Privacy Policy

Last Updated: January 22, 2026

1. Introduction

Welcome to Tarmease ("we," "us," or "our"). We operate the Tarmease chatbot and associated services (the "Service"), accessible via the Facebook Messenger Platform and our website at https://www.tarmease.com.

We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains what information we collect, how we use it, and your rights in relation to that data. This policy applies to all information collected through our chatbot, website, and any related services, sales, marketing, or events.

Important Notice Regarding Facebook Messenger:

When you interact with Tarmease via Facebook Messenger, you are also subject to Meta Platforms, Inc.'s ("Meta") Privacy Policy and Terms of Service. We process data sent to us by Meta to provide our conversational service to you. While we control the data we collect, Meta independently controls the data processed within its own platform infrastructure.

2. Information We Collect

We collect information that allows us to operate the Tarmease chatbot, facilitate interactive experiences, and provide customer support. The types of personal information we collect depend on your interactions with us and the choices you make.

2.1 Information Provided by Meta (Facebook)

When you initiate a conversation with us on Facebook Messenger, or when you interact with our Facebook Page, Meta provides us with specific information through their API to enable the service:

  • Page Scoped ID (PSID): A unique, tokenized identifier assigned to your conversation with our specific Page. This allows us to distinguish your session from others and maintain conversation history. It does not provide us with direct access to your external public profile URL or private account details unless you voluntarily provide them.
  • Public Profile Information: Depending on your Facebook privacy settings and the specific interactions you have with our bot, we may access public profile fields such as your first name, last name, profile picture, locale (language preference), time zone, and gender. We use this strictly to personalize our communication (e.g., addressing you by name or adjusting the language).
  • Message Content: We collect and store the text, images, audio, attachments, and quick-reply selections you send to us in the chat.

2.2 Information You Provide Directly

We collect information you explicitly provide during the conversation to fulfill specific requests, including:

  • Contact Details: Email address, phone number, or physical address (e.g., if you provide these for order shipping or human support follow-up).
  • Transaction Data: Details regarding bookings, orders, or specific service inquiries made through the bot.
  • Customer Service Data: Details of inquiries, complaints, or feedback you submit.

2.3 Automatically Collected Technical Data

When you visit our website or interact with our webhook endpoints via Messenger, we and our infrastructure providers (such as Cloudflare) may collect certain technical data automatically:

  • Device and Connection Data: Internet Protocol (IP) address, browser type, operating system, and device identifiers.
  • Usage Logs: Timestamps of messages, interaction metrics, and error logs used for debugging and security purposes.

3. How We Use Your Information

We process your information for purposes based on legitimate business interests, the fulfillment of our contract with you, compliance with our legal obligations, and/or your consent.

We use the information we collect or receive for the following purposes:

  • To Facilitate the Chatbot Service (Contractual Necessity): We use your PSID and message content to generate automated responses, maintain conversation history (context), and execute commands you request (e.g., "Check my order status"). This is the core function of the application.
  • To Provide Customer Support (Legitimate Interest): We use your message history and contact details to resolve technical issues, answer questions, or respond to your inquiries.
  • To Send Administrative Information (Legitimate Interest): We may send you notifications regarding your account, product updates, or changes to our terms and policies.
  • To Enforce Terms and Policies (Legal Obligation): We process data to ensure compliance with Meta’s Platform Terms, prevent abuse (such as spam or harassment), and protect the integrity of our service.
  • To Improve Our Services (Legitimate Interest): We analyze aggregated, anonymized usage data to understand how users interact with our bot, improve its accuracy, and optimize user experience.

Restrictions on Advertising: We do not sell your personal data to third parties. Furthermore, consistent with Meta's Platform Terms, we do not use data obtained from the Facebook Messenger API for advertising creative or direct marketing without your explicit, separate consent.

4. How We Share Your Information

We only share information with the following categories of third parties under specific conditions:

4.1 Service Providers (Data Processors)

We utilize trusted third-party vendors to operate our infrastructure. These vendors are contractually bound to protect your data and only process it according to our instructions.

  • Cloudflare, Inc. (USA/Global): We use Cloudflare Workers and D1 Storage to host our application logic and database. Cloudflare acts as our data processor, providing secure hosting, encryption at rest, and DDoS protection.
  • Google LLC (USA): We may use Google Workspace (e.g., Sheets/Docs) for internal data management or support ticket logging. Google processes this data under strict enterprise confidentiality terms.

