Privacy Policy

Last Updated: October 20, 2025

This Privacy Policy explains how Tezzera ("Company," "we," "us," or "our") collects, uses, discloses, and protects your information when you use our task management, client interaction, and project workflow software platform (the "Service"). By using the Service, you agree to the collection and use of your information in accordance with this policy.

1. Information We Collect

We collect information from different users (Designers/Creative Freelancers, Team Members, and Clients/Guests) to provide and improve the Service.

A. Information You Provide Directly

This includes information you provide when you register for an account or use the Service features:

Account & Profile Data: Your name, email address, password (encrypted), and company/brand name are collected to create and manage your account.
Financial & Billing Data: We collect your subscription tier/plan, payment history, and necessary payout method details for designer payouts (via third-party integrations) and client payments processed through the platform. We do not store credit card or bank information.
User-Generated Content (Client Data): This includes all content and files you create, such as tasks, deadlines, associated files, contracts, threaded conversations/messages, form responses, and feedback (e.g., text, Loom video, PDF, or image uploads).
Time Tracking Data: This is data on tracked time for tasks and projects, including manual time entries.

B. Information Collected Automatically

When you use the Service, certain information is collected automatically:

Usage and Device Data: We may collect your IP address, device type, browser information, login history, and details about the time and duration of your activity to maintain the Service.
Contracting Data: Your IP address is tracked at the time of signing for contract validation.
Transaction Data: We track the platform transaction fee applied to invoices processed through the platform.
AI Analytics Data: Data on inbound leads and reasons for lost leads is processed by our internal AI integration to spotlight patterns.

C. Information from Third-Party Integrations

The Service integrates with various third-party tools which may process or share data:

Payment Processors (Stripe, PayPal, Plaid): We connect with these services for processing credit card payments, alternative payments in certain regions, and for the secure management of bank accounts for ACH payments and designer payouts.
Cloud Storage (Dropbox): These integrations allow for file storage and access for project files and file uploads within forms.
Scheduling & Communication (Google Calendar, Zoom, Google Meet): We use these to sync scheduled calls to users' calendars and to auto-generate meeting links for meetings created within the platform.
AI & Automation (OpenAI, Zapier): Data is processed by OpenAI for AI analytics on lead patterns. Zapier is used to create additional automations and requires data necessary for custom automation endpoints.

D. Third-Party Services and Links

The Service integrates with various third-party services. Each third party has its own privacy policy governing how they collect, use, and share your information:

Payment Processors:

Stripe Privacy Policy: https://stripe.com/privacy
PayPal Privacy Policy: https://www.paypal.com/us/webapps/mpp/ua/privacy-full
Plaid Privacy Policy: https://plaid.com/legal/#privacy-policy

Cloud Storage:

Dropbox Privacy Policy: https://www.dropbox.com/privacy

Scheduling & Communication:

Google Calendar Privacy Policy: https://policies.google.com/privacy
Zoom Privacy Policy: https://zoom.us/privacy
Google Meet Privacy Policy: https://policies.google.com/privacy

AI & Automation:

OpenAI Privacy Policy: https://openai.com/privacy/
Zapier Privacy Policy: https://zapier.com/privacy

Hosting & Infrastructure:

Amazon Web Services (AWS) Privacy Policy: https://aws.amazon.com/privacy/
Cloudflare Privacy Policy: https://www.cloudflare.com/privacypolicy/

Not Responsible for Third-Party Practices:

We are not responsible for the privacy practices of these third-party services. We encourage you to review their privacy policies before connecting them to your Tezzera account or sharing data with them through our Service.

Data Shared with Third Parties:

When you authorize an integration, you explicitly permit us to share relevant data with that third party. The specific data shared depends on the integration:

Payment processors: Transaction details, customer information, payment amounts
Cloud storage: Files you upload or link through the integration
Scheduling tools: Meeting details, participant information, calendar availability
Automation tools: Data needed to execute your custom workflows

Revoking Third-Party Access:

You can disconnect third-party integrations at any time through your account settings. Note that revoking access may limit certain Service functionality. Disconnecting an integration does not automatically delete data previously shared with that third party; you must contact them directly for data deletion.

2. How We Use Your Information

We use the information we collect for the following business purposes:

To Provide and Manage the Service: To operate the platform, enable core functions like project management, invoicing, time tracking, and client dashboard access, and to process payments and payouts.
To Customize Your Experience: To apply customization settings (colors, fonts, etc.) across all platform elements, including forms, invoices, and contracts.
Security and Legal Compliance: To secure your account, validate contract signatures using IP address tracking, enforce our terms, and meet any legal obligations.
Communication: To send automated system emails (e.g., contract signing requests, invoice payment reminders) and manual emails that you initiate, as well as internal team messages and notifications.
Analytics and Improvement: To analyze usage patterns, understand lead management data through AI analytics, and generally improve the Service's functionality.

