Legal
Privacy Policy
Effective July 12, 2026
1. Information we collect
Information you provide
We may receive your name, business name, email address, telephone number, job title, licensing inquiries, support communications, and information you voluntarily provide when requesting an evaluation, purchasing a license, or contacting us.
Website technical information
Our hosting and network providers may automatically process technical information such as IP address, browser and device type, operating system, referring page, requested URLs, timestamps, security events, and similar server or diagnostic data.
Desktop application data
The desktop application stores fund return data, benchmark data, settings, logos, generated reports, logs, and backups locally on the user’s computer. Tapestry does not automatically receive that locally stored content merely because the application is used.
2. How we use information
- Respond to evaluation, licensing, sales, and support requests.
- Provide, administer, secure, maintain, and improve the website and software.
- Deliver licenses, updates, documentation, and service communications.
- Diagnose technical issues and prevent fraud, misuse, or security incidents.
- Comply with legal obligations and enforce agreements.
3. Local data storage
Tapestry Fund Analytics is designed as a Windows desktop application. Performance data and generated reports are generally stored in folders on the user’s computer rather than uploaded to a Tapestry-hosted analytics portal. Users are responsible for device security, access controls, backups, retention, and secure deletion of local files.
4. OpenAI API and AI commentary
AI commentary is optional. If enabled, the application sends information needed to generate commentary to OpenAI using the API key provided by the user. The API key is stored through the Windows credential-storage mechanism used by the application and is not included in generated reports.
OpenAI independently processes API inputs and outputs under its applicable terms and privacy practices. OpenAI states that API business data is not used to train its models by default and that API inputs and outputs may generally be retained for up to 30 days for service and abuse-monitoring purposes, subject to exceptions and eligible retention controls. Users should review OpenAI’s current enterprise privacy information before enabling AI commentary.
5. Hosting and service providers
Our website may be delivered through Cloudflare and maintained through GitHub. These providers may process technical and operational data on our behalf or under their own terms. Review the current Cloudflare Privacy Policy and GitHub General Privacy Statement.
We may also use professional advisers, email providers, payment providers, and other vendors as reasonably necessary. We do not sell personal information.
6. Cookies and analytics
We do not currently operate a Tapestry advertising-cookie program or behavioral advertising system. Hosting and security providers may use essential cookies or similar technologies for delivery, security, abuse prevention, and diagnostics. If we add analytics, payment, or marketing technologies, we will update this Policy and provide any legally required choices.
7. Disclosure of information
We may disclose information to service providers assisting with business operations; to professional advisers; when required by law or legal process; to protect rights, safety, and security; or in connection with a business transaction.
8. Data retention
We retain business-contact, licensing, support, and transaction records for as long as reasonably necessary for contractual, accounting, security, dispute-resolution, and legal obligations. Local application data remains under the user’s control. Third-party retention is governed by the applicable provider.
9. Security
We use reasonable administrative and technical measures appropriate to the information we handle. No system is completely secure. Users should protect devices, API credentials, local files, and backups and should not email sensitive fund data unless an appropriate secure method has been agreed.
10. Your choices and rights
You may request access to, correction of, or deletion of personal information you have provided, subject to applicable law and legitimate retention requirements. You may opt out of non-essential marketing communications. Depending on your location, additional rights may apply.
11. Children
The website and software are intended for business users and are not directed to children under 13. We do not knowingly collect personal information from children.
12. International use
Information may be processed in the United States and other locations where we or our providers operate. Users are responsible for determining whether use of the software and optional third-party services is appropriate for their jurisdiction and data.
13. Changes to this Policy
We may update this Policy by posting a revised version and effective date. We encourage users to review it periodically.
14. Contact
Privacy questions and requests may be sent to [email protected].
