Privacy Policy

1. INTRODUCTION

Tackon LLC (“TackonFSM,” “we,” “us,” or “our”) is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our field service management platform at www.tackonfsm.com (the “Site”), our mobile applications, and all related services (collectively, the “Services”).

This Policy applies to:

• Business customers who subscribe to our Services (“Customers”)
• Employees and contractors of our Customers (“Authorized Users”)
• End customers of our Customers (“End Customers”)
• Website visitors and prospective customers

2. DATA CONTROLLER VS. DATA PROCESSOR

When We Act as Data Controller

We act as a data controller for:

• Customer account information
• Billing and payment data
• Marketing and sales communications
• Website visitor data
• Support and communication data

When We Act as Data Processor

We act as a data processor/service provider when processing End Customer data on behalf of our Customers. Our Customers remain the data controllers for their End Customer information, and we process such data solely according to their instructions and our Data Processing Addendum.

3. INFORMATION WE COLLECT

3.1 Information You Provide Directly

Account Information:

• Business name, address, phone number
• Contact person name and email
• Tax identification numbers
• Industry type and business size

User Information:

• Name, email address, phone number
• Job title and role
• Login credentials (encrypted)
• Profile photo (optional)

Payment Information:

• Credit/debit card information (processed through PCI-compliant third parties)
• Billing address
• Payment history

Service Data:

• Customer databases
• Job and scheduling information
• Inventory data and pricebooks
• Invoices and estimates
• Field service reports
• Communications between users

3.2 Information Collected Automatically

Usage Data:

• Feature usage patterns
• Login times and frequency
• Device information (type, OS, browser)
• IP addresses and approximate location
• Session duration and clickstream data

Technical Data:

• Log files
• Error reports
• Performance metrics
• API usage data

3.3 Information from Third Parties

• Credit verification services
• Marketing partners (with consent)
• Social media platforms (if you connect accounts)
• Integration partners (QuickBooks, payment processors)

4. HOW WE USE YOUR INFORMATION

4.1 To Provide Services

• Process transactions and manage subscriptions
• Enable scheduling, dispatching, and job management
• Facilitate inventory management and pricebook features
• Generate invoices and process payments
• Provide customer support
• Send service-related communications

4.2 To Improve Our Services

• Analyze usage patterns and optimize features
• Develop new functionality
• Conduct research and analytics
• Fix bugs and improve performance
• Train our machine learning models (using anonymized data)

4.3 For Business Purposes

• Comply with legal obligations
• Detect and prevent fraud
• Enforce our Terms of Service
• Protect rights and safety
• Manage business operations

4.4 For Marketing (With Consent)

• Send promotional emails about new features
• Provide industry insights and best practices
• Share partner offers (opt-in required)
• Display targeted advertising

5. HOW WE SHARE YOUR INFORMATION

5.1 With Your Consent

We share information when you explicitly authorize us to do so.

5.2 With Service Providers

We work with trusted third parties including:

• Amazon Web Services (hosting)
• Stripe/PayPal (payment processing)
• SendGrid (email delivery)
• Twilio (SMS services)
• Google Analytics (analytics)
• Zendesk (customer support)

All service providers are bound by confidentiality agreements and process data only per our instructions.

5.3 For Legal Reasons

We may disclose information when required to:

• Comply with laws, regulations, or legal processes
• Respond to government requests
• Protect our rights, property, or safety
• Investigate potential violations

5.4 Business Transfers

In case of merger, acquisition, or sale of assets, information may be transferred to the successor entity with notice to affected users.

5.5 Aggregated Data

We may share anonymized, aggregated data that cannot identify individuals for industry research and benchmarking.

6. DATA SECURITY

6.1 Technical Safeguards

• 256-bit SSL/TLS encryption for data in transit
• AES-256 encryption for data at rest
• Multi-factor authentication available
• Regular security audits and penetration testing
• Web Application Firewall (WAF)
• DDoS protection
• Secure API endpoints with rate limiting

6.2 Organizational Measures

• Role-based access controls
• Background checks for employees
• Mandatory security training
• Incident response procedures
• Business continuity planning
• Vendor security assessments

6.3 Compliance

• SOC 2 Type II certification (in progress)
• GDPR compliant
• CCPA compliant
• PCI DSS compliant payment processing

7. DATA RETENTION

We retain information for as long as necessary to provide Services and fulfill the purposes outlined in this Policy:

• Active Account Data: Retained during subscription period
• Closed Account Data: 90 days after termination (unless legally required longer)
• Payment Records: 7 years for tax/accounting purposes
• Marketing Data: Until opt-out or 3 years of inactivity
• Log Data: 12 months
• Backup Data: 30 days in secure backup systems

Customers may request data deletion subject to legal retention requirements.

