TDM Insights
Book a diagnosis
Legal

Privacy Policy

Last updated: June 11, 2026

1. Who We Are

We are TDM Corp., operating as TDM Insights ("TDM Insights", "TDM", "we", "us", "our"). We are a founder-to-founder advisory and software practice headquartered in Toronto, Canada, providing SEO, AEO, content, website, brand, and AI advisory services, and the Growth Engine software suite. This Privacy Policy explains what personal information we collect, how we use and share it, and the choices and rights you have.

If you are in the European Union or United Kingdom, TDM Corp. is the controller of your personal data for the purposes of applicable data-protection law (see Section 3). If you have questions, contact us at privacy@tdminsights.com.

2. About This Policy

This Privacy Policy applies to your access to and use of our website at https://tdminsights.com (the "Website") and to personal information we handle in connection with our advisory and software services (the "Services"). Capitalized terms not defined here have the meaning given in our Terms of Use, which this Policy accompanies. This Policy does not apply to third-party products or services, or to the practices of companies we do not own or control. This Policy was written in English; if a translation conflicts with the English version, the English version governs.

3. Our Two Roles: Controller and Processor

Because of the nature of our work, we handle personal information in two distinct capacities, and it is important to understand the difference:

3.1 As a controller. For personal information about visitors to our Website, prospects who contact us, and our own client and business contacts, we determine how and why the information is processed. This Policy describes that processing.

3.2 As a processor / service provider. When we deliver Services, we are often given access to systems and accounts that belong to a client — for example, the client's Google Search Console, GA4, Shopify or other site analytics, and business records — which may contain personal information about the client's own users or customers. In that context, the client is the controller and we process that information on the client's documented instructions and for the purpose of delivering the engagement. That processing is governed by the applicable Engagement Agreement (and any data-processing terms within it), not by this Policy, and does not change the client's own privacy obligations to its users.

4. Legal Bases for Processing

Where applicable law requires a legal basis, we rely on one or more of the following: performance of our agreement with you or steps taken at your request; your consent; compliance with a legal obligation; protection of vital interests; the public interest; and our or a third party's legitimate interests (such as operating, securing, and improving our Website and Services, and communicating about our offerings).

5. Information We Collect

5.1 Information you provide. This includes:

  • Inquiry and contact information — when you submit a form, request a diagnosis, or contact us: your name, email address, organization, role, phone number, the website URL and business goals you share with us, and the contents of your message.
  • Engagement information — information you or your team provide in the course of an engagement, including access credentials and materials necessary to perform the Services (handled under the applicable Engagement Agreement).
  • Communications — copies of your correspondence with us.
  • Payment information — if applicable, billing details to invoice and collect fees. Card payments are processed by Stripe; we do not store full payment-card numbers.
  • Account and dashboard information — if we give you access to a client analytics dashboard, your login credentials and your use of that dashboard.

5.2 Information from third parties. We may receive information from referrals, from publicly available sources (for example, a public LinkedIn profile or a public post about us), and, if we offer third-party sign-in, from the provider you choose, under their privacy policies.

5.3 Information collected automatically. When you use the Website, we and our analytics providers may automatically collect technical and usage data, including your IP address, device and browser type, operating system, time-zone and language settings, the pages you view, referring URLs, and interaction data such as clicks and scrolling. We collect this using cookies and similar technologies (see Section 7).

6. How We Use Information

We use personal information to:

  • respond to your inquiries and scope, set up, and deliver the Services;
  • produce and deliver diagnostics, reports, and other deliverables;
  • operate, maintain, secure, and improve the Website and Services, and protect against fraud and abuse;
  • communicate with you about your inquiry, engagement, or account, and send administrative messages;
  • send marketing communications about our offerings, where you have opted in, and from which you may opt out at any time;
  • bill and collect fees; and
  • comply with legal obligations and exercise or defend legal claims.

Use of AI tools. We use artificial-intelligence tools — including Anthropic's Claude — to help deliver our Services. Where a Service involves processing client or personal data through such tools, the handling of that data is governed by the applicable Engagement Agreement and by the relevant provider's terms.

7. Cookies & Analytics

We use cookies and similar technologies for two purposes: (a) essential and analytics — to operate the Website, understand how it is used, and measure traffic, including through Google Analytics 4; and (b) advertising and measurement — to measure our campaigns and show relevant ads on third-party platforms, including Google Ads, the Meta (Facebook and Instagram) pixel, and the LinkedIn Insight Tag. These advertising technologies may allow those providers to recognize your device across different websites.

You can manage cookies through your browser settings, and you can opt out of interest-based advertising through each provider's own controls — for example, Google Ads Settings, Meta ad preferences, and LinkedIn ad settings — and through industry tools such as YourAdChoices (youradchoices.ca). Disabling some cookies may affect how the Website functions.

