Privacy Policy

1. Scope and who we are

This Privacy Policy explains how Tactical Marketing Pro LLC, doing business as Kumand ("we," "us," or "Kumand"), collects, uses, shares, and protects information when you visit kumand.com, use the Kumand platform, fill out an intake briefing, sign in to a workspace, or otherwise interact with our services (collectively, the "Services").

This policy covers our public marketing pages, the client intake flow, authenticated client workspaces, and any branded subdomain we operate under the kumand.com namespace for client venues or event partners.

2. Information we collect

2.1 Information you give us directly

• Briefing intake data. Business name, DBA, entity type, EIN, addresses, headcount, decision-maker contacts, offer and pricing details, marketing history, customer profile inputs, and other questions answered during the intake flow.
• Account information. Name, email address, phone number, business name, and any credentials used to authenticate.
• Communications. Messages you send to us by email, SMS, contact form, or through the workspace.
• Files and assets. Logos, creative, brand documents, and other materials you upload.
• Payment information. If you become a paying client, our payment processor (Stripe) receives card data directly. We receive transaction metadata only.

2.2 Information collected automatically

• Device and browser data. IP address, user-agent string, browser type and version, operating system, screen resolution, language preference, and time zone.
• Presence and usage signals. An anonymous device identifier (anon_id), session identifier (session_id), pageviews, click events, page paths, and time-on-page heartbeats. These are collected by our tmp-presence.js script for the purpose of understanding how the platform is used.
• Identity tokens. A guest user identifier (UUID) minted by snypir-identity.js on first visit, stored in your browser's local storage to maintain continuity across pages and visits.
• Referrer data. The URL of the page you came from.

2.3 Information from third parties

We may receive information about you from service providers we use to deliver the Services, such as email deliverability metadata from Google Workspace, SMS delivery receipts from Twilio, or analytics aggregates from Google Analytics if enabled on a given page.

3. How we use information

We use the information we collect to:

• Provide, operate, and maintain the Services and your account.
• Respond to your inquiries, fulfill briefing requests, and communicate about your engagement.
• Send transactional messages (welcome emails, briefing confirmations, account notices, security alerts).
• Send marketing communications where you have opted in, with an unsubscribe link in every message.
• Improve the platform, debug issues, and develop new features.
• Detect, prevent, and address fraud, abuse, security incidents, and violations of our Terms.
• Comply with legal obligations and enforce our agreements.

4. When we share information

We do not sell your personal information. We share information only in these limited circumstances:

• Service providers acting on our behalf. Examples include Google Workspace (email and calendar), Twilio (SMS and voice), Stripe (payments), Google Analytics (aggregate analytics), and our hosting infrastructure on Google Cloud Platform. These providers are bound by contract to use the information only to perform services for us.
• With your direction or consent. If you ask us to integrate with a third-party tool or share data with a partner, we will do so within the scope of that request.
• Legal and safety. When required by law, subpoena, court order, or to protect the rights, property, or safety of Kumand, our clients, or others.
• Business transfers. In connection with a merger, acquisition, financing, or sale of all or part of our business. We will provide notice before personal information is transferred and becomes subject to a different privacy policy.

5. Sale and sharing of personal information

We do not sell personal information for monetary or other valuable consideration. We do not engage in cross-context behavioral advertising as defined under the California Privacy Rights Act (CPRA). California residents and residents of states with similar rights may submit a request through our Do Not Sell or Share My Personal Information page.

6. How long we keep it

We retain personal information for as long as your account is active, as needed to provide the Services, and as required to meet our legal, accounting, and contractual obligations. Briefing submissions are retained as long as the client relationship is active and for a reasonable period thereafter for record-keeping. Presence data is retained for up to 24 months for analytics and security purposes.

7. Your rights

7.1 California residents (CCPA and CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, disclose, and sell or share.
• Request a copy of the specific pieces of personal information we have collected about you.
• Request that we delete your personal information, subject to legal exceptions.
• Request that we correct inaccurate personal information.
• Opt out of sale and sharing of personal information.
• Limit our use and disclosure of sensitive personal information.
• Not be discriminated against for exercising your rights.

7.2 Other US state residents

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws have similar rights, including the right to access, correct, delete, and obtain a portable copy of their data, and to opt out of targeted advertising or profiling.

7.3 EEA, UK, and Switzerland residents

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) including access, rectification, erasure, restriction of processing, data portability, objection to processing, and the right to withdraw consent at any time.

7.4 How to exercise your rights

Email admin@kumand.com with the subject line "Privacy Request" and describe what you are asking for. We will verify your identity before fulfilling the request and respond within the timeframes required by applicable law (generally 45 days for CCPA, 30 days for GDPR).

8. Security

We use reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. These include TLS encryption in transit, restricted backend access, server-side hashing of authentication credentials, and ongoing security review. No method of transmission over the internet is fully secure, however, and we cannot guarantee absolute security.

9. Children

Kumand is a business-to-business platform and is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, contact us and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, for material changes, provide additional notice through the platform or by email to account holders.