T&T Compliance Shield AI Hiring Review
Privacy and data handling

We keep guided reviews controlled.

This policy explains what T&T Compliance Shield collects, how AegisReview handles review information, and what data stays outside the workflow unless a separate written agreement is in place.

Effective date: May 8, 2026

Company: T&T Compliance Shield LTD

Contact: tony@ttcomplianceshield.com

Summary: AegisReview is currently a guided review workflow. We collect the information needed to answer inquiries, run a controlled Snapshot, and prepare review materials. We do not sell customer data. Do not send sensitive applicant, employee, medical, payroll, Social Security, bank, or government ID information unless we have a separate written agreement covering that data.

1. Information We Collect

We collect information you provide directly, information generated while using the website or AegisReview workflow, and limited technical information needed to operate the site.

IntakeName, work email, phone if provided, company, website, role, Illinois hiring exposure, urgency, known HR or hiring tools, and your message.
Review filesCompany context, public scan findings, known tools, documentation gaps, notes you approve for review, Snapshot records, report templates, notice templates, and workflow status.
Portal dataFor controlled onboarding, the client portal uses browser-local preview storage or workspace-scoped backend records. Customer records require verified workspace access, active membership, unexpired access, and agreed review boundaries.
TechnicalIP address, browser/device information, page visits, timestamps, form submission metadata, and basic security or diagnostic logs.

2. Information Customers Must Not Submit Without Written Scope

Important: Unless we separately agree in writing, do not submit applicant resumes, employee files, Social Security numbers, driver's license numbers, medical information, payroll records, bank/payment data, background-check reports, immigration documents, protected-class demographic data, passwords, API keys, or confidential legal communications.

AegisReview is designed to start with company-level information, tool names, workflow context, public evidence, and customer-approved notes. Tier 2 restricted business documents such as vendor AI documentation, vendor contracts, internal HR process materials, or non-public ATS screenshots may be accepted only under a signed written scope, named access, approved storage controls, and a 30-day maximum retention period. Applicant-level, employee-level, biometric, protected-class, privileged, credential, or raw HR dataset materials remain outside the standard Tier 2 lane.

3. How We Use Information

  • Respond to inquiries, walkthrough requests, partner conversations, and Snapshot requests.
  • Run public signal checks and organize customer-approved hiring-tool information.
  • Create review materials such as Snapshots, reports, notice templates, action lists, and handoff notes.
  • Maintain an internal workflow trail of steps, approvals, templates, and review status.
  • Improve the product, fix bugs, protect the service, and support customer-requested follow-up.
  • Send service-related communications and limited marketing communications that you can opt out of.

4. Storage, Portal Access, And Login Status

AegisReview runs as a guided review workflow for early customers. Controlled onboarding, HR/legal approval, and reviewed delivery come before broader self-serve portal access.

  • The public website collects form submissions through the site host and stores local preview data in the browser when a user runs a preview workflow.
  • Workspace-backed Snapshot and activity records are stored in the configured backend when workspace access is enabled.
  • Production portal access requires user authentication, workspace permissions, active unexpired membership, and server-side access checks.
  • Trial access is time-bound and workspace-specific. Expired or revoked users cannot view customer records.
  • Restricted business documents require signed SOW/DPA scope, private storage, no-Tier-3 acknowledgment, 30-day Tier 2 retention, and deletion testing before intake.

5. How We Share Information

We do not sell, rent, or trade personal information. We may share information only in limited cases:

  • With service providers that help operate hosting, forms, email, scheduling, storage, payments, support, or analytics.
  • With attorneys, HR consultants, or advisors only when you request or approve that involvement.
  • We do not use customer review files to train AI models unless a customer separately agrees in writing.
  • If required by law, subpoena, court order, or valid government request.
  • As part of a business transfer, such as merger, acquisition, financing, or sale of assets, with appropriate safeguards.

6. Retention And Deletion

We retain information only as long as reasonably needed for the requested service, business records, customer support, dispute prevention, legal obligations, or security. Paid review file retention is set in the service agreement, invoice terms, or written customer instructions.

You can request deletion by emailing tony@ttcomplianceshield.com with the subject line "Privacy Request." We retain limited records where required for legal, payment, security, or business-record reasons.

7. Security

We use administrative, technical, and organizational safeguards, including scoped workspace records, review boundaries, audit events, and limited access practices. No internet service or electronic storage method is completely secure, so AegisReview limits the data requested during first-pass reviews.

8. Your Choices And Requests

  • You can ask what information we hold about you or your company contact record.
  • You can request correction or deletion of personal information.
  • You can opt out of marketing emails by replying "unsubscribe" or emailing us.
  • You can ask us not to use your company name publicly unless you separately approve a testimonial or case study.

9. Cookies And Analytics

Our website uses cookies, local storage, analytics, and similar technologies to operate forms, remember workspace state, understand site usage, and improve the product. You can control cookies through your browser settings, but some site functions may not work as expected if disabled.

10. Third-Party Links

Our website links to third-party websites, resources, or service providers. Their privacy practices are governed by their own policies, not this one.

11. Children's Privacy

Our services are intended for business professionals and are not directed to children under 18. We do not knowingly collect personal information from children.

12. Changes To This Policy

We update this policy as the product, law, vendors, or customer workflows change. The updated effective date appears at the top of this page.

13. Contact

For privacy requests or questions, email tony@ttcomplianceshield.com.

T&T Compliance Shield LTD
Website: ttcomplianceshield.com