Tidyflow Tidyflow Logo

AI Terms of Use

Last updated April 8, 2026

1. Introduction and Scope

These AI Terms of Use (“AI Terms”) govern your use of artificial intelligence features within the Tidyflow platform (“AI Features”). These AI Terms supplement and form part of the Tidyflow Terms of Service and Privacy Policy. In the event of conflict between these AI Terms and the Terms of Service, these AI Terms shall control with respect to AI Features.

By enabling or using any AI Feature, you acknowledge that you have read, understood, and agree to be bound by these AI Terms.

If you use Tidyflow on behalf of a firm or organisation, you represent that you have the authority to bind that entity to these AI Terms, including the authority to consent to the processing of data through AI Features as described herein.

2. What AI Features Do

Tidyflow’s AI Features currently include, and may in the future expand to include:

  • Email and content summarisation (such as summarising email threads, client communications, and documents)
  • Workflow assistance (such as querying jobs, clients, and invoices through a conversational assistant)
  • Content generation (such as drafting client communications, engagement letters, and task descriptions)
  • Data analysis and insights (such as identifying workflow patterns, surfacing recommendations, and summarising activity)
  • Automation (such as categorising jobs, suggesting task assignments, and streamlining workflows)

The specific AI Features available to you will depend on your subscription plan and the features enabled for your workspace. Tidyflow may add new AI Features over time — where a new feature involves materially different data processing, Tidyflow will update these AI Terms and notify you accordingly.

AI Features are designed to assist you and your team. They do not replace professional judgement.

Tidyflow may modify, suspend, or discontinue any AI Feature at any time, with or without notice. Where practicable, Tidyflow will provide reasonable advance notice of material changes or discontinuation. Discontinuation of AI Features will not affect your access to the core Tidyflow platform or your existing Customer Data.

3. Third-Party AI Provider

Tidyflow uses OpenAI as its third-party AI sub-processor. When you use AI Features, certain data is transmitted to OpenAI’s API for processing.

OpenAI is listed as a sub-processor on our Sub-processors page. Tidyflow maintains a Data Processing Agreement with OpenAI that includes contractual commitments regarding data use, security, and confidentiality.

OpenAI’s infrastructure is located in the United States. If you are located outside the United States, your use of AI Features involves the transfer of data to the United States. Tidyflow relies on appropriate transfer mechanisms as described in our Data Processing Addendum.

Changes to AI provider. Tidyflow may add, replace, or remove AI sub-processors to improve the quality, performance, or security of AI Features. Any change to our AI sub-processors will be reflected on our Sub-processors page. Tidyflow will provide at least 30 days’ prior notice of any change to the primary AI sub-processor via email or in-product notification. If you object to a new AI sub-processor, you may disable AI Features before the change takes effect.

4. How Your Data Is Handled

Processing only. When you use AI Features, Tidyflow sends data to OpenAI solely for the purpose of generating a response. Data is processed in real time and is not stored by OpenAI after the response is returned.

No model training. Your data is not used to train, fine-tune, or improve OpenAI’s models or any other third-party model. Tidyflow’s agreement with OpenAI contractually prohibits the use of customer data for model training.

Data minimisation. Tidyflow applies data minimisation practices before transmitting data to the AI provider. Personal identifiers — including email addresses, phone numbers, payment card numbers, national identification numbers, and similar sensitive patterns — are pseudonymised via tokenisation before data leaves the Tidyflow platform. Tokenised placeholders (for example, [EMAIL_001]) are used in place of real values when the request is sent to the AI provider. Any placeholders returned in the AI response are rehydrated with the original values within Tidyflow before being presented to you. The raw identifiable values are never transmitted to or stored by the AI provider.

No persistent storage by the AI provider. OpenAI does not retain your inputs or outputs beyond the duration of the API request, except as described below.

Abuse monitoring. OpenAI may temporarily retain API inputs and outputs for a limited period (typically up to 30 days) solely for the purpose of monitoring for and preventing abuse of its services. This retention is performed by OpenAI, not Tidyflow, and is governed by OpenAI’s data usage policies. Authorised OpenAI personnel may review flagged data where OpenAI’s automated systems detect potential abuse. Retained data is automatically deleted after the monitoring period expires.

