Privacy Policy

1. Introduction

AlertBolt, a product of Tridacom IT Solutions Inc. ("we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our multi-channel notification platform ("Service").

By using AlertBolt, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you voluntarily provide when using our Service:

• Account Information: When you register for an account, we collect your name, email address, company name, phone number, and password.
• Contact Information: When you upload contacts to send messages, we collect phone numbers, email addresses, names, and any custom fields you provide.
• Message Content: We store the content of messages you send through our platform (SMS, MMS, Email, Microsoft Teams notifications).
• Billing Information: Payment information is collected and processed by our third-party payment processor (Stripe). We store only the last 4 digits of your credit card and billing address.
• 10DLC Registration Data: For A2P 10DLC compliance, we collect your business EIN, business type, address, and campaign details.
• Support Communications: When you contact customer support, we collect your inquiries, feedback, and any information you provide.

2.2 Information Collected Automatically

When you use our Service, we automatically collect certain information:

• Usage Data: We log API requests, page views, features used, message send times, delivery status, and errors.
• Device Information: We collect IP address, browser type and version, operating system, device type, and unique device identifiers.
• Cookies and Tracking: We use cookies, session tokens, and similar technologies to maintain your session and improve our Service. See Section 7 for details.
• Consent Records: We automatically log when contacts opt in or opt out, including timestamp, IP address, and method of consent (web form, keyword, paper form).

2.3 Information from Third Parties

• Authentication Providers: If you sign in using single sign-on (SSO), we receive your name, email, and profile information from the SSO provider.
• Carrier Feedback: Mobile carriers provide delivery receipts, opt-out requests (STOP), and error codes which we log for compliance.
• Microsoft Teams: If you enable Teams integration, we receive webhook confirmations when messages are posted to channels.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and Maintain the Service: To deliver SMS/MMS/Email/Teams messages, manage contacts, process campaigns, and maintain your account.
• Compliance and Legal Obligations: To comply with TCPA, CAN-SPAM, 10DLC, toll-free verification, carrier requirements, and legal process (subpoenas, court orders).
• Billing and Payments: To process payments, send invoices, detect fraud, and manage subscriptions.
• Customer Support: To respond to inquiries, troubleshoot issues, and provide technical assistance.
• Improve the Service: To analyze usage patterns, identify bugs, improve features, and optimize performance.
• Security and Fraud Prevention: To detect and prevent unauthorized access, abuse, spam, and fraudulent activity.
• Marketing Communications: To send product updates, feature announcements, and promotional offers (you can opt out at any time).
• Consent Management: To track and honor opt-in and opt-out requests in compliance with applicable laws.

4. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

4.1 Service Providers

We share information with third-party vendors who perform services on our behalf:

• SMS Carriers and Aggregators: We transmit phone numbers and message content to carriers (AT&T, Verizon, T-Mobile) and aggregators to deliver SMS/MMS.
• Email Service Providers: We use email infrastructure providers to deliver email notifications.
• Payment Processors: Stripe processes credit card payments. They maintain PCI-DSS compliance and do not share your payment details with us.
• Cloud Hosting: We host our Service on secure cloud infrastructure (AWS, Azure, or Google Cloud) with encryption at rest and in transit.
• Analytics Providers: We use analytics tools to understand how users interact with our Service (IP addresses are anonymized when possible).

4.2 Compliance and Legal Requirements

We may disclose your information if required by law or in good faith belief that such action is necessary to:

• Comply with legal obligations, court orders, subpoenas, or government requests
• Enforce our Terms of Service and investigate violations
• Protect the rights, property, or safety of AlertBolt, our users, or the public
• Respond to claims of TCPA or CAN-SPAM violations
• Cooperate with law enforcement investigations

4.3 Business Transfers

If Tridacom IT Solutions Inc. is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website before your information becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information for any other purpose with your explicit consent (for example, sharing testimonials or case studies with your approval).

5. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law:

• Account Data: Retained while your account is active, then deleted 90 days after account closure (unless legal obligations require longer retention).
• Message Content and Logs: Retained for 2 years to comply with TCPA audit requirements, carrier retention policies, and potential legal claims. After 2 years, logs are anonymized or deleted.
• Consent Records: Retained for 5 years from the date of last message sent, as required by TCPA to demonstrate compliance in potential litigation.
• Billing Records: Retained for 7 years to comply with tax and accounting regulations.
• Opt-Out Records: Retained indefinitely to ensure we never re-message contacts who have opted out, unless the contact explicitly re-opts in.

You may request deletion of your data at any time by contacting us at privacy@alertbolt.com. Note that some data may need to be retained for legal compliance.

6. Your Privacy Rights

6.1 GDPR Rights (EU Users)

If you are in the European Union, you have the following rights under GDPR:

• Right of Access: Request a copy of all personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data, subject to legal retention requirements.
• Right to Restrict Processing: Request that we limit how we use your data.
• Right to Data Portability: Receive your data in a structured, machine-readable format (JSON).
• Right to Object: Object to processing based on legitimate interests or direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time (does not affect past processing).

To exercise these rights, email privacy@alertbolt.com. We will respond within 30 days.

6.2 CCPA Rights (California Users)

If you are a California resident, you have the following rights under CCPA:

• Right to Know: Request disclosure of personal information we collect, use, disclose, and sell (we do not sell data).
• Right to Delete: Request deletion of your personal information, subject to exceptions.
• Right to Opt-Out: Opt out of the sale of personal information (we do not sell data, so this does not apply).
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, email privacy@alertbolt.com or call 1-888-803-BOLT (1-888-803-2658). We will verify your identity before processing requests.

6.3 Marketing Opt-Out

You can unsubscribe from our marketing emails by clicking the "Unsubscribe" link in any email or by emailing support@alertbolt.com. Note that you will still receive transactional emails (account notifications, billing, security alerts).

7. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience:

7.1 Types of Cookies We Use

• Essential Cookies: Required for authentication, session management, and security. These cannot be disabled.
• Analytics Cookies: Help us understand how users interact with the Service (e.g., Google Analytics with IP anonymization).
• Preference Cookies: Remember your settings like theme (light/dark mode), timezone, and language.

7.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies will prevent you from using the Service. Most browsers accept cookies by default; consult your browser's help documentation to change settings.

8. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data in transit uses TLS 1.3 encryption. All data at rest is encrypted using AES-256.
• Access Controls: Only authorized employees with legitimate business needs can access your data. All access is logged.
• Multi-Tenant Isolation: Your data is logically isolated from other customers using tenant-level database partitioning.
• Regular Audits: We conduct annual penetration testing, quarterly vulnerability scans, and maintain SOC 2 Type II certification.
• Password Security: Passwords are hashed using bcrypt with salts. We enforce minimum password strength requirements.
• Breach Notification: In the event of a data breach, we will notify affected users within 72 hours as required by GDPR.

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. International Data Transfers

AlertBolt is operated from the United States. If you are accessing the Service from outside the U.S., your information will be transferred to, stored, and processed in the United States, which may not provide the same level of data protection as your home country.

For EU users, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to legitimize data transfers. By using the Service, you consent to the transfer of your information to the United States.

10. Children's Privacy

AlertBolt is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@alertbolt.com, and we will delete the information promptly.

11. Third-Party Links

Our Service may contain links to third-party websites, integrations, or services (e.g., Microsoft Teams, payment processors). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification to your registered email address
• Displaying a prominent notice in the Service dashboard

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy. If you do not agree with changes, you must stop using the Service and close your account.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

14. Dispute Resolution

If you have a complaint about our privacy practices, please contact us first at privacy@alertbolt.com. We will investigate and attempt to resolve complaints in accordance with this Privacy Policy.

EU users have the right to lodge a complaint with their local supervisory authority if they believe our processing of personal data violates GDPR.