Privacy Policy
Effective Date: 1 February 2026 | Last Updated: 1 February 2026
This is version 2026-02-01 of our Privacy Policy. View current version →
Tick Mark (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including our web application, mobile applications (iOS and Android), and related services (collectively, the “Services”). By accessing or using Tick Mark, you agree to the terms of this Privacy Policy.
1. Information We Collect
We collect the following types of information to provide and improve our Services:
1.1 Account Information
When you create an account with us, we collect:
| Data Type | Purpose |
|---|---|
| Full Name | Your display name |
| Email Address | Authentication, communication, account recovery |
| Phone Number | Verification and communication (with country code) |
| Password | Securely hashed and stored |
| Job Title | Profile purposes |
| Profile Photo | Optional, uploaded by you |
| Address | Including city, state, postal code, country, timezone |
1.2 Organization and Workspace Data
When you create or join an organization:
- Organization Name and Contact Information
- Company Logo and Description
- Company Size and Industry Type
- Website and Social Media Links
- Office Hours and Location
1.3 Business Data
To power our CRM and project management features, we process:
Leads & Contacts:
- Contact names, email addresses, and phone numbers
- Company information and location data
- Lead source and communication history
- Deal values and closing probabilities
- Points of contact and their roles
Projects & Tasks:
- Project names, descriptions, and timelines
- Task details, priorities, and statuses
- Time tracking data and work logs
- File attachments and documents
Financial Data:
- Invoice details (invoice numbers, amounts, billing addresses)
- Payment records and transaction histories
- Subscription and billing information
1.4 Communication Data
When you use our messaging features:
- Message content and attachments
- Conversation participants and metadata
- Read receipts and reactions
- Call logs and meeting summaries
1.5 Files and Documents
When you upload files:
- File names, types, sizes, and content
- Upload timestamps and modification dates
- Folder structure and organization
- File sharing settings and access logs
1.6 Automatically Collected Data
We automatically collect:
- Device Information – Device type, operating system, browser type and version
- IP Address – For security and approximate location
- Usage Data – Pages visited, features used, actions taken
- Session Information – Login times, session duration, last activity
- User Agent – Browser and device identifiers
1.7 Data from Third-Party Integrations
When you connect third-party services, we may receive:
- Meta (Facebook) Lead Ads – Lead information from your Facebook/Instagram ad campaigns
- Google – Calendar events and OAuth authentication data
- Stripe – Subscription status and payment method information (no full card numbers)
2. How We Use Your Information
Service Delivery
- Creating and managing your user account
- Providing access to workspaces and features
- Processing your CRM, project management, and invoicing activities
- Enabling file storage and sharing capabilities
- Facilitating team communication and collaboration
Communication
- Sending transactional emails (account verification, password reset, invoices)
- Notifying you about updates to your projects, tasks, and leads
- Delivering push notifications (with your consent)
- Responding to your support requests
Analytics
- Analyzing usage patterns to improve our Services
- Implementing insights and analytics using Microsoft Clarity
- Identifying and fixing technical issues
- Developing new features based on user behavior
Security
- Detecting and preventing fraudulent activities
- Monitoring for unauthorized access attempts
- Enforcing our Terms of Service
- Complying with applicable laws and regulations
3. Data Sharing and Disclosure
3.1 Service Providers
We share data with third-party service providers:
| Provider | Purpose | Data Shared |
|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting and storage | All service data |
| Stripe | Payment processing | Billing information |
| Microsoft Clarity | Analytics and user behavior | Usage data (anonymized) |
| Firebase Cloud Messaging | Push notifications | Device tokens |
| Email Provider | Transactional emails | Email addresses |
3.2 Third-Party Integrations
When you connect integrations (Meta Lead Ads, Google Calendar, etc.), data is shared with these platforms according to their respective privacy policies.
3.3 Legal Requirements
We may disclose your information if required by law, court order, or governmental authority.
