Privacy policy

This Privacy Policy describes how Seasoft Security Solutions, LLC ("Seasoft," "we," "us," or "our") collects, uses, discloses, and otherwise processes information about individuals when they visit our websites (including telloiam.com and app.telloiam.cloud), interact with us in connection with sales and marketing, or use our identity and access management software-as-a-service platform, TelloIAM (collectively, the "Services").

When you interact with our websites, we may collect information you provide through contact forms, demo request forms, chat features, newsletter signups, and job applications, such as your name, company, email address, phone number, and any information you choose to submit.

If you use TelloIAM through an organization (for example, your employer), that organization controls the data submitted to and processed by TelloIAM on its behalf ("Customer Data"). In those cases, Seasoft generally acts as a service provider/processor, and your organization’s privacy practices and agreements may govern how Customer Data is handled. If you have questions about your organization’s policies or want to exercise rights relating to Customer Data, please contact your organization first.

1. Scope and definitions

This Privacy Policy applies to information we process as a controller (or equivalent role) in connection with the Services. It does not apply to information we process as a processor/service provider on behalf of our customers under a written agreement (for example, Customer Data in tenant accounts).

"Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) with a particular individual or household. Personal Information does not include de-identified or aggregated information.

2. Information we collect

We collect the following categories of information:

2.1 Information you provide to us

Account and profile information, such as name, business email address, username, phone number, job title, company name, and credentials or identifiers used to access the Services (for example, SSO identifiers).

Billing and transaction information, such as billing contact details, invoices, and limited payment-related details. Payment card information is typically collected and processed directly by our payment processor(s).

If you purchase subscriptions or services, payments may be processed by Stripe or similar service. We do not store full payment card numbers; Stripe or similar services receives and processes payment information according to its own privacy practices.

Support and communications, such as information you provide when you contact us, request a demo, submit a form, open a support ticket, or communicate with us by email, chat, phone, or otherwise.

We do not request that you upload files containing personal data for support; please do not submit sensitive personal information through support channels.

Security and verification information, such as MFA factors you choose to enroll (e.g., authenticator app, hardware key identifiers) and information used to verify your identity for support or administrative purposes.

2.2 Information we collect automatically

Device and usage information, such as IP address, device identifiers, operating system, browser type, language, approximate location derived from IP address, access times, and the pages or features you use.

Log and audit data generated by the Services, such as authentication events, administrative actions, and security-related telemetry (for example, failed login attempts or suspicious activity indicators).

Cookies and similar technologies on our websites, which may collect information about how you interact with our sites and communications (see Section 6).

You can control cookies through your browser settings and, where available, through settings provided by our advertising partners. If we implement a cookie banner or preference center, it will provide additional choices about non-essential cookies.

We use Google Analytics and similar tools to help us understand website usage. We may also work with advertising partners (such as Google, LinkedIn, and Meta) that use cookies or similar technologies to deliver and measure advertisements and to help us reach people who have visited our websites (retargeting).

We may use session replay or similar technologies to understand how visitors use our websites (for example, by recording interactions such as clicks, scrolling, and pages visited). These tools may collect information from your device and browser while you navigate our websites.

2.3 Information from integrations and third parties

TelloIAM may integrate with third-party identity providers, directories, HR systems, cloud applications, and other systems at a customer’s direction. When those integrations are enabled, we may receive information from or about you from those third parties, such as user identifiers, group membership, directory attributes, and application entitlement information, as configured by the customer.

We may also receive information from resellers, partners, or public sources (for example, business contact information) to help us manage our relationship with you.

2.4 Customer Data

Customers may submit or make available Customer Data to the Services, including information about their workforce and contractors (for example, users, roles, permissions, entitlements, access policies, approvals, audit logs, and related metadata). We process Customer Data on behalf of and according to the instructions of the customer, as set out in the applicable agreement.

3. How we use information

We use Personal Information for the following purposes:

• To provide, maintain, secure, and operate the Services, including authentication, access control, account administration, provisioning/deprovisioning workflows, and audit logging.

• To process transactions and manage billing, subscriptions, and customer relationships.

• To provide support, respond to requests, and communicate with you about the Services, including service announcements, security alerts, and administrative messages.

• To improve and develop the Services, including troubleshooting, quality assurance, analytics, and product research.

• To protect against, detect, investigate, and prevent fraud, abuse, and security incidents, and to enforce our terms, policies, and legal rights.

• To comply with legal obligations and to respond to lawful requests and legal process.

• To market and promote our Services, where permitted by law (you can opt out of marketing communications as described in Section 6.3).

3.1 Legal bases for processing (EEA/UK/Switzerland)

Where required by applicable law (such as the GDPR), we process Personal Information on the following legal bases: (a) to perform a contract or take steps at your request prior to entering into a contract; (b) our legitimate interests (for example, securing and improving the Services, preventing fraud, and marketing to business customers), balanced against your rights; (c) your consent (for example, where required for certain cookies or marketing); and/or (d) compliance with legal obligations.

