Effective date: August 23, 2025
Last updated: August 23, 2025
This Privacy Policy explains how PI & Other Tales, Inc. (“PI & Other Tales”, “we”, “us”, or “our”) collects, uses, discloses, and protects personal information when you interact with our websites, apps, products, and services that link to this Policy (collectively, the “Services”). It also describes your rights and choices.
Read this together with our Cookie Policy, Data Protection Statement, and (if you are a business customer) our Data Processing Addendum (DPA).
1) Who we are & contact
PI & Other Tales, Inc.
8 The Green Ste. A, Dover, DE 19901, United States
Email: hello@othertales.co · Phone: +1 (302) 405-8005
EU/UK GDPR Representative (Article 27):
David James Lennon, Adventures of the Persistently Impaired (and Other Tales) Limited,
85 Great Portland Street, London W1W 7LT, United Kingdom
Email: david@othertales.co · Tel: +44 207 870 2490
2) Scope & roles
This Policy applies to personal information we process in connection with the Services. Depending on context, we may act as:
- Controller/Business (e.g., website operations, accounts, support, billing, marketing); and/or
- Processor/Service Provider (for data our business customers submit). Where we act as processor, we process data only on customers’ documented instructions under the DPA.
3) Information we collect
The information we collect depends on how you use the Services. It may include:
- Identifiers & contact — name, username, email, postal address, phone.
- Account & profile — organization, role/title, authentication data, user IDs, preferences.
- Commercial & payment — purchase history, invoices, subscription details; payment card data is handled by our payment processor and we receive tokenized references.
- Internet/technical — IP address, device identifiers, cookie/SDK IDs, browser/app version, language/locale, log files, diagnostics/crash data.
- Usage data — pages viewed, features used, clicks, session metadata, timestamps, referrers.
- Approximate location — inferred from IP or device settings if enabled.
- Communications & support — emails, messages, call recordings where allowed/with notice, tickets, attachments, survey responses and feedback.
- Content you provide — files, text, images, or other content uploaded or generated through the Services.
- Marketing preferences — subscriptions, consent states, opt-out choices.
- Job applicant data — CV/resume, work history, qualifications, references, interview notes (if you apply for a role).
- Sensitive personal information — We do not intentionally collect sensitive personal data (e.g., precise geolocation, health, biometric templates, union membership) unless necessary for a feature and permitted by law or provided by you. If our customers choose to process such data in our Services, they are responsible for a lawful basis and appropriate safeguards; we process it only under their instructions.
Sources: directly from you; your organization/administrator; automatically via our Services and cookies/SDKs; third-party integrations you connect; our service providers; and publicly available sources.
4) How we use personal information (legal bases where applicable)
- Provide & operate the Services — create/manage accounts, authenticate users, deliver features, provide support. (Contract; Legitimate interests)
- Secure & maintain — monitor and prevent fraud/abuse/security incidents; debug and fix errors; ensure integrity and availability. (Legitimate interests; Legal obligations)
- Billing & transactions — process payments, manage subscriptions, detect payment fraud, perform accounting and tax reporting. (Contract; Legal obligations)
- Improve & develop — measure performance, analyze usage, research and develop new features, conduct A/B tests. (Legitimate interests; Consent where required for analytics cookies/SDKs)
- Communicate — service notifications, transactional emails, surveys; and, with your preferences, marketing communications. (Contract; Consent/Legitimate interests for marketing)
- Comply with law & enforce terms — record-keeping, responding to lawful requests, resolving disputes, enforcing agreements, protecting rights. (Legal obligations; Legitimate interests)
You may withdraw consent at any time without affecting prior processing.
5) Notice at Collection (U.S. state laws)
Summary of categories we may collect, purposes, typical retention, whether we sell or share (as defined by law), and typical business purpose disclosures:
| Category (examples) | Purposes | Typical retention | Sold/Shared for targeted ads? | Disclosed for business purposes to |
|---|---|---|---|---|
| Identifiers (name, email, IP, device IDs) | Provide, secure, communicate, billing, marketing (with preferences) | Account life + up to 7 years for records; logs shorter | May share pseudonymous identifiers for targeted ads/measurement (opt-out available) | Hosting, analytics, security, support, payments |
| Customer records (billing, purchase history) | Billing, fraud prevention, customer support | Statutory periods (typically 7 years) | No sale/share | Payment processors, accounting tools |
| Commercial info (transactions) | Billing, accounting, support | Statutory periods | No sale/share | Payment processors, auditors |
| Internet/activity (usage, logs, pages viewed) | Operate, secure, analytics, improve | Up to 24 months for analytics; security logs shorter | May share pseudonymous data for ads/measurement (opt-out available) | Analytics, security, A/B testing, performance monitoring |
| Geolocation (coarse) | Localization, security | Up to 24 months | No sale/share | Security, analytics |
| Inferences (preferences/interests) | Personalization, marketing (with preferences) | Up to 24 months | May share (opt-out available) | Analytics/marketing partners |
| Audio/visual (support recordings, if any) | Support quality, compliance | Up to 24 months unless needed longer | No sale/share | Support platforms, quality tools |
| Sensitive personal info (if provided) | Only as necessary/permitted by law | As short as possible; limited access | No sale/share; not used to infer | Critical service providers |
Opt-out of sale/share & targeted advertising: Use the “Do Not Sell or Share My Personal Information” link and adjust Cookie Preferences. We also honor Global Privacy Control (GPC) signals for browser-based opt-outs where required. We do not knowingly sell personal information of consumers under 16.