8. YOUR PRIVACY RIGHTS

8.1 Access and Portability

You have the right to:

• Access your personal information
• Receive data in a portable format (JSON/CSV)
• Know what information we collect and how it’s used

8.2 Correction and Deletion

You may:

• Update incorrect information
• Request deletion of personal data
• Object to certain processing activities

8.3 Marketing Preferences

• Opt-out via unsubscribe links in emails
• Manage preferences in account settings
• Contact support@tackonfsm.com

8.4 Regional Rights

California Residents (CCPA):

• Right to know categories of data collected
• Right to deletion
• Right to non-discrimination
• Right to opt-out of data sales (we do not sell data)

EU/UK Residents (GDPR):

• Right to rectification
• Right to restriction of processing
• Right to data portability
• Right to object
• Right to lodge complaints with supervisory authorities

9. COOKIES AND TRACKING

We use cookies and similar technologies for:

• Essential site functionality
• Performance monitoring
• Analytics (with consent)
• Marketing (with consent)

You can manage cookie preferences through your browser settings or our cookie consent tool.

Types of Cookies:

• Strictly Necessary: Required for site operation
• Performance: Help improve site speed
• Functional: Remember preferences
• Targeting: Deliver relevant ads (optional)

10. THIRD-PARTY INTEGRATIONS

Our Services integrate with third-party platforms. When you enable integrations:

• You authorize data sharing per integration settings
• Third-party privacy policies apply to their services
• We are not responsible for third-party data practices

Current integrations include:

• QuickBooks (accounting)
• Google Calendar (scheduling)
• Stripe (payments)
• Zapier (automation)

11. INTERNATIONAL DATA TRANSFERS

We operate primarily in the United States. If you access Services from other regions:

• Data may be transferred to US servers
• We use Standard Contractual Clauses for EU/UK transfers
• We comply with applicable data transfer regulations
• AWS provides geographic data residency options

12. CHILDREN’S PRIVACY

Our Services are not directed to individuals under 16. We do not knowingly collect information from children. If we discover such data, we will promptly delete it.

13. SECURITY INCIDENTS

In case of a data breach:

• We will notify affected users within 72 hours
• Provide details about the nature and scope
• Outline steps taken to address the incident
• Offer credit monitoring if applicable
• Comply with breach notification laws

14. DATA PROCESSING ADDENDUM

Business Customers processing EU/UK personal data must execute our Data Processing Addendum, which includes:

• Standard Contractual Clauses
• Security requirements
• Subprocessor list
• Audit rights
• Data subject request procedures

15. DO NOT TRACK

We honor Do Not Track browser signals for marketing cookies but maintain essential cookies for site functionality.

16. CHANGES TO THIS POLICY

We may update this Policy periodically. Material changes will be notified via:

• Email to account holders
• In-app notifications
• Website banner for 30 days

Continued use after changes constitutes acceptance.

17. CONTACT INFORMATION

18. DISPUTE RESOLUTION

Any privacy disputes will be resolved through:

1. Direct negotiation
2. Mediation (if needed)
3. Binding arbitration per our Terms of Service

EU/UK residents may also lodge complaints with local supervisory authorities.

19. ACCESSIBILITY

This Policy is available in alternative formats. Contact accessibility@tackonfsm.com for assistance.

20. TRANSPARENCY REPORT

We publish an annual transparency report detailing:

• Government data requests
• User data requests
• Security incidents (anonymized)
• Policy enforcement actions

APPENDIX A: SUBPROCESSORS

APPENDIX B: LAWFUL BASES FOR PROCESSING (GDPR)

• Contract: Processing necessary to fulfill our service agreement
• Legal Obligation: Required by law
• Legitimate Interests: Business operations, security, fraud prevention
• Consent: Marketing communications, optional features

APPENDIX C: CATEGORIES OF PERSONAL INFORMATION (CCPA)

This Privacy Policy was last reviewed and updated on August 24, 2025. For questions about this Policy or our privacy practices, please contact our Privacy Officer at privacy@tackonfsm.com or call 404-482-2566.