© Tiboh Inc. 2025. All Rights Reserved.
Terms  ·  Privacy
Tiboh Inc.
Tiboh Inc.
AI Automation
Tiboh Inc. / Privacy Policy

Privacy Policy

Effective January 1, 2025. Last updated May 1, 2025.

Privacy
Table of Contents
  1. Information We Collect
  2. How We Use Your Information
  3. Information Sharing & Disclosure
  4. Data Retention
  5. Data Security
  6. Your Rights
  7. California Privacy Rights (CCPA)
  8. Children's Privacy
  9. Third-Party Links
  10. AI Services & Data Processing
  11. Changes to This Policy
  12. Contact Us

Effective Date: January 1, 2025  ·  Last Updated: May 1, 2025

Tiboh Inc. ("Company," "we," "us," or "our") is committed to protecting the privacy of individuals who visit our website and engage our services. This Privacy Policy describes how we collect, use, disclose, and safeguard personal information when you visit tiboh.com ("Site") or engage our AI automation and professional services. By using the Site, you consent to the practices described in this Policy. If you do not agree, please do not use the Site.

1. Information We Collect

1.1 Information You Provide Directly

We collect information you voluntarily provide to us through the Site, contact forms, email, phone, or in the course of a service engagement, including:

  • Identity and contact information: name, email address, phone number, job title, company name, and business address
  • Project and business information: descriptions of your business operations, processes, pain points, and goals shared during discovery calls, intake forms, or project communications
  • Payment and billing information: billing name, address, and payment instructions (note: payment card data is processed exclusively by our third-party payment processors and is never stored by Tiboh Inc.)
  • Communications: the content of emails, chat messages, call notes, and other correspondence you exchange with our team during or in connection with an engagement
  • Feedback and survey responses: responses to satisfaction surveys, project retrospectives, or other feedback requests

1.2 Automatically Collected Information

When you visit the Site, our servers and analytics tools may automatically collect certain technical information, including:

  • IP address and approximate geographic location derived from IP
  • Browser type and version, operating system, device type
  • Pages viewed, time spent on each page, navigation path, referring URL
  • Device identifiers and session identifiers
  • Error logs and performance data

This automatically collected information is used in aggregate and pseudonymous form for Site analytics, performance monitoring, and security purposes. It is not linked to individual user identities unless required for security investigations.

1.3 Cookies and Tracking Technologies

The Site uses cookies, web beacons, and similar tracking technologies to enhance user experience and analyze Site traffic. We use: (a) session cookies that expire when you close your browser, used to maintain your session state; (b) persistent cookies that remain on your device until expiry or deletion, used for analytics and returning visitor identification. You may disable cookies in your browser settings at any time; however, certain Site functionality may be affected. We do not currently respond to browser "Do Not Track" signals, as no uniform industry standard exists for such signals.

2. How We Use Your Information

We use the information we collect for the following purposes, each supported by a legitimate business interest or your explicit consent:

  • Service delivery: to respond to inquiries, scope engagements, develop and deliver the services described in executed Statements of Work
  • Account and project management: to manage client relationships, track project status, issue invoices, and process payments
  • Communication: to communicate about project status, deliverable reviews, support requests, and business-related updates
  • Site improvement: to analyze Site usage patterns, identify usability issues, and improve content and functionality
  • Security: to detect, investigate, and prevent fraud, unauthorized access, and other security threats
  • Legal compliance: to comply with applicable laws, regulations, court orders, and government requests
  • Terms enforcement: to enforce our Terms of Service and protect the rights and interests of Tiboh Inc. and other clients

We do not use your personal information for unsolicited marketing or promotional communications without your prior consent. If you opt in to receive marketing communications, you may withdraw consent and unsubscribe at any time by emailing info@tiboh.com or clicking "unsubscribe" in any marketing email.

3. Information Sharing & Disclosure

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may share information only in the following circumstances:

  • Service providers and subprocessors: we engage third-party vendors who assist us in operating the Site and delivering services, including cloud hosting providers, payment processors, email delivery services, and project management tools. These providers are contractually bound to process your information only as directed by us, for the purposes specified, and with appropriate security measures.
  • AI API providers: client business data submitted to AI processing workflows passes through the Anthropic Claude API. Anthropic's data handling is governed by Anthropic's terms of service and privacy policy, and by the data processing terms in our client engagements. We do not use client data to train AI models.
  • Legal and regulatory compliance: we may disclose information when required to do so by applicable law, regulation, legal process (including subpoenas and court orders), or requests from governmental or regulatory authorities with jurisdiction over Tiboh Inc.
  • Protection of rights: we may disclose information where we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Tiboh Inc., our clients, or third parties, including for fraud prevention and security purposes.
  • Business transfers: in connection with a merger, acquisition, asset sale, financing, or other corporate transaction involving Tiboh Inc., your information may be transferred to the acquiring or successor entity as part of the transaction. We will provide notice of any such transfer and the choices available to you, consistent with applicable law.

4. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, comply with our legal and contractual obligations, resolve disputes, and enforce our agreements. Our general retention practices are:

  • Client project data: retained for seven (7) years after project completion, to comply with accounting, tax, and legal record-keeping requirements
  • Marketing communications opt-in records: retained until you withdraw consent, plus 3 years for compliance documentation
  • Site analytics data: retained in aggregate, anonymized form indefinitely; pseudonymous individual session data retained for 24 months
  • Security logs: retained for 12 months unless retained longer for active security investigations

You may request deletion of your personal information at any time by contacting us at info@tiboh.com. We will honor deletion requests subject to legal and contractual retention obligations and after confirming your identity.

