Privacy Policy

Who we are

Tillampa is operated by Tillampa LLC, a Texas single-member limited liability company (the “company,” “we,” “us,” or “our”). For privacy matters, Tillampa LLC is the controller of the information described in this policy. You can reach our privacy contact at privacy@tillampa.com, or by mail at Tillampa LLC, 116 Maple St, Denton, TX 76201, USA.

Scope — what this policy covers

This policy covers visitors to tillampa.com(the “Site”) and the information collected by the forms, support chat, and hosted demos on this marketing and informational website. It is read together with our Terms of Service.

This policy does not cover the personal information we may process insideour products — MuniStack, the Tillampa widgets (resident chatbot, staff chatbot, AI document scanner), Corp OS, or custom builds. Our handling of data within those products is governed by the separate agreements (such as a Master Services Agreement, Order Form, and Data Processing Agreement) signed with the organization that licenses the product. If you are an end user of one of those products on behalf of a government or business organization, that organization's privacy notice and our agreement with them govern, not this Site policy.

Notice at collection

At or before the point we collect information through this Site, we want you to know, in plain terms: the categories of information we collect, why we collect it, who we share it with, and how long we keep it. The sections below provide that notice. In short — we collect only what you choose to send us and a limited set of technical logs needed to operate and secure the Site. We do notsell your personal information, we do not “share” it for cross-context behavioral (targeted) advertising, and we do not use it for profiling that produces legal or similarly significant effects.

Categories of information we collect

Information you give us

• Contact and demo-request details: your name, email address, phone number (optional), organization, role/title, the topic you selected, and the message you write. (Identifiers and professional/employment information.)
• Support-chat messages: the text you type into the Tillampa support assistant during your visit. (Internet/electronic activity, plus any information you choose to include in your message.)
• Hosted demo inputs:if you use an optional demo (for example, the staff-chat demo or AI document scanner), the content you submit — including any document you upload and any access PIN you enter.

Information we collect automatically

• Server access logs: IP address, user-agent (browser/device string), request path, and timestamp. (Identifiers and internet/electronic activity.)
• Error-monitoring data: when error monitoring (Sentry) is enabled, diagnostic data about an error, which can include request details.
• Analytics data (Google Analytics 4): unless you decline, we use Google Analytics to understand how the Site is used. It collects page views and on-page interactions, an approximate (city-level) location derived from your IP, device/browser type, referring source, and the campaign (UTM) parameters of the link you arrived from. Analytics is first-party and is not used for advertising. See Cookies and local storage below for the cookies involved and how to opt out.
• Local browser storage: a localStorageflag that remembers your analytics choice, and — only if you sign into the hosted staff-chat demo — a strictly-necessary session cookie (tp_staff_chat). See Cookies and local storage below.

We do notrun advertising trackers, do not use Google's advertising features or “Google Signals,” and do not collect biometric data, precise geolocation, or, by design, any special/sensitive categories of personal data. Our use of analytics is for measurement only, as described in the Cookies and local storage section. Please do not send us sensitive information (such as government ID numbers, health information, or financial-account details) through the Site forms or chat.

How we use information (purposes)

• To respond to your inquiry, demo request, or message.
• To operate, maintain, and secure the Site and its features.
• To diagnose and fix problems (server logs and error reports).
• To prevent, detect, and respond to abuse, fraud, and security incidents (such as rate limiting and abuse review).
• To generate a reply in the support chat or a hosted demo by sending your message to the relevant AI provider.
• To measure how the Site is used and which content and outreach campaigns are effective, using privacy-friendly analytics, so we can improve the Site.
• To improve our content and products based on the questions and feedback we hear, in aggregate.
• To comply with law and enforce our Terms.

Where the EU/UK GDPR applies, our legal bases are: your consent (for example, when you choose to contact us); our legitimate interests in operating, securing, and improving the Site and responding to you; and compliance with a legal obligation. We do not use your Site information to make solely automated decisions that produce legal or similarly significant effects about you.

How the contact and demo forms actually work

We want to be precise about this, because it affects who receives your data.

• Today (default behavior): the contact and demo forms open your own email application with a message pre-addressed to hello@tillampa.com (a mailto: link). Nothing is posted to a Tillampa server when you use the form, and no third-party email-delivery provider is in the path. We receive your message only if you press send in your own mail app, after which it reaches us as ordinary email through your email provider and ours.
• If we enable server-side delivery (future): our code includes server routes (/api/contact and /api/demo) that, if and when an email provider key is configured, would forward form submissions to us through a transactional email provider — Resend or SendGrid. If we turn this on, those providers would process your form submission solely to deliver it to us, acting as our service providers/processors. We will keep this policy accurate as to which path is live.

