Privacy Policy.

Last updated: May 14, 2026

True Standard Fit Systems LLC ("TSFS," "we," "us," or "our") respects your privacy. This Privacy Policy explains what information we collect when you visit tsfs.io (the "Site") or engage our services, how we use it, who we share it with, and the rights you have over it.

01Information We Collect

Depending on how you interact with us, we may collect the following categories of personal information. We organize them using the California Consumer Privacy Act / California Privacy Rights Act (CCPA / CPRA) category framework for clarity.

1.1 Identifiers

Name, email address, telephone number, business name, IP address, online identifiers, and any other information you submit through a form.

1.2 Internet or Network Activity

IP address, user-agent string, pages viewed, referrer URL, approximate geographic location derived from IP, session timestamps, and similar log data automatically collected when you visit the Site.

1.3 Commercial Information

Records of services purchased or considered, invoice history, and quiz-quote results indicating which TSFS service tier may suit you.

1.4 Form Submissions and Quiz Answers

Anything you enter on the audit form, the quote quiz, the contact form, or any other form on the Site. This may include details about your business, your current stack, your revenue goals, and similar context.

1.5 Communications History

Copies of email and SMS messages exchanged with us, call notes from any phone or video meetings, and message-delivery metadata returned by our messaging providers.

1.6 Payment Information

If you become a paying client, you provide payment-method information directly to Stripe, our payment processor. We do not store full card numbers, CVCs, or bank-account numbers on our systems. We store a Stripe customer reference, the last four digits of the card, the brand, and invoice and receipt records.

1.7 Cookies and Local Storage

See section 6 below for cookie detail.

1.8 Sensitive Personal Information

We do not intentionally collect sensitive personal information as defined under CPRA (e.g. Social Security number, precise geolocation, racial or ethnic origin, biometric identifiers, sexual orientation, religious or philosophical beliefs, union membership, genetic data, or contents of mail or messages from non-account-holders). If you voluntarily submit such information through a form, we will treat it with the same protections as other personal information described here.

02How We Collect It

• Directly from you when you fill out a form, send us a message, schedule a call, sign an SOW, or pay an invoice.
• Automatically when you visit the Site, via cookies, server logs, and analytics.
• From third-party services integrated with our processes, including Stripe (payment events), Twilio (message-delivery events), Resend (email-delivery events), Google Calendar (booking events), and Anthropic (in support of AI-assisted message rendering).
• From publicly available sources in limited cases where we may research a prospective client's company before a call (for example, your public LinkedIn or company website).

03How We Use It

We use personal information for the following purposes:

3.1 Provide and Improve the Service

To respond to your inquiry, deliver the engagement you contracted for, build and maintain the systems we ship, debug issues, and improve the Site and our offerings.

3.2 Marketing and Outreach

Where you have opted in or where we have a legitimate interest under applicable law (e.g. an existing engagement relationship), to send marketing email, follow-up SMS, calls, or other communications about TSFS services. You may opt out at any time. See section 5.

3.3 AI and Automated Processing

We use AI services, including the Anthropic Claude API, as part of our delivery and operations. Concretely:

• AI assistants help us draft proposals, code, documentation, and copy during a client engagement.
• The systems we build for clients commonly call the Anthropic Claude API to render SMS and email templates dynamically with contact-specific variables (name, deal stage, custom fields, etc.).
• AI may suggest classification or routing for inbound contacts.
• For first-touch outbound messages to new prospects, a human (typically the TSFS founder or the client) reviews the output before sending in most default configurations. Subsequent transactional or pre-approved messages may be dispatched without per-message human review.

When AI is used to render or generate communication content, the relevant content and variables are transmitted to the AI provider. Anthropic, our primary AI vendor, has publicly stated that API content is not used to train its models by default. We rely on that representation. We do not make automated decisions producing legal or similarly significant effects about individuals solely without human involvement; if that changes for a particular workflow, we will provide additional notice in advance.

You have the right (see section 8) to ask about automated processing, to request human review, and (for EU / UK residents) to object to automated decision-making.

3.4 Analytics and Product Improvement

To understand which pages and offers resonate with visitors, to detect site issues, and to inform product direction.

3.5 Compliance, Safety, and Legal

To comply with legal obligations, enforce our Terms, prevent fraud or abuse, and protect our rights and the rights of our clients and users.

04Sharing & Subprocessors

We do not sell your personal information. For purposes of CPRA, we also do not "share" personal information for cross-context behavioral advertising. We disclose personal information only as described below.

4.1 Service Providers

We rely on the following third-party subprocessors to operate the Site and deliver our services. Each provider receives only the personal information necessary to perform its function, under contractual or regulatory privacy obligations.

Each provider operates under its own privacy policy. Where required (for example, for EU data transfers), TSFS relies on the provider's published Data Processing Addendum and Standard Contractual Clauses.

4.2 Business Transfers

If TSFS is involved in a merger, acquisition, financing, asset sale, or bankruptcy, personal information may be transferred as part of that transaction, subject to standard confidentiality protections.

4.3 Legal Compliance

We may disclose information when we believe in good faith that disclosure is required by law, subpoena, court order, or to protect the safety or rights of any person.

4.4 With Your Consent

Any other disclosure occurs only with your consent or at your direction.

05Marketing Communications & Opt-Out

5.1 Email (CAN-SPAM)

Transactional email related to your inquiry, your booking, or an active engagement will be sent as needed. Marketing email is sent only where you have opted in or where there is an existing engagement relationship. Every marketing email contains an unsubscribe link in the footer. Unsubscribing from marketing email does not unsubscribe you from operational or transactional email tied to an active engagement.

