Privacy policy for TrueCaaS interactions and onboarding.

This Privacy Policy explains how True2air Inc., a Delaware corporation, and its affiliates, service providers, vendors, and subprocessors, as applicable, collect, use, disclose, retain, protect, and otherwise process information in connection with TrueCaaS, including our website, signup process, application, dashboards, APIs, security layer, support services, documentation, communications, and related services.

TrueCaaS is a business-to-business security platform intended for use by companies, organizations, and other business tenants. It is not intended for personal, household, or consumer use.

By accessing or using TrueCaaS, creating an account, completing signup, accepting our Terms and Conditions, communicating with us, or allowing your organization’s users to use TrueCaaS, you acknowledge this Privacy Policy.

If you use TrueCaaS on behalf of an organization, that organization is responsible for providing all required notices to its employees, contractors, administrators, users, customers, vendors, and other individuals whose information may be processed through TrueCaaS.

Tenant’s use of TrueCaaS is also governed by the TrueCaaS Terms and Conditions, including the shared security responsibility and tenant-caused security event provisions described therein.

---

1. Our Privacy Position

TrueCaaS is designed to provide a security layer for business tenants. We aim to collect and process only the information reasonably necessary to provide, secure, maintain, support, monitor, and improve the Service.

We do not intentionally collect unnecessary personally identifiable information, sensitive personal data, consumer identity documents, personal financial information, health information, children’s data, biometric identifiers, or government identification numbers through TrueCaaS.

However, because TrueCaaS is a security platform, we may process limited business contact information, account information, administrator information, user identifiers, IP addresses, authentication events, security logs, audit logs, device information, configuration data, activity metadata, and other security telemetry. Some of this information may be considered personal data, personal information, or personally identifiable information under applicable privacy laws.

We do not sell Tenant Data.

We do not use Tenant Data for third-party advertising.

We do not knowingly collect personal data from children.

We do not intentionally require Tenants to submit sensitive personal data.

We process Tenant Data primarily to provide, secure, maintain, support, monitor, and improve TrueCaaS.

---

2. Definitions

For purposes of this Privacy Policy:

“Authorized User” means an employee, contractor, administrator, agent, service account, or other individual or system authorized by a Tenant to access or use TrueCaaS.

“Personal Data” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to an identified or identifiable individual. This may include business contact information, usernames, user IDs, business email addresses, IP addresses, device identifiers, online identifiers, authentication events, login records, security logs, and audit records.

“Sensitive Personal Data” means personal data that is subject to heightened protection under applicable law, including government identification numbers, health information, biometric data, genetic data, precise personal geolocation data, children’s data, payment card data, financial account data, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, criminal conviction data, or data concerning a person’s sex life or sexual orientation.

“Service” or “TrueCaaS” means the TrueCaaS application, platform, security layer, APIs, dashboards, software, tools, documentation, support, and related services.

“Tenant” means the company, organization, or legal entity that signs up for, subscribes to, accesses, or uses TrueCaaS.

“Tenant Data” means data, files, logs, records, configurations, security signals, alerts, metadata, reports, content, and other information submitted to, transmitted through, generated by, or processed through TrueCaaS on behalf of a Tenant.

“True2air,” “we,” “us,” or “our” means True2air Inc., a Delaware corporation.

---

3. Scope of This Privacy Policy

This Privacy Policy applies to information processed in connection with:

• the TrueCaaS website;
• the TrueCaaS signup process;
• the TrueCaaS application and dashboard;
• the TrueCaaS security layer;
• TrueCaaS APIs and integrations;
• support, onboarding, and troubleshooting;
• billing and account administration;
• security monitoring and operational logging;
• communications with True2air; and
• related business, legal, compliance, and security operations.

This Privacy Policy does not apply to third-party websites, applications, products, services, integrations, cloud providers, identity providers, or platforms that are not owned or controlled by True2air. Those third parties are governed by their own terms and privacy policies.

---

4. True2air’s Role: Controller and Processor

Depending on the context, True2air may act as either a processor/service provider or a controller/business.

