Legal
Privacy Policy
Last updated June 29, 2026
This policy covers the hosted tela service at telawiki.com. tela
is a markdown-native team wiki with AI-powered features, an MCP server for
agents, and a billing service for paid plans.
Self-hosted deployments. tela is open-source and
self-hostable. If you run your own instance, you are the
data controller — this policy covers only the operator-run service at
telawiki.com.
What we collect
- Account data
- Email address, username, and a hashed (never plaintext) password. Used to authenticate you and to send account emails (verification, password reset).
- Content you create
- Spaces, pages (markdown bodies), comments, attached files, and feedback you submit. This is your wiki content — stored so you and your team can read and edit it.
- Atlas source data
- When you connect a git repository or Jira project to an Atlas project, tela reads that source to generate documentation. This content is processed entirely by our self-hosted language model — it is not sent to any third-party AI provider. See the Atlas section below.
- API keys
- Personal Access Tokens you create are stored hashed. The raw token is shown once on creation and never stored in readable form.
- MCP / agent activity
- When you connect an AI host (e.g. Claude or ChatGPT) via OAuth or a Personal Access Token, it calls tela's tools on your behalf to read, search, create, update, or delete content your account can access. Tool calls run with your account's permissions.
- Operational data
- Standard request metadata (IP address, timestamps, user agent) used for rate-limiting, security, and debugging.
- Analytics
- Page-view and interaction data collected by our self-hosted Umami instance. Umami uses no cookies and anonymizes IP addresses before storing them. No data is sent to third-party analytics services.
We do not collect payment-card data, health records, or government-ID numbers. Do not store such data in tela.
How we use it
- To operate the wiki — store, render, search, and sync your content.
- To authenticate you and authorize MCP tool calls on your behalf.
- To power semantic search and Ask — page text is sent to a self-hosted embedding model on our infrastructure to build search vectors.
- To run Atlas — git and Jira source content is processed by a self-hosted language model on our infrastructure to generate documentation pages.
- To send transactional email (verification, password reset, account notices).
- To process subscription payments through our billing provider.
- To protect the service — rate-limiting, abuse prevention, and debugging.
- To understand aggregate usage patterns via our self-hosted, cookie-free analytics.
We do not sell your data, serve ads, or use your content to train any AI model — including our own.
How Atlas processes your sources
Atlas is tela's AI knowledge-generation feature. You connect a source (a git repository or a Jira project), and Atlas runs an 8-stage pipeline to produce structured documentation pages in your wiki.
Your source content never leaves our servers. The language model that powers Atlas is self-hosted on operator-controlled infrastructure. We do not send your repository content, Jira issues, or any Atlas-processed data to OpenAI, Anthropic, or any other third-party AI service.
Atlas-generated pages are labeled with generator=atlas in their
metadata so you can always identify AI-generated content. You are responsible
for reviewing it before relying on it.
Who we share data with
tela relies on a small set of processors to operate:
- Polar (billing)
- Paid subscriptions are handled by Polar, which acts as our merchant of record. Polar processes payment information and issues invoices. We do not receive or store your card details. Polar's own privacy policy governs how they handle billing data.
- SMTP2GO (transactional email)
- Verification emails, password-reset emails, and account notices are delivered via SMTP2GO. Your email address passes through SMTP2GO for delivery. SMTP2GO does not receive your wiki content.
- WorkOS (MCP OAuth)
- The OAuth 2.1 authorization flow for MCP connections (connecting Claude, ChatGPT, or another AI host) is handled by WorkOS AuthKit. Your email address and authentication events pass through WorkOS to issue access tokens for MCP clients.
- The AI host you connect
- When you connect Claude, ChatGPT, or another MCP client, the content returned by tool calls is sent to that host so the agent can read and use it. Their handling of that content is governed by their own privacy policies.
We may also disclose data where required by law, or to protect the rights, safety, and security of the service and its users.
Data location
The hosted service runs on Hetzner Cloud servers in Helsinki, Finland (EU). Customer data — including the Postgres database, uploaded attachments, and encrypted backups — is stored in the EU and is subject to EU data protection law, including the GDPR. Hetzner Cloud acts as a data processor under the GDPR and operates under EU data protection law.
Self-hosted installations. If you run your own tela instance, you control where your data is stored. We never see or access data from self-hosted deployments.
Retention
- Account and content data is retained while your account is active.
- Deleting a page or space removes it from the live service. Deleting your account removes your account data and content.
- Personal Access Tokens and share links can be revoked at any time and expire when the server's secrets rotate.
- Billing records are retained as required by Polar and applicable financial regulations.
- Operational logs are kept only as long as needed for security and debugging.
- Analytics data (self-hosted Umami, no cookies) is retained on our infrastructure for as long as we operate the service.
Your rights (GDPR and similar)
If you are in the EU, UK, or another jurisdiction with data-subject rights legislation, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — correct inaccurate account information (email, username) in the app at any time.
- Erasure — request deletion of your account. Deleting your account removes your profile and content from the live service. Residual copies in backups are overwritten as backups cycle.
- Portability — export your wiki content at any time as a zip archive of plain markdown files. Note: attachments are not currently included in the zip export. To request an export that includes attachments, email us.
- Object — object to processing where we rely on legitimate interests as a legal basis.
To exercise any of these rights, email tela@telawiki.com.
Your choices
- Content — your content is yours; read, edit, export, or delete it in the app at any time.
- Disconnect agents — revoke an MCP connection from the connected host, or rotate your Personal Access Token, to cut off agent access.
- Delete your account — contact us at tela@telawiki.com to delete your account and associated data.
- Analytics — our self-hosted Umami analytics use no cookies and do not track you across sites. You can block the analytics script in your browser without affecting any functionality.
- Self-host — run your own instance to keep all data on infrastructure you control.
Security
Traffic is served over HTTPS. Passwords are hashed; authentication tokens and share secrets are stored hashed (the raw value lives only in the link or token shown at creation). API keys are hashed. The MCP endpoint authenticates every request. No system is perfectly secure, but we take reasonable measures to protect your data.
Report abuse or DMCA
To report abuse (spam, harassment, illegal content, or misuse of the Service), email tela@telawiki.com with the subject line "Abuse Report". Include the relevant URL and a description of the issue.
To submit a DMCA takedown notice, email tela@telawiki.com with the subject line "DMCA Takedown". Your notice must include your contact information, a description of the copyrighted work you claim was infringed, the URL of the allegedly infringing content, a good-faith belief statement that the use is not authorized, and a declaration under penalty of perjury that the information is accurate and that you are the copyright owner or authorized to act on their behalf.
We aim to respond to valid abuse reports and DMCA notices within 7 business days.
Contact
Questions about this policy or your data? Email tela@telawiki.com. To report a security vulnerability, email tela@telawiki.com privately rather than opening a public issue — we investigate reports in good faith. The source for tela is public at github.com/zcag/tela.
Changes
We may update this policy as the service evolves. Material changes will be reflected by the "last updated" date above.