Skip to main content
← Back to home

TorpedoWeb LLC Privacy Policy

Last Updated: March 5, 2026

TorpedoWeb LLC ("TorpedoWeb," "we," "us," or "our") is a Delaware limited liability company committed to protecting your privacy and handling your personal information in a transparent, lawful, and secure manner. This Privacy Policy explains in detail how we collect, use, disclose, store, and safeguard personal information when you visit our website (TorpedoWeb.org), engage our digital engineering services, or interact with us in any professional capacity. It also describes your rights regarding your data and how you may exercise them.

This Policy is designed to comply with the General Data Protection Regulation ("GDPR"), the UK GDPR, the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"), and other applicable U.S. and international data protection laws. We encourage you to read this Policy carefully and to contact us with any questions.

1. Scope and Our Role (Data Controller vs. Data Processor)

Depending on the context in which we process personal information, our role under data protection law may differ:

  • Website Visitors and Prospective Clients: When you visit our website, request information, or engage with us as a prospective client, TorpedoWeb acts as a Data Controller. We determine the purposes and means of processing your personal data and are responsible for complying with applicable data protection obligations toward you.

  • Client Project Data: When we perform digital engineering or other services for a client and process personal data on that client's behalf (for example, data belonging to the client's end-users or customers), TorpedoWeb acts as a Data Processor. In that capacity, we process data only pursuant to the client's documented instructions and in accordance with a Data Processing Addendum ("DPA") or equivalent agreement where required by law. The client remains the Data Controller for that data.

If you are an end-user whose data is processed by us on behalf of a client, we encourage you to also review that client's privacy policy for a complete picture of how your data is used.

2. Categories of Personal Information We Collect

We collect the following categories of personal information, as applicable to your relationship with us:

2.1 Identifiers

We may collect your name, email address, phone number, postal address, company name, job title, and IP address. We collect these when you contact us, request a quote, book a call, sign up for our services, or when such information is automatically captured (e.g., IP address) when you use our website or systems.

2.2 Commercial Information

We may collect transaction records, purchase history, invoices, payment confirmations, and other information related to your commercial relationship with us. This information is used to fulfill contracts, process payments, and comply with legal and accounting requirements.

2.3 Internet or Other Electronic Network Activity

When you interact with our website or digital services, we may collect information such as your browser type, device type, operating system, pages visited, referral URLs, time spent on our site, and usage analytics. This helps us improve our website functionality, understand how our services are used, and tailor our offerings.

2.4 Professional or Employment-Related Information

We may collect business contact details, project-related communications, and other professional information that you or your organization provide in the course of engaging our digital engineering services or during pre-contractual discussions.

2.5 Sensitive Personal Information (Limited)

We collect only limited categories of sensitive personal information where necessary. For example, payment data may be processed in connection with transactions; such processing is typically carried out by third-party payment processors subject to their own privacy and security policies. We do not use sensitive personal information for profiling or for purposes beyond those disclosed in this Policy, and we do not sell sensitive personal information.

2.6 What We Do Not Knowingly Collect

We do not knowingly collect biometric data, government-issued identification numbers (unless contractually or legally required), health data, or personal information from children under 13. If we become aware that we have inadvertently collected such data, we will take steps to delete or anonymize it in accordance with applicable law.

3. Sources of Personal Information

We obtain personal information from the following sources:

  • Directly from you: When you submit forms on our website, enter into contracts with us, communicate with us by email or other channels, or provide information during client onboarding or service delivery.

  • Automatically: When you use our website or digital services, we may collect certain information automatically through cookies, log files, and similar technologies, as described in the section on Cookies and Tracking Technologies below.

  • From business partners or lawful third-party sources: We may receive information from partners, service providers, or other lawful sources (for example, where you have consented or where necessary for the performance of a contract), in each case where permitted by applicable law.

