Tellagen

Privacy Policy

Last updated: 27 February 2026

1. Who we are

Tellagen is operated by Rabrat OÜ, a company registered in the Republic of Estonia (registry code 12734598).

Data protection contact: [email protected]

2. Scope

This Privacy Policy applies to the tellagen.com website and the Tellagen SaaS platform (the “Service”). It explains how we collect, use, store, and share personal data when you visit our site or use the Service.

3. Roles and responsibilities

For account, billing, security, and website data, Tellagen acts as a data controller.

For Customer Data (for example incidents, timelines, tasks, resources, shift notes, and integration-linked records), the Customer acts as data controller and Tellagen acts as data processor under the Data Processing Agreement.

4. Data we collect

4.1 Account and workspace data

We collect data needed to create and operate workspaces, including user email, display name, job title, avatar URL, company name, workspace subdomain/domain, and workspace configuration.

4.2 Authentication and security data

We store authentication and security-related data such as password hashes (for password sign-in), OAuth metadata, session data, and security verification state. We also process anti-abuse signals including IP address and request metadata.

4.3 Integration and configuration data

When enabled by a Customer, we process integration configuration and credentials for providers such as Slack, Google Meet, Intercom, PagerDuty, Opsgenie, Rootly, Stripe, Recurly, and customer-defined resolver endpoints.

4.4 Customer Data

Customer Data is processed on behalf of the Customer and may include incidents, timeline events, tasks, workstreams, messages, resources, custom fields, and affected-customer records.

4.5 Usage and diagnostics data

We process operational telemetry such as route/path usage, browser and device information, request timestamps, and service-level diagnostics for reliability and abuse prevention.

4.6 Browser local storage

We use browser local storage for product behavior and user experience (for example UI preferences, consent status, and draft content such as unsent incident updates). This data stays in your browser unless you submit it to the Service.

5. Legal bases for processing (GDPR Art. 6)

  • Performance of a contract — to provide and operate the Service.
  • Legitimate interests — to secure, monitor, and improve the Service.
  • Consent — for optional features that require it, such as analytics cookies and selected integrations.
  • Legal obligation — where processing is required by applicable law.

6. Cookies and similar technologies

We use essential cookies and similar technologies required for core product operation, including login/session continuity and security.

We also offer optional analytics (Umami). Analytics is enabled only after consent and can be changed at any time via .

We may use anti-bot verification (Cloudflare Turnstile) on selected flows to prevent abuse.

7. How we use personal data

  • Provide and maintain the Service.
  • Authenticate users and protect accounts.
  • Deliver product functionality, including Customer-enabled integrations.
  • Send operational communications, including invitations and security notifications.
  • Monitor, troubleshoot, and improve service reliability and product quality.
  • Comply with legal obligations.

8. Data sharing

We do not sell personal data or share it for cross-context behavioral advertising.

We may share personal data with:

  • Sub-processors that help us deliver the Service. See our Sub-processor List.
  • Customer-directed integrations enabled by the Customer.
  • Competent authorities when legally required.
  • Successors in interest in case of merger, acquisition, or asset transfer, with notice where required.

9. International data transfers

We use EU-based infrastructure for core hosting. Some subprocessors or Customer-directed integrations may process personal data outside the EEA. Where required, we apply appropriate safeguards such as Standard Contractual Clauses.

10. Data retention

We retain personal data for as long as needed to provide the Service, meet contractual commitments, and comply with legal obligations. Customer Data deletion and return terms are described in our DPA.

11. Security

We use technical and organizational safeguards including encryption in transit, secure credential handling, access controls, audit logging, and monitoring. No system is completely risk-free, but we continuously review and improve our controls.

12. Your rights

If you are in the EEA/UK (and in similar jurisdictions), you may have rights to access, rectify, erase, restrict, object, and port your personal data, and to withdraw consent where processing is consent-based.

Where Tellagen acts as processor, we will assist the Customer (the controller) in responding to your request.

To exercise rights, contact [email protected].

13. Children

The Service is not intended for children under 18. We do not knowingly process personal data from children.

14. Changes to this policy

We may update this policy from time to time. Material updates will be communicated through the Service or by email where required.

15. Contact

If you have questions about this policy or data protection at Tellagen, contact [email protected].

Rabrat OÜ
Registry code: 12734598
Republic of Estonia

See also our Terms of Service, Data Processing Agreement, and Sub-processor List.