4.2 Legal Obligations

We may disclose your information where we are legally required to do so to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).

4.3 Business Transfers

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. In such an event, we will ensure the successor entity is bound by the terms of this Privacy Policy.

5. International Data Transfers

Our servers and third-party service providers (like Cloudflare and Google) are located in the United States and potentially other countries via distributed global networks. If you are accessing our services from outside the United States, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties in countries that may have different data protection laws than your country of residence.

For users in the European Economic Area (EEA), UK, and Switzerland: We have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Policy. These include implementing the European Commission's Standard Contractual Clauses (SCCs) for transfers of personal information between our group companies and between us and our third-party providers, which require all recipients to protect all personal information that they process originating from the EEA or UK in accordance with European data protection laws.

6. Data Retention

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).

  • Conversation Logs: We retain chat history for a period of up to 12 months to provide consistent customer support and context for returning users. After this period, data is either deleted or anonymized.
  • Technical Logs: Infrastructure logs (IP addresses, request headers) are retained for 30 days for security auditing and then deleted.

7. Data Security

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process.

  • Encryption at Rest: User data stored in our databases (Cloudflare D1) is encrypted using industry-standard AES-256 algorithms.
  • Encryption in Transit: All communications between your device, Meta's servers, and our servers are secured via Transport Layer Security (TLS/SSL) to prevent interception.
  • Access Controls: We strictly limit access to personal data to authorized personnel who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations.

8. Your Privacy Rights

Depending on your location, you have specific rights regarding your personal information.

8.1 Rights for EEA/UK Users (GDPR)

If you are located in the EEA or UK, you have the following rights:

  • Right to Access: You may request copies of your personal data.
  • Right to Rectification: You may request that we correct any information you believe is inaccurate.
  • Right to Erasure: You may request that we erase your personal data ("Right to be Forgotten") under certain conditions.
  • Right to Restriction: You may request that we restrict the processing of your personal data.
  • Right to Object: You may object to our processing of your personal data for direct marketing or legitimate interests.
  • Data Portability: You may request that we transfer your data to another organization or directly to you.

To exercise these rights, please contact us at privacy@tarmease.com. We will consider and act upon any request in accordance with applicable data protection laws.

8.2 Rights for California Residents (CCPA/CPRA)

If you are a resident of California, you are granted specific rights regarding access to your personal information.

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected, the sources of that information, and the business purposes for collecting it.
  • Right to Delete: You may request the deletion of your personal information, subject to certain exceptions (e.g., if the information is necessary to complete a transaction).
  • Right to Opt-Out: We do not sell your personal information. However, you have the right to opt-out of the sharing of your personal information for cross-context behavioral advertising.
  • Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

Shine the Light Law: California Civil Code Section 1798.83 permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

8.3 Facebook Platform Controls

You can manage the data you share with Tarmease directly through Facebook settings:

  • Block/Mute: You can block or mute the Tarmease bot in Messenger at any time to stop further data collection and interaction.
  • App Settings: You can review and revoke permissions granted to apps in your Facebook "Settings & Privacy" > "Settings" > "Apps and Websites". Revoking permissions stops us from receiving new data but does not automatically delete data we have already collected (see "Right to Erasure" above).

9. Cookie Policy

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information when you visit our website tarmease.com.

  • Essential Cookies: Necessary for the website to function (e.g., security, load balancing).
  • Analytics Cookies: We use these to understand how visitors interact with our website. You can opt-out of these via our Cookie Banner or your browser settings.

Note: We do not use cookies within the Facebook Messenger chat interface itself. The tracking technologies utilized by the Messenger Platform are governed by Meta's Cookie Policy.

10. Controls for Do-Not-Track Features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy policy.

11. Updates to This Policy

We may update this privacy policy from time to time. The updated version will be indicated by an updated "Last Updated" date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification via the Chatbot. We encourage you to review this privacy policy frequently to be informed of how we are protecting your information.

12. Contact Us

If you have questions or comments about this policy, or if you wish to exercise your data rights, you may contact our Privacy Team at:

Tarmease Privacy Team

Email: privacy@tarmease.com