How NathanaelTyre.ai handles your data.
A plain-English summary of how I handle client information. The same one-pager attached to every proposal, written so you can hand it to IT, security, or legal and have them say "fine."
Your data stays inside your tools.
I build AI workflows, prompts, agents, and documentation that run inside the tools you already own: Google Workspace, Microsoft 365, Zapier, Claude or ChatGPT, your CRM. I'm not the place your data lives.
Most engagements involve no transfer of customer or employee data out of your environment. I'm building systems your org operates.
When I need to be inside your environment.
Some workflows require me to test or configure inside your environment. When that's needed, access is scoped, time-limited, documented in writing, and revoked at handoff.
In practice that means:
- Access is scoped to the specific workflow being built. Not a blanket admin grant.
- Access is time-limited to the engagement window, with the end date written down before access starts.
- Access is documented in writing: what's accessed, by whom, for how long, and for what purpose.
- Access is revoked at handoff, confirmed in writing.
- I use least-privilege accounts: only the permission needed for the task.
- Credentials never leave your environment and aren't shared with anyone.
If a workflow requires standing access (rare), we discuss it explicitly before scope is locked.
When a written data agreement is required.
A written data agreement is required before work begins on any engagement that touches:
- Customer or employee personal data
- Confidential financial or contract data
- Anything under NDA or an existing data agreement
- Regulated data (typically out of scope, flagged at the qualifier stage)
The agreement covers access, retention, and deletion. I'm happy to use your standard MSA or DPA if you have one. If you don't, I bring a short form to the conversation.
Deletion on request.
You can request deletion of any working copies, drafts, notes, or test data I've held, during or after the engagement. Deletion happens within 7 days, confirmed in writing.
The default at handoff is that no client data leaves with me. That's the safety net for anything held temporarily.
Human approval on anything external.
Any AI workflow I build that publishes, sends, or acts externally is built with a human approval gate by default. AI drafts. A person on your side approves. That's the pattern unless you explicitly request otherwise and we scope the risk together.
I don't build systems that move money or make customer-facing decisions without human review.
What NathanaelTyre.ai will never do with your data.
Stated plainly so it's not buried in clauses elsewhere. NathanaelTyre.ai will never:
- Sell client data to anyone, for any reason.
- Syndicate client data: no shared databases, no industry benchmark feeds, no partner data exchanges.
- Train models on client data. Your data is not training material for any model I build, fine-tune, evaluate, or sell.
- Retain client data past engagement close. The default at handoff is no client data leaves with me; deletion of any working copies follows the timeline above.
If any of these would need to flex for a specific engagement, it would be discussed and written down before scope is locked. The defaults above are the defaults.
What this site measures about your visit.
This site uses Google Analytics 4 (loaded via Google Tag Manager) and Vercel Speed Insights + Web Analytics. Together they count page views, measure page-load speed, and record when visitors click out to the assessment checkout or the booking calendar. GA4 anonymizes IP addresses before storage.
No advertising or retargeting tags are loaded on this site: no Meta Pixel, no LinkedIn Insight Tag, no Google Ads remarketing tag.
None of this is client engagement data. It's marketing-site traffic data, separate from anything inside an engagement, which is governed by the policies above.
To opt out on a device you control: open devtools console on any page and run localStorage.setItem('va-disable', '1'). To opt back in: localStorage.removeItem('va-disable'). The flag blocks GTM/GA4 and the Vercel scripts per-browser-per-device.
If anything needs to flex for your setup.
Raise it before we sign. The goal: hand this page to your IT, security, or legal lead and have them say "fine."