts as their Data Processor, processing personal data only on their instructions.

This includes users who sign up directly for early access, beta, or other trial programmes, for whom Estendio Ltd remains the Data Controller of personal data collected through Tailo.

By using Tailo, you acknowledge that you have read and understood this Privacy Statement.

Users outside the UK and EU

If you access Tailo from outside the UK or EU, your data is processed under UK law. You may have fewer data protection rights than under local law, but we will still apply the same security standards and respond to reasonable requests for access, correction, or deletion. Please be aware that data protection laws vary by country and may differ from UK standards.

Information we collect

Information you provide directly

When you create or use a Tailo account, you may provide:

  • Name
  • Email address
  • Role or occupation (for example, student, staff)
  • Institution or organisation (where applicable)
  • Feedback you provide in Tailo (for example, via surveys, support forms, or in-product prompts)

Reading profile and content you upload

To provide Tailo’s reading and learning support features, we collect information such as:

  • Your chosen display and accessibility preferences (for example, fonts, colours, line spacing)
  • Documents you upload, including titles, content, and associated metadata
  • Highlights, notes, and other interactions with your documents
  • Task- or activity-level performance data (for example, time on a document, which features you use, and how often)

Technical and usage information

When you access Tailo or our website, we automatically collect certain technical and usage data, which may include:

  • Device information (for example, device type, operating system, browser type and version)
  • Log data (for example, IP address, timestamps, pages or screens viewed, referring URL)
  • Interaction data (for example, clicks, scrolls, feature usage, errors and crash reports)

This information is used for security, performance monitoring, and product improvement.

Performance data and analytics

We use cookies and similar technologies when they are essential to deliver our services and to improve your experience through analytics. This includes collecting non-identifiable or pseudonymised information via analytics and experience tools such as Google Analytics, Amplitude, HubSpot, and Hotjar.

We use these tools to:

  • Measure usage trends and improve the user experience for our product
  • Monitor aggregate metrics such as total number of visitors, traffic, and general usage patterns
  • Diagnose or fix technology problems and keep the service secure and reliable

Google Analytics helps us understand how visitors interact with our website, including pages visited, time spent, and device/browser information, so we can improve our site, content, and services.

Amplitude is a product analytics service that helps us understand how users interact with features in Tailo so we can measure usage trends and improve the in-product experience.

HubSpot helps us manage communications, sign-ups, support enquiries, and user journeys, and may track interactions with our website and emails so we can provide relevant content and support.

Hotjar helps us understand user behaviour on our website through tools like heatmaps, session recordings, and surveys, which we use to improve usability and design.

These tools are configured so that data is aggregated, anonymised, or pseudonymised where possible, and we do not use them to identify you directly unless you choose to provide your details (for example, by submitting a form). 

Where required by law, we obtain your consent for the use of non-essential analytics and experience tools. Otherwise, we rely on legitimate interests as described in this Privacy Statement.

Cookies and similar technologies

We use cookies and similar technologies (such as scripts, pixels, and local storage) to operate our website and services, remember your preferences, and understand how Tailo is used. Some cookies are strictly necessary for the site and service to function (for example, to keep you logged in and provide security), while others are used for analytics and experience improvement.

  • Necessary cookies are required to provide the service you request and are set on the basis of our legitimate interests in operating a secure, reliable service.
  • Analytics and performance cookies (for example, those set by Google Analytics, Amplitude, HubSpot, and Hotjar) help us measure traffic and usage trends and improve Tailo. These are not strictly necessary and may require your consent in some regions.

Where required by law, we will only use non-essential cookies and similar technologies with your consent, which you can manage through your browser or device settings and, where available, through any cookie controls we provide. If you disable certain cookies, parts of the website or service may not function properly.

Third-party integrations

Tailo allows you to sign up and log in using “Log in with Google”. When you choose this option, Google will share certain information from your Google account with us, such as your name and email address, so that we can create and manage your Tailo account. We do not receive your Google password.

We use this information only to authenticate you, create or link your Tailo account, and keep your login secure and convenient. The information that Google shares with us is controlled by your Google account settings and the consent screen shown to you by Google when you first use “Log in with Google”. Google’s use of your information is governed by Google’s own Terms of Service and Privacy Policy.

How we use your information

We may use information collected about you via Tailo to:

  • Provide and maintain the service, including personalising your experience and remembering your preferences
  • Generate a personal profile about you to make future visits to Tailo more personalised
  • Monitor and analyse usage and trends to improve your experience with Tailo and to develop new features
  • Provide support, troubleshoot issues, and ensure the security and integrity of the service
  • Notify you of updates to Tailo and changes to our terms and policies
  • Request feedback and contact you about your use of Tailo
  • Communicate with you in accordance with your communication preferences and applicable law (see “Service emails and product communications” below).

For institutional users, we may also use your data to fulfil our contractual obligations to your institution and to support pilots, accessibility assessments, and reporting agreed with the institution.

We do not use your personal data to build advertising profiles, and we do not sell your personal data.

Service emails and product communications

We send different types of emails depending on your relationship with Tailo.

Essential service emails
We send emails that are necessary to provide, operate, and secure your Tailo account, such as activation emails, one-time password (OTP) emails, and security notifications. These emails are required to deliver the service you have requested and are sent on the basis of contract.

Service and product updates
If you create an account, we may send you service-related emails to help you use Tailo effectively (for example reminders to complete setup, guidance on features you’ve used, and updates about improvements to Tailo’s services). We rely on our legitimate interests to send these emails and ensure they are proportionate and relevant to your use of Tailo.

You have the right to object to receiving these service-related emails at any time. You can do so by using the unsubscribe link in the email or by contacting us at support@tailoapp.co.uk

We may also contact you to request feedback, invite you to participate in research, or help us improve Tailo. We rely on our legitimate interests for these communications, and you may object at any time.

