1. Introduction

myTCRPlus ("we," "us," "our") is committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains how we collect, use, disclose, retain, and protect your personal information when you use our websites, microsites, services (including TCR compliance tools, SMS/MMS campaign management platforms, and related offerings), and any other products under myTCRPlus.

By using our services or accessing our site, you agree to the practices described in this Privacy Policy.

2. Information We Collect

We collect the following categories of personal information:

3. How We Collect Information

We collect information through multiple channels:

Directly From You

• Registration forms, account setup processes
• Branding uploads, campaign configurations
• Plan selection, payment processing
• Support requests, communication with our team
• Tool usage (validators, calculators, compliance checkers)

Automatically

• Website analytics tools (Google Analytics, proprietary tracking)
• Server logs, application performance monitoring
• Cookies and similar tracking technologies
• Session replay tools (for UX optimization)

From Third-Party Sources

• Payment processors (Stripe, PayPal)
• The Campaign Registry (TCR) verification data
• Domain registrars, hosting providers
• Email service providers
• Credit reporting agencies (for trust score enhancement)

4. How We Use Your Information

We use your personal information for the following purposes:

Service Delivery

• Provide, maintain, and improve TCR compliance tools and microsite services
• Process brand and campaign registrations with TCR
• Host compliance microsites with SSL/HTTPS encryption
• Manage automated backups and disaster recovery
• Enable custom domain mapping and branding

Identity & Compliance Verification

• Verify business credentials for service activation
• Support TCR trust score improvement initiatives
• Validate sender identity for carrier approval processes
• Meet carrier policy requirements (T-Mobile, AT&T, Verizon)

Personalization & Branding

• Apply custom logos, colors, and brand elements
• Generate branded compliance disclosure pages
• Customize tool interfaces to match brand identity

Communication

• Send transactional communications (confirmations, billing statements, support responses)
• Deliver platform updates, compliance alerts, regulatory changes
• Send promotional communications (only with explicit consent)
• Provide customer support and technical assistance

Analytics & Improvement

• Monitor site usage, disclosure page views, tool engagement
• Analyze traffic patterns, conversion metrics
• Improve service functionality, user experience
• Develop new compliance features and tools

Legal & Regulatory Compliance

• Comply with TCPA, CTIA, carrier policy requirements
• Respond to legal obligations, court orders, regulatory inquiries
• Support audits, investigations, dispute resolution
• Enforce Terms of Service, prevent fraud and abuse

Security & Risk Management

• Detect and prevent unauthorized access
• Monitor for security threats, suspicious activity
• Maintain system integrity and data protection
• Investigate and respond to security incidents

5. Legal Basis for Processing

For users in jurisdictions with data privacy regulations (GDPR, CCPA, CPRA, UK GDPR, etc.), our legal basis for processing includes:

We balance our legitimate interests against your privacy rights and will not process your data where your rights override our legitimate interests.

6. Sharing and Disclosure of Information

We share your information with the following categories of recipients:

Service Providers

• Hosting infrastructure providers (AWS, Google Cloud, etc.)
• Domain registrars, DNS management services
• Analytics providers (Google Analytics, proprietary tools)
• Payment processors (Stripe, PayPal)
• Email delivery services (SendGrid, Mailgun)
• SMS/MMS gateway providers (for campaign transmission)
• Backup and disaster recovery services

TCR & Carrier Ecosystem

• The Campaign Registry (TCR) for brand/campaign verification
• Carrier aggregators and downstream messaging partners
• Industry verification services (DUNS, business registration databases)

Legal & Regulatory Authorities

• Law enforcement agencies (in response to valid legal requests)
• Regulatory bodies (FCC, FTC, state attorneys general)
• Courts, arbitration forums (in legal proceedings)
• Tax authorities, auditing bodies

Business Partners

• Acquirers, merger partners (in the event of business combination)
• Strategic partners (with appropriate data protection agreements)
• Affiliates within Native Chaos Holdings LLC corporate structure

7. Cookies, Tracking & Similar Technologies

We use cookies and similar tracking technologies to:

Essential Functions

• Maintain session state, authentication
• Remember user preferences, settings
• Enable shopping cart, checkout processes

Analytics & Performance

• Measure traffic, engagement, conversion rates
• Identify popular content, navigation patterns
• Diagnose technical issues, optimize performance

Security

• Detect fraud, unauthorized access attempts
• Monitor for suspicious activity patterns
• Enforce rate limiting, abuse prevention

Cookie Types

• First-party cookies: Set by myTCRPlus for site functionality
• Third-party cookies: Set by analytics providers (Google Analytics), advertising platforms

Your Choices

Browser settings allow cookie control (block, delete, restrict). Some site features may not function properly if cookies are disabled. Do Not Track signals are honored where technically feasible.