5.2 SMS (TCPA)

If you provided a mobile telephone number, you may receive SMS messages relating to your inquiry. Reply STOP at any time to opt out of non-transactional SMS. Reply HELP for assistance. Message and data rates may apply. Message frequency varies. You can also opt out by emailing hello@tsfs.io.

5.3 Phone Calls

If you provided a phone number, you may receive a follow-up call from TSFS. You may decline future calls by telling us, or by emailing hello@tsfs.io.

06Cookies & Tracking

We and our service providers may use cookies, local storage, and similar technologies on the Site. We use them for three purposes:

• Strictly necessary cookies for the Site to function (e.g. session continuity, security, fraud prevention). These cannot be disabled without breaking core functionality.
• Analytics cookies to understand traffic, identify popular pages, and improve performance. These are aggregated and not used to identify you personally for ad targeting.
• Marketing cookies, if and when enabled, to measure the performance of TSFS-run ads. We do not currently run third-party advertising pixels by default.

You can control cookies through your browser settings. Most browsers let you refuse cookies, accept only first-party cookies, or delete cookies after each session. Refusing cookies may degrade Site functionality. Where required by applicable law, a cookie consent banner will be presented on first visit.

We do not currently respond to "Do Not Track" browser signals because no industry standard governs how to respond. We do honor the Global Privacy Control (GPC) signal as an opt-out of sale or sharing of personal information for users in jurisdictions where that signal carries legal weight.

07Data Retention

We retain personal information for as long as we need it for the purposes described in this Policy, subject to the following defaults:

We may retain information longer where required by law, by ongoing engagement obligations, by tax or accounting recordkeeping, or by good-faith need to defend against legal claims. Where retention is no longer required, we delete or anonymize the data.

08Your Rights

Subject to applicable law, you have rights over your personal information. We honor verifiable requests within the timelines set by the relevant statute.

8.1 California Residents (CCPA / CPRA)

If you are a California resident, you have the right to:

• Right to know: request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the business purposes, and the categories of third parties to whom we disclosed it.
• Right to delete: request deletion of personal information we collected from you, subject to legal-exception carve-outs (for example, completing a transaction, security, complying with law).
• Right to correct: request correction of inaccurate personal information.
• Right to portability: receive a copy of your personal information in a portable, readily usable format.
• Right to opt out of sale or sharing: we do not sell or share personal information for cross-context behavioral advertising, but you have the right to direct us not to in the future.
• Right to limit use of sensitive personal information: where we collect sensitive personal information, you may direct us to limit its use to what is necessary to provide the service.
• Right to non-discrimination: we will not discriminate against you for exercising any of these rights.

To exercise any of these rights, email hello@tsfs.io with the subject line "CCPA Request" and the right you wish to exercise. We will verify your identity by matching the request against information already on file. An authorized agent may submit a request on your behalf with written authorization.

8.2 EU / UK / EEA Residents (GDPR-style)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the rights articulated in your local data-protection law, including:

• Right of access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability, and objection to processing (including profiling).
• Right to withdraw consent at any time where processing is based on consent (withdrawal does not affect lawfulness of prior processing).
• Right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. We do not currently rely on solely-automated decisions of that nature.
• Right to lodge a complaint with your local supervisory authority.

Our lawful bases for processing under GDPR are typically: performance of a contract (engagement delivery), legitimate interests (operating and improving the business, securing the Site, B2B outreach where balanced against your rights), consent (where required for marketing or cookies), and legal obligation (tax, accounting, anti-fraud).

Personal information may be transferred to and processed in the United States and other jurisdictions outside your home country. Where we transfer EU / UK personal data internationally, we rely on the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, or another lawful transfer mechanism, as supplemented by appropriate technical and organizational measures.

8.3 All Users

Regardless of where you live, you can request access to or deletion of your personal information by emailing hello@tsfs.io. We will respond within a reasonable timeframe (typically 30 to 45 days, longer for complex requests).

09Children

The Site and our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us personal information, contact hello@tsfs.io and we will delete it. We do not knowingly sell or share the personal information of minors under 16.

10Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information against loss, misuse, unauthorized access, disclosure, alteration, and destruction. These measures include:

• HTTPS / TLS encryption in transit.
• Encryption at rest for stored data on our hosting provider.
• Scoped API tokens and least-privilege access for third-party integrations.
• Audit logging of administrative actions.
• Regular backups stored on the same provider stack.
• Password hashing and session-management best practices for any admin accounts.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security and disclaim any warranty to that effect. If we become aware of a breach affecting your personal information, we will notify you to the extent required by applicable law.

11International Transfers

TSFS operates in the United States. Our subprocessors operate globally. If you access the Site from outside the United States, your personal information will be transferred to, processed, and stored in the United States and potentially other jurisdictions where our subprocessors operate. By using the Site, where permitted by law, you consent to this transfer.

For users in the EU, UK, and Switzerland, we rely on the Standard Contractual Clauses or other lawful transfer mechanisms described above.

12Changes to This Policy

We may update this Policy from time to time. The "Last updated" date at the top reflects the most recent change. Material changes will, where reasonably possible, be communicated via email to active clients or via a notice on the Site. Your continued use of the Site after a change takes effect indicates acceptance.

13Contact

For any privacy question, request, or complaint, contact:

If you are an EU or UK resident and feel your request was not adequately handled, you have the right to lodge a complaint with your local data-protection supervisory authority.

// END OF PRIVACY POLICY · LAST UPDATED 2026-05-14