Last updated: January 9, 2026
1. Who are we?
Tacit, a company currently being incorporated, acts as a Data Controller for Account Data and for processing necessary to administer the Service, and as a Data Processor for Customer Data processed on behalf of the Customer (see the DPA – Appendix 1 of the Terms of Service).
For any questions, you can contact us at: contact@tacit.now.
A Data Protection Officer (DPO) has been appointed: Benoit Perron, who can be reached at: privacy@tacit.now.
2. Scope
This policy describes our processing practices relating to:
the Website (tacit.now and associated domains),
the Service (app.tacit.now and associated domains),
our communications (emails, alerts).
It applies to any interaction with Tacit as a customer, user, or visitor.
3. Data we collect
We collect and process different categories of data:
Account Data: first name, last name, business email address, company, job title.
Technical logs: IP addresses, login timestamps, technical events, error identifiers.
Cookies/Trackers: cookies strictly necessary for operation and, subject to consent, preference cookies and audience measurement/analytics cookies.
We do not intentionally collect sensitive data (biometric data, etc.).
4. Purposes and legal bases
We use your personal data for the following purposes:
Provision of the Service: account creation/management, access, billing, support (Art. 6(1)(b) GDPR – performance of a contract).
Security: logging, fraud/abuse prevention, system integrity (Art. 6(1)(f) GDPR – legitimate interest).
Improvement and audience measurement: aggregated statistics via analytics (Art. 6(1)(a) GDPR – consent).
Legal obligations: accounting, taxation, responding to authorities (Art. 6(1)(c) GDPR – legal obligation).
Product communications: service messages and announcements (Art. 6(1)(f) GDPR – legitimate interest); electronic marketing subject to consent (Art. 6(1)(a) GDPR – consent).
5. Cookies and trackers
We use different types of cookies:
cookies necessary for operation (authentication, session),
preference cookies that allow, subject to consent, the user to configure certain aspects of the product (language, dark mode, etc.),
audience measurement/analytics cookies, subject to consent.
A banner allows you to accept or refuse optional cookies. The Customer may change their consent at any time.
6. Recipients and subprocessors
Tacit publishes the name of any new subprocessor for its online services at least 7 days before that subprocessor is authorized to provide services that may involve access to customer data or personal data.
If you have any questions regarding this list, please contact us at privacy@tacit.now.
Subprocessor name
Processing activity description
Processing location
Company location
Scaleway
Processing activity description
France, Netherlands
France
Audience analytics providers
United States, France
United States
Cloudflare
Content delivery service
United States, France
United States
Framer
Cloud-hosted infrastructure
United States
United States
Brevo
Email and SMS delivery solution provider
France, Germany, Belgium
France
Notion
Customer management service
United States
United States
Proton
Office productivity suite provider
Switzerland
Switzerland
7. International transfers
Processing is carried out in the processing locations of our subprocessors. No other transfers are planned. If a transfer were to take place, appropriate safeguards (Standard Contractual Clauses, BCRs) would be implemented in accordance with the GDPR.
8. Retention periods
Account Data: for the duration of the contractual relationship, then 3 years for marketing/prospecting purposes and 10 years for accounting records.
Technical logs: up to 12 months.
Customer Data: for the duration of the subscription, then deleted within 90 days.
Analytics cookies: according to the duration displayed in the banner (e.g., 13 months).
9. Security
Tacit implements appropriate administrative, technical, and physical security measures to protect your personal data. We will retain your personal data for as long as your account remains active and as necessary to perform our contractual obligations, comply with legal requirements, resolve disputes, and enforce agreements. Retention periods depend on the purpose for which data is collected and any applicable legal obligations.
10. Your rights
In accordance with the GDPR, you have the following rights: access, rectification, erasure, restriction, objection, portability, withdrawal of consent (without retroactive effect), and post-mortem directives. You can exercise your rights by contacting privacy@tacit.now and providing proof of identity. You may also lodge a complaint with the French data protection authority (CNIL) (www.cnil.fr).
11. Minors
The Service is not intended for persons under 18 years of age.
12. Third-party sites
Our website may contain links to third-party websites that we do not control. We are not responsible for their privacy practices. Please review their privacy policies.
13. Changes
We may update this policy for legal, security, or Service evolution reasons. The current version is published on the Website with its last updated date. If material changes are made, we will provide a notification.
14. Contact
For any questions relating to data protection: privacy@tacit.now