4.1 Tenant Data

When True2air processes Tenant Data on behalf of a Tenant to provide TrueCaaS, the Tenant generally acts as the controller, and True2air generally acts as the processor. In this context, the Tenant determines the purposes and means of processing Tenant Data, and True2air processes Tenant Data according to the Tenant’s instructions, the TrueCaaS Terms and Conditions, any applicable Order Form, this Privacy Policy, and any applicable Data Processing Addendum.

4.2 Account, Billing, Website, and Business Data

When True2air processes information for its own business purposes, including account creation, billing, website analytics, legal compliance, fraud prevention, security of our own systems, support communications, product administration, and business relationship management, True2air may act as a controller.

4.3 Tenant Responsibility

Tenants are responsible for determining whether and how they may lawfully use TrueCaaS, including whether they must provide employee notices, obtain consents, establish a lawful basis for processing, conduct a data protection impact assessment, maintain records of processing activities, update internal privacy policies, or enter into a Data Processing Addendum with True2air.

---

5. Information We Collect

We collect and process different categories of information depending on how Tenants and Authorized Users interact with TrueCaaS.

---

5.1 Account and Signup Information

When a Tenant signs up for TrueCaaS, creates an account, or manages a subscription, we may collect:

• company name;
• business address;
• administrator name;
• administrator business email address;
• business phone number;
• username;
• password or authentication credential information;
• role, title, department, or organization information;
• account settings;
• billing contact information;
• subscription plan information;
• payment status;
• tax information;
• acceptance of the TrueCaaS Terms and Conditions;
• acceptance timestamp, IP address, user-agent, and account identifier; and
• communications related to account creation or administration.

We use this information to create and manage accounts, authenticate users, administer subscriptions, provide support, maintain records, enforce agreements, prevent fraud, and secure the Service.

---

5.2 Authentication, Security, and Access Information

Because TrueCaaS provides a security layer, we may process authentication, access, and security information, including:

• login attempts;
• authentication events;
• session information;
• access tokens;
• API keys or token metadata;
• role and permission data;
• multi-factor authentication status;
• user IDs;
• business email addresses or usernames;
• IP addresses;
• device identifiers;
• browser type;
• operating system;
• user-agent strings;
• geolocation inferred from IP address;
• timestamps;
• administrative activity;
• audit logs;
• failed login records;
• security alerts;
• suspicious activity indicators; and
• access control events.

We use this information to provide security functionality, detect unauthorized access, investigate suspicious activity, prevent abuse, enforce access controls, generate audit records, support incident response, and protect True2air, Tenants, Authorized Users, other customers, and third parties.

---

5.3 Tenant Configuration and Integration Data

If a Tenant configures TrueCaaS or connects TrueCaaS to third-party systems, we may process:

• configuration settings;
• tenant environment metadata;
• cloud account metadata;
• integration identifiers;
• API endpoint information;
• permission scopes;
• identity provider metadata;
• security policy settings;
• routing or firewall rules;
• domain names;
• organization IDs;
• workspace IDs;
• group memberships;
• administrative actions;
• system status information; and
• logs or events generated by connected services.

Tenants are responsible for ensuring that they have the legal right to connect third-party systems to TrueCaaS and to submit configuration, integration, security, and operational data to the Service.

---

5.4 Security Telemetry and Operational Data

TrueCaaS may collect or generate security telemetry and operational data, including:

• system logs;
• application logs;
• API logs;
• network metadata;
• threat indicators;
• event metadata;
• error logs;
• performance metrics;
• uptime and availability data;
• feature usage data;
• diagnostic data;
• abuse signals;
• malware or suspicious file metadata;
• security policy violations;
• blocked or allowed activity;
• risk scores;
• alerts;
• vulnerability signals;
• service health information; and
• incident investigation records.

We use this information to operate, secure, maintain, troubleshoot, improve, and support TrueCaaS.

---

5.5 Support and Communications Data

When Tenants or Authorized Users contact us, we may collect:

• name;
• business email address;
• company name;
• support tickets;
• chat messages;
• call notes;
• diagnostic files;
• screenshots;
• logs submitted for troubleshooting;
• technical details about the issue; and
• communications with our personnel.

Tenants and Authorized Users should avoid submitting sensitive personal data or unnecessary personal data in support communications.

---

5.6 Payment and Billing Information

We may collect billing and payment-related information, including:

• billing name;
• billing email address;
• billing address;
• subscription plan;
• invoice history;
• tax details;
• payment status;
• transaction identifiers; and
• payment processor metadata.

