Privacy Policy

Tier Drop Privacy Policy

Effective date: January 2, 2026

This Privacy Policy explains how Tier Drop ("Tier Drop", "we", "us", or "our") collects, uses, and shares information when you use our web application and the Tier Drop Chrome extension.

This document is intended to describe how the product currently works and does not constitute legal advice. You should consult your own legal counsel before relying on it.

1. Who we are

Tier Drop helps customer support teams and subject matter experts create and manage a knowledge base, use AI to draft and clean up help articles, and power Tier 1 and Tier 2 support workflows, including optional escalations to Slack. We provide the Service primarily to business customers and their authorized users.

2. Scope

This Privacy Policy applies to information we collect and process when you access or use:

  • The Tier Drop web application and related services (the "Service"), and
  • The Tier Drop Chrome extension (the "Extension"), which opens a side panel that displays the Tier Drop chat experience.

The Extension itself does not collect or process additional personal data beyond what is already collected by the Tier Drop web application and your browser. It simply displays Tier Drop content in a Chrome side panel, using the same session cookies as the web app.

3. Information we collect

3.1 Account and profile information

When you create an account or use the Service, we collect:

  • Email address used for authentication, security notifications, and account-related communications.
  • Password managed by our authentication provider (Supabase). We do not store your raw password; Supabase stores a secure password hash.
  • Profile details such as your display name and optional avatar image URL, stored in user profile metadata and related profile tables.

3.2 Organization and team information

Tier Drop is multi-tenant and organized around organizations:

  • Organization details such as organization name and an internal slug or identifier.
  • Memberships and roles including which organizations you belong to and your role (for example, owner, admin, member).
  • Join requests if you request to join an existing organization, including the target organization, request status, and timestamps.

3.3 Knowledge base content and uploads

The Service allows you to create and manage knowledge base content and import material from external sources:

  • Articles and drafts, including titles, HTML content, extracted text for search, tags, status (draft / published / deleted), publishing metadata, and timestamps.
  • User-uploaded content that you provide, such as videos, audio, PDFs, text files or notes, and images used for content or avatars. Uploads are typically stored temporarily in object storage while we process them, and the processed result (for example, a generated article) is stored in our primary database.
  • Imported external documentation when you use our website-crawl integration. We fetch content from URLs you specify, clean the HTML to keep the main article body, and store the cleaned HTML and extracted text in your knowledge base along with the original source URL and metadata (for example, page title and host).

3.4 AI chat, transcripts, and usage

When you use the AI chat features:

  • We store chat messages including your questions ("user" role) and AI responses ("assistant" role), along with metadata such as which knowledge base articles were used as sources and an internal trace ID for debugging and feedback.
  • We group messages into chat threads with identifiers, organization and user references, previews of the last message, and timestamps.
  • We track limited per-day AI usage metrics per user and organization to enforce quotas and monitor system health.

3.5 Feedback and quality signals

You may provide feedback on AI answers and knowledge base articles. We store feedback such as whether an answer or article was helpful, the type of issue (for example, out of date, inaccurate, unclear, missing information, other), and your description of the problem. Feedback is associated with your organization and the relevant article or chat answer for quality-improvement purposes.

3.6 Integrations and Slack escalations

If your organization connects Slack or other supported integrations, we may process additional information in order to operate those features. For example:

  • Slack connection details such as Slack workspace ID, optional workspace name, bot access token, and default Slack channel identifiers and names used for escalations.
  • Slack user mappings where we look up a Slack user ID by your email address (using Slack's APIs) and store a mapping between your Tier Drop user ID and your Slack user ID for mention and notification purposes.
  • Escalation records that include your organization, the user initiating the escalation, Slack workspace and channel identifiers, thread timestamps, and a handoff summary of the in-app conversation.
  • Publishing integrations (for example, Intercom, Zendesk, Freshdesk, Salesforce, HubSpot, Google Docs) where we store configuration and identifiers necessary to publish or update articles in those systems, when your organization explicitly enables them.

3.7 Logs, device, and usage information

Like most web services, we and our infrastructure providers automatically collect certain technical information when you access Tier Drop, such as IP address, browser type, operating system, referring URLs, request and response metadata, timestamps, and error or diagnostic information. This data is used to operate the Service, troubleshoot issues, and maintain security and reliability.

3.8 Cookies and local storage

We use cookies and local storage in the following ways:

  • Authentication and session cookies set by Supabase and the application framework to keep you signed in, associate your requests with your account and organization, and apply security controls.
  • Local storage preferences such as your theme mode (system, light, dark) and the current organization label shown in the UI. These values are stored in your browser's local storage and are used only to improve your experience within Tier Drop.