2.A. Artificial Intelligence and Automated Processing

We use artificial intelligence technology provided by OpenAI to analyze certain data for business intelligence purposes, specifically:

Lead Pattern Analysis: We process data about inbound leads and reasons for lost leads through AI to identify patterns, trends, and insights that help improve our Service.
Aggregate Analytics: AI processes anonymized and aggregated data to generate insights about user behavior and platform usage.

Data Shared with AI Services:

When using AI analytics, we may share:

Lead source information
Lead status and outcomes
Timestamps and workflow data
Aggregated usage patterns
Project and task metadata (not specific project content)

We do not share:

Your passwords or authentication credentials
Client payment information
Complete client files or documents
Personal messages between you and your clients (unless explicitly needed for a feature you've authorized)

AI Service Provider Policies:

Our AI services are provided by OpenAI. Data sent to OpenAI is subject to OpenAI's privacy policy and data processing terms:

OpenAI Privacy Policy: https://openai.com/privacy/
OpenAI API Data Usage Policy: https://openai.com/policies/api-data-usage-policies/

As of our last review, OpenAI does not use data submitted via their API to train their models unless you explicitly opt-in.

Automated Decision-Making:

Our AI processing is used for analytics and insights only. We do not use AI to make automated decisions that:

Produce legal effects concerning you
Similarly significantly affect you
Determine your eligibility for the Service
Affect your pricing or service level
Make decisions about your account status without human review

Your Rights Regarding AI Processing:

You have the right to:

Object to AI processing of your data
Request information about the logic involved in AI processing
Request human review of any AI-generated insights that affect you
Opt out of certain AI analytics features (where technically feasible)

To exercise these rights or ask questions about our AI processing, contact hello@tezzera.co.

3. Data Storage, Security, and Location

We are committed to protecting your personal data.

A. Hosting and Infrastructure

Your data is hosted on servers within the AWS West Region, United States. We utilize the security measures provided by our hosting environment, which is SOC 2 Type II, CSA CAIQ, and ISO/IEC 27001 compliant.

B. Security Measures

We implement industry-standard security measures, including:

Encryption: Data is safeguarded in transit with TLS and at rest with AES-256 encryption. User passwords are stored salted and encrypted.
Access Controls: We use Role-based access (Admin/Owner, Member, and Client) and custom privacy rules to control what data each role can see within projects and the platform.

C. International Data Transfers

Our service is hosted in the AWS West Region in the United States. For users outside the U.S. (particularly in the EEA, UK, and Switzerland), we transfer your personal data to the U.S. for processing and storage.

For EEA and UK Users:

We rely on the following mechanisms for lawful data transfers:

Standard Contractual Clauses (SCCs): We use the European Commission's Standard Contractual Clauses (also known as Model Clauses) for transfers of personal data to third-party service providers outside the EEA/UK.
Adequacy Decisions: Where available, we rely on the European Commission's adequacy decisions recognizing certain countries as providing adequate data protection.
Additional Safeguards: We implement supplementary measures to protect data transferred to the U.S., including:

Encryption in transit (TLS) and at rest (AES-256)
Access controls and authentication requirements
Contractual commitments from service providers
Regular security assessments
Data minimization practices

For Swiss Users:

Data transfers from Switzerland are governed by Swiss Federal Act on Data Protection (FADP) and, where applicable, Swiss-approved Standard Contractual Clauses.

Your Rights Regarding Transfers:

You may request:

Copies of the Standard Contractual Clauses we use
Information about supplementary measures we implement
Details about specific data transfers

Contact hello@tezzera.co for information about our data transfer mechanisms.

Consent to Transfer:

By using the Service, you acknowledge and consent to the transfer of your personal data to the United States and other countries where our service providers operate, which may have different data protection laws than your country of residence.

D. Security Breach Notification

In the event of a security breach that compromises your personal data, we will notify you and relevant authorities as required by applicable law.

Timeline:

EEA/UK Users: We will notify the relevant supervisory authority within 72 hours of becoming aware of a breach that poses a risk to your rights and freedoms, as required by GDPR.
California Users: We will notify you without unreasonable delay and within timeframes required by California law (typically as soon as possible).
Other Users: We will notify you within timeframes required by applicable state and federal laws.