We generally do not store full payment card numbers. Payment card information, if used, is processed by our payment processor under its own terms, privacy policy, and security practices.

---

5.7 Website, Cookie, and Analytics Data

When visitors use our website, landing pages, documentation, or online signup flow, we may collect:

• IP address;
• browser type;
• device type;
• operating system;
• referring URL;
• pages visited;
• time on page;
• clicks;
• cookie identifiers;
• analytics events;
• form submissions; and
• marketing preferences.

We may use cookies, pixels, local storage, and similar technologies to operate the website, remember preferences, understand usage, secure the website, prevent fraud, improve our services, and support marketing where permitted.

Where required by law, we will obtain consent before using non-essential cookies.

---

5.8 Marketing and Business Contact Information

If you request information, subscribe to communications, attend an event, request a demo, download materials, or otherwise engage with us, we may process:

• name;
• business email address;
• company name;
• title or role;
• industry;
• communication preferences;
• event participation;
• product interest; and
• marketing interaction data.

You may opt out of marketing emails at any time by using the unsubscribe link in the email or by contacting us through the contact form available on the TrueCaaS website at:

[Insert TrueCaaS contact form URL]

---

5.9 Information We Do Not Intentionally Collect

TrueCaaS does not intentionally require Tenants to submit the following categories of information through the Service:

• Social Security numbers;
• driver’s license numbers;
• passport numbers;
• personal payment card numbers;
• personal bank account numbers;
• protected health information;
• children’s data;
• biometric identifiers;
• genetic data;
• precise personal geolocation data;
• racial or ethnic origin;
• political opinions;
• religious or philosophical beliefs;
• trade union membership;
• criminal conviction data; or
• other highly sensitive personal data.

Tenants must not submit Sensitive Personal Data to TrueCaaS unless expressly authorized in a written agreement with True2air.

---

6. How We Use Information

We may use information for the following purposes:

• to provide TrueCaaS;
• to create and manage Tenant accounts;
• to authenticate Authorized Users;
• to administer access controls;
• to provide security-layer functionality;
• to detect, investigate, and respond to suspicious or unauthorized activity;
• to generate alerts, dashboards, logs, reports, and audit records;
• to configure and operate integrations;
• to provide support, troubleshooting, and onboarding;
• to maintain, update, and improve TrueCaaS;
• to monitor performance, availability, reliability, and security;
• to prevent fraud, abuse, misuse, and unlawful activity;
• to protect True2air, Tenants, Authorized Users, other customers, and third parties;
• to enforce our Terms and Conditions and other agreements;
• to process payments and manage billing;
• to comply with legal, tax, accounting, regulatory, and contractual obligations;
• to send administrative, operational, billing, legal, and security notices;
• to send product updates and service communications;
• to conduct analytics and product improvement;
• to create aggregated, anonymized, or deidentified data;
• to protect legal rights and resolve disputes; and
• to fulfill any other purpose disclosed at the time of collection or authorized by Tenant.

---

7. How We Use Tenant Data

We process Tenant Data only for legitimate business, service, security, legal, and operational purposes, including:

• providing the Service;
• securing the Service;
• supporting Tenant’s use of the Service;
• troubleshooting issues;
• detecting abuse or security threats;
• complying with Tenant instructions;
• complying with legal obligations;
• enforcing agreements;
• protecting the Service and other customers;
• improving the reliability, functionality, and security of TrueCaaS; and
• preventing unauthorized access, misuse, fraud, or harm.

We do not sell Tenant Data.

We do not use Tenant Data for third-party advertising.

We do not disclose Tenant Data to other tenants except as necessary to protect the Service, comply with law, address security abuse, or as otherwise directed by Tenant.

We do not use Tenant Data to train third-party advertising models.

We do not access Tenant Data except where reasonably necessary for service, support, security, legal, compliance, operational, or product-improvement purposes.

---

8. Aggregated, Deidentified, and Anonymized Data

We may create aggregated, deidentified, or anonymized data from information processed through TrueCaaS.

We may use such data for:

• analytics;
• benchmarking;
• product improvement;
• security research;
• threat intelligence;
• performance monitoring;
• reporting;
• fraud prevention; and
• business operations.

