Effective Date: 1 March 2026
This Privacy Policy explains how TribeMap Ltd ("TribeMap", "we", "us", or "our") collects, uses, shares, and protects personal data when you use our website at tribemap.ai and our platform services (collectively, the "Service").
We are committed to protecting your privacy and complying with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the California Consumer Privacy Act (CCPA/CPRA).
1. Data Controller
TribeMap Ltd is the data controller responsible for your personal data. You can contact us at:
TribeMap Ltd
Email: privacy@tribemap.ai
2. What Data We Collect
2.1 Data You Provide Directly
- Account information: Name, email address, company name, and password when you register.
- Billing information: Payment card details (processed by our payment provider; we do not store full card numbers).
- Communications: Messages you send to us via email or through the Service.
- Preferences: Settings and configurations you choose within the platform.
2.2 Data We Collect Automatically
- Usage data: Pages visited, features used, actions taken, session duration, and interaction patterns within the Service.
- Device and browser data: IP address, browser type and version, operating system, device type, and screen resolution.
- Cookies and similar technologies: See Section 9 below.
2.3 Visitor Data (Your Customers)
When you connect your website to TribeMap, we collect and process data about your website visitors on your behalf. This includes:
- Pages visited and navigation paths
- Traffic source and referral information
- Browser and device metadata
- Behavioural signals used for tribe classification
- IP addresses (anonymised for analytics; not stored in full unless required for data enrichment on applicable plans)
For this visitor data, you are the data controller and we act as your data processor. You are responsible for ensuring you have a valid legal basis (such as legitimate interest or consent) and appropriate privacy notices for collecting this data from your visitors.
3. How We Use Your Data
| Purpose |
Legal Basis (GDPR) |
| Provide and operate the Service |
Performance of contract |
| Process payments and manage subscriptions |
Performance of contract |
| Send service-related communications (updates, security alerts) |
Performance of contract / Legitimate interest |
| Improve and develop the Service |
Legitimate interest |
| Generate aggregated, anonymised analytics |
Legitimate interest |
| Provide AI Advisor outputs and territory analysis |
Performance of contract |
| Prevent fraud and ensure security |
Legitimate interest / Legal obligation |
| Send marketing communications (only with your consent) |
Consent |
| Comply with legal obligations |
Legal obligation |
4. How We Share Your Data
We do not sell your personal data. We may share your data with:
- Service providers: Third parties that help us operate the Service (hosting, payment processing, email delivery, analytics). These providers process data only on our instructions and under contractual data protection obligations.
- AI model providers: To power Advisor features, anonymised or pseudonymised data may be sent to AI model providers. We do not send personally identifiable information to AI models unless strictly necessary for the feature and covered by appropriate data processing agreements.
- Advertising platforms: When you use our one-click campaign launch features, necessary campaign data is shared with the platform you select (e.g., LinkedIn, Google Ads). This sharing is initiated by you and governed by the respective platform's terms.
- Legal requirements: We may disclose data if required by law, regulation, legal process, or governmental request.
- Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you in advance.
5. International Data Transfers
Your data may be processed in countries outside the UK or EEA. Where we transfer data internationally, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission or UK ICO
- Adequacy decisions where applicable
- Other lawful transfer mechanisms as permitted under applicable law
6. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes described in this policy:
- Account data: Retained while your account is active and for 30 days after deletion, after which it is permanently erased.
- Billing records: Retained for 7 years to comply with tax and accounting obligations.
- Visitor data (your customers): Retained for the duration of your subscription. You may request deletion at any time.
- Usage logs: Retained for up to 12 months for security and analytics purposes.
7. Your Rights (GDPR)
If you are in the UK or EEA, you have the following rights under GDPR:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your data ("right to be forgotten").
- Restriction: Request that we limit processing of your data in certain circumstances.
- Portability: Request your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interest, including profiling.
- Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.
- Complaint: Lodge a complaint with a supervisory authority (in the UK, the Information Commissioner's Office at ico.org.uk).
To exercise any of these rights, contact us at privacy@tribemap.ai. We will respond within 30 days.
8. Your Rights (CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act and the California Privacy Rights Act:
- Right to know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources, business purposes, and categories of third parties with whom we share it.
- Right to delete: Request deletion of your personal information, subject to certain exceptions.
- Right to correct: Request correction of inaccurate personal information.
- Right to opt out of sale/sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioural advertising.
- Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
- Right to limit use of sensitive personal information: We do not collect sensitive personal information as defined under the CPRA.
To exercise your CCPA/CPRA rights, contact us at privacy@tribemap.ai. We will verify your identity and respond within 45 days.
CCPA Categories of Personal Information Collected
| Category |
Examples |
Collected |
| Identifiers |
Name, email, IP address |
Yes |
| Commercial information |
Subscription history, payment records |
Yes |
| Internet activity |
Browsing history within the Service, usage data |
Yes |
| Geolocation data |
Approximate location from IP address |
Yes |
| Professional information |
Company name, role |
Yes |
| Inferences |
Tribe classifications, usage patterns |
Yes |
9. Cookies and Tracking
We use cookies and similar technologies for the following purposes:
- Strictly necessary cookies: Required for the Service to function (authentication, security). These cannot be disabled.
- Analytics cookies: Help us understand how the Service is used, so we can improve it. Enabled only with your consent where required by law.
- Preference cookies: Remember your settings and choices.
We do not use third-party advertising cookies on the TribeMap website. You can manage cookie preferences through your browser settings.
10. Data Security
We implement appropriate technical and organisational measures to protect your data, including:
- Encryption of data in transit (TLS/HTTPS) and at rest
- Access controls and authentication requirements
- Regular security assessments and monitoring
- Incident response procedures
While we take reasonable steps to protect your data, no method of transmission or storage is 100% secure. If you become aware of a security incident affecting your account, please contact us immediately at privacy@tribemap.ai.
11. Children's Privacy
The Service is not directed at individuals under 18. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 18, we will take steps to delete it promptly.
12. Data Processing Agreement
Where we process visitor data on your behalf (as your data processor), we will enter into a Data Processing Agreement (DPA) upon request. Contact privacy@tribemap.ai to request a DPA.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Effective Date" above. For significant changes, we may also send an email notification. Your continued use of the Service after changes constitutes acceptance of the updated policy.
14. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:
TribeMap Ltd
Data Protection Enquiries
Email: privacy@tribemap.ai