Privacy Policy

Last updated: March 22, 2026

1. Information We Collect

Contact Form Submissions

When you submit a contact form or request an AI readiness assessment, we collect the information you provide, including your name, email address, phone number, company name, and the details of your inquiry.

Assessment Requests

If you request a free AI readiness assessment, we collect additional business information you share during the assessment process, such as your industry, company size, current technology stack, and areas of interest for AI integration.

Account Information

If you create an account on our client portal, we collect your name, email address, and password (stored as a cryptographic hash). If you enable two-factor authentication, we store your TOTP secret and recovery codes in encrypted form.

Analytics Data

We use Google Analytics 4 (GA4) to understand how visitors interact with our website. This includes page views, time on page, referral sources, device and browser type, and general geographic location. This data is collected in aggregate and does not personally identify you.

2. How We Use Your Information

We use the information we collect to:

  • Respond to your inquiries and assessment requests
  • Provide AI consulting and integration services you have engaged us for
  • Improve our website content and user experience
  • Send you relevant information about our services (only with your consent)
  • Comply with legal obligations

3. Data Sharing

We do not sell, rent, or trade your personal data to third parties. We do not use your data to train AI models, whether our own or any third-party models. We may share your information only in the following limited circumstances:

  • Service providers: We use trusted third-party services for hosting (AWS), email delivery, and analytics (Google Analytics) that process data on our behalf under strict data processing agreements.
  • Legal requirements: We may disclose information when required by law or in response to valid legal process.

4. Cookies

Essential Cookies

We use cookies that are strictly necessary for our website to function:

  • Session cookie: Maintains your session state
  • XSRF-TOKEN: Protects against cross-site request forgery attacks
  • Cookie consent: Remembers your cookie preferences

Analytics Cookies (Consent Required)

With your consent, we use Google Analytics 4 which sets cookies to distinguish unique visitors and maintain session state. These cookies are not set until you explicitly grant consent via our cookie banner.

5. Your Rights

You have the right to:

  • Access your data: Request a copy of the personal information we hold about you
  • Correct your data: Request correction of inaccurate or incomplete information
  • Delete your data: Request deletion of your personal information from our systems
  • Withdraw consent: Withdraw consent for analytics cookies at any time via the cookie settings
  • Data portability: Request a machine-readable copy of your data

To exercise any of these rights, contact us at privacy@tideshiftai.com or via our assessment page.

6. Healthcare Clients (HIPAA)

For healthcare industry clients, we recognize the sensitivity of protected health information (PHI). When our consulting engagements involve access to PHI, we execute a Business Associate Agreement (BAA) and implement additional safeguards in compliance with HIPAA requirements. These include enhanced access controls, audit logging, encrypted data handling, and staff training specific to healthcare data protection.

7. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption in transit: All connections use TLS/HTTPS
  • Encryption at rest: Sensitive data is encrypted in our databases
  • Access controls: Strict role-based access to client data
  • Regular reviews: Periodic security assessments of our systems and practices

8. Data Retention

We retain contact form submissions and assessment data for as long as necessary to fulfill the purpose for which it was collected. Client engagement data is retained for the duration of the engagement plus a reasonable period for follow-up. You may request deletion at any time.

9. Children's Privacy

Our services are directed to businesses and professionals. We do not knowingly collect personal information from individuals under 16 years of age.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated "Last updated" date. We will notify active clients of significant changes via email at least 30 days before they take effect.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at privacy@tideshiftai.com or via our assessment page.