Privacy Policy

TRM Solutions, LLC ("TRM Solutions," "we," "us," or "our") respects your privacy. This Privacy Policy describes how we collect, use, protect, and disclose information when you visit trmsolutions.io or engage our services. By using our website or services, you agree to the practices described in this policy.

1. Information We Collect

Information You Provide Directly

We collect information you voluntarily provide when you:

• Complete our free security assessment: your name, email address, company name, industry, company size, and responses to assessment questions about your security posture
• Use a paid self-service product or document builder: your name, work email, company name, role, and information you provide about your technology environment, regulatory obligations, vendor relationships, and security maturity
• Make a purchase: your name and email address as provided at checkout (payment card details are processed and stored only by our payment processor, not by TRM Solutions)
• Submit a contact form or inquiry: your name, email, company, and the content of your message
• Schedule a call via Calendly: your name, email, and any information you provide through the scheduling tool
• Engage our advisory services: information necessary for service delivery, including business information, technical environment details, and contact information for your team members

Information Collected Automatically

When you visit our website, we collect limited technical information through Plausible Analytics — a privacy-friendly, cookieless analytics platform. This includes anonymized page views, referral sources, and general geographic location at the country or region level. Plausible does not use cookies, does not collect IP addresses for tracking or profiling, and does not share data with advertising networks. We use this information only to understand aggregate website traffic and improve our site.

Information from Third-Party Services

We use the following third-party services in connection with our website and operations. Each service processes information according to its own privacy practices:

• Stripe: payment processing for paid self-service products
• Calendly: scheduling for discovery calls and advisory consultations
• Plausible Analytics: privacy-first website analytics
• Netlify: website hosting and deployment infrastructure

2. How We Use Your Information

We use the information we collect to:

• Generate your requested deliverables (assessment reports, customized documents, scorecard outputs)
• Process and fulfill your purchase of paid self-service products
• Respond to your inquiries and follow up on service opportunities
• Deliver and support advisory engagements you have engaged us to provide
• Schedule and prepare for discovery calls and consultations
• Improve our website, tools, and client experience
• Comply with legal obligations and protect our legal rights

3. Payment Data

We do not collect or store full payment card details. Payment information — including card numbers, expiration dates, and CVV codes — is processed directly by Stripe or other third-party payment processors according to their own privacy and security practices. TRM Solutions receives confirmation of completed transactions and limited identifying information (name, email) for fulfillment purposes only.

TRM Solutions is not responsible for the privacy or security practices of our payment processors. For information about how Stripe handles your payment data, refer to Stripe's Privacy Policy at stripe.com/privacy.

4. AI Tools and Client Data Handling

TRM Solutions uses AI-assisted tools in the preparation of deliverables and internal work product. Client information provided during advisory engagements is handled under confidentiality controls. Sensitive client materials — including proprietary business information, internal security configurations, and client-specific data — are not processed through public AI tools or used to train external models.

Information submitted through our public website (including assessment responses and document builder inputs) may be processed by AI tools operating under our data handling practices. We do not submit sensitive identifiable client information through public consumer AI platforms.

5. A Note on Sensitive Information

6. How We Share Your Information

We do not sell your personal information. We share information only in the following limited circumstances:

• Service providers: Email delivery, analytics (Plausible), website hosting (Netlify), payment processing (Stripe), and scheduling (Calendly) — each operating under their own privacy practices and, where applicable, under data processing agreements
• Legal requirements: When required by law, court order, or to protect the rights, property, or safety of TRM Solutions, our clients, or others
• Business transfers: In connection with a merger, acquisition, or sale of assets, subject to confidentiality protections and notice to affected individuals

7. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect information we collect. However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of information you transmit to us.

For advisory engagements involving sensitive client data, we operate under written confidentiality agreements with specific data handling requirements agreed to in the engagement letter.

8. Your Rights

Depending on your jurisdiction, you may have rights to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your information (subject to legal retention requirements)
• Opt out of marketing communications
• Request a copy of your information in a portable format

To exercise these rights, contact us at info@trmsolutions.io.

9. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect, the right to delete, the right to correct, and the right to opt out of any sale or sharing of personal information. We do not sell personal information. To exercise your California privacy rights, contact us at info@trmsolutions.io.

10. GDPR Rights (European Union / UK)

If you are located in the EU, UK, or EEA, you have rights under the General Data Protection Regulation including the right to access, rectify, erase, restrict processing, object to processing, and data portability. The legal basis for our processing is typically your consent (for optional communications) or our legitimate interest (for responding to inquiries and fulfilling service requests). You may also lodge a complaint with your local data protection authority.

11. Data Retention

We retain personal information only as long as necessary for the purposes described in this policy, to comply with legal obligations, resolve disputes, and enforce our agreements. Typical retention periods:

• Security assessment responses: retained for the duration of any resulting engagement, plus 3 years, unless you request deletion sooner
• Document builder inputs and paid product records: retained for 3 years from the date of purchase to support refund requests and product access
• Contact form submissions and prospect inquiries: 3 years from last interaction unless you opt out sooner
• Client advisory engagement records: 7 years from engagement close, consistent with professional service standards
• Website analytics: Aggregated anonymized data; Plausible does not retain individually identifiable session records

12. Children's Privacy

Our services are directed to businesses and professionals, not to children under 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, contact us immediately at info@trmsolutions.io.

13. International Data Transfers

TRM Solutions is based in the United States. If you access our website or engage our services from outside the United States, your information will be transferred to, stored, and processed in the United States. Where required by applicable law, we implement appropriate safeguards for cross-border transfers.

14. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Material changes will be posted on this page with an updated "Last Updated" date. Continued use of our website or services after changes constitutes acceptance of the revised policy.

15. Contact Us