Back to home
Legal

Privacy Policy.

Last updated: February 28, 2026

1. Who we are

Tailored Tech Solutions is operated by Digital Cartel Global LLC (“we”, “us”, “our”), headquartered in Nipomo, California, USA. This Privacy Policy explains what information we collect when you use tailoredtechsolutions.org and our services, why we collect it, and how it is handled.

2. Information we collect

  • Account data — when you sign up, we store your name, email address, and a bcrypt-hashed password. We never store passwords in plain text.
  • Intake form responses — answers to the AI Readiness Diagnostic, plus the contact details you provide.
  • Order data — when you check out, we store the services in your cart, the deposit amount, the PayPal order ID, and the capture confirmation returned by PayPal. We do not store your credit card number or PayPal credentials — PayPal handles those directly.
  • Authentication tokens — short-lived JWT tokens (15 minute access, 7 day refresh) stored in httpOnly cookies. A fallback Bearer token is stored in browser localStorage to support cross-origin scenarios.
  • Browser storage preferences — your cart contents and favourite project IDs are saved locally in your browser's localStorage. These never leave your device unless you check out.
  • Technical logs — we keep server-side logs of failed login attempts (for brute-force protection) and basic request metadata (IP, user-agent, timestamp).

3. Why we collect it

  • To create and authenticate your account.
  • To process the 50% deposit for services you purchase.
  • To deliver the services you ordered and follow up about your project.
  • To analyse intake submissions so we can tailor proposals.
  • To detect abuse (5 failed logins per email triggers a 15-minute lockout).
  • To comply with our legal, accounting, and tax obligations.

4. How long we keep it

  • Account data — until you delete your account.
  • Order records — retained for at least 7 years to satisfy US tax and accounting law, after which they are anonymised or destroyed.
  • Intake submissions — retained for 2 years from submission, then deleted.
  • Failed-login records — automatically expire 15 minutes after the last attempt.

5. Third parties we share data with

We only share what is strictly necessary to operate the service:
  • PayPal — for payment processing. PayPal receives the amount, currency, and an internal reference id. See PayPal's privacy policy at paypal.com/us/legalhub/privacy-full.
  • MongoDB Atlas — encrypted-at-rest database hosting our user, order, and intake data.
  • Email provider (SMTP) — used only to notify our team about new intake submissions; messages are transmitted over TLS.
We do not sell your personal data to anyone, ever.

6. AI processing

Some services we offer (AI chatbots, voice assistants, automation) involve sending data to third-party AI providers (OpenAI, Anthropic, Google) only when you commission such a service and only with the data you choose to provide for that engagement. We will always tell you which providers will see the data before work begins, and we obtain explicit written consent for AI processing of any personal or sensitive information.

7. Your rights

You have the right to:
  • Access the personal data we hold about you.
  • Correct any inaccurate data.
  • Request deletion of your account and personal data at any time.
  • Receive an export of your data in a portable format.
  • Object to specific processing activities.
You can delete your account directly from the avatar dropdown menu after signing in, or by emailing us. Account deletion is irreversible and removes all your personal data within 30 days, except where we are legally required to retain certain order records.

8. Security

We use HTTPS for all traffic, bcrypt for password hashing, JWTs in httpOnly cookies, brute-force lockouts on the login endpoint, parameterised database queries, and least-privilege server access. No system is perfectly secure — if we ever discover a breach affecting your data, we will notify you within 72 hours.

9. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, please contact us and we will delete it.

10. Changes to this policy

We may update this policy when our services change. The “Last updated” date at the top reflects the most recent revision. If a change materially affects your rights, we will notify account holders by email at least 30 days before the change takes effect.

11. Contact us

For any privacy question, deletion request, or data subject request:

By using Tailored Tech Solutions you agree to this Privacy Policy. Read also our Terms of Service.

Made with Emergent