Last updated: March 22, 2026
Tempo HQ ("we," "our," or "us") operates the Tempo platform at https://anchor-hq.dev. Tempo is a B2B operations and sales management platform that integrates with your existing tools — Google Workspace, Slack, Jira, HubSpot, Dialpad, and others — to help teams manage implementations, customer success, and sales workflows.
This Privacy Policy explains what information we collect, why we collect it, our legal basis for processing it, how we use and protect it, who we share it with, and what rights you have over it. We have written this policy to reflect exactly how the service works — not as a generic template.
Data controller: For purposes of the EU General Data Protection Regulation (GDPR) and UK GDPR, Tempo HQ is the data controller of personal data collected through the Service. Where you use Tempo to process personal data about your own customers or contacts (for example, sales contacts or client portal invitees), you are the data controller for that data and Tempo HQ acts as your data processor. See Section 14 for information about our Data Processing Agreement.
Tempo uses Google OAuth exclusively — there are no passwords. When you sign in, Google provides us with your name, email address, and profile picture. We store these alongside optional fields you may add: phone number, Slack user ID, Jira email, and preferred avatar settings.
When you connect your Google account, Tempo requests the following OAuth scopes: read your Gmail messages and metadata (gmail.readonly), send email on your behalf (gmail.send), and read and write calendar events (calendar.events). We store a Gmail OAuth refresh token to maintain access between sessions. We cache Google Calendar events in a 14-day rolling window, including event titles, attendee email addresses, meeting links, and start/end times, to power scheduling and briefing features.
Tempo's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Google data only to provide Tempo features you have explicitly authorized. We do not use Google data for advertising, do not transfer it to third parties except as required to operate the service, and do not allow humans to read your Google data unless you have explicitly consented, it is necessary for security purposes, or we are required to do so by law.
When you or your organization connects third-party services, Tempo accesses and stores data from those services as needed to provide features:
Integration credentials (API tokens and OAuth tokens) are encrypted at rest using AES-256-GCM before being stored in our database.
If your organization uses the sales features, Tempo stores information about your prospects and customers that you enter directly or import: names, email addresses, phone numbers, job titles, company names, LinkedIn URLs, notes, and sentiment or influence tags. If you connect Apollo for contact enrichment, additional data may be pulled from Apollo's database, including direct phone numbers, seniority, department, company employee counts, revenue estimates, and technology stack information.
Tempo stores information about your customer implementations: client names, contract values, budgets, project phases, health scores, risk signals, key contacts (names, emails, phone numbers, titles), meeting notes, transcripts, action items, and customer success plans.
If you use Tempo's email sequence or campaign features, we send outbound emails on your behalf through Resend (our transactional email provider) or your connected Gmail account. For emails sent through Resend, we track engagement — specifically whether recipients opened, clicked, replied to, or bounced your messages — using standard techniques (tracking pixels and link rewriting). Engagement records are stored and linked to the recipient contact in your account.
When clients access portals you create in Tempo, we log their email address, IP address, browser user-agent, access method (invite link or password), and session timestamps. Clients may also upload files through portals; these are stored in Vercel Blob storage.
If you sign up for the Tempo waitlist on our marketing site, we store your email address, name, and company name.
We maintain an internal audit log of significant actions taken within the application — such as creating or modifying implementations, changing roles, and connecting integrations. This log records the user email, user ID, IP address, action type, and the before/after values of changed fields. We use this log for security monitoring, debugging, and compliance — not for advertising or behavioral profiling. We do not use third-party analytics tools (such as Google Analytics, Mixpanel, or Segment) and do not place advertising or tracking cookies on your browser.
We use Sentry to capture application errors and performance issues. When an error occurs, Sentry may receive the URL, browser type, and stack trace. We configure Sentry to scrub credentials and tokens from error reports.
If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases as applicable:
Where we process personal data about third parties that you enter into the platform (such as sales contacts or key stakeholders), you are the data controller and are responsible for identifying a lawful basis for that processing.
We use the information we collect to:
We do not use your data to train AI models, build advertising profiles, or sell insights about you or your organization to third parties.
Tempo uses Anthropic's Claude API to power Scout features, including daily briefings, implementation risk scoring, meeting enrichment, RFP answer generation, buyer persona generation, and organizational insights. We also use OpenAI's API for text-to-speech audio in daily briefings.
When you use Scout features, relevant data from your account is sent to these AI providers as part of the prompt — for example, implementation names and status, task lists, deal summaries, meeting transcripts, or company context you have configured. This data is transmitted over TLS (HTTPS).
Per Anthropic's API usage policies, data submitted via the API is not used to train Anthropic's models. Anthropic retains API request data for up to 30 days for trust and safety monitoring, after which it is deleted. OpenAI's API data retention policies apply similarly for TTS requests. We recommend not including sensitive personal information in your organization's company context configuration, as this text is included in AI prompts.