Notification Method:

We will notify you via:

Email to the address associated with your account
Prominent notice on our website or within the Service
Other means if email notification is not feasible

Information Provided:

Our breach notification will include (where possible):

The nature of the breach and types of data affected
The approximate number of affected users
The likely consequences of the breach
Measures we've taken or plan to take to address the breach
Contact information for questions and further information
Recommendations for steps you can take to protect yourself

Delayed Notification:

Notification may be delayed if:

Law enforcement requests a delay to avoid impeding an investigation
We need time to determine the scope of the breach and restore system integrity
Such delay is permitted or required by applicable law

Your Responsibilities:

If you become aware of any unauthorized access to your account or any other security breach, you must notify us immediately at hello@tezzera.co.

4. Data Retention

We retain your personal data only for as long as necessary to provide you with the Service and for legitimate and essential business purposes, such as maintaining the performance of the Service, complying with legal obligations, and resolving disputes.

User Account and Project Data: We retain this data as long as your account is active. Upon account termination, we will delete or anonymize your data within 30 days, except for the data noted below.
Usage/Analytics Data: This data is typically retained for 30 days for analytical and service improvement purposes.
Invoicing and Legal Records: We retain data necessary for tax and compliance purposes, such as financial transaction records, to comply with legal and financial reporting obligations.

5. Data Sharing and Disclosure

We may share your information with the following categories of third parties to operate, provide, and improve the Service:

Service Providers: Third-party companies that perform services on our behalf, such as payment processing (Stripe, PayPal, Plaid), AI analytics (OpenAI), and communication/scheduling tools (Zoom, Google Meet).
Hosting & Infrastructure: Our cloud service provider (Amazon Web Services) and content delivery/DDoS protection provider (Cloudflare).
Legal Compliance: We may disclose your information if required by law, court order, or governmental authority, including to meet national security or law enforcement requirements.
Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity.

We do not sell your personal information to third parties.

6. Your Privacy Rights and Choices

Depending on your location and applicable law, you may have the right to exercise certain rights regarding your personal data:

Right to Access: You can request a copy of the personal data we hold about you.
Right to Erasure (Right to be Forgotten): You can request the deletion of your account and personal data.
Right to Rectification/Correction: You can request that we correct any inaccurate or incomplete data.
Right to Data Portability: You can request that we transfer your data to another service provider in a machine-readable format.
Opt-Out of Marketing: You can opt out of receiving promotional emails from us by following the unsubscribe link in those emails.

To exercise any of these rights, please contact us using the details in the "Contact Us" section below.

6.1. Marketing Communications and Opt-Out

We may send you the following types of emails:

Transactional Emails (Cannot Opt Out):

Account creation and verification
Password reset requests
Payment receipts and invoices
Contract signing notifications
Service updates and security alerts
Legal or compliance notifications
Customer support responses

Marketing Emails (Can Opt Out):

Product updates and new features
Educational content and best practices
Promotional offers and discounts
Company news and announcements
Survey and feedback requests

How We Use Your Email:

We do not sell or rent your email address to third parties
We may use email tracking pixels to measure open rates and engagement
We segment our email lists based on your account type and usage patterns
We may send targeted emails based on your Service activity

Opting Out of Marketing:

You can opt out of marketing emails by:

Clicking the "Unsubscribe" link at the bottom of any marketing email
Emailing hello@tezzera.co with "Unsubscribe" in the subject line

You will continue to receive transactional emails even after opting out of marketing communications.

Third-Party Marketing:

We do not share your email address with third parties for their marketing purposes without your explicit consent.

7. Cookies and Tracking

We use cookies and similar tracking technologies for essential functions, such as user authentication and session management, to operate the Service.

Essential Cookies: These are strictly necessary to provide you with the Service and enable core functionality.
Analytics Cookies: We also use analytics cookies to understand how you use the Service, measure performance, and improve our platform.

You can set your browser to refuse all or some browser cookies. However, if you disable or refuse cookies, please note that some parts of the Service may become inaccessible or not function properly.

8. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personally identifiable information from children under 18. If you are a parent or guardian and are aware that your child has provided us with personal data, please contact us so we can take necessary steps to remove that information.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top of the policy.

10. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds under the General Data Protection Regulation (GDPR):

A. Contractual Necessity

We process your personal data to perform our contract with you (the Terms of Service), including:

Creating and managing your account
Providing access to the Service features
Processing payments and payouts
Delivering customer support
Enabling project management, invoicing, and client communication features

B. Legitimate Interests

We process certain data based on our legitimate business interests, including:

Preventing fraud and ensuring platform security
Analyzing usage patterns to improve the Service
Communicating about service updates and important changes
Maintaining backups and business continuity
Enforcing our Terms of Service

You have the right to object to processing based on legitimate interests.