Who we share information with

We do not sell your personal information and we do not share it for cross-context behavioral advertising. We disclose information only to the limited set of service providers needed to run the Site, each bound to use it only for the services they provide to us:

• Hosting (Render, US region): runs the Site infrastructure and processes the server access logs described above. Encrypted backups are stored in AWS S3 (US).
• Analytics (Google Analytics 4):unless you decline, Google LLC processes the analytics data described above to provide us aggregated usage measurement. We have configured the service so that Google's advertising signals are disabled and your data is not used by us for cross-context behavioral advertising. Google acts as our service provider / processor for this purpose.
• AI provider for support chat (Anthropic):receives the messages you type into the support chat to generate a response, but not your contact-form details. Per Anthropic's terms, API inputs are not used to train its models by default.
• AI providers for hosted demos (Anthropic and/or OpenAI): if you use a demo, the content you submit (including any uploaded document and access PIN) is sent to the demo backend and its AI providers to generate a response.
• Email delivery (Resend or SendGrid): only if server-side form delivery is enabled, as described above. Until then, no email-delivery provider is involved in the forms.
• Error monitoring (Sentry): when enabled, receives diagnostic data about errors, which can include request details, so we can detect and fix problems.

We may also disclose information when reasonably necessary to comply with a valid law, court order, subpoena, or government request; to enforce our agreements; to protect the rights, safety, and property of Tillampa LLC, our users, or the public; or in connection with a corporate transaction (such as a merger, financing, or sale of assets), in which case we will require the recipient to honor this policy.

Your privacy rights

Depending on where you live, you may have some or all of the rights below. Regardless of your location, you may contact us at privacy@tillampa.com and we will do our best to honor reasonable requests.

Texas residents (Texas Data Privacy and Security Act)

If you are a Texas resident, the Texas Data Privacy and Security Act (TDPSA) gives you the right to:

• Confirm and access— confirm whether we are processing your personal data and obtain access to it.
• Correct— correct inaccuracies in your personal data, taking into account the nature and purpose of the processing.
• Delete— request deletion of personal data you provided or that we obtained about you.
• Portability— obtain a copy of the personal data you previously provided in a portable and, to the extent technically feasible, readily usable format.
• Opt out— opt out of the processing of your personal data for (a) targeted advertising, (b) the sale of personal data, or (c) profiling in furtherance of decisions that produce legal or similarly significant effects. To be clear, we do notsell personal data, conduct targeted advertising, or perform such profiling through this Site, so for most visitors there is nothing to opt out of — but the right is available to you.

Appeal. If we decline to act on your request, you may appeal that decision by replying to our response or by emailing privacy@tillampa.comwith “Appeal” in the subject line. We will respond to your appeal in writing within 60 days. If we deny your appeal, you may contact the Texas Attorney General to submit a complaint.

California residents (CCPA/CPRA)

If you are a California resident, you have the right to know/access the categories and specific pieces of personal information we collect, the right to correct inaccurate information, the right to delete, the right to opt out of the sale or sharing of personal information, and the right not to receive discriminatory treatment for exercising your rights. We do not sell or share (for cross-context behavioral advertising) the personal information of any consumer, including California residents, and we do not use or disclose sensitive personal information beyond the purposes permitted by law. Because we do not sell or share personal information, we do not offer a “Do Not Sell or Share My Personal Information” mechanism — but you may still contact us with any request.

California “Shine the Light.”California Civil Code § 1798.83 lets California residents request information about disclosures of personal information to third parties for those parties' own direct-marketing purposes. We do not make such disclosures. You may confirm this by emailing privacy@tillampa.com.

Other U.S. states

If you reside in a state with a comprehensive consumer-privacy law — such as Colorado, Connecticut, Virginia, Utah, Oregon, Montana, and others as they take effect — you have rights similar to those described above (to access, correct, delete, obtain a portable copy, and opt out of sale, targeted advertising, and certain profiling), subject to that law's terms. We honor those rights. Where your state law provides an appeal process, the appeal procedure described in the Texas section above applies to you as well.

EU / UK / EEA visitors (GDPR)

Where the EU GDPR or UK GDPR applies to your visit, you have the rights of access, rectification, erasure, restriction of processing, data portability, and objection, as well as the right to withdraw consent at any time (without affecting prior processing) and the right to lodge a complaint with your supervisory authority. To exercise these rights, contact privacy@tillampa.com.

