Your Privacy, Our Priority

1. Introduction

Welcome to Tieline (tielinecrm.com). We provide a personal CRM browser extension and related marketing services (collectively, the "Service"). This Privacy Policy explains:

• What personal information we collect
• Why we collect it and how we use it
• Who we share it with
• How long we keep it
• Your rights and choices

This policy applies to all users of our marketing website at tielinecrm.com and all users of the Tieline browser extension. Where practices differ between these two contexts, we call it out explicitly.

By using our Service, you acknowledge that you have read and understood this policy.

2. Our No-Sale Promise

3. Who We Are and How to Contact Us

Data Controller: Tieline (operating as a sole proprietorship pending LLC formation)

Contact for Privacy Matters:

• Email: privacy@tielinecrm.com
• Response Time: We will acknowledge your request within 5 business days and fulfill it within 30 days (or 45 days where legally permitted for complex requests).

4. Information We Collect

4.1 Marketing Website — Waitlist

When you join the waitlist at tielinecrm.com, we collect:

We use a double opt-in process: you enter your email, we send a confirmation link, and your waitlist spot is only secured once you click that link. This protects you from unauthorized sign-ups.

4.2 Marketing Website — Contact Form

4.3 Tieline Browser Extension

To provide CRM functionality, the extension may collect:

We do not:

• Record or store the content of LinkedIn messages or conversations
• Capture data from pages you did not explicitly activate the extension on
• Track your browsing history
• Collect data in the background without your action

4.4 Automatically Collected Technical Information

Both the website and extension may log:

• Browser type and version (for compatibility)
• General country-level location (derived from IP, not stored)
• Error logs (for debugging; no personal data attached)

5. How We Use Your Information

We will not use your data for:

• Advertising or remarketing
• Creditworthiness or profiling
• Automated decision-making with legal or significant effects on you
• Any purpose unrelated to providing the Tieline service

6. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:

You may withdraw your consent at any time (see Section 13).

7. How We Share Your Information

We share personal data only with the service providers listed in Section 8, and only to the extent necessary to provide the Service. We do not sell data or share it with advertisers.

We may disclose your information if required by law, such as in response to a valid court order, subpoena, or government request. We will notify you before disclosing your information unless prohibited by law.

In the event of a business merger or acquisition, your data may be transferred as part of that transaction, but only under the same privacy commitments described in this policy.

8. Third-Party Services We Use

All third-party providers are contractually required to protect your data and use it only for the specified purpose.

9. Data Retention

When data reaches its retention limit, it is deleted or anonymized.

10. Security

We take security seriously and implement the following measures:

• Encryption in transit: All data between your browser and our servers is encrypted using HTTPS/TLS 1.2+.
• Encryption at rest: Data stored in Netlify's infrastructure is encrypted at rest using AES-256.
• Access controls: Only authorized team members can access personal data, via service role keys stored securely as environment variables — never in source code.
• IP anonymization: IP addresses are hashed (SHA-256) before storage; raw IPs are never persisted.
• Minimal permissions: The extension only requests the minimum browser permissions necessary: storage, identity, and host permissions for supported sites (LinkedIn).
• Bot protection: Waitlist forms are protected by Cloudflare Turnstile and a honeypot field to prevent automated abuse.
• Security headers: Our website enforces strict HTTP security headers including Content Security Policy (CSP), HSTS, X-Frame-Options, and Referrer-Policy.
• Third-party audits: We rely on Netlify's security infrastructure, which maintains SOC 2 Type II certification.

No system is 100% secure. If you discover a security vulnerability, please report it responsibly to privacy@tielinecrm.com.

11. Cookies and Tracking Technologies

11.1 Marketing Website

The Tieline marketing website does not set any cookies and does not use tracking scripts. We do not use:

• Google Analytics or similar tracking
• Facebook Pixel or advertising pixels
• Session recording tools

Cloudflare Turnstile (our bot detection tool for the waitlist form) may use browser signals to determine if you are human, but it does not set tracking cookies and is privacy-compliant with GDPR.

Umami Analytics collects anonymized, aggregate data (page views, device type, referrers) with no personal identifiers, no cookies, and no cross-site tracking. It is fully GDPR compliant and does not require cookie consent.

If we add additional analytics or tracking in the future, we will update this policy and, where required, obtain your consent first.