We will not use aggregated, deidentified, or anonymized data to identify an individual or Tenant unless required to investigate abuse, comply with law, enforce agreements, protect the Service, or respond to a security incident.

---

9. Legal Bases for Processing Under GDPR

Where GDPR, UK GDPR, Swiss data protection law, or similar law applies and True2air acts as a controller, we rely on one or more legal bases, including:

Where True2air acts as a processor, the Tenant is responsible for identifying and maintaining the lawful basis for processing Tenant Data.

---

10. Tenant Responsibilities

Tenants are responsible for:

• providing required privacy notices to Authorized Users, employees, contractors, customers, vendors, and other individuals;
• obtaining any required consents;
• establishing a lawful basis for processing;
• determining whether employee monitoring, workplace privacy, surveillance, labor, or communications laws apply;
• determining whether use of TrueCaaS requires a data protection impact assessment;
• configuring TrueCaaS in a privacy-preserving and legally compliant manner;
• limiting data submitted to TrueCaaS to what is necessary;
• avoiding submission of Sensitive Personal Data unless expressly authorized;
• responding to data subject requests where Tenant is the controller;
• maintaining records of processing activities where required;
• entering into a Data Processing Addendum where required;
• notifying individuals, regulators, customers, insurers, or contractual counterparties of incidents where required; and
• ensuring that Tenant’s use of TrueCaaS complies with applicable law.

Tenant is solely responsible for the legality of Tenant’s use of TrueCaaS and for all instructions Tenant provides to True2air regarding Tenant Data.

---

11. Employee and User Monitoring

TrueCaaS may enable Tenants to monitor or analyze security activity, access activity, authentication events, administrative actions, policy violations, network metadata, system events, and other activity involving their employees, contractors, administrators, users, systems, or environments.

Tenant is responsible for ensuring that such monitoring complies with applicable privacy, employment, labor, surveillance, wiretap, data protection, and communications laws.

Tenant should provide appropriate notices to employees, contractors, administrators, users, and other individuals before deploying TrueCaaS in a manner that monitors, logs, analyzes, or reports their activity.

Tenant is responsible for determining whether its use of TrueCaaS requires a data protection impact assessment or other privacy risk assessment.

---

12. Data Processing Addendum

If applicable data protection law requires a data processing agreement, Tenant should enter into True2air’s Data Processing Addendum.

The Data Processing Addendum may address:

• subject matter of processing;
• duration of processing;
• nature and purpose of processing;
• categories of personal data;
• categories of data subjects;
• controller and processor obligations;
• confidentiality;
• subprocessors;
• security measures;
• international transfers;
• assistance with data subject requests;
• breach notification assistance;
• deletion or return of data; and
• audit and compliance rights.

If a Tenant is subject to GDPR, UK GDPR, Swiss data protection law, or similar law and True2air processes personal data on behalf of that Tenant, the Tenant should not submit such personal data to TrueCaaS until an appropriate Data Processing Addendum is in place.

---

13. How We Share Information

We may disclose information to the categories of recipients described below.

---

13.1 Service Providers and Subprocessors

We may share information with vendors, service providers, contractors, and subprocessors who help us operate TrueCaaS, including:

• cloud hosting providers;
• database providers;
• security service providers;
• logging and monitoring providers;
• email providers;
• support ticketing providers;
• payment processors;
• analytics providers;
• customer relationship management providers;
• identity and access management providers;
• backup and disaster recovery providers;
• infrastructure providers; and
• professional advisors.

These providers are authorized to process information only as necessary to provide services to us, subject to contractual confidentiality, security, and data protection obligations.

---

13.2 Tenant Administrators

Tenant administrators may access information associated with their Tenant account, including Authorized User information, activity logs, security events, configuration data, reports, access records, and administrative settings.

---

13.3 Third-Party Integrations Enabled by Tenant

If Tenant enables an integration, configures data sharing, connects a third-party service, authorizes an API, or otherwise directs us to share information with a third party, we may disclose information according to Tenant’s configuration and instructions.

Tenant is responsible for reviewing and approving any third-party integration and for understanding how third parties process information.

