BlogSupportDocumentation
TigerTrust

Privacy Policy

Last updated: November 17, 2025

GDPR Compliant
CCPA Compliant
ISO 27001
SOC 2 Type II

Your Privacy Matters

At TigerTrust, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services. We are committed to protecting your data and being transparent about our practices.

Information We Collect

1.1 Information You Provide

We collect information that you voluntarily provide when using our Services:

  • Account Information: Name, email address, company name, phone number, job title
  • Billing Information: Payment details, billing address, tax identification numbers
  • Profile Information: Preferences, communication settings, profile pictures
  • Support Communications: Information provided in support tickets, emails, or calls
  • Survey and Feedback: Responses to surveys, product feedback, testimonials

1.2 Information Automatically Collected

We automatically collect certain information when you use our Services:

  • Usage Data: Features used, actions taken, time spent, frequency of use
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Access times, pages viewed, API calls, error logs
  • Location Data: General location based on IP address
  • Cookies and Tracking: Session cookies, analytics cookies, preference cookies

1.3 Certificate and Infrastructure Data

As a certificate lifecycle management platform, we process:

  • Certificate metadata (not private keys unless specifically authorized)
  • Domain names and IP addresses associated with certificates
  • Certificate authority information and validation data
  • Infrastructure configuration data necessary to provide the Services

How We Use Your Information

We use the information we collect for the following purposes:

1
Service Delivery:

Provide, maintain, and improve our certificate lifecycle management services, process transactions, and deliver customer support.

2
Communication:

Send service announcements, security alerts, expiration notifications, and respond to your inquiries.

3
Security and Fraud Prevention:

Detect, prevent, and address security incidents, fraudulent activity, and violations of our Terms of Service.

4
Analytics and Improvement:

Analyze usage patterns, measure effectiveness, and improve our products and services.

5
Legal Compliance:

Comply with legal obligations, respond to lawful requests, and protect our rights.

6
Marketing (with consent):

Send promotional communications about new features, events, and offers. You can opt out at any time.

Data Storage and Security

Data Storage

Your data is stored in secure, SOC 2 Type II certified data centers located in the United States and European Union. We use industry-leading cloud infrastructure providers including AWS and Azure, with data encrypted at rest using AES-256 encryption.

Security Measures

We implement comprehensive security measures to protect your information:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Multi-factor authentication (MFA) for user accounts
  • Role-based access controls (RBAC)
  • Regular security audits and penetration testing
  • 24/7 security monitoring and incident response
  • Automated vulnerability scanning
  • Employee security training and background checks

Data Retention

We retain your information for as long as necessary to provide the Services and comply with legal obligations. After account termination, we retain data for 30 days for account recovery, then securely delete it unless longer retention is required by law or for legitimate business purposes (e.g., audit records retained for 7 years).

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and analyze usage:

Essential Cookies

Required for authentication, security, and basic functionality. Cannot be disabled.

Analytics Cookies

Help us understand usage patterns and improve the Services. Can be disabled in settings.

Preference Cookies

Remember your settings and preferences for a personalized experience.

Marketing Cookies

Track effectiveness of marketing campaigns. Only used with your consent.

You can control cookie preferences through your browser settings or our cookie management tool. Note that disabling certain cookies may limit functionality.

Third-Party Services and Data Sharing

We may share your information with third parties in the following circumstances:

Service Providers

We work with trusted third-party service providers who assist in operating our Services:

  • Cloud hosting providers (AWS, Azure, GCP)
  • Payment processors (Stripe)
  • Analytics services (Google Analytics, Mixpanel)
  • Customer support tools (Zendesk, Intercom)
  • Email delivery services (SendGrid)

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.

Legal Requirements

We may disclose information when required by law, legal process, or to protect rights, safety, and security. We will notify you unless prohibited by law.

With Your Consent

We may share information with other third parties when you explicitly consent to such sharing.

Your Privacy Rights

Depending on your location, you have the following privacy rights:

Access and Portability

Request access to your personal data and receive a copy in a portable format.

Correction

Update or correct inaccurate or incomplete personal information.

Deletion

Request deletion of your personal data, subject to legal retention requirements.

Objection and Restriction

Object to processing of your data or request restriction of processing.

Opt-Out

Unsubscribe from marketing communications at any time via the unsubscribe link.

Withdraw Consent

Withdraw consent for data processing where consent is the legal basis.

To exercise these rights, contact us at [email protected]. We will respond within 30 days (or as required by applicable law).

International Data Transfers

TigerTrust operates globally, and your information may be transferred to, stored, and processed in countries other than your country of residence, including the United States.

EU-U.S. Data Transfers

For transfers from the European Economic Area (EEA) to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and implement additional safeguards as required.

Data Localization Options

Enterprise customers can choose specific geographic regions for data storage to meet local data residency requirements. Contact sales for details.

Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at [email protected].

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes via email and/or prominent notice on our platform at least 30 days before the changes take effect. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.

We encourage you to review this Privacy Policy periodically. The "Last updated" date at the top indicates when this policy was last revised.

Contact Us About Privacy

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Data Protection Officer: [email protected]

Address: TigerTrust Corporation, 244 PKI Boulevard, San Francisco, CA 94105

Phone: 1-800-TIGER-00

EU Representatives: For data subjects in the European Union, you may contact our EU representative at [email protected]