Privacy Policy

This Privacy Policy describes how TellCMS ("we," "us," or "our"), operated by Elabry Inc. with a registered office at 800 N King Street, Suite 304-2719, Wilmington, DE, 19801, US, collects, uses, shares, and protects information when you visit tellcms.com or use the TellCMS service (the "Service").

We've written this in plain English. If anything is unclear, reach us at admin@tellcms.com.

1. Who we are

TellCMS is an AI-powered content management assistant. It lets content editors interact with their CMS — currently Sitefinity, with WordPress, Sitecore, and Umbraco support on the roadmap — using natural language. You describe what you want done, and TellCMS translates the request into the appropriate CMS API calls.

2. Information we collect

2.1 Information you give us directly

• Account information: name, work email, company name, job title, and the password you set when registering.
• Billing information: when you become a paid customer, our payment processor (Stripe) collects payment-card details. We do not store full card numbers on our servers; only the last four digits and a billing reference token.
• CMS connection credentials: the API key, OAuth token, or service account you authorize TellCMS to use to talk to your CMS. These are encrypted at rest (AES-256) and accessible only to the authenticated user and the TellCMS processes that act on your behalf.
• Content of your natural-language requests: the prompts you type into TellCMS and the agent's replies.
• Support communications: anything you send us via email, chat, or contact form.

2.2 Information collected automatically

• Usage data: pages you visit on tellcms.com, features you use in the Service, timestamps, error logs, browser type, device and OS information.
• IP address and approximate geographic location derived from it.
• Cookies and similar technologies: see Section 7.

2.3 Information we do not collect

• We do not knowingly collect data from anyone under the age of 16 (see Section 11).
• We do not collect sensitive personal data (health, religion, political views, biometrics, etc.) and recommend you don't enter such data into TellCMS prompts.

3. How we use your information

We use the information above to:

• Provide, operate, and maintain the Service — including translating your natural-language requests into CMS API calls and returning results.
• Authenticate you and protect your account.
• Process payments and manage subscriptions.
• Improve the Service: fix bugs, debug failed requests, measure feature usage, and refine prompt-to-API translation quality.
• Communicate with you about product updates, security advisories, and customer support.
• Send marketing emails (only with your opt-in; opt-out anytime via the unsubscribe link).
• Comply with legal obligations.

4. Third-party AI processing

TellCMS uses Anthropic Claude to interpret your natural-language requests and generate the CMS API calls that execute them. When you submit a prompt:

• The prompt text and relevant context (e.g., the structure of the CMS object you're editing) are sent to the LLM provider.
• Your data is not used by the LLM provider to train their models. This is contractually guaranteed under the API terms we use (https://www.anthropic.com/legal/data-processing-addendum).
• The LLM provider may temporarily log your prompt for abuse-monitoring purposes, with retention as defined in their own privacy policy.

We do not send your CMS API credentials to the LLM provider — only the request, the relevant content schema, and (where useful) a description of the action being requested.

5. Data retention

• Account data: retained for as long as your account is active, plus 90 days after deletion for backup-recovery purposes.
• CMS connection credentials: deleted immediately when you disconnect the CMS or close your account.
• Natural-language prompts and agent responses: retained for 30 days to support debugging, abuse detection, and quality improvement. After that window, prompts are deleted from primary storage; aggregated metrics (no prompt content) may be retained longer.
• Billing records: retained per applicable tax and accounting law (typically 7 years).
• Usage logs: retained for up to 12 months.

You can request earlier deletion of any of the above (Section 8).

6. How we share your information

We share information only as described below:

• Service providers acting on our behalf — currently:
  • Anthropic Claude for natural-language processing (see Section 4)
  • Azure for hosting the Service in the US East region
  • Stripe for payment processing
  • Google Analytics if applicable (see Section 7)
• Your CMS — by definition, we send your requests to the CMS you've authorized.
• Legal compliance — if compelled by valid legal process (subpoena, court order) or to protect rights, safety, or property.
• Business transfer — if TellCMS is acquired or merged, your data may transfer to the successor entity, with notice to you.

We do not sell your personal information.

7. Cookies and tracking

We use the following types of cookies:

• Strictly necessary: session token, CSRF token, authentication state. Required for the Service to work.
• Preferences: remember your UI settings (theme, sidebar state).
• Analytics (only if applicable): Google Analytics to measure usage. You can opt out of analytics in the cookie banner on first visit or via your browser's Do Not Track setting.

We do not use cross-site advertising cookies.

8. Your rights

Regardless of where you live, you can:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Delete your account and associated personal data ("right to be forgotten").
• Export your data in a portable format.
• Object to or restrict certain processing.
• Withdraw consent you previously gave (e.g., marketing emails).

If you're in the European Economic Area, United Kingdom, or Switzerland, you have these rights under the GDPR. If you're a California resident, you have additional rights under the CCPA/CPRA, including the right to know what categories of personal information we collect and to opt out of any "sale" or "sharing" of personal information (we don't do either).

To exercise any right, email admin@tellcms.com. We respond within 30 days.

9. Data security

We use industry-standard safeguards:

• TLS 1.2+ in transit for all communications.
• AES-256 at rest for stored credentials and prompts.
• Role-based access control internally; only authorized personnel with a business need can access user data.
• Regular dependency updates and security patching.
• Encrypted, geographically replicated backups.

No system is 100% secure. We'll notify affected users without undue delay if a breach affecting your personal data occurs, per applicable law.

10. International data transfers

TellCMS is operated from the United States. If you access the Service from outside that jurisdiction, your data will be transferred there and processed under that jurisdiction's laws. Where required, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to legally transfer EEA personal data.

11. Children's privacy

TellCMS is intended for business users and is not directed at children under 16. We do not knowingly collect personal information from anyone under 16. If you learn that a child has provided us with personal information, contact us at admin@tellcms.com and we'll delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we'll post the new version here with a revised "Effective date." For material changes, we'll notify you via email or in-product notice at least 30 days before the change takes effect.

13. Contact us

If you have questions, complaints, or requests regarding this Privacy Policy or your personal data:

• Email: admin@tellcms.com
• Mail: Elabry Inc., 800 N King Street, Suite 304-2719, Wilmington, DE, 19801, US

If you're in the EEA/UK/CH and we cannot resolve your concern, you have the right to lodge a complaint with your local data protection authority.

Last updated: May 14, 2026