Privacy Policy

1. Who We Are

Tendo Digital LLC is a U.S.-registered limited liability company that provides Shopify Plus development, eCommerce design, migration, optimization, and growth consulting. Our principal place of business is in the United States. When this policy refers to "Tendo Digital," "we," "our," or "us," it means the entity responsible for processing your data in connection with the services described at tendodigital.com.

2. Information We Collect

We collect data in three ways: information you provide directly, information collected automatically, and information from third-party sources.

2.1 Information You Provide

• Contact & project details: Your name, business email, phone number, company name, website URL, and project requirements submitted through our contact forms, discovery calls, or onboarding documents.
• Account credentials: Login information for our Client Portal, including email and a hashed password. We never store passwords in plain text.
• Payment information: Billing address and payment method details processed through our PCI-compliant payment processor. We do not store full credit card numbers on our servers.
• Communication records: Emails, Slack messages, meeting notes, and support tickets exchanged during the course of an engagement.

2.2 Information Collected Automatically

• Device & browser data: IP address, browser type and version, operating system, screen resolution, and device identifiers.
• Usage analytics: Pages visited, time on page, click patterns, scroll depth, and referring URL. We use privacy-focused analytics that do not build cross-site user profiles.
• Cookies & local storage: Strictly necessary, functional, and analytics cookies. See our Cookie Policy for full details.

2.3 Information from Third Parties

We may receive your business contact details from Shopify's Partner referral program, LinkedIn outreach, or a mutual introduction. We only use this data to initiate a conversation about potential services and will stop contacting you immediately upon request.

3. How We Use Your Information

• To evaluate project fit, prepare proposals, and deliver the Shopify development and design services you engage us for.
• To operate and improve the Client Portal, including project tracking, asset management, and billing.
• To send project updates, milestone notifications, invoices, and other transactional communications essential to our engagement.
• To analyze aggregate site usage so we can improve page performance, content relevance, and user experience.
• To comply with legal obligations, enforce our Terms of Service, and protect against fraud or unauthorized access.

We do not use your data for automated decision-making or profiling that produces legal effects.

4. Information Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share limited data with:

• Infrastructure providers: Cloud hosting (Vercel, DigitalOcean), email delivery, and error monitoring services under strict data processing agreements.
• Payment processor: Stripe processes invoice payments under their own privacy policy.
• Legal authorities: If required to comply with a court order, subpoena, or applicable law.

5. Data Retention

Client project files and communications are retained for the duration of the engagement plus 24 months, unless you request earlier deletion. Billing records are kept for 7 years to satisfy U.S. tax obligations. Website analytics data is aggregated and anonymized after 14 months. Request deletion at any time by emailing privacy@tendodigital.com.

6. Data Security

We protect your information with TLS encryption in transit, AES-256 encryption at rest, role-based access controls, and regular security audits. Our infrastructure partners maintain SOC 2 Type II compliance. If we discover a breach affecting your personal data, we will notify you and the appropriate authorities within 72 hours.

7. Your Rights

Depending on your location, you may have the right to:

• Access a copy of the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete your personal data, subject to legal retention requirements.
• Port your data in a structured, machine-readable format.
• Opt-out of non-essential communications at any time.

Email privacy@tendodigital.com to make a request. We respond within 30 business days.

8. California Residents (CCPA/CPRA)

If you reside in California, you have the right to know what personal information we collect, request its deletion, and opt out of the sale of personal information. We do not sell personal information. Submit a verifiable consumer request to privacy@tendodigital.com.

9. Children's Privacy

Our services are designed for businesses and are not directed at individuals under 18. We do not knowingly collect data from minors. If you believe a minor has provided us with personal information, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this policy to reflect changes in our practices or the law. Material changes will be flagged by updating the effective date above and notifying active clients through the Client Portal or email.