Privacy Policy

Last updated: January 1, 2025

1. Introduction

TIDALBAY, Inc. ("TIDALBAY," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our employee security scoring platform and related services.

2. Information We Collect

2.1 Information Provided by Customers

When organizations use TIDALBAY, they may provide us with employee data including:

  • Names and email addresses
  • Job titles and department information
  • Employment status and reporting structure
  • Security-related events from integrated systems

2.2 Information Collected Automatically

Our platform automatically collects security events from integrated systems, which may include:

  • Authentication events (login attempts, MFA usage)
  • Email security events (phishing detections, suspicious links)
  • Endpoint security events (malware detections, policy violations)
  • Training completion and quiz scores

2.3 Website Information

When you visit our website, we may collect:

  • IP address and device information
  • Browser type and settings
  • Pages visited and time spent
  • Referral sources

3. How We Use Your Information

We use the collected information to:

  • Calculate and maintain employee security risk scores
  • Trigger automated security responses and training assignments
  • Generate compliance reports and analytics
  • Improve our platform and develop new features
  • Provide customer support
  • Communicate about our services

4. Data Sharing and Disclosure

We do not sell personal information. We may share information with:

  • Service Providers: Third parties who assist in operating our platform
  • Customer Organizations: We provide employee data and scores to the organizations that employ them
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with mergers, acquisitions, or asset sales

5. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption at rest (AES-256) and in transit (TLS 1.3)
  • SOC 2 Type II certified infrastructure
  • Role-based access controls
  • Regular security audits and penetration testing
  • Multi-tenant data isolation

6. Data Retention

We retain customer data for as long as needed to provide our services and as required by applicable laws. Default retention periods:

  • Active employee data: Duration of customer contract
  • Security events: 90 days (configurable)
  • Audit logs: 1 year minimum
  • Compliance reports: 7 years (for regulated industries)

7. Your Rights

Depending on your jurisdiction, you may have rights to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data (right to erasure)
  • Restrict processing
  • Data portability
  • Object to processing

For employees of TIDALBAY customers, please contact your employer to exercise these rights. Your employer is the data controller for your employee data.

8. International Data Transfers

We process data in the United States and European Union. For international transfers, we rely on:

  • EU-US Data Privacy Framework
  • Standard Contractual Clauses
  • Adequacy decisions where applicable

9. Cookies and Tracking

Our website uses cookies and similar technologies. You can manage cookie preferences through your browser settings. We use:

  • Essential cookies: Required for site functionality
  • Analytics cookies: Help us understand usage (can be disabled)
  • Marketing cookies: Used for personalized advertising (can be disabled)

10. Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect information from children.

11. Changes to This Policy

We may update this policy periodically. Material changes will be communicated through our platform or by email.

12. Contact Us

For privacy inquiries or to exercise your rights:

  • Email: privacy@tidalbay.com
  • Address: 548 Market Street, Suite 35000, San Francisco, CA 94104
  • Data Protection Officer: dpo@tidalbay.com