5. What Data May Be Processed

Depending on the AI Feature you use, the following categories of data may be transmitted to the AI provider:

  • Email thread content (body text and sender display names, stripped of HTML formatting and attachments) — used by the email summarisation feature. This may include email data from connected third-party email accounts (Gmail, Microsoft 365) where you have enabled both Email Integration and AI Features
  • Workflow and task descriptions
  • Job names, categories, and status information
  • Template content and automation rules
  • Business metrics and aggregated analytics data
  • Client names and contact details (where relevant to the feature and where you have an appropriate lawful basis to process such data)
  • Document content submitted by you for AI processing (such as text for summarisation or drafting)

The following categories of data are never transmitted to the AI provider in identifiable form. Where these values appear in content processed by AI Features, they are pseudonymised via tokenisation (as described in Section 4) and the raw values are not sent:

  • Email addresses
  • Phone numbers
  • Payment card numbers and bank account details
  • National identification numbers (such as SSNs, SA ID numbers, or equivalent)
  • IBAN and bank reference numbers

Additionally, the following categories of data are excluded from AI processing entirely:

  • Passwords or authentication credentials
  • Raw financial records, tax returns, or full accounting ledgers

5A. Email Data from Connected Mailboxes

Where you have enabled both Email Integration (connecting a Gmail or Microsoft Outlook/Microsoft 365 account) and AI Features, email data from your connected mailbox may be processed through AI Features such as email summarisation and draft generation. This processing is subject to the same data minimisation, pseudonymisation, and security measures described in these AI Terms.

Google user data. Where email data originates from a connected Gmail account, Tidyflow’s transfer of that data to the AI provider is performed solely to provide AI functionality you have requested and consented to, and is consistent with the Google API Services User Data Policy, including the Limited Use requirements. Google user data processed through AI Features is not used to train, fine-tune, or improve AI models; is not used for advertising or any advertising-related purpose; and is not sold, rented, or transferred to third parties except as necessary to deliver the AI functionality you requested.

Separate controls. You may enable or disable Email Integration and AI Features independently. Disabling AI Features will stop AI processing of all email data (including data from connected mailboxes) without affecting the email sync functionality. Disabling Email Integration will stop syncing from the relevant mailbox without affecting AI Features for other data within the Service.

Opt-in. AI Features are not enabled by default. An account owner or administrator must affirmatively enable AI Features for a workspace and accept these AI Terms on behalf of the entire workspace. By doing so, the owner or administrator represents that they have the authority to bind their organisation to these AI Terms. Individual team members who subsequently use AI Features within that workspace are covered by the workspace-level acceptance.

Withdrawal of consent. You may disable AI Features at any time through your account settings. Disabling AI Features will not affect your access to the core Tidyflow platform. Previously generated AI outputs that have been saved within the Service (such as drafted text you accepted) will remain in your account unless you delete them.

Granular controls. Where available, Tidyflow provides controls that allow you to choose which AI Features are active, and to manage which team members in your organisation can use AI Features.

Consent on behalf of clients. If you submit data relating to your clients through AI Features, you represent and warrant that you have obtained any necessary consents or have an appropriate lawful basis to process such data through AI Features. You are responsible for informing your clients that their data may be processed using AI, to the extent required by applicable law.

7. Accuracy and Limitations

AI outputs are not guaranteed to be accurate. AI Features generate outputs based on statistical patterns. Outputs may contain errors, omissions, inaccuracies, or fabricated information. You must review all AI-generated outputs before relying on them or sharing them with clients.

No professional advice. AI-generated outputs do not constitute accounting, tax, legal, financial, or other professional advice. AI Features are tools to assist your professional workflow — they are not a substitute for your professional judgement, qualifications, or obligations.

No automated decisions. AI Features do not make autonomous decisions that produce legal effects or similarly significant effects concerning any individual. All AI outputs are presented as suggestions for your review. You retain full control over whether to accept, modify, or reject any AI-generated output.

Variability. AI outputs may vary between requests, even when the same or similar inputs are provided. Tidyflow does not guarantee consistency or reproducibility of AI-generated content.

8. Prohibited Uses

You agree not to use AI Features to:

  • Generate content that is unlawful, fraudulent, deceptive, or misleading
  • Process data in violation of applicable data protection laws or your obligations to your clients
  • Submit data categories that Tidyflow has designated as prohibited (see Section 5)
  • Circumvent data minimisation or redaction measures implemented by Tidyflow
  • Generate content that infringes the intellectual property rights of any third party
  • Rely on AI outputs as the sole basis for decisions with legal or financial consequences for any individual

Your use of AI Features must comply with all applicable export control and sanctions laws, including the United States Export Administration Regulations and any applicable trade restrictions in your jurisdiction.