4. How we disclose information

We may disclose Personal Information in the following circumstances:

• Service providers and subprocessors that help us operate the Services (for example, hosting, customer support tools, analytics, email delivery, security monitoring, and payment processing).

A list of our subprocessors (service providers that may process Customer Data on our behalf) is available on request by emailing [email protected].

• At the direction of the customer, to third-party applications and services integrated with TelloIAM.

• Professional advisors, such as lawyers, auditors, and insurers, where necessary to obtain advice or protect and manage our business interests.

• For legal and safety reasons, including to comply with law, respond to lawful requests, and protect the rights, property, and safety of Seasoft, our customers, users, or others.

• Business transfers, such as in connection with a merger, acquisition, financing, reorganization, or sale of some or all of our business or assets.

• With your consent or at your direction.

We may also disclose aggregated or de-identified information that cannot reasonably be used to identify you.

5. Data retention

We retain personal information for as long as necessary to provide the websites and TelloIAM, to comply with legal obligations, to resolve disputes, and to enforce our agreements. Unless a longer period is required by law or contract, we generally retain marketing and account-related records, support records, and audit log information for up to three (3) years.

We retain Personal Information for as long as reasonably necessary to provide the Services, operate our business, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods depend on the nature of the data, how it is used, and applicable legal requirements.

Customer Data is retained and deleted in accordance with the customer’s agreement and our retention practices, which may include deletion or return of Customer Data following account termination, subject to legally required retention.

6. Cookies, analytics, and communications

6.1 Cookies and similar technologies

We and our service providers use cookies, web beacons/pixels, SDKs, and similar technologies on our websites and in our communications to: operate our sites, remember preferences, understand usage, measure campaign effectiveness, and improve the Services.

You can control cookies through your browser settings and, where available, through our cookie preference tools. Please note that disabling certain cookies may affect functionality.

6.2 Analytics and interest-based advertising

We may use analytics providers to help us understand how our websites are used. Some providers may use cookies or similar technologies to collect information about your interactions with our websites. Where required by law, we will obtain your consent before using non-essential cookies.

If we engage in interest-based advertising on third-party sites, you may be able to opt out through industry programs such as the Digital Advertising Alliance (or your browser/device settings).

6.3 Communications preferences

You can opt out of promotional emails by using the unsubscribe link in those emails. Even if you opt out, we may still send non-promotional messages, such as service-related or transactional emails.

7. Security

We use administrative, technical, and physical safeguards designed to protect Personal Information. However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

8. International data transfers

Our primary operations are in the United States. If you access our websites or services from outside the United States, your information may be transferred to and processed in the United States and other locations where we and our service providers operate.

We are based in the United States and may process and store information in the United States and other countries where we or our service providers operate. If you are located in the EEA/UK/Switzerland, we will use appropriate safeguards for cross-border transfers when required (for example, appropriate data transfer safeguards).

9. Your privacy rights and choices

Depending on where you live and the nature of our processing, you may have rights to access, correct, delete, or obtain a copy of your Personal Information, and to object to or restrict certain processing. You may also have the right to opt out of certain disclosures for advertising purposes, where applicable.

To exercise applicable rights, contact us using the details in Section 12. We may need to verify your identity before fulfilling certain requests. If we process Personal Information on behalf of a customer (as a processor/service provider), we may refer you to that customer to handle your request.

9.1 California privacy notice

This section applies to California residents to the extent we process Personal Information subject to the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CPRA").

In the last 12 months, we may have collected the following categories of Personal Information:

• Identifiers (e.g., name, business contact details, account identifiers).

• Internet or other electronic network activity information (e.g., website interactions, device and usage data).

• Professional or employment-related information (e.g., job title, company).

• Geolocation data (approximate location derived from IP address).

• Customer Data as described above, when we act as a service provider/processor.

We collect and use this information for the purposes described in Sections 3 and 4. We do not sell Personal Information in exchange for money. If we share Personal Information for cross-context behavioral advertising via cookies, California residents may have the right to opt out of that sharing (for example, through cookie preference tools or browser signals such as the Global Privacy Control, where supported).

California residents may have the right to request information, access, deletion, and correction, and to not be discriminated against for exercising these rights. You can submit requests by contacting us as described in Section 12.

9.2 EEA/UK privacy rights

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you may have the right to: (a) request access to and correction or deletion of your Personal Information; (b) object to processing or request restriction of processing; and (c) request portability. You also have the right to lodge a complaint with your local data protection authority.

10. Children’s privacy

The Services are not directed to children and we do not knowingly collect Personal Information from children under 13 (or other age as required by local law). If you believe a child has provided us Personal Information, please contact us so we can take appropriate steps.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make changes, we will revise the "Last Updated" date and, where required by law, provide additional notice (for example, via the Services or email).

12. Contact us

If you have questions or requests regarding this Privacy Policy, please contact:

Seasoft Security Solutions, LLC
Attn: Privacy
1325 Franklin Avenue,
Suite 545,
Garden City, NY 11530

Email: [email protected]
Websites: www.telloiam.com; app.telloiam.cloud