Privacy Policy

Tixta ("Tixta," "we," "us," "our") is a marketing agency that provides software-enabled services, including customer outreach, review-request workflows, social and reputation management, analytics, and consulting (collectively, the "Services").


1. This Policy explains how we handle Personal Data of:

  • Site visitors, prospects, vendors, job applicants, and event participants

  • Our clients and their personnel

  • End-customers of our clients where we assist clients with communications and reputation workflows


When we collect data for our own purposes, Tixta is a controller. When we handle data strictly on a client's instructions, Tixta is a processor/service provider, and the client's privacy notice governs.


We operate globally and this Policy is intended to address U.S. federal/state laws (including California CPRA), GDPR/UK GDPR, Canada (PIPEDA/CASL), Australia/New Zealand, and other applicable laws.


2. Categories of Personal Data We Collect

Sources of Personal Data:

  1. Identifiers & contact: name, email, phone, postal address, company, role, login/ID

  2. Commercial & account: subscription tier, orders, invoices, support tickets, client settings, communications preferences

  3. Campaign & CRM inputs (client-provided): recipient lists, templates, review-request audiences, tags/segments, engagement metrics, service history (as provided by client)

  4. Payment data: processed by Stripe; we receive limited metadata (e.g., success/failure, masked details). We do not store full card numbers

  5. Online/technical: device/browser info, IP, cookie IDs, pages viewed, timestamps, referral URLs, crash logs, anti-abuse signals, approximate location (derived from IP), and similar telemetry

  6. Communications content: emails/SMS you send to us; call recordings where permitted and disclosed

  7. Social & platform (client-directed): public profile links/handles, business listing identifiers, review content/links, message metadata, and platform analytics (subject to each platform's policies)

  8. Recruiting (applicants): resume/CV, work history, right-to-work info where permitted


We do not intentionally collect sensitive personal data unless a client expressly directs us and applicable law permits (e.g., exact geolocation, health data). If provided, we process it only as instructed and with heightened safeguards.


3. We use Personal Data to:

  • Provide and improve Services (set up accounts, implement campaigns, measure performance, monitor deliverability, QA, troubleshoot)

  • Operate sites and security (fraud prevention, access control, incident detection)

  • Billing & administration (invoicing, collections, subscription management)

  • Communications (service notices, onboarding, updates, client support)

  • Marketing to prospects/clients (product news, events, offers—opt-out anytime)

  • Compliance with laws (consumer protection, e-communications, tax, sanctions, responding to lawful requests)

  • Business continuity (mergers, acquisitions, financing)


When we act as processor/service provider, we process data only on the client's documented instructions and for the client's purposes.


4. SMS/Email Outreach, TCPA/10DLC, CAN-SPAM/CASL


Consent

Clients are responsible for obtaining and documenting all required opt-in consents for SMS/MMS and email to their end-customers (including express written consent under TCPA/TSR where required).


10DLC

For A2P messaging, clients must complete 10DLC registration and maintain campaign approvals; carrier fees may apply.


Unsubscribe/Opt-out

We honor STOP/UNSUBSCRIBE mechanisms promptly.


Email

We follow CAN-SPAM/CASL (accurate sender identity, truthful subject lines, functioning unsubscribe).


Message rates

Standard message/data rates may apply.


5. Cookies, Analytics & Advertising

We use cookies/SDKs for: authentication, preferences, analytics, performance, security/anti-abuse, and (where applicable) ad measurement. You can manage cookies in your browser and, where offered, through our Cookie Settings tool. "Do Not Track" signals are not consistently honored by the industry; we treat them as opt-out of cross-context advertising where required by law.


6. How We Share Personal Data

We do not sell Personal Data for money. We may share Personal Data as follows:

  • Service providers/sub-processors under contract (hosting, storage, analytics, deliverability, communications, customer support, payment processing by Stripe)

  • Third-party platforms (Google, Meta/Instagram, TikTok, Yelp, X/Twitter, LinkedIn, Twilio, etc.) when a client asks us to connect or post/interact. Each platform's own terms/privacy apply

  • Affiliates for internal business purposes consistent with this Policy

  • Legal and safety (to comply with law, enforce terms, protect rights, investigate abuse/fraud)


7. International Transfers

We may transfer Personal Data to countries with different data protection laws (e.g., to the United States). Where required, we use Standard Contractual Clauses (SCCs), the UK Addendum/IDTA, and other appropriate safeguards. Copies or a description of safeguards are available upon request.


8. Security

We maintain administrative, technical, and physical safeguards (e.g., encryption in transit, access controls, network monitoring, least-privilege) designed to protect Personal Data. Despite safeguards, no method is entirely secure; use of our Services is at your own risk.


9. Retention

We retain Personal Data for as long as needed to provide the Services, meet legal/accounting obligations, resolve disputes, and enforce agreements. Criteria include account status, statutory periods, and the nature of the data. We may anonymize data and retain it for analytics.


10. Your Rights & Choices

Your rights depend on your location and applicable law. Subject to verification and exemptions, you may request to:

  • Access/Know the categories/specific pieces of Personal Data we hold about you

  • Correct/Update inaccurate data

  • Delete Personal Data (subject to legal exceptions)

  • Port data (where technically feasible)

  • Opt-out of targeted advertising/cross-context "sharing" and certain profiling

  • Limit use/disclosure of sensitive Personal Data (if we collect it)

  • Object/Restrict certain processing

  • Withdraw consent where processing is based on consent


How to exercise: email support@tixta.com or use Your Privacy Choices links (where available). We will not discriminate against you for exercising your rights. If we process your data for a client, we may refer your request to that client (controller).


Appeals (U.S. state laws): If we decline your request, you may appeal by replying "Privacy Appeal" to our response. If you remain unsatisfied, you may contact your state Attorney General.

EU/UK: You may lodge a complaint with your local supervisory authority.


11. Children's Privacy

Our Services are not directed to individuals under 18. We do not knowingly collect Personal Data from children. If you believe a child provided data to us, contact support@tixta.com.


12. Stripe & Payments

All payments are processed by Stripe under its terms and privacy policy. Tixta does not store full payment card details. Questions about payment security should be directed to Stripe.


13. Changes to This Policy

We may update this Policy periodically. Material changes will be posted with a new Last Updated date. If required by law, we will notify you and/or obtain consent.


14. Contact Us


Email: support@tixta.com

Address: 4770 Biscayne Blvd, #720 Miami 33137

Governing Law: Florida, without regard to conflict-of-laws rules. Venue: state or federal courts in Miami-Dade County, Florida.