Toerana - AI consulting for mid-sized companiesToerana - AI consulting for mid-sized companies
Legal

Privacy Policy

Last updated: May 4, 2026

Overview

Toerana (“we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you visit toerana.com, complete an AI readiness assessment, download a resource, subscribe to updates, contact us, or book a strategy call.

This policy is intended to provide notice for visitors in the United States, the European Economic Area, the United Kingdom, Switzerland, and Asia-Pacific jurisdictions with modern privacy laws, including Singapore, Japan, India, Hong Kong, and mainland China, where those laws apply to our activities.

Who Controls Your Information

Toerana is the controller or business responsible for the personal information described in this policy. If you have questions or want to exercise privacy rights, contact us at legal@toerana.com.

Information We Collect

We collect personal information you provide directly, including:

  • Contact details, such as name, email address, company name, job title, and message content
  • Assessment details, such as your selected industry, assessment answers, readiness scores, and related recommendations
  • Booking details submitted through Cal.com or our fallback booking form
  • Resource and newsletter details, such as the resource you requested and your subscription preferences

We may also collect limited technical information automatically, such as device and browser information, pages viewed, referral source, approximate location derived from IP address, and interactions with site sections, forms, and calls to action.

How We Use Information

We use personal information for the following purposes:

  • Responding to inquiries and providing requested resources
  • Delivering AI readiness assessment results and related recommendations
  • Scheduling, confirming, and preparing for consultations
  • Sending follow-up communications related to your inquiry, assessment, booking, or requested resources
  • Operating, securing, debugging, and improving the website
  • Measuring website usage and content performance through analytics
  • Complying with legal obligations and enforcing our rights

Cookies, Analytics & Local Storage

Our website may use cookies, pixels, scripts, and browser local storage. These technologies help the site function, remember assessment progress, retry failed form submissions, measure site performance, and understand how visitors use the site.

  • Google Analytics 4 sets pseudonymous cookies (typically _ga, _ga_*) and collects usage data such as pages viewed, events, browser details, referral source, and approximate location. See Google’s Privacy Policy. You can opt out using the Google Analytics opt-out browser add-on.
  • Cal.com provides our scheduling widget and may process booking details and set cookies when you interact with the calendar. See Cal.com’s Privacy Policy.
  • Webhook and CRM tools process form, booking, assessment, newsletter, and resource request submissions to manage our follow-up workflow.
  • Browser local storage — we store small amounts of data in your browser (never on our servers) to make the site work:
    • toerana-assessment — in-progress assessment answers and current question, so you can resume the assessment.
    • toerana-gate-attempts — rate-limit counter to prevent abuse of the assessment email gate (15-minute window).
    • toerana-crm-queue — a temporary retry queue for form submissions if the network is briefly unavailable; cleared on successful delivery.
    • toerana_wp_lead — a flag indicating you have completed the resource gate, so you don’t see it again.
    You can clear local storage at any time through your browser’s site-data settings.

You can control cookies through your browser settings. Where legally required, we will request consent before using non-essential cookies or analytics. Disabling cookies or local storage may affect assessment, booking, or resource features.

When We Share Information

We do not sell personal information for money. We also do not knowingly share personal information for cross-context behavioral advertising. We disclose personal information only to the categories of recipients below, each acting under a written agreement and bound to use the data only for the purposes we specify:

  • Google Analytics 4 (Google LLC, USA) — website analytics.
  • Cal.com (Cal.com, Inc., USA) — appointment scheduling.
  • CRM webhook endpoint — form submissions (assessment, contact, newsletter, whitepaper) are forwarded to our customer-relationship workflow tool to manage follow-up.
  • Google Fonts (Google LLC, USA) — web font delivery; processes IP address for the duration of the connection.
  • Hosting provider — serves the website and processes server logs.
  • Professional advisers — legal, accounting, compliance, or security advisers, where reasonably necessary.
  • Authorities and other parties — when required by law, to protect rights and safety, or in connection with a business transfer.

International Transfers

We are based in the United States, and our service providers may process information in the United States and other countries. Where required for transfers from the EEA, UK, Switzerland, or other jurisdictions with transfer restrictions, we use appropriate safeguards, such as standard contractual clauses, adequacy mechanisms, data processing agreements, or other lawful transfer mechanisms, including the EU–US Data Privacy Framework and the UK International Data Transfer Addendum where applicable.

Data Retention

We retain personal information only as long as reasonably necessary for the purposes described in this policy, including responding to inquiries, maintaining business records, improving services, resolving disputes, complying with legal obligations, and enforcing agreements. Indicative retention periods:

  • Assessment submissions and contact form data — up to 36 months from your last interaction with us, after which records are deleted or anonymised.
  • Email correspondence — up to 36 months, longer where required for legal, tax, or accounting reasons.
  • Newsletter subscribers — until you unsubscribe, plus a short suppression period to honour your opt-out.
  • Analytics data — pseudonymous data is retained per Google Analytics defaults (currently up to 14 months for user-level data).
  • Local storage — remains on your device until it expires, is overwritten, or you clear it.

Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure, including HTTPS in transit, access controls, and least-privilege principles for our team. No website, transmission, or storage system can be guaranteed completely secure.

Data Breach Notification

In the event of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant data-protection authority within the timeframe required by applicable law (within 72 hours under the GDPR / UK GDPR), and notify affected individuals without undue delay where the breach is likely to result in a high risk.

Your Privacy Rights

Depending on where you live, you may have rights to:

  • Access or confirm whether we process your information
  • Correct inaccurate or incomplete information
  • Delete personal information, subject to legal exceptions
  • Receive a copy of information in a portable format
  • Restrict, object to, or opt out of certain processing, including certain analytics, marketing, sale, sharing, or targeted advertising where applicable
  • Withdraw consent where processing is based on consent
  • Appeal a decision where applicable law provides that right
  • Lodge a complaint with a data protection authority, regulator, or consumer protection authority

To exercise rights, email legal@toerana.com. We will respond within 30 days, or sooner where required by law. We may need to verify your identity before completing a request. We will not discriminate against you for exercising privacy rights.

U.S. State Privacy Notice

For residents of California and other U.S. states with consumer privacy laws, the categories of personal information we collect may include identifiers, internet or electronic network activity information, commercial or business inquiry information, professional or employment-related information you provide, and inferences reflected in assessment results. We collect these categories from you, your device, and our service providers.

We use and disclose these categories for the business purposes described in this policy. We do not knowingly sell personal information or share it for cross-context behavioral advertising. We do not knowingly collect sensitive personal information through the website, and we do not use sensitive personal information to infer characteristics.

Children

Our website and services are intended for business audiences and are not directed to children. We do not knowingly collect personal information from children under 13, or under the age threshold set by applicable local law. If you believe a child has provided personal information to us, contact us and we will take appropriate steps to delete it.

Automated Decision-Making

The AI readiness assessment generates scores and recommendations based on your answers using a fixed scoring algorithm. These results are informational and are not used to make legal or similarly significant decisions about you. No human decision about you is made automatically, and we do not use your data for profiling for advertising or creditworthiness.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date. Where required by law, we will provide additional notice or request consent for material changes.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:

Toerana
Email: legal@toerana.com