Targhee Security

Privacy Notice

Last updated: May 2026

This Privacy Notice explains how Targhee Security ("Targhee Security", "we", "us") collects, uses, and protects personal data when you use Targhee ​ (the "Service"). Targhee Security is the data controller for the personal data described below.

1. Personal data we collect

  • Account data: name, email address, hashed password or federated identity, organization name and role.
  • Service content: questionnaires, knowledge-base entries, prompts, and AI-generated drafts you create or upload.
  • Usage and telemetry: pages viewed, features used, AI answer counts, error logs, device and browser information, IP address.
  • Support data: messages you send us and metadata about those messages.

Payment data (card details, billing address, tax IDs) is collected and processed directly by our payment processor Stripe as Merchant of Record; we receive only limited transaction metadata.

2. How we use personal data

  • to create and operate your account and provide the Service (legal basis: performance of a contract);
  • to generate AI drafts based on your prompts and knowledge base (contract);
  • to secure the Service and prevent fraud or abuse (legitimate interests);
  • to improve the Service, debug, and produce aggregated analytics (legitimate interests);
  • to provide customer support (contract / legitimate interests);
  • to send service announcements and, with your consent where required, marketing emails (consent / legitimate interests);
  • to comply with legal obligations such as tax and accounting (legal obligation).

3. Sharing

We share personal data with:

  • Subprocessors that host and operate the Service (cloud infrastructure, database, error monitoring, email delivery, analytics);
  • AI model providers that process prompts and knowledge-base content to generate answers, under contractual confidentiality and no-training commitments;
  • Stripe, our Merchant of Record, for sale of the product, subscription management, payments, tax compliance, invoicing, and refund handling;
  • Professional advisers (legal, accounting) under confidentiality;
  • Authorities where required by law or to protect rights and safety.

We do not sell personal data.

4. International transfers

Personal data may be processed in countries other than your own, including the United States and the European Economic Area. Where required, transfers from the UK or EEA are protected by Standard Contractual Clauses or another lawful transfer mechanism.

5. Retention

We keep personal data only as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Account and content data are deleted or anonymized within a reasonable period after you close your account, subject to backup retention.

6. Your rights

Depending on where you live, you may have rights to access, correct, delete, restrict or object to processing of your personal data, to data portability, and to withdraw consent. EU/UK residents may also lodge a complaint with their local supervisory authority. To exercise rights, email privacy@targheesecurity.com; we will respond within one month.

7. Security

We use appropriate technical and organisational measures including encryption in transit, access controls, least-privilege role assignments, and audit logging. No system is perfectly secure, but we work to protect your data against unauthorized access, alteration, and loss.

8. Cookies

We use strictly necessary cookies to keep you signed in and to remember preferences. We may use limited analytics cookies to understand product usage; where consent is required, we will request it. You can manage cookies in your browser settings.

9. Children

The Service is not directed at children under 16 and we do not knowingly collect their personal data.

10. Changes

We may update this Notice from time to time. We will notify you of material changes through the Service or by email.

11. Contact

Targhee Security — privacy@targheesecurity.com.