Tailo may introduce new features, plans, or pricing options over time, including free and paid tiers. Where permitted by law and in line with your communication preferences, we may email you about changes that relate to your existing Tailo account or service.

Marketing communications
We will only send broader marketing communications, such as general newsletters, where you have given your consent. You can withdraw your consent at any time.

Legal bases for processing

Where UK and EU data protection law applies, we rely on one or more of the following legal bases to process your personal data:

  • Contract – processing is necessary to provide Tailo to you under our agreement with you or your institution
  • Legitimate interests – for example, to improve our services, prevent abuse, and ensure security, where these interests are not overridden by your rights and interests
  • Consent – for certain analytics, communications, or optional features where we ask for your consent and you are free to withdraw it at any time
  • Legal obligation – where processing is necessary to comply with applicable laws and regulations

When we share your information

We will not sell, distribute, or lease your personal information to unrelated third parties unless we have your permission or are required by law to do so.

We may share your information with:

  • Your institution, if you are an institutional user, and only for purposes related to the pilot or institutional agreement (for example, aggregated reports, usage metrics, or accessibility outcomes)
  • Carefully selected service providers that process personal data on our behalf to provide hosting, storage, authentication, analytics (including Google Analytics and Amplitude), communications (including HubSpot), user-experience tools (including Hotjar), AI-powered features, and other operational services, all under appropriate data protection and security obligations
    • Where we use AI service providers to deliver features such as summaries, explanations, or other learning support, your content is processed solely to provide the requested functionality. We do not use your documents or personal data to train public AI models, and we require our AI providers to process data only on our instructions and not for their own independent training purposes.
  • Authorities and regulators, where required by law, court order, or to protect our rights or the rights and safety of others
  • Professional advisers, such as lawyers, accountants, or auditors, where necessary to protect our business interests and comply with our legal obligations

We may update or change these providers from time to time, but will only engage providers that offer safeguards consistent with this Privacy Statement and applicable law.

International transfers and data residency

We design Tailo to respect data residency requirements:

  • US pilot users – personal data is hosted in the US (including authentication and storage) where required by institutional agreements.
  • UK/EU users – personal data is hosted in the EU (for example, AWS Ireland), to support compliance with UK/EU data protection laws.

Where personal data is transferred outside the UK or EU, we rely on appropriate safeguards such as:

  • Adequacy regulations or frameworks (for example, the UK–US data bridge, EU–US Data Privacy Framework, where applicable)
  • Standard Contractual Clauses or equivalent contracts approved by relevant regulators
  • Additional technical and organisational measures to protect data in transit and at rest

In the normal course of operations, data remains within its primary region. Limited cross-border transfers may occur when required to provide support, investigate technical issues, or fulfil deletion or data access requests.

Security practices

We use appropriate technical and organisational security measures to protect the security of your personal data both online and offline. These measures vary based on the sensitivity of the personal data we collect, process, and store, and the current state of technology. We also take measures to ensure that service providers processing personal data on our behalf have appropriate security controls in place.

While we strive to protect your personal data, we cannot guarantee that unauthorised access, hacking, data loss, or a data breach will never occur. To protect the confidentiality of your account and prevent unauthorised use, you must keep your account access credentials confidential and not disclose them publicly or to unauthorised individuals.

Data retention

We retain your personal data for as long as your account is active or as required to provide the service. When your account is deleted (either by you or your institution), we delete or anonymise your data unless we need to retain it for legal or regulatory purposes.

Your rights and choices

Depending on where you live, you may have rights under data protection law, which can include:

  • The right to access your personal data
  • The right to correct inaccurate or incomplete data
  • The right to delete your data in certain circumstances
  • The right to restrict or object to certain types of processing
  • The right to data portability (to receive your data in a structured, commonly used format)
  • The right to withdraw consent where processing is based on consent

 

If you are located in the UK, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe we have not handled your personal data appropriately.

Account information

You may send us an email at support@tailoapp.co.uk to request access to, correct, or delete any personal information that you have provided to us. We may not be able to delete your personal information except by also deleting your user account, and we may decline a request to change information if we believe the change would violate any law or legal requirement, or cause the information to be incorrect.

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, some information may be retained in our files to prevent fraud, troubleshoot problems, assist with investigations, enforce our Terms of Service, and/or comply with legal requirements.

If your account is managed by an institution, please contact them first as they may control certain aspects of your data and must instruct us regarding some changes.

Children and students

Tailo is designed for higher education students and adults, and is typically accessed through universities, colleges, or disability support schemes. Where Tailo is provided through an institution, we process personal data under the institution’s direction and in line with their responsibilities (for example, under UK education law or FERPA in the US).

We do not knowingly allow children outside higher or further education to create direct accounts without appropriate consent where required by law. If you believe we have collected personal data from a child inappropriately, please contact us so we can investigate and take appropriate action.

Compliance frameworks

We design Tailo to comply with applicable privacy and education laws, including:

  • UK GDPR and the Data Protection Act 2018
  • EU GDPR, where applicable
  • FERPA, when processing education records on behalf of US institutions
  • Relevant US state privacy laws (such as CCPA/CPRA) to the extent they apply

Even where certain laws do not strictly apply, we aim to follow their principles as part of our commitment to privacy and data protection best practices.

Changes to this Privacy Statement

We may update this Privacy Statement from time to time. You are advised to review this page periodically for any changes. We will notify you of any material changes by posting the new Privacy Statement on this page and, where appropriate, through in-product notices or email.

Changes are effective immediately after they are posted on this page unless otherwise stated.

Contact us

If you have questions or comments about this Privacy Statement, or if you wish to exercise your data protection rights, please contact us at: support@tailoapp.co.uk