Welcome to Tiptoe: Your Privacy Matters
Welcome to Tiptoe! We're committed to helping workplaces thrive through honest feedback, and protecting your privacy is central to that mission. This Privacy Policy explains how Tiptoe LLC ("Tiptoe," "we," "us," or "our") handles your information when you use our anonymous feedback tool and services (collectively, the "Service"). Our Service is designed to allow individuals within companies, teams, schools, and other organizations (each, a "Company") to provide valuable feedback. Crucially, this feedback is presented to Company managers or administrators ("Managers") in a way that does not directly reveal your identity within the application. By using our Service, you agree to the practices described in this Privacy Policy. Please read it carefully to understand how we collect, use, share, and protect your information.Information We CollectWe collect information to provide, maintain, and improve Tiptoe. The type of information depends on your role (e.g., Member, Manager) and how you interact with our Service.2.1. Information You ProvideAccount Essentials: When you create an account, we collect your email address for account setup, verification, and important service communications. You might also provide a name. We assign you an internal User ID (UID) and a role (e.g., "member," "manager"). Managers also provide their Company's name when setting up their organization. Note: Your authentication is securely handled by Google Firebase Authentication services.Your Feedback (as a Member): When you submit feedback, we collect: Score: The numerical rating you provide. Review Content: Your written thoughts and suggestions. Submitter UID: An internal, anonymous User ID is automatically associated with your feedback for system integrity. This UID is never displayed to your Company's Managers within the Tiptoe application. It helps us investigate abuse and may allow you to see your own past feedback in future features. Team & Time: The specific team or company-wide designation your feedback is for, and the date and time you submitted it.Company Management Data (as a Manager): Managers provide their Company name, configure teams, and generate invite codes for their users.Direct Communications: If you contact us for support or other inquiries, we'll collect the information you provide, such as your name, email, message content, and any attachments.2.2. Information We Collect AutomaticallyUsage and Device Information: Our Service is built on Google Firebase, which automatically collects certain technical data. This may include your IP address (generally logged temporarily for security), details about your device, operating system, browser type, and how you navigate our Service (e.g., features used, pages viewed). Firebase also collects device identifiers for security purposes (see Firebase App Check below). This information helps us understand usage patterns and improve Tiptoe.Firebase App Check: We use Firebase App Check to ensure that requests to our backend resources are legitimate and come from your actual app instance. This involves the collection of device attestation information by Firebase.System Logs: Our backend Cloud Functions generate logs for debugging, monitoring, and security when they run (e.g., when you submit feedback). These logs may include your User ID and operational data, but access to them is strictly limited to authorized Tiptoe personnel.2.3. Payment Information (via Stripe)For subscription services, Tiptoe LLC uses Stripe, Inc. ("Stripe") as our secure payment processor.We do not directly collect, store, or have access to your full credit card numbers or detailed financial information.When you subscribe, you provide your payment information directly to Stripe, and their Privacy Policy governs their use of your data.We receive limited information from Stripe, such as your subscription status, transaction IDs, the last four digits of your card, card type, and associated billing details (like your name and email, but not full payment specifics) to manage your subscription.How We Use Your InformationWe use the information we collect to power Tiptoe and ensure your experience is secure and effective:To Provide and Operate Tiptoe: This includes creating and managing your account, enabling you to submit feedback, allowing Managers to view anonymized feedback, facilitating company setup, processing payments via Stripe, and sending you essential service-related communications like verification emails and support messages.To Guarantee Member Anonymity (for Managers): A core feature of Tiptoe is that when Company Managers view feedback submitted by Members, the internal User ID of the submitter is never displayed to them within the application. This design protects your identity.For Security and Moderation: Our authorized Tiptoe administrators may access information, including Submitter UIDs, to investigate reports of abuse or policy violations, ensure the integrity and security of our Service, troubleshoot technical issues, and comply with legal obligations.To Improve Tiptoe: We analyze how our Service is used to develop new features, enhance functionality, and continuously improve your user experience.To Communicate With You: If you've opted in, we may send you newsletters or promotional materials. You can always unsubscribe from these marketing communications.For Legal Compliance: To meet our legal obligations, respond to valid legal processes, and enforce our Terms of Use and other policies.How We Share Your InformationWe value your privacy and do not sell your personal information. We share information only in specific, necessary circumstances:With Our Service Providers: Google (Firebase): As Tiptoe is built