Privacy Policy

1. Overview

Greenway AI, a product of TacticalEdge AI, Inc. ("Greenway," "we," "us," or "our") operates the greenway.ai website and the Greenway adaptive prospecting platform. This Privacy Policy describes how we collect, use, disclose, and protect information in connection with your use of our websites, services, and applications (collectively, the "Services").

We are committed to protecting your privacy and handling your data in an open and transparent manner. This policy complies with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable privacy laws.

2. Data We Collect

We collect several categories of information:

2.1 Information You Provide

• Account information: Name, email address, company name, phone number, job title, and team size when you create an account or fill out a contact form.
• Payment information: Billing address and payment method details, processed by our third-party payment processor (we do not store full credit card numbers).
• Communications: Messages, feedback, and support requests you send to us.
• Form submissions: Information submitted through our contact forms, free report requests, and demo booking forms.

2.2 Information We Collect Automatically

• Usage data: Pages visited, features used, time spent, click patterns, and navigation paths.
• Device information: Browser type, operating system, device type, screen resolution, and language preferences.
• Network data: IP address, approximate location (city/region level), and referring URL.
• Cookies and similar technologies: As described in our Cookie Policy.

2.3 Business Contact Data (Platform)

Our platform processes business contact information (names, business email addresses, phone numbers, job titles, and company information) from third-party data providers to deliver our prospecting services. This data consists of publicly available business information and is processed in accordance with applicable data protection laws. We do not intentionally collect or process sensitive personal information such as data concerning health, sexual orientation, ethnicity, religious beliefs, or personal finances.

3. How We Use Your Data

We use the information we collect to:

• Provide, operate, maintain, and improve our Services
• Process transactions and send related information, including confirmations and invoices
• Respond to your comments, questions, and requests, and provide customer service
• Send promotional communications, such as information about products, features, and events (with your consent where required)
• Monitor and analyze trends, usage, and activities in connection with our Services
• Detect, investigate, and prevent fraudulent transactions and abuse
• Personalize and improve your experience
• Comply with legal obligations
• Train and improve our AI models using aggregated, anonymized data (never individual personal data — see our AI Policy)

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data based on the following legal grounds:

• Performance of Contract: To provide our Services to you as agreed in our terms of service.
• Legitimate Interests: To improve our Services, communicate with you about our products, and ensure the security of our platform. We balance these interests against your rights and do not use this basis where your interests override ours.
• Consent: For marketing communications, non-essential cookies, and analytics. You may withdraw consent at any time.
• Legal Obligation: To comply with applicable laws, regulations, and legal processes.

5. Data Sharing and Disclosure

We may share your information with:

• Service Providers: Companies that help us operate our business (cloud hosting, email delivery, payment processing, analytics). These providers are contractually bound to protect your data and use it only for the services they provide to us.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.
• Legal Requirements: When required by law, subpoena, or other legal process, or to protect the rights, property, or safety of Greenway, our users, or the public.
• With Your Consent: We may share information with third parties when you explicitly authorize us to do so.

We do not sell your personal data. We do not share personal data with third parties for their direct marketing purposes without your explicit consent.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy. Our standard retention periods, subject to annual review:

• Customer account data: Duration of the account relationship plus 3 years post-termination
• Usage and analytics data: 12 months
• Prospect and lead data: 18 months
• Contact form submissions: 24 months
• Invoicing and billing records: 7 years (legal requirement)

Data may be retained longer if required by applicable law or for the establishment, exercise, or defense of legal claims.

7. International Data Transfers

TacticalEdge AI, Inc. (operating Greenway AI) is based in the United States. If you are accessing our Services from outside the United States, your data may be transferred to, stored, and processed in the United States or other countries where our service providers maintain facilities.

For transfers from the EEA or UK, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• The EU-U.S. Data Privacy Framework, where applicable
• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)

8. Your Rights

8.1 GDPR Rights (EEA/UK Residents)

Under the GDPR, you have the right to:

• Access your personal data and obtain a copy
• Rectify inaccurate or incomplete data
• Erase your data ("right to be forgotten") in certain circumstances
• Restrict processing of your data
• Data portability — receive your data in a structured, machine-readable format
• Object to processing based on legitimate interests or direct marketing
• Withdraw consent at any time without affecting the lawfulness of prior processing
• Lodge a complaint with a supervisory authority

8.2 CCPA/CPRA Rights (California Residents)

California residents have additional rights under the CCPA/CPRA:

• Right to Know: What personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt out of the sale or sharing of personal information (note: we do not sell personal information)
• Right to Limit Use: Limit use of sensitive personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your rights

You can manage your cookie preferences and "Do Not Sell or Share My Personal Information" settings on our Cookie Preferences page.

9. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Regular security assessments and penetration testing
• Role-based access controls and multi-factor authentication
• Employee security training and confidentiality agreements
• Incident response procedures and breach notification processes

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly.

11. Third-Party Links

Our Services may contain links to third-party websites, services, or applications. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also provide notice via email or a prominent notice on our website.

13. Contact Us

For privacy-related inquiries, data access requests, or to exercise any of your rights:

We will respond to your request within 30 days (or sooner where required by law).