11.2 Browser Extension

The extension uses chrome.storage.local and/or chrome.storage.sync to store your CRM data and settings locally in your browser. This is not a cookie and is not shared with us unless you explicitly sync or export.

12. Chrome Web Store Special Disclosures

This section is required by the Chrome Web Store Developer Program Policies.

• Single Purpose: Tieline uses collected data solely to provide CRM functionality. We do not use your data for advertising, assessing creditworthiness, or any purpose unrelated to the extension's core features.
• Limited Use: Our use of data accessed via Google APIs complies with the Chrome Web Store User Data Policy, including the Limited Use requirements.
• Data Encryption: All personal or sensitive user data is encrypted in transit (HTTPS/TLS) and at rest (AES-256).
• Data Minimization: We do not scrape your browsing history. We only access data on specific pages when you explicitly activate the extension to save a contact.
• No Remote Code Execution: The extension does not download or execute remote code that is not part of the published package.
• Permission Justifications:
  • storage — Required to save your CRM data locally.
  • identity — Required for Google SSO sign-in.
  • host_permissions for LinkedIn — Required to access contact profile information on the pages where you use the extension.

13. Your Privacy Rights

Regardless of where you live, you have the following rights. To exercise any of them, email us at privacy@tielinecrm.com with the subject line matching your request.

13.1 Universal Rights

To opt out of waitlist emails, reply "UNSUBSCRIBE" to any email from us, or email privacy@tielinecrm.com.

13.2 GDPR Rights (EEA and UK Residents)

In addition to the rights above, EEA and UK residents have the right to:

• Lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, or your country's data protection authority in the EU).
• Request restriction of processing while a dispute is pending.

We fulfill GDPR data subject requests within 30 days (or 45 days for complex requests, with notice).

13.3 CCPA / CPRA Rights (California Residents)

California residents have the right to:

• Know what personal information we collect, use, disclose, and sell (we do not sell)
• Delete personal information (subject to certain exceptions)
• Correct inaccurate personal information
• Opt-out of the "sale" or "sharing" of personal information (not applicable — we do not sell or share)
• Non-discrimination for exercising privacy rights
• Opt-out of automated decision-making (we do not engage in profiling with significant effects)

In accordance with 2026 regulations, any request to opt-out of data processing will receive a visible confirmation within 24 hours.

Categories of personal information collected (CCPA disclosure):

• Identifiers (name, email address)
• Internet activity (error logs, limited to debugging)

We do not collect: Social Security numbers, financial information, health data, precise geolocation, or sensitive personal information as defined by CPRA.

13.4 Other US State Privacy Rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with privacy laws have rights consistent with those described above. Contact us at privacy@tielinecrm.com to exercise your rights.

14. International Data Transfers

Tieline is operated from the United States. If you are accessing our service from the European Economic Area (EEA), United Kingdom, or other regions with data protection laws, your data may be transferred to and processed in the United States.

Where such transfers occur, we rely on:

• Standard Contractual Clauses (SCCs) adopted by the European Commission, where applicable
• Our data processors' compliance with applicable transfer mechanisms (Netlify and Resend both maintain EU data processing agreements)

15. Children's Privacy

The Tieline service is intended for adults and business professionals. We do not knowingly collect personal information from:

• Children under 13 years of age (as defined by the US COPPA)
• Children under 16 years of age (as defined by GDPR for consent to data processing)

If we learn that we have collected personal information from a child under 13 (or 16 where applicable), we will delete it promptly. If you believe we may have collected such information, please contact us at privacy@tielinecrm.com.

16. Security Breach Notification

In the event of a data breach that affects your personal information:

• We will notify affected users without undue delay and, where required by law:
  • Within 72 hours of discovery for GDPR-covered breaches (notification to the relevant supervisory authority)
  • Within applicable timelines for US state breach notification laws
• We will provide details of what data was affected, what we are doing, and what you can do to protect yourself.

To report a security vulnerability, please email security@tielinecrm.com. We will acknowledge reports within 48 hours.

17. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the Policy Version and Effective Date at the top of this document
• Notify waitlist subscribers by email at least 14 days before material changes take effect
• Update the version referenced in any integrated apps (e.g., the browser extension)

Minor changes (e.g., clarifications, fixing typos) do not require advance notice but will still be reflected in the version number.

Archived versions of this policy are available upon request (email privacy@tielinecrm.com).

The Tieline browser extension references this policy by version number. If you accepted a prior version within the app, that version remains in effect for you until the policy is updated with advance notice.