Privacy Notice
Till is a DBH Ventures product operated by David Hurley. This notice describes the data handled by the hosted Till service at till.ac and api.till.ac.
Till is in an early customer beta. It does not currently provide self-service account deletion or a verified public support mailbox. Use the contact method supplied during onboarding for privacy requests, and never include API keys or scoped tokens in a message.
Data we collect
- Account and billing data: email address, plan, account status, Stripe customer and subscription identifiers, and checkout state. Stripe collects payment details directly; Till does not receive full card numbers.
- Scoped-key configuration: provider, limits, counters, status, timestamps, optional expiry, IP allowlists, and metadata you supply, such as a key name.
- Credentials: admin keys and scoped lookup values are stored as hashes. Upstream provider credentials are encrypted into scoped tokens and are not stored in the Till database. Till decrypts them in service memory to forward authorized requests.
- Usage and operations: activation counts, provider-reported token counts, estimated spend, health information, request identifiers, and server/security logs that may include IP address, route, user agent, timing, and error details.
What we do not intentionally persist
Till does not intentionally write proxied prompt or response bodies to its application database. Requests and responses pass through the running proxy and the selected upstream provider. Avoid putting secrets or regulated data in prompts unless your use of Till and the provider has been separately reviewed.
Why we use data
We use data to provide and secure the service, enforce account and key limits, calculate usage, administer subscriptions, troubleshoot incidents, prevent abuse, communicate with beta customers, and meet legal obligations. Where applicable, processing is based on providing the service, legitimate operational and security interests, consent, or legal requirements.
Sharing and subprocessors
We disclose data only as needed to operate the service, comply with law, or protect users and the service. Current infrastructure and service providers are listed on the subprocessor page. Each upstream AI provider you select processes proxied content under your agreement with that provider.
Retention
Account, key metadata, usage counters, and billing references are currently retained for the life of the account and afterward when reasonably needed for security, billing, dispute resolution, backup integrity, or legal obligations. Operational logs and backups are retained according to infrastructure settings. Till does not yet promise a fixed deletion schedule. We will update this notice before making a shorter or more specific commitment.
Your choices
You can revoke scoped keys, change metadata and allowlists, cancel a paid subscription through the billing portal when available, and request access, correction, or deletion through your onboarding contact. Some records may be retained where legally or operationally necessary. Browser “do not track” signals are not currently interpreted.
International processing and children
The service is operated from the United States and is intended for business and developer use, not for children under 13. Do not use Till to intentionally collect children’s data.
Changes
Material changes will be reflected by the date above and, where practical, communicated to active beta customers.