This Data Policy applies to the TIONA website, hosted application environments, support interactions, onboarding, billing workflows, authentication flows, and related operational records.

TIONA is not offered for personal, family, or household use. It is intended for business users acting on behalf of commercial organizations.

Depending on the context:

• the customer organization is generally the controller of personal data loaded into or made available through the Service;
• TIONA generally acts as a processor or subprocessor for that customer data when operating the Service; and
• TIONA may act as an independent controller for account administration, authentication, billing, fraud prevention, abuse prevention, security logging, legal compliance, and enforcement of its contractual rights.

The contractual data-processing terms that apply where TIONA acts as a processor or subprocessor are included in the TIONA Terms of Service.

Categories may include:

• customer business records such as inventory data, demand data, supplier data, purchase-order data, inbound-shipment data, item master data, spreadsheet files, mappings, and operational overrides;
• personal data incidentally contained in those records, such as business contact names, business email addresses, business phone numbers, user identifiers, and internal operational notes;
• account and profile data such as user name, login email, role, password hash, trusted-device metadata, IP addresses, session records, and security-event history;
• billing and legal-contact data such as legal entity name, billing address, tax identifier, billing email, invoice currency, and subscription state;
• support and communications data such as emails, tickets, troubleshooting notes, audit extracts, and issue history; and
• technical data such as logs, timestamps, browser and operating-system signals, request metadata, event trails, and system monitoring records.

TIONA does not ask customers to use the Service for highly sensitive regulated data such as payment card data, Social Security numbers, government identification numbers, or health data unless separately agreed in writing.

We may use data to:

• ingest, preserve, map, transform, calculate, display, and export customer operational data;
• generate replenishment recommendations, order-support outputs, supplier-sheet assistance, and container-related calculations;
• authenticate users, maintain sessions, operate trusted-device features, detect suspicious activity, and secure the Service;
• administer accounts, subscriptions, billing profiles, invoices, reminders, and stop-subscription workflows;
• respond to requests, organize demos, onboarding, sales conversations, and product or plan discussions;
• send TIONA-related commercial follow-up, product updates, launch offers, plan information, promotions, or similar offers where permitted by applicable law and by the recipient's consent, business relationship, or right-to-object framework;
• maintain unsubscribe, opt-out, consent, suppression, and communication-preference records;
• provide support, investigate incidents, troubleshoot integration or data issues, and maintain auditability;
• monitor uptime, performance, abuse, product integrity, and service reliability;
• improve workflows, product quality, and operational resilience using aggregated, statistical, de-identified, or non-customer-identifying information; and
• comply with legal obligations, respond to lawful requests, and enforce our agreements and rights.

We do not use marketing or analytics cookies in the current TIONA model. Product and security observability are handled primarily through server-side application and technical logs.

Where GDPR or similar law applies:

• the customer is responsible for identifying and documenting the lawful basis for its own processing activities and for appointing TIONA as processor or subprocessor where needed;
• TIONA relies on the customer's instructions, contractual necessity, legitimate interests in securing and operating the Service, consent where required for lead forms or commercial communications, legitimate interests for B2B professional follow-up and TIONA-related offers where permitted and subject to opt-out, legal obligations, and similar applicable bases depending on the processing context; and
• the customer remains responsible for notices to its users, employees, suppliers, and other relevant contacts whose data may be included in customer systems or files.

The customer must not provide data to TIONA unless it has the right to do so and unless doing so is compatible with applicable privacy, confidentiality, employment, and commercial laws.

Current identified third-party providers include:

• OVHcloud, for hosted infrastructure and related hosting services where applicable;
• Brevo, for transactional, service, security, billing, onboarding, and TIONA-related commercial email delivery where applicable and permitted; and
• Google reCAPTCHA, where enabled solely for public-facing anti-bot or challenge-response protection on landing pages or other public-facing pages and not as part of the core in-app business workflow.

Apart from hosted infrastructure, email delivery, and narrowly scoped public-page protection tools, TIONA's core application logic, operational logging, user-activity tracking necessary for the Service, and customer-data handling are intended to remain operated in-house unless later documented otherwise.