on Firebase, your information is processed and stored on Google's secure infrastructure. Google's privacy policies and terms govern their handling of this data. We configure Firebase services to protect your data consistent with this policy. Stripe: When you make a payment, your payment details are provided directly to Stripe for processing. We share only necessary information (like user ID and subscription plan) with Stripe to facilitate your transactions.Within Your Company: Feedback for Managers: The content of your feedback (score, review text, team, submission time) is shared with the authorized Manager(s) of the Company it pertains to. Your direct identity (Submitter UID) is not shared with Managers through the Tiptoe application. User Lists for Managers: Managers can view a list of users (e.g., names and/or email addresses) within their Company.With Tiptoe Administrators: Authorized Tiptoe personnel may access your information, including Submitter UIDs, as needed for moderation, security, support, and legal compliance purposes.Aggregated or Anonymized Data: We may share aggregated or de-identified information that cannot be reasonably used to identify you. This is useful for statistical analysis, research, and reporting (e.g., overall trends in feedback).For Legal Reasons and Safety: We may disclose your information if legally required or in the good faith belief that it's necessary to: Comply with a legal obligation, subpoena, or valid legal process. Protect the rights, property, or safety of Tiptoe LLC, our users, or the public. Investigate or prevent potential wrongdoing related to the Service.Business Transfers: In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction, as permitted by law. We will notify you of any such event and inform you of your choices.Data Retention & DeletionWe keep your personal information only as long as necessary to provide our Service, fulfill our legal obligations, resolve disputes, and enforce our agreements.User Account Data: Your account information remains active as long as your account is open.Feedback Data: Active Companies: Feedback submitted to an active Company is retained to provide a historical record to the Company's Manager(s). Member Account Deletion: If you, as a Member, request account deletion, your personal account information (like your user document and authentication record) will be deleted. Any feedback you previously submitted will be anonymized by removing or nullifying the associated Submitter UID. The content of the feedback itself remains as part of the Company's historical record but is no longer linked to your deleted Member account. Manager Account & Company Deletion: If a Manager deletes their account, this action also triggers the deletion of the Company they manage. This comprehensive deletion includes: all user accounts (Managers and Members) associated with that Company, all feedback submitted to that Company, and the main Company record itself.Stripe Data: Payment and subscription information handled by Stripe is subject to Stripe's own data retention policies.Log Data: System logs (e.g., Firebase and Cloud Function logs) are retained for a limited period essential for security analysis, troubleshooting, and operational stability.Your Privacy Rights and ChoicesDepending on your location and applicable privacy laws (like GDPR or CCPA/CPRA), you may have specific rights regarding your personal information.Accessing & Updating: You can typically review and update your account details (like your name or email) directly through your Tiptoe account settings.Account Deletion: You can request to delete your account via the Tiptoe application or by contacting us. Members: Deleting your account will remove your personal data and anonymize your past feedback, as detailed in Section 5. Managers: Deleting your account will lead to the deletion of your account, your Company, all users within it, and all associated feedback, as detailed in Section 5. (Note: Administrator accounts cannot be deleted via this function.)Marketing Communications: If you receive marketing emails from us, you can opt out by following the unsubscribe link in the email. You will still receive essential service-related and transactional emails.Exercising Other Rights: To exercise any other rights you may have under applicable privacy laws (such as the right to access a copy of your data, correct inaccuracies, request data erasure, restrict processing, or data portability), please contact us using the details in Section 11. We will respond in accordance with applicable law and may need to verify your identity.Data SecurityTiptoe LLC is committed to protecting your data. We implement and maintain robust administrative, physical, and technical security safeguards to help protect your personal information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. Our measures include:Leveraging Google Firebase's platform security features, including Firestore Security Rules to control data access.Employing Firebase App Check to prevent unauthorized use of backend resources.Using HTTPS for secure data transmission.Relying on the robust security infrastructure of Firebase and Stripe for data storage and payment processing.While we strive for maximum security, please remember that no system is entirely impenetrable. We cannot guarantee the absolute security of your information.International Data TransfersTiptoe LLC is based in [Your Company's Location, e.g., the United States], and our Service is hosted on Google Firebase, which utilizes a global infrastructure. By using our Service, your information may be transferred to, stored, and processed in the United States and other countries where Firebase servers are located. These