Privacy and Security Policy
Collection of your Personal Information
In order to better provide you with products and services offered, Tidal may collect personally identifiable information, such as your:
- First and Last Name
- E-mail Address
- Job Title
We do not collect any personal information about you unless you voluntarily provide it to us. However, you may be required to provide certain personal information to us when you elect to use certain products or services. These may include: (a) registering for an account; (b) signing up for special offers; (d) sending us an email message; (e) submitting your credit card or other payment information when ordering and purchasing products and services. To wit, we will use your information for, but not limited to, communicating with you in relation to services and/or products you have requested from us. We also may gather additional personal or non-personal information in the future.
Use of your Personal Information
Tidal collects and uses your personal information to operate and deliver the services you have requested.
Tidal may also use your personally identifiable information to inform you of other products or services available from Tidal and its affiliates.
Sharing Information with Third Parties
Tidal does not sell, rent or lease its customer lists to third parties.
Tidal may share data with trusted partners to help perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to Tidal, and they are required to maintain the confidentiality of your information.
Tidal may disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on Tidal or the site; (b) protect and defend the rights or property of Tidal; and/or (c) act under exigent circumstances to protect the personal safety of users of Tidal, or the public.
Tracking User Behavior
Tidal may keep track of the websites and pages our users visit within Tidal, in order to determine what Tidal services are the most popular. This data is used to deliver customized content and advertising within Tidal to customers whose behavior indicates that they are interested in a particular subject area.
Automatically Collected Information
Information about your computer hardware and software may be automatically collected by Tidal. This information can include: your IP address, browser type, domain names, access times and referring website addresses. This information is used for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of the Tidal website.
The Tidal website may use "cookies" to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.
One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize Tidal pages, or register with Tidal site or services, a cookie helps Tidal to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the same Tidal website, the information you previously provided can be retrieved, so you can easily use the Tidal features that you customized.
You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Tidal services or websites you visit.
Security of your Personal Information
Tidal secures your personal information from unauthorized access, use, or disclosure. Tidal uses the following methods for this purpose:
- SSL Protocol
When personal information is transmitted to other websites, it is protected through the use of encryption, such as the Secure Sockets Layer (SSL) protocol.
We strive to take appropriate security measures to protect against unauthorized access to or alteration of your personal information. Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, you acknowledge that: (a) there are security and privacy limitations inherent to the Internet which are beyond our control; and (b) security, integrity, and privacy of any and all information and data exchanged between you and us through this Site cannot be guaranteed.
Right to Deletion
Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:
• Delete your personal information from our records; and
• Direct any service providers to delete your personal information from their records.
Please note that we may not be able to comply with requests to delete your personal information if it is necessary to:
• Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
• Debug to identify and repair errors that impair existing intended functionality;
• Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
• Comply with the California Electronic Communications Privacy Act;
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent;
• Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;
• Comply with an existing legal obligation; or
• Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
Children Under Thirteen
Tidal does not knowingly collect personally identifiable information from children under the age of thirteen. If you are under the age of thirteen, you must ask your parent or guardian for permission to use this website.
From time to time, Tidal may contact you via email for the purpose of providing announcements, promotional offers, alerts, confirmations, surveys, and/or other general communication. In order to improve our Services, we may receive a notification when you open an email from Tidal or click on a link therein.
If you would like to stop receiving marketing or promotional communications via email from Tidal, you may opt-out of such communications by emailing us at firstname.lastname@example.org.
External Data Storage Sites
We may store your data on servers provided by third-party hosting vendors with whom we have contracted.
Changes to this Statement
Tidal welcomes your questions or comments regarding this Statement of Privacy. If you believe that Tidal has not adhered to this Statement, please contact Tidal at:
Tidal Security Inc.
Effective as of January 08, 2022
- Information Security Program
- We have an Information Security Program in place that is communicated throughout the organization. Our Information Security Program follows the criteria set forth by the SOC 2 Framework. SOC 2 is a widely known information security auditing procedure created by the American Institute of Certified Public Accountants.
- Third-Party Audits
- Our organization undergoes independent third-party assessments to test our security and compliance controls.
- Third-Party Penetration Testing
- We perform an independent third-party penetration at least annually to ensure that the security posture of our services is uncompromised.
- Roles and Responsibilities
- Roles and responsibilities related to our Information Security Program and the protection of our customer’s data are well defined and documented. Our team members are required to review and accept all of the security policies.
- Security Awareness Training
- Our team members are required to go through employee security awareness training covering industry standard practices and information security topics such as phishing and password management.
- All team members are required to sign and adhere to an industry standard confidentiality agreement prior to their first day of work.
- Background Checks
- We perform background checks on all new team members in accordance with local laws.
- Cloud Infrastructure Security
- All of our services are hosted with Amazon Web Services (AWS). AWS employs a robust security program with multiple certifications. For more information on our provider’s security processes, please visit AWS Security.
- Data Hosting Security
- All of our data is hosted on Amazon Web Services (AWS) databases. These databases are all located in the United States. Please reference the above vendor specific documentation linked above for more information.
- Encryption at Rest
- All databases are encrypted at rest.
- Encryption in Transit
- Our applications encrypt in transit with TLS/SSL only.
- Vulnerability Scanning
- We perform vulnerability scanning and actively monitor for threats.
- Logging and Monitoring
- We actively monitor and log various cloud services.
- Business Continuity and Disaster Recovery
- We use our data hosting provider’s backup services to reduce any risk of data loss in the event of a hardware failure. We utilize monitoring services to alert the team in the event of any failures affecting users.
- Incident Response
- We have a process for handling information security events which includes escalation procedures, rapid mitigation, and communication.
- Permissions and Authentication
- Access to cloud infrastructure and other sensitive tools are limited to authorized employees who require it for their role.
- Where available we have Single Sign-on (SSO), 2-factor authentication (2FA) and strong password policies to ensure access to cloud services are protected.
- Least Privilege Access Control
- We follow the principle of least privilege with respect to identity and access management.
- Quarterly Access Reviews
- We perform quarterly access reviews of all team members with access to sensitive systems.
- Password Requirements
- All team members are required to adhere to a minimum set of password requirements and complexity for access.
- Password Managers
- All company issued laptops utilize a password manager for team members to manage passwords and maintain password complexity.
Vendor and Risk Management
- Annual Risk Assessments
- We undergo at least annual risk assessments to identify any potential threats, including considerations for fraud.
- Vendor Risk Management
- Vendor risk is determined and the appropriate vendor reviews are performed prior to authorizing a new vendor.
Last updated 5/10/2023