6) Cookies, SDKs, and tracking
We use cookies, web beacons, local storage, and SDKs to operate the Services, remember preferences, analyze usage, and (with consent where required) personalize and measure ads. See our Cookie Policy for details and controls. Manage choices via the cookie banner/settings, your browser/device, and GPC signals. We do not respond to legacy “Do Not Track” (DNT).
7) How we disclose information
We may disclose personal information to:
- Service providers/processors — hosting, storage, analytics, payment processing, communications, security/fraud prevention, customer support, professional advisors.
- Third-party integrations you enable — when you connect external services, data flows per your settings and their policies.
- Business transfers — in connection with a merger, acquisition, financing, or sale of assets.
- Legal & safety — to comply with law/lawful requests, or to protect rights, safety, and property.
We require service providers to protect personal information and use it only as instructed.
8) International transfers
We are based in the United States and may transfer personal information to countries that may not provide the same level of protection as your home country. Where required, we use safeguards (e.g., EU Standard Contractual Clauses and related UK/Swiss addenda). For UK/EEA users, we conduct transfer impact assessments as appropriate.
EU/UK GDPR Representative (Article 27): David James Lennon — david@othertales.co, +44 207 870 2490.
9) Retention
We retain personal information only as long as necessary for the purposes described above, including to comply with legal, accounting, or reporting obligations, resolve disputes, and enforce agreements. Retention depends on the data type and context; we delete or anonymize data when no longer needed. See our public Data Retention & Deletion Schedule for typical timeframes.
10) Security
We implement administrative, technical, and physical safeguards designed to protect personal information, including access controls, encryption in transit/at rest where appropriate, secure software development practices, monitoring, and employee training. No system is 100% secure. If we learn of a breach affecting your personal information, we will notify you and regulators as required.
11) Your rights & choices
Contact hello@othertales.co or +1 (302) 405-8005. We may request information to verify your identity and, if applicable, your authority as an agent.
EEA/UK (GDPR): rights to access, rectify, erase, restrict, object, data portability, and withdraw consent at any time (without affecting prior processing). You can lodge a complaint with your local supervisory authority (e.g., ICO in the UK).
U.S. states (e.g., CA, CO, CT, UT, VA and others): subject to law and exceptions, rights to know/access, delete, correct, portability, and opt out of: (i) targeted advertising; (ii) sale or sharing of personal information; and (iii) certain profiling. If we use or disclose sensitive personal information, you may have the right to limit such use. We will not discriminate against you for exercising your rights. If we deny a request, you may appeal by replying to our response.
Marketing choices: unsubscribe using links in emails; manage cookie-based advertising via Cookie Preferences; we honor GPC where required.
12) Children’s privacy
Our Services are not directed to children, and we do not knowingly collect personal information from children. If you believe a child has provided personal information, please contact us so we can take appropriate action. Where parental consent is required by local law, we will seek it before processing any child data.
13) Automated decision-making & profiling
We do not engage in solely automated decision-making that produces legal or similarly significant effects without human review, unless permitted by law and with appropriate notice.
14) De-identified & aggregated data
We may create and use de-identified or aggregated data for research, analytics, and improving the Services. We maintain safeguards to prevent re-identification and will not attempt to re-identify such data, except as permitted by law to test our safeguards.
15) Third-party sites and services
The Services may contain links to third-party sites, apps, or services. Their privacy practices are governed by their own policies. We are not responsible for their content or practices.
16) Changes to this Policy
We may update this Policy to reflect changes to our practices, technologies, or legal requirements. If changes are material, we will provide prominent notice (e.g., within the Services, by banner, or email where appropriate). The Last updated date above indicates the most recent revision.
17) How to contact us
PI & Other Tales, Inc.
8 The Green Ste. A, Dover, DE 19901, United States
Email: hello@othertales.co · Phone: +1 (302) 405-8005
EU/UK GDPR Representative (Article 27):
David James Lennon — david@othertales.co — +44 207 870 2490