How to exercise your rights

• Submit a request. Email privacy@tillampa.com and tell us which right you want to exercise. An authorized agent may submit a request on your behalf with proof of authorization.
• Verification.To protect your information, we will take reasonable steps to verify your identity before acting — typically by confirming you control the email address associated with your request and, if needed, by asking you to confirm details we already hold. We use the information you provide for verification only for that purpose.
• Timing. We aim to acknowledge requests promptly and respond within 45 days (or the period your state law allows), and we will tell you if we need a permitted extension. GDPR requests are answered within one month where required.
• No discrimination or retaliation. We will not deny you goods or services, charge you a different price, or provide a different level of quality because you exercised your privacy rights.
• Appeals. If we decline a request, you may appeal as described in the Texas residents section above by emailing privacy@tillampa.com.

Global Privacy Control and Do-Not-Track

Some browsers and extensions transmit a Global Privacy Control (GPC) or “Do Not Track” signal. Because we do not sell personal information, do not share it for cross-context behavioral advertising, and run no advertising trackers on this Site, there is no sale or targeted-advertising activity for such a signal to stop. The analytics described in this policy is first-party measurement only, and you can turn it off at any time using the “Cookie settings” link in the footer. We respect the intent of these signals and will treat a recognized opt-out preference signal as a valid opt-out request where required by law. If our practices ever change, we will update this section and honor GPC accordingly.

How long we keep information (retention)

• Contact and demo submissions: kept for as long as needed to handle and follow up on your inquiry, then archived for up to two years for recordkeeping, after which they are deleted, unless a longer period is required by law or to resolve a dispute.
• Server access logs: a short rolling window of approximately 30 to 90 days, then overwritten or deleted.
• Support-chat transcripts:not persisted by us beyond the active session; the conversation lives only in your browser's page memory for that visit and clears on reload.
• Error-monitoring data:retained per the monitoring tool's standard short retention, used only to diagnose and fix issues.
• Analytics data (Google Analytics): user- and event-level analytics data is retained by Google for 14 months, after which it is automatically deleted; aggregated reports may persist longer. The analytics cookies on your device (_ga and _ga_*) last up to about two years unless you clear them or decline analytics.
• Analytics-choice flag and demo session cookie: the localStorage flag recording your analytics choice persists until you clear it; the tp_staff_chat session cookie expires after up to 8 hours.

Cookies and local storage

We use two kinds of browser storage on this Site: a small set of essential storage needed to run it, and first-party analytics cookies (which you can decline).

Essential storage (always on). A localStorageflag records your analytics choice so we don't ask again, and a strictly-necessary session cookie (tp_staff_chat) is set only if you sign into the hosted staff-chat demo with a PIN, keeping you signed into that demo for up to 8 hours. The support chat keeps your conversation only in page memory for the active visit and clears it on reload — it does not use cookies or local storage.

Analytics cookies (Google Analytics 4 — you can decline). Unless you decline, we use Google Analytics 4 to understand how the Site is used. It sets first-party cookies named _ga and _ga_<id> (lasting up to about two years) that distinguish visitors and sessions, and it collects the analytics data described above (page views, on-page interactions, approximate city-level location from your IP, device/browser, referrer, and the campaign/UTM parameters of the link you arrived from). We run Google Analytics with Google Consent Mode: all of Google's advertising signals (ad storage, ad user data, and ad personalization) are denied, and we do not enable Google Signals, Google Ads linking, or any cross-context behavioral advertising. We do not sell or share this data.

How to decline or turn analytics off.When you first visit, the notice in the corner lets you choose “Decline analytics.” You can change your mind at any time using the “Cookie settings” link in the footer. If you decline, Google Analytics runs in consent-denied mode and does not store the _ga analytics cookies on your device. You can also clear or block cookies and site data at any time through your browser settings; the Site will still work, though some preferences may reset.

Security

We use reasonable administrative and technical safeguards to protect information, including encryption in transit (TLS), server-only secrets, and access controls. Hosting is on Render (US), and encrypted backups are stored in AWS S3 (US). No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security. For more detail — and to report a vulnerability — see our security overview or email security@tillampa.com.

International visitors

Tillampa LLC is based in the United States, and the Site is hosted in the United States. If you access the Site from outside the U.S., you understand that your information will be processed in the United States, where data-protection laws may differ from those in your country. By using the Site or submitting information to us, you understand that your information may be transferred to and processed in the United States.

Children's privacy

This Site is intended for a business and government audience and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us information, email privacy@tillampa.com and we will delete it.

Changes to this policy

If we change this policy, we will update the “last updated” date at the top, and for material changes we will take reasonable steps to provide notice. Changes take effect when posted. Your continued use of the Site after a change means you accept the updated policy.

Contact — how to reach us

Questions, requests, or appeals about this policy or your information:

• Email: privacy@tillampa.com
• Mail: Tillampa LLC, 116 Maple St, Denton, TX 76201, USA

For general inquiries, email hello@tillampa.com; for legal or DMCA notices, legal@tillampa.com; for security reports, security@tillampa.com; and to report abuse, abuse@tillampa.com.