Global Data Shield

Privacy & Data Governance Policy

Effective: February 13, 2026 Scope: Global

Scope of This Document

This document governs how TRB Systems collects, processes, stores, and safeguards information obtained through the TRB Systems platform, its API endpoints, marketing communications, and any associated subdomains. By accessing any TRB Systems service, you acknowledge and accept the data practices described herein.

Categories of Information We Process

Information You Provide Directly

When you create an account, configure monitoring workspaces, or contact our support team, we may receive:

  • Full name and professional title
  • Corporate or individual email address
  • Organization name and billing address
  • Payment credentials (processed exclusively through PCI-DSS-compliant payment processors)
  • API tokens and webhook configuration data
  • Support correspondence and technical incident details

Information Generated Automatically

Our systems capture operational telemetry to ensure platform reliability and security:

  • IP address and approximate geolocation derived from connection metadata
  • Browser fingerprint, device type, and operating system version
  • Session duration, navigation paths, and feature utilization patterns
  • HTTP referrer data and landing page identifiers
  • Timestamps of all interactions with the platform

Monitoring & Diagnostic Telemetry

As a monitoring platform, TRB Systems processes domain and certificate data on behalf of clients. This data — including SSL certificate chains, DNS records, and uptime logs — is treated as client-controlled information and governed by individual service agreements.

How We Use Collected Information

All data processing undertaken by TRB Systems pursues a documented, legitimate purpose:

  • Service Delivery: Provisioning monitoring dashboards, generating alerts, and rendering API responses.
  • Account Administration: Authentication, billing reconciliation, and access control enforcement.
  • Platform Improvement: Aggregate behavioral analytics to refine product features and interface design (never at the individual level without consent).
  • Security Operations: Threat detection, abuse prevention, anomaly identification, and audit trail generation.
  • Regulatory Fulfilment: Satisfying legal obligations, responding to lawful government requests, and maintaining compliance documentation.
  • Transactional Communication: Delivering system alerts, billing receipts, and incident notifications essential to service operation.

Data Sharing & Third-Party Engagement

TRB Systems engages a limited set of third-party processors solely to deliver and secure its platform. These include:

  • Cloud hosting and infrastructure providers
  • Email delivery systems (transactional and operational messaging only)
  • Payment processing and invoicing platforms
  • Analytics services operating on anonymized datasets

We categorically do not sell, rent, license, or trade personal information to any external entity. Third-party processors are contractually bound to process data exclusively under our instructions and in accordance with applicable data protection legislation.

Cross-Border Data Movement

TRB Systems operates monitoring nodes across multiple jurisdictions. When personal data traverses international boundaries, we ensure equivalent protection through:

  • Standard Contractual Clauses (SCCs) as approved by the European Commission
  • Participation in recognized Data Privacy Frameworks (EU-U.S., UK Extension, and Swiss-U.S.)
  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)

Retention Practices

Personal data is retained only as long as required to fulfill its original purpose or to comply with regulatory mandates:

Account data Active relationship + 90 days
Server logs Purged after 12 months

Your Rights Over Your Data

Regardless of your jurisdiction, TRB Systems grants you the following controls:

  • Right of Access: Obtain a machine-readable export of all personal data we hold about you.
  • Right to Rectification: Correct inaccurate or outdated records at any time via your account settings or by written request.
  • Right to Erasure (Right to Be Forgotten): Request permanent deletion of your personal data, subject to any overriding legal retention requirement.
  • Right to Restrict Processing: Pause specific processing activities while a dispute or request is being evaluated.
  • Right to Object: Opt out of non-essential data processing, including marketing communications and behavioral profiling.
  • Right to Data Portability: Receive your data in a structured, commonly used format for transfer to another service provider.

How to Exercise These Rights

Submit a request to privacy@tomrowbotham.com with a clear description of the action you wish us to take. We will verify your identity and respond within 14 calendar days.

Opt-Out & Communication Preferences

  • Marketing emails: Every promotional message contains a one-click unsubscribe mechanism. Opt-out requests are honored within 14 days of receipt.
  • Operational emails: System alerts, security bulletins, and billing notifications are integral to service delivery and cannot be opted out of while your account remains active.

Modifications to This Policy

We reserve the right to amend this policy as our services, legal landscape, or processing activities evolve. Material changes will be communicated via email notification and an updated effective date at the top of this document. Continued use of TRB Systems services after a published amendment constitutes acceptance of the revised terms.

Contact & Governance

For any questions regarding this policy or our data practices:

TRB Systems — Data Governance Office
Email: privacy@tomrowbotham.com