4. Lawful Bases for Processing (GDPR and UK GDPR)

For individuals located in the European Economic Area ("EEA") or the United Kingdom ("UK"), we process your personal data only where we have a lawful basis under GDPR Article 6 (and the UK GDPR equivalent). The following table summarizes the purposes for which we process data and the lawful bases we rely on:

PurposeLawful Basis
Service delivery and performance of our contract with youContractual necessity (Article 6(1)(b))
Pre-contractual inquiries (e.g., quotes, proposals)Contractual necessity (Article 6(1)(b))
Tax, accounting, and other legal obligationsLegal obligation (Article 6(1)(c))
Fraud prevention, security, and protection of our rightsLegitimate interests (Article 6(1)(f))
Marketing communications (e.g., newsletters, updates)Consent (Article 6(1)(a)) or, where applicable, legitimate interests
Website analytics and improvement of our servicesConsent (where required by law) or legitimate interests

Where we rely on legitimate interests, we have conducted a balancing test to ensure that our interests (or those of a third party) are not overridden by your interests or fundamental rights and freedoms. You have the right to object to processing based on legitimate interests in accordance with Article 21 of the GDPR; we will consider your objection in line with applicable law.

Where we rely on consent, you may withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5. How We Use Personal Information

We use the personal information we collect for the following purposes:

  • To provide and manage our services: We use your information to deliver our digital engineering and related services, fulfill our contractual obligations, and manage our business relationship with you.

  • To process payments: We use your information to process transactions, send confirmations and invoices, and comply with financial and tax obligations.

  • To communicate with you: We use your information to respond to your inquiries, provide customer support, send technical notices, updates, security alerts, and administrative messages.

  • To improve our website and services: We analyze usage data and trends to improve the functionality, security, and user experience of our website and services.

  • To prevent fraud and abuse: We may use your information to detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal or harmful activity.

  • To comply with legal obligations: We use your information as required by applicable laws, regulations, court orders, or governmental requests (including tax and accounting requirements).

  • For marketing communications: Where we have a lawful basis (such as your consent or, where applicable, legitimate interests), we may send you marketing communications about our services, events, or updates. You may opt out at any time.

We will not use your personal information for purposes materially different from those described in this Policy without providing you with notice and, where required by law, obtaining your consent.

6. Sharing and Disclosure of Personal Information

We may disclose personal information to the following categories of recipients, in each case only as necessary and in accordance with applicable law:

6.1 Service Providers

We may share your information with third-party service providers who perform services on our behalf, such as hosting providers, analytics providers, payment processors, IT and security providers, and professional advisers. These providers are contractually bound to use your information only for the purposes we specify and to protect it in accordance with applicable data protection laws.

6.2 Clients

When we act as a Data Processor, we may process and disclose personal data to or on behalf of our clients as necessary to provide our digital engineering services. In such cases, our processing is governed by our contract with the client and, where required, a Data Processing Addendum.

6.3 Legal and Regulatory Authorities

We may disclose your information if we believe in good faith that disclosure is necessary to comply with any applicable law, regulation, legal process (such as a subpoena or court order), or governmental request; to enforce our terms and policies; to protect the rights, property, or safety of TorpedoWeb, our clients, or others; or to defend against legal claims.

6.4 Business Transfers

In the event of a merger, acquisition, restructuring, sale of assets, or other business transfer, we may disclose or transfer your personal information to the relevant successor or affiliate. We will require the recipient to honor this Privacy Policy with respect to your information where applicable.

We do not sell your personal information for monetary consideration. For information about "sale" and "sharing" under the CCPA/CPRA, see the section below.

7. Sale or Sharing of Personal Information (CCPA/CPRA)

Under the California Consumer Privacy Act as amended by the California Privacy Rights Act:

  • Sale: TorpedoWeb does not sell personal information for monetary or other valuable consideration.

  • Sharing: We may share limited technical or usage data with analytics or similar providers in a way that could qualify as "sharing" under the CPRA (e.g., for cross-context behavioral advertising or analytics). Where we do so, California residents may have the right to opt out of such "sale" or "sharing" to the extent applicable.

We do not knowingly sell or share the personal information of individuals under 16 years of age. California residents may exercise their right to opt out of sale/sharing (where applicable) by contacting us at the email address provided in the Contact Information section below.

8. Sensitive Personal Information (CPRA)

We collect only limited categories of sensitive personal information (as defined under the CPRA) where necessary, such as for payment processing or legal compliance. We do not use sensitive personal information for inferring characteristics about you, and we do not sell sensitive personal information. We use and retain sensitive personal information only for the purposes disclosed in this Policy and as permitted by applicable law. California residents may have the right to limit our use of their sensitive personal information in certain circumstances; you may contact us to exercise this right.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (such as web beacons and scripts) to collect and track information about how you use our website and services. A cookie is a small file stored on your device that may contain an anonymous unique identifier. We use:

  • Essential cookies: These are necessary for the website to function (e.g., security, load balancing) and generally cannot be disabled in our systems without affecting core functionality.