We do not sell your personal information. We share your information only in the following circumstances:
Information you create within Tempo — implementations, tasks, meeting notes, deals, contacts, and similar — is visible to other members of your organization within the platform. Certain items (such as client portals and shared success plans) are also visible to external clients you explicitly share them with.
We use the following third-party service providers that process data on our behalf. Each is bound by appropriate data processing agreements:
When you connect a third-party service (Google, Slack, Jira, HubSpot, Dialpad, etc.), data flows between Tempo and that service as required to power the integration. Your use of those services is governed by their own privacy policies, for which we are not responsible.
We may disclose your information if required by law, regulation, subpoena, court order, or governmental request. We may also disclose information where we reasonably believe disclosure is necessary to prevent fraud, protect the rights or safety of Tempo HQ, our users, or others, or to enforce these policies.
In connection with a merger, acquisition, financing, reorganization, or sale of all or substantially all of our assets, your information may be transferred. We will provide reasonable notice before your information is transferred and becomes subject to a materially different privacy policy.
We implement the following technical and organizational security measures:
If we become aware of a security breach that affects your personal data, we will notify affected users and, where required, the relevant supervisory authority. For users in the EEA or United Kingdom, we will notify the applicable supervisory authority within 72 hours of becoming aware of the breach where feasible and where the breach is likely to result in a risk to your rights and freedoms. We will notify affected individuals without undue delay where the breach is likely to result in a high risk to your rights and freedoms. Notice will be provided by email to the address associated with your account.
No security measures are perfect. We cannot guarantee absolute security of your data. If you discover a security vulnerability, please contact us at support@anchor-hq.dev.
Tempo uses only strictly necessary cookies required to operate the service. We do not use analytics, advertising, or tracking cookies.
next-auth.session-token): A signed JSON Web Token containing your user ID, organization context, and role. Set as httpOnly (inaccessible to JavaScript) and Secure (HTTPS only), expires after 8 hours. This cookie is strictly necessary — the service cannot function without it.localStorage, not a cookie.Because we use only strictly necessary cookies, consent is not required for cookie placement under most privacy regulations (including the EU ePrivacy Directive), though we provide a notice for transparency.
We retain your personal information for as long as it is necessary to provide the Service and for the purposes described in this policy, unless a longer retention period is required by law. Specific retention periods:
To request deletion of your data, contact us at support@anchor-hq.dev. We will respond within 30 days.
If you are located in the European Economic Area or United Kingdom, you have the following rights under the GDPR or UK GDPR:
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
To exercise any of these rights, email us at support@anchor-hq.dev with the subject line "Privacy Rights Request." We will verify your identity before processing the request and respond within 30 days (or within 45 days if an extension is permitted and necessary). We will not charge a fee unless your request is manifestly unfounded or excessive.
Tempo allows you to store information about people who are not users of the service — for example, sales contacts, customer stakeholders, and client portal invitees. If you enter such information, you are the data controller for those individuals and are responsible for:
You should not enter special categories of personal data (health information, financial account numbers, government ID numbers, biometric data, etc.) into Tempo without a clear legal basis and appropriate safeguards.
Tempo is a B2B service intended solely for use by adults in a professional capacity. It is not directed to, and we do not knowingly collect personal information from, children under 16. If we learn that we have inadvertently collected personal information from a child under 16, we will promptly delete it. If you believe we have collected such information, please contact us at support@anchor-hq.dev.
Tempo HQ is based in the United States. Our primary infrastructure — database (Neon on AWS), blob storage (Vercel Blob), and cache (Upstash Redis) — is located in the United States. If you access the Service from outside the United States, your personal data will be transferred to and processed in the US, which may not provide the same level of data protection as your home jurisdiction.
For transfers of personal data from the EEA or United Kingdom to the United States, we rely on the European Commission's Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA), as applicable, or other appropriate transfer mechanisms recognized under the GDPR or UK GDPR. Where our sub-processors process EEA or UK personal data, we ensure they have appropriate transfer mechanisms in place.
You may request a copy of the transfer mechanisms we use by contacting us at support@anchor-hq.dev.
Where Tempo processes personal data on behalf of your organization as a data processor (for example, personal data about your sales contacts, client stakeholders, or portal invitees), we offer a Data Processing Agreement (DPA) that meets the requirements of GDPR Article 28.
To request our DPA, email us at support@anchor-hq.dev with the subject line "DPA Request." Enterprise customers on qualifying plans may have DPA terms included in their service agreement.
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or through an in-app notice prior to the change taking effect. We encourage you to review this policy periodically. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
For questions about this Privacy Policy, to exercise your rights, to request a DPA, or to report a privacy concern, contact us:
Tempo HQ
Email: support@anchor-hq.dev
Website: https://anchor-hq.dev
If you are in the EEA or United Kingdom and have an unresolved privacy concern that we have not addressed satisfactorily, you have the right to contact your local data protection supervisory authority.