Privacy Policy

Effective Date: October 28, 2025 | Last Updated: October 28, 2025

Table of Contents

  1. Introduction and Scope
  2. Information We Collect
  3. How We Use Your Information
  4. Legal Basis for Processing
  5. Cookie Policy
  6. How We Share Your Information
  7. International Data Transfers
  8. Data Retention
  9. Your Privacy Rights
  10. GDPR Compliance
  11. CCPA/CPRA Compliance
  12. Children's Privacy
  13. Data Security
  14. AI and Automated Decision-Making
  15. Data Breach Notification
  16. Changes to This Policy
  17. Contact Information

1. Introduction and Scope

TNID Internal Operations ("TNID," "we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our internal business management platform ("Service").

Scope: This policy applies to all users of the TNID Internal Operations platform, including employees, contractors, and authorized business partners. This is an internal business platform and is not intended for consumer use.

Legal Compliance: We comply with applicable data protection laws including:

  • General Data Protection Regulation (GDPR) - European Union
  • UK General Data Protection Regulation (UK GDPR)
  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • Children's Online Privacy Protection Act (COPPA)
  • Other applicable U.S. state privacy laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA)

2. Information We Collect

A. Personal Information Categories (CCPA Categories)
Category Examples Required?
A. Identifiers Real name, email address, account name, IP address, unique personal identifier Yes (for account)
B. Personal Information (Cal. Civ. Code ยง 1798.80(e)) Name, contact information, employment information Yes
C. Protected Classifications Not collected N/A
D. Commercial Information Records of products or services purchased, transaction histories If applicable
E. Biometric Information Not collected N/A
F. Internet/Network Activity Browsing history, interaction with our Service, cookies Automatic
G. Geolocation Data IP-based location (country/region level) Automatic
H. Sensory Data Not collected N/A
I. Professional/Employment Information Job title, department, work history, performance data Yes
J. Education Information Not collected N/A
K. Inferences User preferences, task assignment predictions Automatic
B. Collection Methods
  • Direct Collection: Information you provide when creating an account, submitting forms, or entering data
  • Automatic Collection: Cookies, log files, device information, usage analytics
  • Third-Party Sources: Social media APIs (LinkedIn, Twitter/X), business databases
  • AI Processing: Inferences drawn from your usage patterns and content

3. How We Use Your Information

Business Purposes for Collection and Use:
  • Service Provision: Operating the platform, user authentication, task management
  • Business Operations: CRM functions, content management, campaign management
  • AI-Powered Features: Task assignment, content generation, workflow optimization
  • Analytics: Understanding usage patterns, improving services
  • Security: Fraud prevention, system monitoring, access control
  • Communication: Service updates, notifications, support
  • Legal Compliance: Meeting regulatory obligations, responding to legal process
  • Business Transactions: In connection with mergers, acquisitions, or asset sales

5. Cookie Policy

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. For detailed information, see our full Cookie Policy.

Types of Cookies We Use:
Type Purpose Duration Opt-Out Available
Strictly Necessary Authentication, security, load balancing Session No (required)
Functional User preferences, language settings 1 year Yes
Analytics Usage statistics, performance monitoring 2 years Yes
Advertising Not used on internal platform N/A N/A
Managing Cookies:
  • Browser Settings: Most browsers allow you to refuse or accept cookies
  • Cookie Preferences: Manage your preferences in account settings
  • Do Not Track: We currently do not respond to Do Not Track signals
  • Global Privacy Control: We honor GPC signals where legally required

6. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

A. Service Providers (Data Processors)
Provider Purpose Data Shared Location
Heroku (Salesforce) Application hosting All platform data United States
Cloudinary Document/media storage Uploaded files, metadata United States/EU
Anthropic (Claude AI) AI processing Task descriptions, content for generation United States
Redis Background job processing Task queue data United States
Social Media APIs Content distribution Authentication tokens, post content Various

All service providers are bound by Data Processing Agreements (DPAs) requiring them to protect your data and use it only for specified purposes.

B. Legal Disclosures

We may disclose information when required by law:

  • To comply with legal process (subpoenas, court orders)
  • To protect rights, property, or safety
  • To prevent fraud or cybersecurity threats
  • To enforce our terms and policies
C. Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any change in ownership or use of your personal information.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

Transfer Mechanisms:
  • Standard Contractual Clauses (SCCs): EU Commission-approved contracts for data transfers
  • Adequacy Decisions: Transfers to countries deemed adequate by the EU Commission
  • EU-US Data Privacy Framework: For certified U.S. organizations (where applicable)
  • Explicit Consent: Where you have explicitly consented to the transfer
Primary Processing Locations:
  • United States: Primary hosting and processing (Heroku/AWS regions)
  • European Union: Content delivery and backup storage
  • Your Location: Local caching and browser storage

You may request information about the specific safeguards applied to your data transfers by contacting us.

8. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law.

Data Category Retention Period Justification
Account Information Duration of account + 30 days Service provision, recovery period
Task History 2 years from completion Business records, analytics
Financial Records 7 years Tax and accounting requirements
System Logs 90 days Security monitoring
Marketing Data Until opt-out + 2 years Campaign effectiveness
Legal Hold Data As required Legal proceedings
Backup Data 30 days Disaster recovery
AI Processing Data 30 days Service improvement

Deletion: When retention periods expire, data is securely deleted or anonymized. Deletion from backups may take up to 30 additional days.

9. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

Right Description Jurisdictions
Access Request a copy of your personal information GDPR, CCPA, All
Rectification Correct inaccurate or incomplete information GDPR, CPRA
Erasure Request deletion of your information GDPR, CCPA
Portability Receive your data in a portable format GDPR
Restriction Limit processing of your information GDPR
Objection Object to certain processing activities GDPR
Opt-Out of Sale/Sharing Opt-out of sale or sharing (not applicable - we don't sell) CCPA/CPRA
Non-Discrimination Not be discriminated against for exercising rights CCPA, All
Withdraw Consent Withdraw previously given consent GDPR, All
How to Exercise Your Rights:
  1. Submit Request: Email privacy@tnid.com or use our privacy request form
  2. Identity Verification: We may request information to verify your identity
  3. Response Time: Within 30 days (GDPR) or 45 days (CCPA), extendable in complex cases
  4. Fee: Generally free; fee may apply for excessive or repetitive requests

Authorized Agents: You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization.

10. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the GDPR:

Your GDPR Rights:
  • Right to be Informed: Transparent information about our processing (this policy)
  • Right of Access: Obtain confirmation and copies of your data (Article 15)
  • Right to Rectification: Correct inaccurate data (Article 16)
  • Right to Erasure: "Right to be forgotten" in certain circumstances (Article 17)
  • Right to Restrict Processing: Limit how we use your data (Article 18)
  • Right to Data Portability: Transfer your data to another service (Article 20)
  • Right to Object: Object to processing based on legitimate interests (Article 21)
  • Rights on Automated Decision-Making: Not be subject to purely automated decisions (Article 22)
Supervisory Authority:

You have the right to lodge a complaint with your local supervisory authority if you believe we have violated your rights:

EU/UK Representative:

As we do not have an establishment in the EU/UK, inquiries may be directed to our privacy team at privacy@tnid.com.

11. CCPA/CPRA Compliance (California Users)

California residents have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Your California Rights:
  • Right to Know: What personal information we collect, use, disclose, and sell
  • Right to Delete: Request deletion of your personal information
  • Right to Correct: Request correction of inaccurate information (CPRA)
  • Right to Opt-Out: We do not sell personal information
  • Right to Limit Use: Limit use of sensitive personal information (CPRA)
  • Right to Non-Discrimination: Equal service regardless of exercising rights
Categories of Information Collected:

See Section 2 for detailed categories. In the past 12 months, we have collected categories A, B, D, F, G, I, and K.

Categories of Sources:
  • Directly from you
  • Automatically from your device
  • Third-party business partners
  • Social media platforms
Business Purposes for Collection:

See Section 3 for detailed purposes.

Categories Disclosed for Business Purpose:

All categories listed in Section 2 may be disclosed to service providers for business purposes.

Sale of Personal Information:

We do not sell personal information. We have not sold personal information in the preceding 12 months.

Shine the Light:

California Civil Code Section 1798.83 permits users to request information about disclosure to third parties for direct marketing. We do not disclose personal information for third-party direct marketing.

12. Children's Privacy

Age Restrictions: Our Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16.

  • COPPA Compliance: We comply with the Children's Online Privacy Protection Act (under 13)
  • GDPR Article 8: We do not process data of children under 16 without parental consent
  • Business Platform: This is an internal business platform for authorized adult users only

If We Discover Underage Data: If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information immediately. Please contact us at privacy@tnid.com if you become aware of any underage data collection.

Parental Rights: Parents or guardians who believe we may have information from or about a child should contact us immediately. Upon verification, we will promptly delete such information.

13. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

Technical Measures:
  • Encryption: TLS 1.3 for data in transit, AES-256 for sensitive data at rest
  • Access Controls: Role-based access, multi-factor authentication available
  • Infrastructure: Secure cloud hosting with SOC 2 compliant providers
  • Monitoring: Continuous security monitoring and intrusion detection
  • Password Security: Bcrypt hashing, complexity requirements
  • API Security: Rate limiting, authentication tokens, encrypted connections
Organizational Measures:
  • Training: Regular security and privacy training for all personnel
  • Access Limitation: Access restricted to authorized personnel only
  • Confidentiality: All employees bound by confidentiality agreements
  • Vendor Management: Security assessments of all third-party processors
  • Incident Response: Documented incident response and breach notification procedures
  • Regular Audits: Periodic security assessments and vulnerability testing

Your Responsibilities: You are responsible for maintaining the confidentiality of your account credentials and for using secure connections when accessing our Service.

No Absolute Security: While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

14. AI and Automated Decision-Making

We use artificial intelligence (AI) to enhance our Service capabilities:

AI Processing Activities:
Activity Purpose Data Used Human Review Available
Task Assignment Suggest optimal agent for tasks Task description, agent capabilities Yes - can override
Content Generation Create blog posts, social media content Prompts, templates Yes - all content reviewed
Workflow Optimization Suggest process improvements Usage patterns, performance data Yes - recommendations only
Anthropic Claude Integration:
  • Provider: Anthropic PBC
  • Model: Claude (various versions)
  • Data Sent: Task descriptions, content prompts, no personal identifiers
  • Data Retention: Anthropic retains API inputs for 30 days unless opted out
  • Training: Your data is not used to train Anthropic's models (commercial terms)
Your Rights Regarding AI:
  • Opt-Out: You can disable AI features in your account settings
  • Human Review: Request human review of any AI-made decision
  • Explanation: Request information about the logic involved in AI decisions
  • Correction: Report and correct any AI-generated errors

GDPR Article 22: You have the right not to be subject to decisions based solely on automated processing. All significant decisions involve human oversight.

15. Data Breach Notification

In the event of a data breach affecting your personal information, we will:

Our Commitments:
  • Regulatory Notification: Notify relevant authorities within 72 hours (GDPR requirement)
  • User Notification: Notify affected users without undue delay
  • Content of Notice:
    • Nature of the breach
    • Categories and approximate number of affected individuals
    • Likely consequences
    • Measures taken to address the breach
    • Recommended mitigation steps
    • Contact information for questions
Your Actions:

If notified of a breach, we recommend you:

  • Change your password immediately
  • Review account activity for unauthorized access
  • Monitor for suspicious activity
  • Consider enabling multi-factor authentication
  • Follow any specific recommendations in our notice
Breach Records:

We maintain records of all breaches in compliance with Article 33(5) GDPR, documenting facts, effects, and remedial action taken.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

Notification of Changes:
  • Material Changes: Email notification and prominent notice on the platform at least 30 days before effective date
  • Non-Material Changes: Updated policy posted with new effective date
  • Consent: Continued use after material changes constitutes acceptance
Version History:
  • Version 2.0 - October 28, 2025 (Current) - Comprehensive GDPR/CCPA compliance update
  • Version 1.0 - October 1, 2025 - Initial policy

You can request previous versions of this policy by contacting privacy@tnid.com.

17. Contact Information

Data Protection Officer / Privacy Team:

TNID Internal Operations
Attn: Privacy Team
Email: privacy@tnid.com
Alternative: dpo@tnid.com
Phone: 1-800-TNID-PRIVACY (placeholder)
Response Time: Within 30 days

Privacy Requests:

Submit requests for access, deletion, correction, or other privacy rights to privacy@tnid.com with subject line "Privacy Rights Request".

Complaints:

If you have concerns about our privacy practices, please contact us first. You also have the right to lodge a complaint with your local supervisory authority.

Legal Entity:

TSG Global, Inc.
Operating as: TNID Internal Operations
Jurisdiction: Washington State, United States

Additional Disclosures
  • Do Not Track: We do not currently respond to Do Not Track browser signals.
  • Global Privacy Control: We honor GPC signals where legally required.
  • Third-Party Links: Our Service may contain links to third-party sites not covered by this policy.
  • Language: This policy may be translated; the English version prevails in case of conflict.
  • Accessibility: For an accessible version of this policy, contact privacy@tnid.com.
Privacy Actions
Request Your Data Delete Your Data Cookie Settings Print Policy