Privacy Policy
Last updated: 23 June 2026
1. Introduction
Tailwind ("we", "our", "the Service") is a business development automation platform operated by Tailwind Growth Holdings Pty Ltd (ABN 58 696 056 112) ("Tailwind Growth"). The Service is available at buddy.tailwindgrowth.ai.
This Privacy Policy explains how we collect, use and store your information and your workspace data (Google Workspace or Microsoft 365) when you use Tailwind.
2. Information We Collect
2.1 Account Information
When you sign up, we collect your email address and password (hashed, never stored in plaintext).
2.2 Tenant & Business Information
We collect your company name, booking URL, and settings you configure within the Service.
2.3 Lead & Client Data
You enter information about your business leads and clients, including names, email addresses, phone numbers, company names, and notes. This data is provided by you and stored on your behalf.
2.4 Google Workspace Data
When you connect your Google Workspace account, Tailwind accesses the following data via Google APIs with your explicit consent:
- Gmail (send): We send emails on your behalf to your leads and clients (e.g. first contact emails, meeting briefs, proposal emails, onboarding emails). We do not read or store the content of emails other than as described in this policy.
- Gmail (read-only):We read emails in your "New Lead" Gmail label to automatically create leads in your pipeline. We only access emails with this specific label. We store the sender name, email, subject, and message ID for deduplication purposes.
- Google Calendar: We read your calendar events to sync discovery call meetings with your leads. We create calendar events when you schedule discovery calls. We only access events related to leads managed in Tailwind.
- Google Drive:We access your "Meet Recordings" folder to automatically import Google Meet transcriptions for discovery calls. We also share proposal and agreement documents with your leads by granting them viewer access. We do not access, read, or modify any other files in your Drive.
2.5 Microsoft 365 Data
When you connect your Microsoft 365 account, Tailwind accesses the following data via Microsoft Graph API with your explicit consent:
- Outlook (send): We send emails on your behalf to your leads and clients (e.g. first contact emails, meeting briefs, proposal emails, onboarding emails). We do not read or store the content of emails other than as described in this policy.
- Outlook (read):We read emails in your designated "New Lead" Outlook folder to automatically create leads in your pipeline. We also scan email threads related to your leads for AI-powered summaries. We store the sender name, email, subject, and conversation ID for deduplication purposes.
- Microsoft Calendar: We read your calendar events to sync discovery call meetings with your leads. We create calendar events when you schedule discovery calls. We only access events related to leads managed in Tailwind.
- OneDrive:We access your "Recordings" folder to automatically import Microsoft Teams transcriptions for discovery calls. We also share proposal and agreement documents with your leads by creating sharing links. We do not access, read, or modify any other files in your OneDrive.
3. How We Use Your Information
We use your information solely to:
- Provide and operate the Tailwind service
- Automate your sales and client pipeline (email sending, calendar syncing, lead management)
- Import and process Google Meet transcriptions for your scheduled calls
- Share your proposal/agreement documents with your leads
- Send you system notifications and support responses
- Monitor service health and security (audit logging)
We do not use your data for advertising or marketing to third parties.
4. Google API Services — Limited Use Disclosure
Tailwind's use and transfer of information received from Google APIs is designed to adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- We only use Google data to provide the features described in this policy.
- We do not transfer Google user data to third parties except as necessary to operate the Service (e.g. our hosting and database providers).
- We do not use Google user data for serving advertisements.
- We do not allow humans to read your Google data unless you give us explicit permission for support purposes, it is required for security purposes, or it is required by law.
5. Data Storage & Security
- Database: All data is stored in Supabase (hosted on AWS infrastructure) and encrypted at rest.
- OAuth tokens: Google and Microsoft OAuth tokens are additionally encrypted before storage using industry-standard AES-256-GCM encryption. You can disconnect your workspace and revoke access at any time from Settings.
- Passwords: Securely hashed — we never store or have access to plaintext passwords.
- Tenant isolation:All data is isolated per tenant using PostgreSQL Row Level Security (RLS). No tenant can access another tenant's data.
- Transport: All connections are encrypted with TLS (HTTPS). HSTS is enforced.
- Security headers: Content Security Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy are enforced on all pages.
- Rate limiting: All public endpoints and authentication routes are rate-limited to prevent abuse.
6. Data Sharing
We do not sell, rent, or share your information or workspace data with third parties, except:
- Infrastructure providers: Supabase (database), Railway (hosting), Google Cloud (APIs), and Microsoft Azure (APIs) process data as part of operating the Service. These providers have their own privacy policies and security certifications.
- Legal requirements: We may disclose data if required by law, regulation, or legal process.
7. Data Retention & Deletion
We retain your data for as long as your account is active. If you wish to delete your account and all associated data, contact us at support@tailwindgrowth.ai. We will delete your data within 30 days of your request, except where retention is required by law.
You can disconnect your workspace (Google Workspace or Microsoft 365) at any time from the Settings page. This revokes Tailwind's access to your workspace data and deletes your stored OAuth tokens.
8. Your Rights
You have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data (you can edit your data as part of the Service)
- Request deletion of your data
- Disconnect your workspace (Google Workspace or Microsoft 365) and revoke API access at any time
- Export your data by contacting us
To exercise any of these rights, email support@tailwindgrowth.ai.
9. Cookies
Tailwind uses essential cookies only for authentication session management (Supabase Auth). We do not use tracking cookies, analytics cookies or third-party advertising cookies.
10. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes that affect how we handle your data, we will provide at least 14 days' notice via email before the changes take effect. Your continued use of the Service after that period constitutes acceptance of the updated policy. If you do not agree with the changes, you may close your account. The "Last updated" date at the top reflects the most recent revision.
11. Contact
If you have questions about this Privacy Policy or your data, contact us at:
Tailwind Growth Holdings Pty Ltd
Email: support@tailwindgrowth.ai
Website: buddy.tailwindgrowth.ai