C. Consent

For certain processing activities, we rely on your explicit consent, including:

Marketing communications (you can withdraw consent at any time)
Non-essential cookies and analytics
Sharing data with optional third-party integrations
Processing special categories of data (if applicable)

D. Legal Obligation

We process certain data to comply with legal obligations, such as:

Retaining financial records for tax purposes
Responding to lawful requests from authorities
Complying with data protection laws

E. Right to Withdraw Consent

Where we rely on consent, you may withdraw it at any time by contacting us at hello@tezzera.co. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

11.1. Additional GDPR Rights

In addition to the rights listed in Section 6, EEA, UK, and Swiss users have:

Right to Object:

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. If you object, we will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Right to Restrict Processing:

You have the right to request restriction of processing of your personal data in certain circumstances, including:

When you contest the accuracy of your personal data
When processing is unlawful but you don't want the data erased
When we no longer need the data but you need it for legal claims
When you've objected to processing pending verification of our legitimate grounds

Right to Lodge a Complaint:

You have the right to lodge a complaint with a supervisory authority in your country or the country where an alleged infringement of data protection law occurred. A list of EU supervisory authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en

Automated Decision-Making:

We use AI analytics (via OpenAI) to analyze lead patterns and provide insights. This automated processing does not result in decisions that produce legal effects or similarly significantly affect you. If you have concerns about automated processing, please contact us at hello@tezzera.co.

Data Protection Officer:

We are not required to appoint a Data Protection Officer under GDPR.

12. California Consumer Privacy Act (CCPA) Disclosures

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information.

A. Categories of Personal Information Collected

We collect the following categories of personal information as defined by the CCPA:

1. Identifiers: Name, email address, IP address, device identifiers

2. Commercial Information: Subscription history, payment history, transaction records

3. Internet/Electronic Activity: Browsing behavior, usage data, login history, interaction with the Service

4. Professional Information: Company name, business information, client project data

5. Inferences: Preferences, characteristics, behavioral patterns derived from usage data

B. Sources of Personal Information

We collect personal information from:

Directly from you when you register, use the Service, or communicate with us
Automatically through your use of the Service
From third-party services you connect to the platform (Google Calendar, Dropbox, etc.)

C. Business or Commercial Purposes for Collecting Information

We collect and use personal information for the business purposes described in Section 2 of this Privacy Policy, including:

Providing and maintaining the Service
Processing transactions
Customer support and communication
Security and fraud prevention
Analytics and service improvement
Legal compliance

D. Categories of Third Parties with Whom We Share Information

We share personal information with the categories of third parties listed in Section 5 of this Privacy Policy:

Service providers (payment processors, hosting providers, communication tools)
Third-party integrations you authorize
Legal authorities when required by law
Business transfer recipients (in the event of a merger or acquisition)

E. Sale of Personal Information

We do not sell your personal information to third parties for monetary or other valuable consideration. We have not sold personal information in the preceding 12 months, and we do not sell personal information of consumers we know to be under 18 years of age.

F. Your California Privacy Rights

California residents have the right to:

1. Right to Know: Request disclosure of the categories and specific pieces of personal information we've collected, the sources, purposes, and third parties with whom we share it (up to twice per 12-month period).

2. Right to Delete: Request deletion of personal information we've collected from you, subject to certain exceptions.

3. Right to Opt-Out of Sale: Although we do not sell personal information, you have the right to opt-out if our practices change.

4. Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights. We will not:

Deny you access to the Service
Charge you different prices or rates
Provide a different level or quality of service
Suggest you will receive a different price or quality of service

G. Exercising Your CCPA Rights

To exercise your CCPA rights:

Email: hello@tezzera.co with "CCPA Request" in the subject line

We will respond to verifiable consumer requests within 45 days of receipt. If we require more time (up to 90 days total), we will inform you of the reason and extension period in writing.

H. Verification Process

To protect your privacy, we will verify your identity before processing your request. We may ask you to:

Provide your account email address and confirm ownership
Provide additional information that matches our records
Log into your account

For deletion requests, we may require additional verification steps.

I. Authorized Agents

You may designate an authorized agent to make a request on your behalf. The agent must:

Provide written authorization signed by you
Provide proof of their identity
Verify their authority to act on your behalf

We may also require you to verify your identity directly with us and confirm you authorized the agent.

J. California "Shine the Light" Law

California Civil Code Section 1798.83 permits California residents to request information about our disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

13. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Company Name: Tezzera LLC

Email Address for Privacy Inquiries: hello@tezzera.co