1. Who we are
Tailored Tech Solutions is operated by Digital Cartel Global LLC (“we”, “us”, “our”), headquartered in Nipomo, California, USA. This Privacy Policy explains what information we collect when you use tailoredtechsolutions.org and our services, why we collect it, and how it is handled.
2. Information we collect
- Account data — when you sign up, we store your name, email address, and a bcrypt-hashed password. We never store passwords in plain text.
- Intake form responses — answers to the AI Readiness Diagnostic, plus the contact details you provide.
- Order data — when you check out, we store the services in your cart, the deposit amount, the PayPal order ID, and the capture confirmation returned by PayPal. We do not store your credit card number or PayPal credentials — PayPal handles those directly.
- Authentication tokens — short-lived JWT tokens (15 minute access, 7 day refresh) stored in httpOnly cookies. A fallback Bearer token is stored in browser localStorage to support cross-origin scenarios.
- Browser storage preferences — your cart contents and favourite project IDs are saved locally in your browser's localStorage. These never leave your device unless you check out.
- Technical logs — we keep server-side logs of failed login attempts (for brute-force protection) and basic request metadata (IP, user-agent, timestamp).
3. Why we collect it
- To create and authenticate your account.
- To process the 50% deposit for services you purchase.
- To deliver the services you ordered and follow up about your project.
- To analyse intake submissions so we can tailor proposals.
- To detect abuse (5 failed logins per email triggers a 15-minute lockout).
- To comply with our legal, accounting, and tax obligations.
4. How long we keep it
- Account data — until you delete your account.
- Order records — retained for at least 7 years to satisfy US tax and accounting law, after which they are anonymised or destroyed.
- Intake submissions — retained for 2 years from submission, then deleted.
- Failed-login records — automatically expire 15 minutes after the last attempt.
5. Third parties we share data with
We only share what is strictly necessary to operate the service:
- PayPal — for payment processing. PayPal receives the amount, currency, and an internal reference id. See PayPal's privacy policy at paypal.com/us/legalhub/privacy-full.
- MongoDB Atlas — encrypted-at-rest database hosting our user, order, and intake data.
- Email provider (SMTP) — used only to notify our team about new intake submissions; messages are transmitted over TLS.
6. AI processing
Some services we offer (AI chatbots, voice assistants, automation) involve sending data to third-party AI providers (OpenAI, Anthropic, Google) only when you commission such a service and only with the data you choose to provide for that engagement. We will always tell you which providers will see the data before work begins, and we obtain explicit written consent for AI processing of any personal or sensitive information.
7. Your rights
You have the right to:
- Access the personal data we hold about you.
- Correct any inaccurate data.
- Request deletion of your account and personal data at any time.
- Receive an export of your data in a portable format.
- Object to specific processing activities.
8. Security
We use HTTPS for all traffic, bcrypt for password hashing, JWTs in httpOnly cookies, brute-force lockouts on the login endpoint, parameterised database queries, and least-privilege server access. No system is perfectly secure — if we ever discover a breach affecting your data, we will notify you within 72 hours.
9. Children
The Service is not directed to children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, please contact us and we will delete it.
10. Changes to this policy
We may update this policy when our services change. The “Last updated” date at the top reflects the most recent revision. If a change materially affects your rights, we will notify account holders by email at least 30 days before the change takes effect.
11. Contact us
For any privacy question, deletion request, or data subject request:
