Privacy Policy
Last updated: January 1, 2025
1. Introduction
TIDALBAY, Inc. ("TIDALBAY," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our employee security scoring platform and related services.
2. Information We Collect
2.1 Information Provided by Customers
When organizations use TIDALBAY, they may provide us with employee data including:
- Names and email addresses
- Job titles and department information
- Employment status and reporting structure
- Security-related events from integrated systems
2.2 Information Collected Automatically
Our platform automatically collects security events from integrated systems, which may include:
- Authentication events (login attempts, MFA usage)
- Email security events (phishing detections, suspicious links)
- Endpoint security events (malware detections, policy violations)
- Training completion and quiz scores
2.3 Website Information
When you visit our website, we may collect:
- IP address and device information
- Browser type and settings
- Pages visited and time spent
- Referral sources
3. How We Use Your Information
We use the collected information to:
- Calculate and maintain employee security risk scores
- Trigger automated security responses and training assignments
- Generate compliance reports and analytics
- Improve our platform and develop new features
- Provide customer support
- Communicate about our services
4. Data Sharing and Disclosure
We do not sell personal information. We may share information with:
- Service Providers: Third parties who assist in operating our platform
- Customer Organizations: We provide employee data and scores to the organizations that employ them
- Legal Requirements: When required by law or to protect our rights
- Business Transfers: In connection with mergers, acquisitions, or asset sales
5. Data Security
We implement industry-standard security measures to protect your data:
- Encryption at rest (AES-256) and in transit (TLS 1.3)
- SOC 2 Type II certified infrastructure
- Role-based access controls
- Regular security audits and penetration testing
- Multi-tenant data isolation
6. Data Retention
We retain customer data for as long as needed to provide our services and as required by applicable laws. Default retention periods:
- Active employee data: Duration of customer contract
- Security events: 90 days (configurable)
- Audit logs: 1 year minimum
- Compliance reports: 7 years (for regulated industries)
7. Your Rights
Depending on your jurisdiction, you may have rights to:
- Access your personal data
- Correct inaccurate data
- Delete your data (right to erasure)
- Restrict processing
- Data portability
- Object to processing
For employees of TIDALBAY customers, please contact your employer to exercise these rights. Your employer is the data controller for your employee data.
8. International Data Transfers
We process data in the United States and European Union. For international transfers, we rely on:
- EU-US Data Privacy Framework
- Standard Contractual Clauses
- Adequacy decisions where applicable
9. Cookies and Tracking
Our website uses cookies and similar technologies. You can manage cookie preferences through your browser settings. We use:
- Essential cookies: Required for site functionality
- Analytics cookies: Help us understand usage (can be disabled)
- Marketing cookies: Used for personalized advertising (can be disabled)
10. Children's Privacy
Our services are not directed to children under 16. We do not knowingly collect information from children.
11. Changes to This Policy
We may update this policy periodically. Material changes will be communicated through our platform or by email.
12. Contact Us
For privacy inquiries or to exercise your rights:
- Email: privacy@tidalbay.com
- Address: 548 Market Street, Suite 35000, San Francisco, CA 94104
- Data Protection Officer: dpo@tidalbay.com