  • Analytical or performance cookies: These allow us to recognize and count visitors and to see how visitors move around our website. This helps us improve the way our website works and understand usage patterns.

  • Functionality cookies: These are used to recognize you when you return to our website and to remember your preferences (e.g., language, region), enabling us to personalize content where appropriate.

You can control or refuse cookies through your browser settings or through any consent management tool we make available on our website. Please note that if you disable or refuse certain cookies, some parts of our website or services may not function properly.

10. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Contract duration: For the term of our contract with you and for a reasonable period thereafter to address follow-up matters, disputes, or legal claims.

  • Legal compliance: We may retain certain data as required by law (for example, tax and accounting records are often retained for up to seven years or as otherwise required by applicable jurisdiction).

  • Dispute resolution and legal claims: We may retain information as necessary to establish, exercise, or defend legal claims.

After the applicable retention period expires, we will delete your personal information or irreversibly anonymize it so that it can no longer identify you. Where we are legally required to retain data in an archived form, we will secure it appropriately and limit access.

11. International Data Transfers

TorpedoWeb is based in the United States. Your personal information may be transferred to, stored in, or processed in countries outside your country of residence, including the United States, where data protection laws may differ from those in your jurisdiction.

When we transfer personal data from the EEA or the UK to countries that have not been recognized as providing an adequate level of data protection, we implement appropriate safeguards, including:

  • EU Standard Contractual Clauses: We use the Standard Contractual Clauses approved by the European Commission (2021) where applicable.

  • UK International Data Transfer Addendum: For transfers from the UK, we use the UK Addendum to the EU Standard Contractual Clauses where applicable.

  • Adequacy decisions: Where the European Commission or the UK has recognized a country as providing adequate protection, we may rely on that decision.

  • Supplementary measures: Where necessary, we implement additional technical and organizational measures to ensure that your data receives a level of protection consistent with applicable law.

You may request a copy of the applicable transfer safeguards by contacting us at the email address provided in the Contact Information section below.

12. Data Security

We implement appropriate technical and organizational measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include, where appropriate, encryption of data in transit and at rest, access controls and authentication, secure hosting environments, regular security assessments, and due diligence in selecting and supervising vendors who process personal information on our behalf.

However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to use commercially reasonable means to protect your personal data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of any account credentials and for any activity that occurs under your account.

13. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms:

  • Supervisory authority: Where required under the GDPR or UK GDPR, we will notify the relevant supervisory authority without undue delay and, where feasible, not later than 72 hours after becoming aware of the breach, unless the breach is unlikely to result in a risk to individuals.

  • Affected individuals: Where the breach is likely to result in a high risk to your rights and freedoms, we will inform you without undue delay, in clear and plain language, and in accordance with applicable law.

  • California residents: We will comply with applicable California data breach notification laws, including the requirement to notify affected California residents when their unencrypted personal information is subject to an unauthorized acquisition.

14. Your Rights (GDPR, UK GDPR, and CCPA/CPRA)

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

RightDescription
AccessThe right to request confirmation as to whether we process your personal data and, where we do, to obtain access to that data and certain related information.
RectificationThe right to request that we correct inaccurate personal data or complete incomplete personal data.
Erasure ("Right to be Forgotten")The right to request that we erase your personal data in certain circumstances (e.g., where it is no longer necessary, where you withdraw consent, or where you object and there are no overriding legitimate grounds).
Restriction of processingThe right to request that we restrict the processing of your personal data in certain circumstances (e.g., while we verify accuracy or where you need the data for legal claims).
ObjectionThe right to object to processing based on legitimate interests or for direct marketing. Where we process your data for direct marketing, we will cease such processing upon your objection.
Data portabilityThe right to receive your personal data in a structured, commonly used, and machine-readable format and, where technically feasible, to have it transmitted to another controller.
Withdraw consentWhere we rely on your consent to process your personal data, the right to withdraw that consent at any time.
Opt-out of sale/sharing (California)The right to direct us not to "sell" or "share" your personal information (to the extent we engage in such activities under the CPRA).
Limit use of sensitive personal information (California)The right to limit our use of your sensitive personal information in certain circumstances.
Non-discrimination (California)The right not to receive discriminatory treatment for exercising your privacy rights under the CCPA/CPRA.