---

13.4 Legal, Compliance, and Safety Disclosures

We may disclose information where we believe disclosure is reasonably necessary to:

• comply with applicable law;
• respond to lawful requests, subpoenas, court orders, or legal process;
• cooperate with law enforcement or regulators;
• protect True2air’s rights, property, or legal interests;
• enforce our Terms and Conditions;
• prevent fraud, abuse, misuse, or unlawful activity;
• investigate security incidents;
• protect Tenants, Authorized Users, other customers, or third parties;
• respond to emergencies; or
• comply with regulatory, tax, accounting, corporate, or contractual obligations.

---

13.5 Business Transactions

We may disclose information in connection with an actual or proposed merger, acquisition, financing, investment, reorganization, bankruptcy, sale of assets, transfer of business, due diligence process, or similar transaction.

---

13.6 With Tenant Direction or Consent

We may disclose information where Tenant directs us to do so, configures the Service to share information, enables an integration, requests support, or otherwise consents.

---

14. Subprocessors

True2air may use subprocessors to provide, secure, maintain, monitor, and support TrueCaaS.

Subprocessors may process Tenant Data only as necessary to provide services to True2air or TrueCaaS and are subject to contractual obligations regarding confidentiality, security, and data protection.

Where required by applicable law or a Data Processing Addendum, we will make information about subprocessors available and provide notice of material changes.

A current list of subprocessors may be made available at:

[Insert TrueCaaS subprocessor URL]

---

15. International Data Transfers

True2air Inc. is a Delaware corporation based in the United States. Information processed through TrueCaaS may be transferred to, stored in, or accessed from the United States and other jurisdictions where True2air, its affiliates, service providers, vendors, or subprocessors operate.

Where required by applicable data protection law, we use appropriate safeguards for international transfers of personal data. These safeguards may include:

• Standard Contractual Clauses;
• data transfer agreements;
• adequacy decisions;
• supplementary safeguards;
• participation in an approved data transfer framework, where applicable; or
• other lawful transfer mechanisms.

True2air should not claim participation in the EU-U.S. Data Privacy Framework, UK Extension to the EU-U.S. Data Privacy Framework, or Swiss-U.S. Data Privacy Framework unless True2air has completed and maintains the applicable certification.

---

16. Data Retention

We retain information for as long as reasonably necessary to provide TrueCaaS, comply with legal obligations, resolve disputes, enforce agreements, maintain security, prevent fraud, support business operations, and fulfill the purposes described in this Privacy Policy.

Unless otherwise stated in an Order Form, Data Processing Addendum, or written agreement, we generally retain information according to the following principles:

We may retain aggregated, anonymized, or deidentified information indefinitely, provided it cannot reasonably be used to identify an individual.

Before publishing this Privacy Policy, True2air should insert actual retention periods where operationally available.

---

17. Data Deletion and Return

Upon termination of a Tenant’s subscription, Tenant may request deletion or return of Tenant Data, subject to:

• backup retention;
• legal obligations;
• security obligations;
• unresolved disputes;
• fraud or abuse prevention;
• accounting and tax requirements;
• technical limitations;
• incident investigation needs; and
• any applicable Data Processing Addendum.

We may retain copies of information as necessary to comply with legal obligations, enforce agreements, resolve disputes, maintain security, or protect against fraud, abuse, or unlawful activity.

---

18. Security

We use commercially reasonable administrative, technical, and organizational measures designed to protect information processed through TrueCaaS.

These measures may include:

• access controls;
• encryption in transit;
• encryption at rest where appropriate;
• authentication controls;
• least-privilege access;
• logging and monitoring;
• vulnerability management;
• security reviews;
• network protections;
• backups;
• employee confidentiality obligations;
• incident response procedures;
• vendor security reviews;
• separation of tenant environments where applicable; and
• operational controls designed to protect the Service.

However, no security measure, software product, security layer, monitoring tool, access control, or internet-based service can guarantee absolute security.

Tenants are responsible for securing their own systems, credentials, users, configurations, integrations, devices, networks, applications, and data.

---

19. Security Incidents

If we confirm a security incident involving Tenant Data within TrueCaaS systems under True2air’s control, we will notify the affected Tenant without unreasonable delay, consistent with applicable law and any applicable Data Processing Addendum.