8. Your Rights: Opt-In, Opt-Out & Data Control

Marketing Communications

• Promotional emails: Opt out via "unsubscribe" link in any message
• SMS messages: Reply "STOP" (or other designated keyword) to opt out
• We will process opt-out requests within 10 business days
• Transactional messages (billing, support) are not affected by marketing opt-outs

Your Data Rights (Jurisdiction-Dependent)

California Residents (CCPA/CPRA)

• Right to know what personal information we collect, use, disclose
• Right to delete personal information (with exceptions)
• Right to opt out of sale/sharing (we do not sell personal information)
• Right to correct inaccurate information
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising privacy rights

How to Exercise Your Rights

9. Data Retention

We retain your personal information only as long as necessary for:

Deletion Methods

When retention is no longer required:

• Secure deletion via cryptographic erasure
• Overwriting with random data (multiple passes)
• Physical destruction of storage media (where applicable)
• Anonymization rendering data non-identifiable

10. Security Measures

We employ administrative, technical, and physical safeguards to protect the confidentiality, integrity, and availability of your information:

Technical Safeguards

• SSL/TLS encryption for all data transmission (HTTPS mandatory)
• AES-256 encryption for data at rest
• Database encryption with key rotation
• Secure API authentication (OAuth 2.0, API keys with rate limiting)
• Web application firewall (WAF) protection
• DDoS mitigation systems

Administrative Safeguards

• Role-based access controls (RBAC)
• Least-privilege principle enforcement
• Background checks for personnel with data access
• Mandatory security awareness training
• Incident response procedures, breach notification protocols
• Third-party vendor security assessments

Physical Safeguards

• Tier III+ data center facilities (for hosted infrastructure)
• Biometric access controls, 24/7 surveillance
• Environmental controls (fire suppression, climate management)
• Redundant power supplies, network connectivity

Monitoring & Response

• 24/7 security monitoring, intrusion detection systems
• Automated threat detection, anomaly alerting
• Regular vulnerability scanning, penetration testing
• Security patch management, update deployment
• Incident response team with defined escalation procedures

11. International Data Transfers

myTCRPlus operates primarily within the United States. If we transfer your personal information outside the U.S. (for example, to service providers in other jurisdictions), we ensure appropriate safeguards:

Transfer Mechanisms

• Standard Contractual Clauses (SCCs) approved by European Commission
• Adequacy decisions recognizing equivalent data protection
• Binding Corporate Rules (where applicable)
• Consent-based transfers (where legally permissible)

Cross-Border Transfers

• Data may be processed in U.S., EU, or other jurisdictions where service providers operate
• All transfers comply with applicable data protection laws (GDPR Art. 44-50, CCPA provisions)
• We assess third-country data protection adequacy before transfer

If you are in the EEA or UK and your data is transferred to the U.S., you may contact us for information about safeguards in place.

12. Children's Privacy

Our services are designed for businesses and are not directed to children under 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children.

If We Learn of Child Data Collection

• Immediate deletion of all collected information
• Termination of associated account
• Notification to parent/guardian (where contact information available)

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect:

• Changes in our services, features, or business practices
• New legal, regulatory, or carrier requirements
• Technological developments affecting data processing
• Feedback from users, regulators, or legal counsel

Notification Process

• "Last Updated" date revision at top of policy
• Email notification to active account holders (for material changes)
• Prominent notice on website homepage (30 days minimum)
• Continued use of services after notice period constitutes acceptance

Material Changes Requiring Consent

• Expansion of data sharing to new third-party categories
• Changes to legal basis for processing
• Reduction in data protection safeguards
• Introduction of automated decision-making affecting user rights

Previous Versions: Prior versions available upon request: info@mytcrplus.com

14. Contact Information

Escalation

If you are unsatisfied with our response, you may:

• Contact your local data protection authority (EEA/UK residents)
• File a complaint with the California Attorney General (California residents)
• Pursue dispute resolution per our Terms of Service

15. Additional Disclosures

No Legal Advice

This Privacy Policy describes our data practices and does not constitute legal advice. myTCRPlus provides compliance tools and microsites but does not provide legal advisory services. Organizations should consult qualified legal counsel for guidance specific to their messaging programs and data protection obligations.

Carrier Compliance Support

myTCRPlus microsites include required disclosures, privacy policies, opt-in/opt-out language, and message frequency statements essential for VOIP/CPaaS provider compliance. We monitor regulatory updates and carrier guidelines so your business texting program remains secure, transparent, and provider-approved.

Third-Party Links

Our websites may contain links to third-party sites. We are not responsible for the privacy practices or content of external sites. Review their privacy policies before providing personal information.

Biometric Data

We do not collect biometric information (fingerprints, facial recognition, voiceprints) through our services.

Automated Decision-Making

We do not make automated decisions that significantly affect you without human review, except for fraud detection systems designed to protect our platform and users.