Violation of this section may result in suspension or termination of your access to AI Features.

9. Intellectual Property

Your inputs. You retain all rights in data and content you submit to AI Features.

AI outputs. To the extent permitted by applicable law, AI-generated outputs are treated as part of your Customer Data under the Terms of Service. Tidyflow does not claim ownership of AI-generated outputs.

No guarantee of originality. AI outputs are generated from a general-purpose model and may produce content similar to outputs generated for other users. Tidyflow does not guarantee that AI outputs are original or free from similarity to other content.

Third-party claims. You are solely responsible for evaluating AI outputs and for responding to any third-party claims arising from your use of AI-generated content, including but not limited to claims of copyright infringement, defamation, or misappropriation. Tidyflow is not liable for third-party claims relating to AI outputs that you choose to use, publish, or distribute.

Tidyflow’s rights. Tidyflow retains all rights in the AI Features themselves, including the design, implementation, prompts, and configurations used to deliver AI functionality.

10. Liability

Limitation. To the maximum extent permitted by law, Tidyflow shall not be liable for any loss, damage, or harm arising from your use of or reliance on AI-generated outputs, including but not limited to errors, inaccuracies, or omissions in such outputs.

Your responsibility. You are solely responsible for reviewing, verifying, and validating all AI-generated outputs before use. You assume all risk associated with the use of AI outputs in your professional practice.

Alignment with Terms of Service. The limitation of liability provisions in the Terms of Service apply to AI Features. In no event shall Tidyflow’s total aggregate liability for claims arising from AI Features exceed the amounts set out in Section 11 of the Terms of Service.

11. Data Protection and Compliance

Lawful basis. Tidyflow processes data through AI Features on the basis of your explicit consent (provided when you opt in to AI Features) and as necessary to perform the Service in accordance with your instructions.

Data subject rights. Individuals whose personal data is processed through AI Features retain their rights under applicable data protection laws, including rights of access, rectification, erasure, restriction, portability, and objection. Requests should be directed in accordance with our Privacy Policy.

Data protection assessment. Tidyflow has assessed the data protection implications of AI Features, including the categories of personal data involved, the use of a third-party sub-processor, the data minimisation and pseudonymisation measures in place, and the risks to individuals whose data may be processed. Tidyflow is committed to maintaining and updating this assessment as AI Features evolve and as applicable regulatory guidance develops, including in accordance with GDPR Article 35 where a formal Data Protection Impact Assessment is required.

Sub-processor obligations. OpenAI’s role as a sub-processor is governed by the Data Processing Addendum. Tidyflow remains responsible for ensuring that its sub-processors comply with applicable data protection obligations.

12. Security and Audit

Security measures. Tidyflow implements technical safeguards for AI Features, including encryption in transit (TLS 1.2 or higher) for all communications with the AI provider, secure management of API credentials, and rate limiting to prevent anomalous data transmission.

Incident response. In the event of a security incident involving the AI provider that affects your data, Tidyflow will notify you in accordance with the timelines and procedures set out in the Data Processing Addendum and applicable data protection laws.

Audit logging. Tidyflow maintains logs of AI Feature usage to support accountability and compliance obligations. Logs record the type of request, the timestamp, the user who initiated the request, and the outcome. No AI input or output content is retained in audit logs.

13. Regulatory Compliance

Tidyflow monitors evolving regulatory requirements related to AI, including but not limited to the EU AI Act, GDPR, UK GDPR, POPIA, and CCPA/CPRA.

Where AI Features fall within the scope of the EU AI Act or other AI-specific legislation, Tidyflow will maintain the documentation, transparency measures, and oversight mechanisms required by applicable law.

Tidyflow will notify customers of material changes to AI Features that affect their regulatory obligations, including changes to the AI provider, data processing practices, or the risk classification of AI Features.

14. Changes to These AI Terms

We may update these AI Terms from time to time to reflect changes in AI Features, applicable law, or our practices.

Material changes will be communicated to you via email or in-product notification at least 30 days before they take effect. Continued use of AI Features after the effective date of updated AI Terms constitutes acceptance of the revised terms.

If you do not agree to updated AI Terms, you may disable AI Features at any time.

15. Contact

For questions about these AI Terms or the operation of AI Features, please contact us at [email protected].