5. Data Security

We implement commercially reasonable technical and organizational security measures designed to protect your personal information from unauthorized access, disclosure, alteration, loss, or destruction. Our security practices include:

  • Encrypted data transmission via HTTPS (TLS) for all Site communications
  • Access controls and role-based permissions for internal systems containing personal data
  • Secure credential management and multi-factor authentication for systems handling client data
  • Regular security assessments of our infrastructure and third-party service providers
  • Incident response procedures for detecting, reporting, and responding to data security incidents

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. In the event of a data security incident affecting your personal information, we will notify you as required by applicable law.

6. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information. To exercise any of these rights, contact us at info@tiboh.com. We will respond within 30 calendar days of receiving a verifiable request.

  • Right of Access: request a copy of the personal information we hold about you, including information about how it is processed and with whom it is shared
  • Right of Correction: request correction of inaccurate, incomplete, or outdated personal information
  • Right of Deletion: request deletion of your personal information, subject to legal and contractual retention requirements
  • Right of Portability: request your personal data in a structured, commonly used, machine-readable format for transfer to another controller
  • Right to Object: object to certain types of processing, including direct marketing, where we rely on legitimate interests as the legal basis for processing
  • Right to Restrict Processing: request that we restrict processing of your personal data in certain circumstances (e.g., while you contest its accuracy)
  • Right to Opt Out of Marketing: withdraw consent for marketing communications at any time by emailing info@tiboh.com or clicking "unsubscribe" in any marketing email

We may request identity verification before processing certain requests to protect against unauthorized access to your information.

7. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA"):

  • Right to Know: the right to know the categories and specific pieces of personal information we have collected about you in the preceding 12 months, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we share it
  • Right to Delete: the right to request deletion of personal information we have collected, subject to certain exceptions
  • Right to Correct: the right to request correction of inaccurate personal information
  • Right to Opt Out of Sale or Sharing: Tiboh Inc. does not sell or share personal information for cross-context behavioral advertising. No opt-out mechanism is required.
  • Right to Non-Discrimination: the right not to receive discriminatory treatment for exercising your CCPA rights

To submit a CCPA request, email info@tiboh.com with "CCPA Privacy Request" in the subject line, and include your name, email address, and the nature of your request. We will acknowledge receipt within 10 business days and respond within 45 calendar days (extendable by an additional 45 days with notice).

8. Children's Privacy

The Site and our services are designed for and directed exclusively to business users aged 18 and older. We do not knowingly collect, solicit, or process personal information from children under the age of 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take prompt steps to delete that information from our records. If you believe we may have collected information from a child under 13, please contact us immediately at info@tiboh.com.

9. Third-Party Links

The Site may contain links to third-party websites, services, or resources that are not owned or operated by Tiboh Inc. These links are provided for your convenience and informational purposes only. Tiboh Inc. has no control over, and assumes no responsibility for, the content, privacy policies, or data practices of any third-party sites or services. We encourage you to review the privacy policy of every website you visit before providing any personal information. The inclusion of a link on tiboh.com does not imply endorsement of the linked site or service.

10. AI Services & Data Processing

In delivering our AI automation services, we process client business data using third-party AI APIs, primarily the Anthropic Claude API. The following principles govern our AI data processing practices:

  • Purpose limitation: client data processed through AI systems is used solely to deliver the contracted services specified in the applicable Statement of Work — never for any other purpose
  • No model training: Tiboh Inc. does not use client data to train, fine-tune, improve, or evaluate any AI model, including Claude or any other model. Our Anthropic API usage is governed by Anthropic's enterprise data handling commitments
  • Confidentiality: all client data submitted to AI processing workflows is subject to the confidentiality obligations in our Terms of Service and any applicable Non-Disclosure Agreement
  • Data minimization: we process only the client data strictly necessary to deliver the contracted AI automation functionality
  • Self-hosted infrastructure: where clients choose self-hosted deployment (the default for most Tiboh services), client operational data remains within infrastructure the client controls, reducing third-party data exposure
  • Data Processing Agreements: for clients in regulated industries or subject to GDPR, HIPAA, or similar frameworks, we will execute a Data Processing Agreement specifying the technical and organizational measures applied to client data

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, applicable law, or for other operational or legal reasons. When we make changes, we will update the "Last Updated" date at the top of this page and post the revised Policy on the Site. For material changes that may significantly affect your rights or our data practices, we will make reasonable efforts to provide more prominent notice, which may include a notification email to active clients or a notice on the Site's homepage. The updated Policy takes effect upon posting unless a later effective date is specified. We encourage you to review this Policy periodically. Your continued use of the Site or Services after the posting of an updated Policy constitutes your acceptance of the changes.

12. Contact Us

For privacy-related questions, requests, concerns, or to exercise your data rights, please contact our privacy team:

Tiboh Inc. — Privacy
1029 Lyell Ave, Unit #553
Rochester, NY 14606, USA
Email: info@tiboh.com (subject: "Privacy Request")
Phone: +1 302-345-4652

We are committed to resolving privacy complaints promptly. We will acknowledge all privacy requests within 5 business days and provide a substantive response within 30 calendar days.