TARC Privacy Policy

Last updated: September 19, 2025

Effective: May 18, 2025

TARC LTD CO (“TARC,” “we,” “our,” or “us”) provides websites, mobile apps, and related services (collectively, the “Services”). This Privacy Policy explains what information we collect, how we use it, and the choices you have. If you do not agree with this Policy, please do not use the Services.

1) Information We Collect

We collect information about you when:

you visit or use the Services;
you create an account, or submit information (such as a name, email address, phone number, or location) in account-driven areas;
you communicate with us (e.g., support requests);
you participate in features that require information to function (e.g., notifications, messaging, payments).

Categories of information:

Account & Profile: name, email address, phone number, password, organization affiliation, and settings.
Usage & Device: pages viewed, links clicked, referring/exit pages, search terms, app version, browser type, operating system, device identifiers, IP address, date/time stamps, and approximate location derived from IP address.
Transactional: purchase history, payment method token or status (handled by our payment processor; we do not store full credit card numbers), subscriptions, refunds, and invoices.
Communications: messages you send to us (including email and in-app messages) and your contact preferences.
SMS Program data (if opted-in): your mobile number, opt-in/opt-out status, consent records, delivery status, and message logs.

We do not buy or otherwise receive personal data about you from data brokers.

2) How We Use Information

We use information to:

operate, maintain, and improve the Services (including optimization, debugging, and analytics);
detect, prevent, and respond to fraud, abuse, and security incidents;
comply with legal obligations and enforce our terms and policies;
communicate with you about updates, security notices, and support matters;
enable features you choose to use (e.g., profiles, messaging, payments, and organization participation);
compile aggregate statistics about how the Services are used.

Email uses: we may use your email address to send policy/terms updates, security and account notifications (including password resets), and legal notices. Where permitted, we may also send product or service announcements; you can opt out of non-essential emails at any time by using the unsubscribe link.

No sale or share of personal information: We do not “sell” or “share” personal information as those terms are defined by California privacy law. We disclose personal information only to our service providers and to the client who sent you the link, solely to provide the Services.

3) Legal Bases (where applicable)

Where required by law (e.g., in the EEA/UK), we rely on one or more of the following legal bases: performance of a contract; legitimate interests (e.g., securing and improving the Services); consent (e.g., for optional communications/analytics); and compliance with legal obligations.

4) Retention

We keep personal information for as long as it is reasonably necessary to provide the Services, comply with our legal obligations (including recordkeeping), resolve disputes, and enforce our agreements. If you request deletion of your account, we will delete or de-identify personal information we are not legally required—or have compelling legitimate grounds—to retain.

Analytics tied to identifiers are retained for as long as needed to provide reporting to the Client and to meet legal/recordkeeping requirements, after which we delete or de-identify them. Clients may instruct us to delete analytics earlier; you can also contact [email protected] to request deletion where applicable.

5) Your Choices & Rights

Account controls: you may access, correct, or delete certain information in your account settings.
Cookies & tracking: you may configure your browser to block cookies. Some features may not work as intended without cookies. You can also use a browser extension or DNS service to limit analytics tracking.
Email: you can unsubscribe from non-essential emails via the link in the message.
SMS: see Section 8 below for opt-out details.
Personalized link controls: if you received a personalized link and prefer not to be identified to the sender, you may remove the identifier from the URL (everything after the “?”) before visiting, or contact the sender to opt out of future personalized links. Where cookie consent applies, you can decline analytics cookies in the banner.
Privacy rights: depending on where you live, you may have rights to request access, correction, deletion, portability, or restriction/objection. To make a request, contact us at [email protected]. We will not discriminate against you for exercising your rights.

We do not sell or rent your personal information. We share information with:

Service providers that host our data; deliver content; provide analytics, security, customer support, and messaging; and process payments. These providers may process your information only on our instructions and for the purposes described in this Policy.
Payment processors (e.g., Stripe) to process transactions.
Law enforcement or regulators when required by law, subpoena, or court order, or to protect our rights, users, or the public.
A successor entity in connection with a merger, acquisition, or asset sale, subject to this Policy’s protections.

Disclosure to Clients: If you received a link from a Client, we share engagement reports about that link with that Client.

Do Not Sell/Share (California): We do not “sell” or “share” personal information as those terms are defined by California privacy law. We disclose personal information only to our service providers and to the Client who sent you the link, solely to provide the Services.

Some third-party services may independently collect information about your online activities across sites and services; those services are subject to their own privacy policies.

7) Processing on Behalf of Clients (Controller/Processor Roles)

TARC provides tools for business customers (“Clients”) to distribute marketing materials via email and SMS and to measure engagement. For those activities, the Client is the data controller/business and TARC acts as the data processor/service provider that processes personal information solely on the Client’s instructions and to deliver the Services to that Client. For TARC’s own website operations, account management, billing, and product improvement, TARC is the controller/business.

8) Personalized Links & Analytics

When a Client sends you a link using our Services, the link may contain a unique identifier (for example, in the URL query string). When you open the link, we collect technical data about your visit (such as IP address, device/browser, time, pages viewed) and associate it with that identifier so the Client can see that you visited and how you engaged. We may use cookies, local storage, and/or pixels to support this feature and to prevent fraud and abuse.

We provide the Client with reports that may include whether a specific contact opened a message, clicked a link, visited the materials, and high-level engagement metrics. We do not use this information for our own marketing and we do not sell it.

9) International Transfers & Storage

We store data on servers located in the United States of America. If you access the Services from outside the U.S., you understand that your information may be transferred to, stored in, and processed in the U.S., which may have data-protection laws different from those where you live.

10) SMS/MMS Program (US A2P 10DLC)

By providing your mobile number and opting in, you agree to receive SMS/MMS messages related to our Services (e.g., updates, alerts, and information you request). Message frequency varies. Message and data rates may apply. Your consent to receive messages is not a condition of purchase.

Opt out: reply STOP to any message to opt out. You may also contact [email protected] and we will remove you.
Help: reply HELP or contact [email protected].
Data use: we do not sell or share mobile originator data (including phone numbers, opt-in/opt-out status, and consent records) with third parties or affiliates for marketing or promotional purposes. We share SMS data only with service providers and carriers as necessary to operate the messaging program or comply with law.
Retention: we retain SMS-related data for as long as needed to provide the messaging service and maintain required records, after which we delete or de-identify it.

11) Children’s Privacy

The Services are intended for individuals 13 years of age and older. If you are under 13, you may not use the Services. If we learn we have collected personal information from a child under 13 without verifiable parental consent, we will delete it. Parents/guardians who believe their child has provided personal information may contact us at [email protected].

Privacy Policy