How to exercise your rights: To exercise any of these rights, please contact us at [Privacy Contact Email]. We may need to verify your identity before processing your request (for example, by confirming your email address or asking for additional information). We will respond to your request within the timeframes required by applicable law:

  • GDPR / UK GDPR: We will respond without undue delay and in any event within one month of receipt of your request. That period may be extended by two further months where necessary, taking into account the complexity and number of requests; we will inform you of any such extension and the reasons for delay.

  • CCPA/CPRA: We will respond within 45 days of receiving a verifiable request. We may extend that period by an additional 45 days (up to 90 days total) when reasonably necessary, and we will inform you of the extension.

If you are in the EEA or the UK and you believe that our processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or place of the alleged infringement.

15. Automated Decision-Making and Profiling

We do not engage in fully automated decision-making (including profiling) that produces legal effects concerning you or similarly significantly affects you within the meaning of GDPR Article 22. If we were to do so in the future, we would do so only where permitted by law and would inform you of your rights in that regard.

16. Children's Privacy

Our website and services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and you become aware that your child has provided us with personal data without your consent, please contact us. If we become aware that we have collected personal data from a child under 13 without verification of parental consent, we will take steps to delete that information from our systems in accordance with applicable law.

17. Web3 and Blockchain Considerations

If you interact with blockchain-based or Web3-related services that we develop or that integrate with our services, you should be aware of the following:

  • Public and immutable nature of blockchain data: Transactions and data recorded on public blockchains are generally transparent and immutable. Information associated with your public wallet address or that you choose to record on a blockchain may be publicly visible and permanently stored. TorpedoWeb has no control over data once it is recorded on a blockchain and cannot delete or modify it.

  • Wallet information: If our services involve interaction with your digital wallet, we may process your public wallet address where necessary. We do not collect or store your private keys or seed phrases. You are solely responsible for the security of your wallet and private keys. TorpedoWeb is not responsible for any loss or theft of cryptocurrency, tokens, or other digital assets resulting from your negligence or compromise of your wallet.

  • On-chain actions: Any actions you initiate on a blockchain through our services are your sole responsibility. We do not control or endorse the underlying blockchain protocols, smart contracts, or third-party dApps.

18. Anonymization and De-Identification

Where we anonymize or de-identify personal information so that it can no longer reasonably be used to identify you, we treat that data as no longer constituting personal data under applicable data protection laws. Such anonymized or de-identified data may be used for analytics, research, or product improvement. We do not attempt to re-identify such data, and we require that any recipients of such data do not attempt to re-identify it.

19. Data Protection Officer and EU/UK Representatives

Under the GDPR and UK GDPR, certain organizations are required to designate a Data Protection Officer ("DPO") or to appoint a representative in the EEA or UK. At present, TorpedoWeb is not required to appoint a DPO under Article 37 of the GDPR. If our processing activities or the applicable legal thresholds change in the future, we will make the appropriate appointments and update this Policy accordingly. For any privacy-related inquiries, you may contact us using the details in the Contact Information section below.

20. HIPAA and Health Information

TorpedoWeb's services are not designed to process or store Protected Health Information ("PHI") as defined by the Health Insurance Portability and Accountability Act ("HIPAA"). We are not a Business Associate under HIPAA and do not represent that our systems are HIPAA compliant. You agree not to provide us with PHI unless we have expressly agreed in writing to handle PHI under a separate Business Associate Agreement ("BAA"). If your project requires the processing of PHI, you must inform us in advance; any such engagement will be subject to a separate BAA and our acceptance in our sole discretion.

21. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will post the updated Privacy Policy on this page and update the "Last Updated" date at the top. For material changes, we may provide additional notice (for example, by email or a prominent notice on our website) where required by law or where we deem it appropriate. Your continued use of our website or services after the posting of changes constitutes your acceptance of the updated Policy. We encourage you to review this Policy periodically.

22. Contact Information

If you have any questions about this Privacy Policy, our data practices, or your rights regarding your personal information, please contact us:

TorpedoWeb LLC
8 The Green, Suite B, Dover, Delaware, USA-19901
Email: hello@torpedoweb.org

We will respond to your inquiry in accordance with applicable law.