8. How We Share Information

We do not sell or rent your personal information. We share it only as described here:

8.1 Service providers. We share information with third parties that provide services to us — for example, website hosting (WordPress), analytics (Google Analytics 4), payment processing (Stripe), email and customer-relationship tools, and AI providers such as Anthropic. These providers may only access the information needed to perform their functions on our behalf and are required to protect it; several also process information under their own privacy policies. Some may be located outside Canada (see Section 13).

8.2 Legal requests. We may disclose information where required by law, court order, subpoena, or lawful request, or where we believe in good faith that disclosure is reasonably necessary to protect the rights, property, or safety of TDM, our users, or the public.

8.3 Affiliates and the TDM Corp. group. We may share information with TDM Corp. and entities under common ownership — including our flagship product The Gourmet Host — who are required to handle it consistently with this Policy.

8.4 Business transfers. If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to customary confidentiality protections.

8.5 Advertising partners. When advertising and measurement technologies are active on the Website (see Section 7), limited information — such as cookie identifiers and your activity on the Website — may be shared with advertising platforms including Google, Meta, and LinkedIn to measure our campaigns and show you relevant ads. You can opt out using the controls described in Section 7. We do not otherwise sell your information or share it with third parties for their own independent marketing.

9. How We Protect Your Information

We use commercially reasonable administrative, technical, and physical measures to safeguard personal information against loss, theft, and unauthorized access, disclosure, or modification. We use standard encryption (TLS/HTTPS) in transit and rely on reputable hosting providers. However, no transmission over the internet or method of storage can be guaranteed to be 100% secure; while we make reasonable efforts to protect your information, we cannot warrant absolute security, and you acknowledge there is always some risk in transmitting information online.

10. Data Retention

We retain personal information for as long as needed for the purposes for which it was collected — for example, to respond to your inquiry, deliver and support an engagement, and maintain business and tax records — and thereafter as required to comply with law, prevent fraud, collect fees, resolve disputes, and enforce our agreements. Information that is no longer needed may be deleted or de-identified and aggregated.

11. Your Choices & Rights

11.1 Marketing. You can opt out of marketing emails at any time using the unsubscribe link in those messages. Administrative messages relating to your inquiry or engagement are not promotional and may still be sent.

11.2 Access, correction, and deletion. You may request access to, correction of, or deletion of your personal information by contacting us at privacy@tdminsights.com. We will generally respond within 30 days, subject to applicable law, and may need to verify your identity first.

11.3 Canadian privacy rights (PIPEDA). Under Canadian law you have the right to access your personal information, to request correction, and to withdraw consent (subject to legal or contractual restrictions and reasonable notice).

11.4 EU / UK rights (GDPR). If you are in the EU or UK, you also have the rights to rectification, erasure, restriction of and objection to processing, and data portability, and the right to lodge a complaint with your local supervisory authority. Where we rely on legitimate interests, you may object in certain circumstances, and we will stop processing unless we have compelling grounds to continue or need to do so for legal reasons. Where we rely on consent, you may withdraw it at any time.

12. Information About Clients' Users

Where we process personal information on behalf of a client (Section 3.2) — for example, data within a client's analytics or business systems — requests from that client's users to access, correct, or delete their information should be directed to the client as the controller. We will support our clients in responding to such requests as set out in the applicable Engagement Agreement.

13. International Transfer of Information

We are based in Canada, and we and our service providers may store and process information in Canada, the United States, or other jurisdictions. By using the Website or providing information to us, you acknowledge that your information may be transferred to and processed in countries other than your own, where data-protection laws may differ, as necessary to provide the Website and Services.

14. Children

The Website and Services are intended for businesses and are not directed to individuals under 18. We do not knowingly collect personal information from anyone under 18. If we learn that we have done so, we will take appropriate steps to delete it. If you believe a minor has provided us with personal information, please contact us.

15. Third-Party Websites

The Website may link to sites operated by third parties. We do not control those sites and are not responsible for their content or privacy practices. We encourage you to review the privacy policy of any third-party site you visit.

16. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date and, where appropriate, provide additional notice on the Website or by email. Your continued use of the Website after changes are posted constitutes acceptance of the updated Policy.

17. Contact & Complaints

If you have questions, concerns, or complaints about this Privacy Policy or our handling of your information, please contact our privacy contact at privacy@tdminsights.com. We take privacy concerns seriously and will work with you to resolve them.

If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada:

Office of the Privacy Commissioner of Canada
30 Victoria Street, Gatineau, Quebec K1A 1H3
Toll-free: 1-800-282-1376

TDM Insights is a brand of TDM Corp., Toronto, Ontario, Canada.