Tenant is responsible for determining whether it must notify its employees, contractors, customers, users, regulators, insurers, contractual counterparties, or other third parties.

Tenant is responsible for incidents caused by or arising from Tenant’s credentials, Tenant employees, Tenant contractors, Tenant administrators, Tenant vendors, Tenant customers, Tenant systems, Tenant configurations, Tenant integrations, Tenant instructions, or Tenant’s failure to follow reasonable security practices.

True2air’s investigation, notification, cooperation, remediation, or security action does not constitute an admission of fault, liability, responsibility, or breach.

---

20. Tenant-Caused Security Events

TrueCaaS may process data relating to incidents, alerts, compromise indicators, credential misuse, employee actions, suspicious activity, unauthorized access, and other security-related events.

If a security event arises from Tenant’s systems, employees, contractors, administrators, credentials, configurations, integrations, instructions, vendors, customers, or other parties under Tenant’s control, Tenant remains responsible for the event and for any resulting legal, regulatory, notification, investigation, remediation, or communication obligations.

True2air is not responsible for Tenant-caused security events except to the extent expressly required by applicable law or a written agreement.

---

21. Data Subject Rights

Depending on your location and applicable law, you may have rights regarding your Personal Data, including the right to:

• access Personal Data;
• correct inaccurate Personal Data;
• request deletion of Personal Data;
• restrict processing;
• object to processing;
• request portability;
• withdraw consent where processing is based on consent;
• opt out of marketing communications; and
• lodge a complaint with a supervisory authority.

If your Personal Data is processed by True2air on behalf of a Tenant, you should direct your request to that Tenant. We may refer your request to the Tenant or require authorization from the Tenant before responding.

To submit a request to True2air, please use the contact form available on the TrueCaaS website at:

[Insert TrueCaaS contact form URL]

Please select the appropriate request category, such as Privacy Request, Security Issue, Legal Notice, Billing, Support, or General Inquiry.

We may need to verify your identity and authority before responding to a request.

---

22. European, UK, and Swiss Privacy Notice

This Section applies where GDPR, UK GDPR, Swiss data protection law, or similar law applies.

22.1 Controller Contact

True2air Inc. [Insert True2air Inc. mailing address]

You may contact True2air through the contact form available on the TrueCaaS website at:

[Insert TrueCaaS contact form URL]

22.2 EU Representative

If True2air is required to appoint an EU representative, the representative’s contact information will be listed here:

EU Representative: [Insert if applicable]

22.3 UK Representative

If True2air is required to appoint a UK representative, the representative’s contact information will be listed here:

UK Representative: [Insert if applicable]

22.4 Data Protection Officer

If True2air appoints a Data Protection Officer, the DPO’s contact information will be listed here:

Data Protection Officer: [Insert if applicable]

22.5 International Transfers

Where required, we use lawful transfer mechanisms such as Standard Contractual Clauses, adequacy decisions, approved data transfer frameworks, or other recognized safeguards.

22.6 Supervisory Authority

If you are located in the European Economic Area, United Kingdom, or Switzerland, you may have the right to lodge a complaint with your local data protection authority.

---

23. Automated Security Outputs

TrueCaaS may generate security scores, risk indicators, alerts, classifications, recommendations, blocked-event notices, allowed-event notices, reports, or automated signals based on security telemetry, configuration data, access activity, and other relevant information.

These outputs are intended to assist Tenants with security operations.

Tenants are responsible for how they use TrueCaaS outputs. Tenants should not use TrueCaaS outputs as the sole basis for decisions that produce legal effects or similarly significant effects on individuals unless Tenant has implemented appropriate safeguards and confirmed that such use is lawful.

---

24. Cookies and Tracking Technologies

We may use cookies and similar technologies to:

• operate the website;
• maintain sessions;
• authenticate users;
• remember preferences;
• secure accounts;
• prevent fraud;
• analyze website usage;
• improve the Service; and
• support marketing where permitted.

Users can manage cookies through browser settings or any cookie preference tools we provide.

Where legally required, we will obtain consent before using non-essential cookies.

---

25. Marketing Communications

We may send business-to-business marketing communications about TrueCaaS, product updates, events, webinars, security resources, or related services.