Because TIONA may serve customers in different jurisdictions, data may be processed in countries other than the customer's country. Where applicable law requires transfer safeguards, TIONA may rely on appropriate contractual measures, adequacy mechanisms, or other lawful transfer tools as described in the Terms.

TIONA may change providers over time. Material provider changes may be reflected in updated legal pages, email notice, or other written notice, especially where applicable law requires notice or an opportunity to object.

During the subscription term, TIONA may retain customer-loaded data, outputs, mappings, preserved sheets, and operational state as needed to operate the Service.

After suspension or termination:

• TIONA may disable access immediately where needed for security, fraud, illegality, nonpayment, or similar serious reasons;
• customers remain responsible for exporting any records they need before or at termination;
• TIONA is not positioned as the customer's master archive or backup repository, and customers are expected to keep their own source CSVs, source system records, and other business originals outside the Service;
• for ordinary expiration, ordinary stop-subscription, or other non-fault termination where operationally feasible, TIONA may allow a short retrieval-only period as described in the Terms;
• after any applicable retrieval period, TIONA may delete, destroy, or render inaccessible customer-loaded data and operational state, subject only to non-waivable law and any express written retention commitment;
• acceptance logs, security logs, and contract-evidence records containing personal data may be retained during the customer relationship and then archived for evidentiary, fraud-prevention, legal-defense, and compliance purposes, generally for up to five years after the end of the relationship, and up to ten years where tied to accounting, tax, or mandatory recordkeeping duties, or longer while an actual dispute, investigation, or legal hold remains active;
• backups, logs, security records, billing records, and archival remnants may persist for a limited or extended period for legal, evidentiary, fraud-prevention, audit, disaster-recovery, or operational reasons; and
• de-identified or aggregated information may be retained and used without time limit if it no longer identifies the customer or data subjects.

Versioned legal texts and other non-personal legal artifacts may be retained for longer periods, including indefinitely, where they do not identify natural persons.

Current security-oriented practices may include:

• authenticated access controls;
• hashed passwords and token handling;
• session management and trusted-device controls;
• audit logging and security-event monitoring;
• restricted infrastructure and operational access; and
• server-side records used for incident review and service measurement.

TIONA uses technical cookies or comparable technical mechanisms primarily for authentication and security, such as session tokens and trusted-device identifiers. These mechanisms are not used for advertising, retargeting, or analytics purposes.

This cookie position does not prevent TIONA from sending email communications described in Section 3 where permitted by applicable law and this Data Policy.

If an external security service is enabled and it requires a technical cookie or similar token, that technical mechanism may also be used strictly to deliver that service.

Public-facing pages may also use an external anti-bot service such as Google reCAPTCHA solely to protect forms, login-related entry points, or other abuse-sensitive public interfaces. Where such a service is enabled, the relevant public-facing user flow should also display any provider-required attribution text and links.

If TIONA stores a local banner-acknowledgment flag or similar front-end notice state, that mechanism is intended only as a local technical notice-acknowledgment mechanism and not for analytics or marketing.

If TIONA receives a request relating to customer-controlled data, TIONA may:

• redirect the requester to the relevant customer;
• notify the customer of the request where appropriate and lawful;
• assist the customer where required by contract or applicable law; and
• decline the request where TIONA is not the proper decision-maker for that data.

Requests relating to TIONA's own controller-side data, such as account, billing, or security records, may be directed to:

Recipients may object to, opt out of, or unsubscribe from TIONA-related commercial communications at any time. TIONA may still send non-commercial operational, security, billing, legal, or service messages where necessary for the Service or the customer relationship.

EI Khalid Abdessamad
4 Place Saint Martin
26200 Montélimar
France
Email: khalid.abdessamad.pro@gmail.com

Where appropriate, updates may be posted in the Service, on a legal page, or sent by email. The effective date shown in the updated version will control unless applicable law requires a different notice method.

If a change is minor, explanatory, operational, security-related, or otherwise non-material, continued use of the Service after the effective date may constitute acknowledgment to the maximum extent permitted by law. If a change materially affects data handling, legal rights, or contractual allocation of responsibilities, TIONA may provide additional notice and, where required by law or contract, request updated acceptance or updated contracting documentation.