Tether hosts all customer data in the United States using modern, secure cloud infrastructure. Our application and databases run on Heroku’s U.S.–based platform, which is built on Amazon Web Services (AWS). All media files, uploads, and attachments are stored in encrypted AWS S3 storage within U.S. regions. Backups are encrypted and also stored in U.S. data centers. We maintain a small set of vetted subprocessors all located in the U.S. to support core platform functionality.

Tether protects customer data using industry-standard encryption across every layer of the platform. All data transmitted between users and our services is encrypted in transit using TLS 1.2+ (HTTPS). Data stored within our systems including databases, backups, and file storage is encrypted at rest with strong encryption such as AES-256. Sensitive keys and credentials are stored in secure secret-management systems with strict access control, and access is limited only to essential personnel and services. Encrypted backups are performed regularly to support business continuity and disaster recovery.

Yes, we use carefully vetted third-party subprocessors (such as AWS, Heroku, Stripe, and other essential service providers) to support core platform functionality. All subprocessors must meet or exceed Tether's security and confidentiality standards.

Tether is intended for users 13 years of age and older. Children under the age of 13 are not permitted to create an account on the platform. Users between the ages of 13 and 18 may create an account only with the permission of a parent or legal guardian; Tether does not independently verify that such consent has been obtained, and responsibility for compliance rests with the user and their parent or guardian. Users under the age of 18 are not permitted to purchase any content, subscriptions, or paid features on the platform. Tether takes age-related privacy and safety obligations seriously and operates in alignment with applicable child privacy laws, including the U.S. Children’s Online Privacy Protection Act (COPPA).

Tether collects limited personal information necessary to securely operate the platform and verify user eligibility. Required information includes Email Address, Phone Number, First Name, Last Name and Birth Year.

Tether permits primarily text-based user-generated content. Users may upload a single profile picture for their account; however, the upload or sharing of images, videos, audio, or other media files within posts, comments, or groups is strictly prohibited. Profile pictures are used solely for identification within the platform and are not surfaced publicly. All user posts and comments are created only within private, administrator-moderated groups. No content is publicly visible, and all activity occurs within a controlled environment managed by the organization.

Yes. Tether applies basic text moderation at the time content is submitted to help prevent explicit or abusive language from being shared.

No. All users posts and comments can only be created within private, administrator-moderated groups. No user can message another user privately.

Tether does not use AI models, does not rely on large-language-model providers, and does not send customer data to any AI system for training or processing.

- No AI features are used within the product.
- No customer data is ever used to train machine learning models.
- We do not enable AI-based automation or content generation.
- We do not send content to external AI providers.

Tether’s platform is fully human-authored and strictly avoids AI data processing unless explicitly added in the future with updated terms and customer consent.

Tether is a U.S.–based platform that serves U.S. and Canadian organizations and end users. This geographic restriction helps us maintain compliance with data protection regulations, ensure optimal service quality, and protect our platform and users from potential security threats. At this time, we do not actively market to, onboard, or process data for individuals located in the European Union or the United Kingdom. Because of this, the GDPR does not apply to our services in the ordinary course of business.

All payment processing in Tether is handled by Stripe, our secure PCI Level 1 certified payment provider. When someone enters their card details on our platform, that information is sent directly to Stripe - it's never stored, collected, or processed by Tether. Because of this, Tether is considered out of scope for PCI DSS compliance.

Tether is not currently SOC 2 certified. However, we operate with security, availability, and confidentiality controls aligned with SOC 2 principles and industry best practices. We are actively planning to pursue SOC 2 certification in 2026 as part of our continued investment in enterprise-grade security and compliance.

Every team member signs a confidentiality agreement on their first day. We enforce least-privilege access controls and conduct quarterly access reviews to ensure only authorized personnel can access customer data. All team members use strong password policies and two-factor authentication (2FA) wherever applicable.

We do not send marketing emails to an organization's members on behalf of a customer. We only send transactional emails (i.e. notifications and community invitations) to an organization's members (e.g. invitations and notifications). Members can change their notifications settings at anytime.

We recommend checking out our Status Page (https://status.tether.site/). This will give you the ability to subscribe for updates, view uptimes, be informed of any outages, and view historical data.