You may opt out of marketing emails by clicking the unsubscribe link in the email or by contacting us through the contact form available on the TrueCaaS website at:

[Insert TrueCaaS contact form URL]

Even if you opt out of marketing communications, we may still send administrative, transactional, billing, legal, security, or service-related notices.

---

26. Children’s Privacy

TrueCaaS is not intended for children.

We do not knowingly collect Personal Data from children. If we learn that we have collected Personal Data from a child without appropriate authorization, we will take reasonable steps to delete it.

Tenants must not submit children’s data to TrueCaaS unless expressly authorized in writing by True2air and permitted by applicable law.

---

27. Sensitive and Regulated Data

Unless expressly authorized in a written agreement with True2air, Tenants must not submit the following to TrueCaaS:

• protected health information;
• payment card data;
• government classified information;
• export-controlled technical data;
• biometric data;
• genetic data;
• children’s data;
• criminal conviction data;
• highly sensitive financial data;
• precise personal geolocation data; or
• other regulated data requiring special contractual, legal, or technical safeguards.

True2air is not a HIPAA business associate unless it has signed a Business Associate Agreement.

TrueCaaS is not intended to store, process, or transmit payment card data unless expressly stated in a written agreement with True2air.

---

28. Do Not Sell or Share

We do not sell Tenant Data.

We do not share Tenant Data for cross-context behavioral advertising.

We do not use Tenant Data for third-party advertising.

We do not disclose Tenant Data to data brokers.

If applicable law defines “sale,” “sharing,” or similar terms more broadly, you may contact us through the contact form available on the TrueCaaS website to exercise any applicable opt-out rights:

[Insert TrueCaaS contact form URL]

---

29. California and Other U.S. State Privacy Notices

Depending on applicable law, residents of certain U.S. states may have rights to:

• know what personal information is collected;
• access personal information;
• correct personal information;
• delete personal information;
• obtain a portable copy of personal information;
• opt out of sale or sharing;
• opt out of targeted advertising;
• limit certain uses of sensitive personal information; and
• not be discriminated against for exercising privacy rights.

TrueCaaS is a business-to-business security service. Much of the information processed through TrueCaaS is processed on behalf of Tenants. If your information is processed by one of our Tenants, please contact that Tenant directly.

To submit a request to True2air, please use the contact form available on the TrueCaaS website at:

[Insert TrueCaaS contact form URL]

Please select the appropriate request category, such as Privacy Request, Security Issue, Legal Notice, Billing, Support, or General Inquiry.

---

30. Records of Processing

Where required by applicable law, True2air will maintain records of processing activities appropriate to its role as controller or processor.

Tenants are responsible for maintaining their own records of processing activities where required by applicable law.

---

31. Third-Party Services and Integrations

TrueCaaS may allow Tenants to connect third-party services, identity providers, cloud platforms, APIs, applications, or other systems.

Tenant is responsible for:

• selecting third-party services;
• reviewing third-party privacy and security practices;
• granting appropriate permissions;
• configuring integrations;
• ensuring it has the right to share data with third parties; and
• complying with laws applicable to such integrations.

True2air is not responsible for the privacy, security, availability, or data practices of third-party services selected, enabled, or configured by Tenant.

---

32. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we will provide notice by posting the updated policy, updating the effective date, sending an email, providing an in-product notice, or using another reasonable method.

Continued use of TrueCaaS after the updated Privacy Policy becomes effective means the updated policy applies to your use of the Service.

---

33. Contact Us

For privacy questions, data protection requests, security concerns, legal notices, billing questions, support requests, or general inquiries, you may contact True2air Inc. through the contact form available on the TrueCaaS website at:

[Insert TrueCaaS contact form URL]

Please select the appropriate request category, such as Privacy Request, Security Issue, Legal Notice, Billing, Support, or General Inquiry.

Formal written notices may also be sent by mail or nationally recognized courier to:

True2air Inc. Attn: Privacy / Legal Notices [Insert True2air Inc. mailing address]

Notices involving service of process must be delivered in accordance with applicable law, including through True2air’s registered agent where required.

If we are required to appoint a Data Protection Officer, EU representative, UK representative, or other privacy representative, we will publish the applicable contact details in this Privacy Policy or otherwise make them available as required by law.