4. How we use information

We use the information described above for the following purposes:

  • To provide and maintain the Service, including creating and managing accounts and organizations, authenticating users, enforcing roles and permissions, and storing and serving knowledge base content, chat threads, and related data.
  • To power AI features by sending relevant inputs (such as your questions, selected knowledge base snippets, and configuration settings) to our AI provider(s) to generate answers and content, and by generating or cleaning up articles from uploads or crawled pages.
  • To support integrations and workflows such as Slack escalations and publishing content into third-party help desk and CRM platforms that your organization chooses to connect.
  • To improve and troubleshoot the Service by monitoring performance, debugging issues, and analyzing feedback and usage patterns in aggregate.
  • To ensure security and prevent abuse by enforcing rate limits and quotas, detecting suspicious or abusive activity, and protecting the integrity and availability of the Service.
  • To comply with legal obligations and enforce our agreements, including maintaining records required for compliance and dispute resolution.

5. Legal bases and roles

Where applicable (for example, under GDPR or similar laws), we rely on different legal bases to process personal data, including performance of a contract, our legitimate interests (such as security and product improvement), and consent where required.

In most cases we act as a processor or service provider on behalf of our business customers with respect to the content and data they load into Tier Drop. We act as acontroller for limited account-level and operational data such as sign in details, product usage necessary to operate the Service, and internal logs.

6. How we share information

We share information in the following ways:

  • Service providers and infrastructure such as Supabase, Vercel and Vercel Blob, Google (Gemini), Firecrawl, and Slack, which process data on our behalf to host the Service, provide AI capabilities, crawl and import external documentation, and deliver connected workflows.
  • Integrations you configure, where we share data necessary to operate the specific integrations (for example, conversation summaries for Slack escalations or article content for publishing to help desk platforms).
  • Within your organization, such as sharing your name and avatar with teammates, associating articles with their authors, and allowing admins to review feedback and usage: this depends on your organization's configuration and permissions.
  • For legal and safety reasons, if we believe in good faith that disclosure is reasonably necessary to comply with law, enforce our agreements, protect the security or integrity of the Service, or protect Tier Drop, our users, or the public from harm.
  • Business transfers, in which your information may be transferred in connection with a merger, acquisition, financing, or sale of all or a portion of our assets, subject to appropriate confidentiality obligations.

We do not sell personal information and we do not use your data for third-party targeted advertising.

7. Data retention and deletion

We retain information for as long as necessary to provide the Service to you and your organization, comply with legal obligations, resolve disputes, and enforce our agreements. In general:

  • Account and organization records are retained for the duration of your organization's relationship with us and for a limited period thereafter, as needed for legal and operational reasons.
  • Knowledge base content, chat threads, and feedback are retained until deleted by you or your organization, subject to backups and logs.
  • Temporary files used for AI processing (such as certain uploaded media, PDFs, and staged files for Gemini) are deleted as part of our processing workflows once the generated output has been stored.
  • Older avatar files may be deleted on a best-effort basis when replaced with a new avatar image.

Because we rely on database and storage backups for reliability and disaster recovery, copies of some data may persist in backup systems for a limited time even after primary records are deleted.

8. Security

We take reasonable technical and organizational measures designed to protect your information, including the use of a managed Postgres database with row-level security and role-based access, authentication and organization membership checks for sensitive operations, limited-scope tokens for third-party integrations, and HTTPS to encrypt data in transit.

However, no security system is perfect, and we cannot guarantee absolute security. We strive to protect your data and will notify you of material security incidents as required by applicable law.

9. International data transfers

Our infrastructure providers (for example, Supabase, Vercel, Google, Slack, and Firecrawl) may process and store data in data centers located in multiple countries. As a result, your information may be transferred to and processed in a country that is different from your country of residence and that may have different data protection laws.

10. Your rights and choices

Depending on your location and applicable laws, you may have certain rights regarding your personal data, such as rights to access, correct, delete, restrict, or object to certain processing, and to data portability. Many aspects of your data can be managed directly within the product (for example, updating profile information, changing your password, or managing knowledge base content and integrations as an organization admin).

If you cannot exercise your rights through the product or wish to submit a data subject request, please use the contact details below. We may need to verify your identity before responding. You may also have the right to lodge a complaint with your local data protection authority.

11. Children's privacy

Tier Drop is intended for use by businesses and professionals and is not directed to children. We do not knowingly collect personal information from children under the age of 16 (or any higher age required by applicable law). If you believe that a child has provided us with personal information in violation of this policy, please contact us and we will take steps to delete such information where required.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will post the updated policy on this page and update the effective date at the top. For material changes, we may also provide additional notice within the app or by email to account owners.

Your continued use of the Service after the effective date of an updated Privacy Policy constitutes your acceptance of the revised policy.

13. Contact us

If you have any questions about this Privacy Policy or our privacy practices, or if you wish to exercise your data protection rights, please contact us at:

  • Email: alecharmon4@gmail.com