3.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
What We Do NOT Do:
- We do NOT sell your personal data to third parties
- We do NOT share your data with advertisers for targeted advertising
- We do NOT provide access to your business data to competitors
4. Third-Party Integrations
4.1 Meta (Facebook) Lead Ads
When you connect Meta Lead Ads:
- We receive lead data from your Facebook/Instagram ad forms
- We store Meta Page Access Tokens (encrypted) to fetch leads
- Lead data includes form field responses mapped to your funnel stages
- You can disconnect the integration at any time
4.2 Google Integration
When you connect Google:
- We receive OAuth tokens for authentication
- We may sync calendar events for task scheduling
- We do not access Gmail, Google Drive, or other services unless authorized
4.3 Stripe Integration
When you subscribe to our paid plans:
- Stripe processes and stores your payment information
- We receive subscription status and invoice history
- We never receive or store your full credit card numbers
5. Data Storage and Security
5.1 Infrastructure
Your data is stored securely on:
- AWS Cloud Servers – Located in secure data centers
- MongoDB Atlas – For database storage with encryption at rest
- AWS S3 – For file storage with server-side encryption
5.2 Security Measures
- Encryption in Transit - All data in transit is encrypted using TLS 1.2+
- Encryption at Rest - Sensitive data is encrypted in our databases
- Password Hashing - Passwords are hashed using bcrypt algorithm
- Token Security - API tokens and OAuth credentials are encrypted (AES-256)
- Access Controls - Role-based access controls within workspaces
- Audit Logging - Activity logs for security monitoring
5.3 Multi-Tenant Architecture
Each workspace operates in isolation with:
- Separate database collections per tenant
- Strict access controls between workspaces
- Data segregation ensuring one organization cannot access another’s data
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Active Accounts | Data retained while account is active |
| Deleted Data | Permanently removed within 30 days |
| Backups | Retained up to 90 days for disaster recovery |
| Account Closure | Personal data deleted within 30 days |
7. Cookies and Tracking Technologies
7.1 Types of Cookies
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, security, basic functionality | Session |
| Functional | Preferences, theme settings | Persistent |
| Analytics | Usage patterns, feature engagement | Persistent |
7.2 Local Storage
We use browser local storage for theme preferences, view modes, and UI state persistence.
7.3 Microsoft Clarity
We use Microsoft Clarity for:
- Session recordings (with personal data masked)
- Heatmaps showing interaction patterns
- Analytics on feature usage
You can disable cookies through your browser settings or opt-out of analytics in your account settings. Disabling cookies may affect certain functionality.
8. Mobile Application Data
8.1 iOS and Android Apps
Our mobile applications collect:
- Device identifiers and platform information
- Push notification tokens (FCM)
- App usage and crash reports
- Authentication tokens (stored securely on device)
8.2 Permissions Requested
| Permission | Purpose |
|---|---|
| Camera | Profile photos, document scanning |
| Photo Library | File uploads and attachments |
| Notifications | Push notifications for updates |
| Network Access | Service connectivity |
8.3 Secure Storage
On mobile devices, sensitive data is stored using:
- iOS Keychain / Android Keystore for tokens
- Encrypted AsyncStorage for preferences
9. International Data Transfers
Your data may be processed in different countries where our servers and service providers are located, including:
- United States (AWS)
- Ireland (AWS EU)
For international transfers, we rely on:
- Standard Contractual Clauses (SCCs)
- Data Processing Agreements with our service providers
- Compliance with applicable data protection laws
10. Children’s Privacy
Tick Mark is not intended for use by children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children.
If you are a parent or guardian, please contact us at privacy@tickmark.io.
11. Your Privacy Rights
Depending on your location, you may have the following rights:
- Access & Portability - Request a copy of your personal data
- Correction - Update or correct inaccurate information
- Deletion - Request deletion of your personal data
- Objection - Object to certain processing activities
- Restriction - Request restriction of processing
- Withdraw Consent - Withdraw consent for optional processing
Exercising Your Rights
To exercise any of these rights:
- Email: privacy@tickmark.io
- In-App: Account Settings → Privacy → Data Requests
We will respond to your request within 30 days.
Regional Rights
EU/EEA (GDPR): You have additional rights under the General Data Protection Regulation, including the right to lodge a complaint with a supervisory authority.
California (CCPA): You have the right to know what personal information we collect, request deletion, and opt-out of the “sale” of personal information. Note: We do not sell personal information.
12. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes:
- We will notify you via email at the address associated with your account
- We will update the “Last Updated” date at the top of this policy
- We may display a prominent notice within our Services
Continued use of our Services after changes constitutes acceptance of the updated policy.
13. What Changed from Previous Policy
This section highlights the key changes from our previous Privacy Policy dated 26 September 2024:
New Sections Added
| Section | Description |
|---|---|
| Third-Party Integrations | Meta Lead Ads, Google, Stripe details |
| Data Retention | Deletion and backup policies |
| Mobile Application Data | iOS and Android disclosures |
| International Data Transfers | Cross-border data handling |
| Regional Rights | GDPR and CCPA specific rights |
Key Expansions
| Previous Policy | Updated Policy |
|---|---|
| Basic personal data only | Comprehensive data inventory including CRM, projects, files, messaging |
| IP address and device info | Detailed device, session, and usage analytics |
| Cookies only | Cookies, local storage, and Microsoft Clarity |
Other Changes
- Meta (Facebook) Lead Ads Integration now documented
- Multi-tenant architecture explained with encryption methods (TLS 1.2+, AES-256, bcrypt)
- File storage and sharing features disclosed
- Mobile app data collection with device permissions
- Expanded user rights with specific procedures
- Added dedicated privacy email: privacy@tickmark.io
14. Contact Us
- 📧 Privacy Inquiries: privacy@tickmark.io
- đź’¬ General Support: support@tickmark.io
- 🛡️ Data Protection Officer: dpo@tickmark.io (GDPR inquiries)
Mailing Address:
Tick Mark
V.P.O Tangra
Punjab, India
© 2026 Tickmark. All rights reserved.