countries may have data protection laws that differ from those in your region.We rely on Google Firebase's mechanisms for international data transfers, which may include Standard Contractual Clauses or other approved transfer mechanisms, to ensure your data is adequately protected during transfer.Children's PrivacyOur Service is not intended for individuals under the age of 16 (or a higher age threshold if stipulated by applicable local laws). We do not knowingly collect personal information from children under 16. If we learn that a child under 16 has provided us with personal information, we will take steps to delete it. If you are a parent or guardian and believe your child has provided us with information without your consent, please contact us.Changes to This Privacy PolicyWe may update this Privacy Policy periodically. If we make significant changes, we will notify you by posting the updated policy on this page with a new "Effective Date." We may also send you an email notification or use other appropriate communication channels. We encourage you to review this Privacy Policy regularly for any updates. Your continued use of the Service after any modifications signifies your acceptance of the updated policy. Contact Us If you have any questions, comments, or concerns about this Privacy Policy or our privacy practices, or if you wish to exercise your privacy rights, please contact us at: help@tiptoe.fyi. Specific Jurisdictional DisclosuresThis section provides additional information as required by certain privacy laws.For Individuals in the European Economic Area (EEA), UK, and Switzerland (GDPR):Legal Basis for Processing: We process your personal data based on the following legal grounds: Performance of a Contract: To provide you with our Service, manage your account, and fulfill our obligations as per our Terms of Use. Legitimate Interests: For purposes such as ensuring the security and integrity of our Service, improving Tiptoe, protecting against fraud or abuse, communicating essential service updates, and for our administrative operations. When we rely on legitimate interests, we ensure they are not overridden by your rights and freedoms. The processing of Submitter UIDs for administrative review and the presentation of feedback to managers without direct submitter identity are based on our legitimate interest in providing a functional and trustworthy anonymous feedback system. Consent: For sending marketing communications or newsletters, where you have explicitly opted in. You have the right to withdraw your consent at any time. Compliance with Legal Obligations: To adhere to applicable laws and legal processes.Your Rights: You have the right to: Request access to your personal data. Request correction of inaccurate personal data. Request erasure of your personal data ("right to be forgotten"). Request restriction of processing of your personal data. Object to the processing of your personal data (especially where based on legitimate interests). Request data portability of your personal data (where processing is based on consent or contract and is automated). Withdraw consent at any time (where processing is based on consent). Lodge a complaint with a supervisory authority.Data Protection Officer: [If you have appointed one, list DPO contact details. Otherwise, state that inquiries can be directed to the general contact information above.]For Individuals in California (CCPA/CPRA):Categories of Personal Information Collected: In the preceding 12 months, we have collected categories of personal information as described in Section 2, which may include: identifiers (like email, name, IP address, UID), customer records information (like payment info via Stripe), commercial information (like subscription history), internet or other electronic network activity information (like usage data via Firebase), and inferences drawn from such information.Business or Commercial Purposes for Collection: Please refer to Section 3 ("How We Use Your Information") for a detailed explanation of the purposes for which we collect this information.Categories of Sources: We collect information directly from you, automatically through your use of the Service (including via Firebase), and from third-party services like Stripe.Categories of Third Parties with Whom We Share Personal Information: As outlined in Section 4 ("How We Share Your Information"), we share information with service providers like Google (Firebase) and Stripe, within your Company as described, and for legal or safety reasons.Sale or Sharing for Cross-Context Behavioral Advertising: Tiptoe does not "sell" personal information in the traditional sense, nor do we "share" it for cross-context behavioral advertising as currently defined under CCPA/CPRA. We do not engage in tracking for targeted advertising purposes across different websites or services.Your Rights: Under CCPA/CPRA, you have the right to: Know/Access: Request information about the categories and specific pieces of personal information we have collected about you, the sources of collection, the purposes for collection, and the categories of third parties with whom we have shared it. Delete: Request the deletion of your personal information, subject to certain exceptions. Correct: Request correction of inaccurate personal information. Opt-Out of Sale/Sharing: As stated, we do not currently sell or share personal information for cross-context behavioral advertising. Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.To exercise these rights, please contact us using the information in Section 11. We will verify your request using the information associated with your account. You may also designate an authorized agent to make a request on your behalf.