Data & Security

Tonnia Theory takes a risk-based approach to protecting information entrusted to us. This page summarizes our general data and security practices for website visitors, leads, customers, and other users of our Services.

This page is informational only. It does not create a contractual promise, warranty, or guarantee unless a separate written agreement expressly says otherwise.

1. Our Security Approach

We use commercially reasonable administrative, technical, and organizational safeguards designed to help protect information from unauthorized access, loss, misuse, alteration, or disclosure. Our safeguards may vary depending on the nature of the information, the service provided, the systems involved, and the risks presented.

2. Examples of Safeguards We May Use

Depending on the service and environment, our practices may include:

  • role-based or limited-access controls;

  • password protection and, where supported, multi-factor authentication;

  • secure third-party platforms for hosting, storage, communications, project management, payments, and workflow automation;

  • logging, monitoring, patching, updates, and device or account management practices;

  • reasonable steps to separate access by function or need-to-know;

  • contractual or policy-based controls for vendors and contractors; and

  • backup, recovery, and continuity measures appropriate to the systems involved.

Not every safeguard applies to every service, workflow, or vendor.

3. Third-Party Providers

We rely on third-party providers to operate parts of our business, such as:

  • website hosting and forms,

  • email and communications,

  • file storage and collaboration,

  • scheduling and CRM,

  • billing and payment processing,

  • analytics and marketing tools, and

  • automation and AI-enabled tools.

While we make reasonable efforts to select appropriate providers, we do not control every aspect of third-party systems. Your use of third-party tools or integrations may also be subject to those providers’ terms and privacy practices.

4. AI-Enabled Workflows

Some services may involve AI-assisted workflows. When AI-enabled tools are used:

  • data may be processed by third-party providers according to the configuration, service tier, and contractual terms in place;

  • not all tools offer identical retention, training, residency, or deletion controls;

  • we may use a mix of manual and automated review depending on the service; and

  • customers should avoid sending highly sensitive, regulated, or third-party confidential information unless expressly authorized in writing for that use case.

5. Customer Responsibilities

You are responsible for:

  • providing accurate contact and business information;

  • protecting your own devices, networks, credentials, accounts, and backups;

  • limiting the submission of unnecessary sensitive information;

  • ensuring you have lawful authority to share any personal, confidential, or proprietary information with us; and

  • reviewing and approving recommendations, deliverables, automations, and outputs before implementation.

If you control the systems where our recommendations, templates, code, content, or automations are deployed, you remain responsible for configuration, permissions, production use, business continuity, regulatory compliance, and security decisions unless a separate written agreement expressly states otherwise.

6. Incident Response

If we become aware of a security issue affecting information under our control, we may investigate, mitigate, and take appropriate response steps based on the nature and scope of the event. Where required by law or contract, we may provide notice to affected parties or customers.

7. No Absolute Security Guarantee

No system, website, software, cloud service, transmission method, or storage environment can be guaranteed to be 100% secure. For that reason, we do not guarantee that the Services will be immune from downtime, intrusion, corruption, interception, or other security events.

8. Retention and Deletion

We retain information for business, legal, tax, operational, security, backup, and dispute-resolution purposes for as long as reasonably necessary. Retention periods may differ by data type, project, contract, and legal requirement. We may delete or anonymize information when it is no longer needed, subject to backups, archives, legal holds, and technical limitations.

9. Security Contact

For data security questions, please contact:

Tonnia Theory LLC
legal@tonniatheory.com

Acceptable Use Policy

This Acceptable Use Policy (“AUP”) governs your use of Tonnia Theory’s website, content, consulting services, downloads, automations, templates, tools, and related offerings (collectively, the “Services”).

By using the Services, you agree not to misuse them.

1. Prohibited Uses

You may not use the Services to:

A. Break the law or violate rights

  • engage in illegal, fraudulent, deceptive, or misleading conduct;

  • infringe, misappropriate, or violate intellectual property, privacy, publicity, confidentiality, or other rights;

  • submit content or data you do not have the right to use or share;

  • violate contracts, regulations, court orders, export controls, or applicable industry rules.

B. Cause harm or abuse

  • harass, threaten, stalk, intimidate, defame, exploit, or abuse others;

  • create, distribute, or facilitate hateful, discriminatory, exploitative, sexually abusive, or violent content;

  • impersonate another person or entity, or misrepresent affiliation, endorsement, identity, qualifications, or results.

C. Misuse the site or systems

  • interfere with, disrupt, scan, probe, attack, overload, or attempt unauthorized access to our Services, accounts, systems, or networks;

  • introduce malware, ransomware, spyware, malicious code, bots, or harmful scripts;

  • scrape, data-mine, crawl, mirror, benchmark, or systematically extract content or data from the Services without written permission;

  • bypass, defeat, disable, or circumvent access controls, rate limits, technical restrictions, or safety features;

  • reverse engineer, decompile, disassemble, or attempt to discover source code, prompts, models, workflows, or proprietary methods except where prohibited by law.

D. Misuse content, outputs, or business tools

  • resell, sublicense, white-label, redistribute, or commercially exploit our materials without authorization;

  • use our Services to generate fake testimonials, reviews, endorsements, references, case studies, or social proof;

  • use our Services to spam, phish, manipulate search or social systems, or engage in deceptive outreach;

  • represent AI-generated or AI-assisted output as fully human-created when that representation would be materially misleading;

  • use our Services in a way that could reasonably foreseeably lead to unlawful discrimination, unfair treatment, or harmful high-impact decisions without appropriate independent review.

E. Submit restricted data without authorization

  • upload or transmit regulated health data, payment card data, government IDs, highly sensitive personal data, trade secrets, privileged legal material, or third-party confidential information unless you are authorized to do so and we have agreed in writing to receive it for that purpose.

2. Monitoring and Enforcement

We may monitor compliance with this AUP to the extent reasonably necessary to protect our Services, business, users, and third parties. We may investigate suspected misuse and take any action we consider appropriate, including:

  • removing content,

  • suspending or terminating access,

  • blocking accounts, IPs, or integrations,

  • refusing service,

  • preserving evidence, and

  • reporting conduct to law enforcement, regulators, rights holders, or affected parties when appropriate.

3. No Evasion

You may not attempt to evade this AUP or any other policy through alternate accounts, aliases, intermediaries, automation, or third-party services.

4. Reporting Concerns

If you become aware of misuse of the Services, contact:

Tonnia Theory LLC
legal@tonniatheory.com

AI Transparency

Tonnia Theory may use artificial intelligence (“AI”) and other automated tools as part of certain internal workflows and client services. This page explains, at a high level, how AI may be used in our business and what users and clients should expect.

1. Where AI May Be Used

Depending on the service, AI-assisted tools may be used for tasks such as:

  • brainstorming and ideation,

  • drafting and summarization,

  • research assistance,

  • organization and categorization,

  • transcription and note cleanup,

  • content outlining,

  • workflow automation,

  • analysis support,

  • editing support, and

  • internal efficiency or quality-control tasks.

Not every service uses AI, and not every deliverable is primarily AI-generated. Some work may be fully human-created, some may be AI-assisted, and some may be hybrid.

2. Human Oversight

Where appropriate to the service, we may review, refine, or validate AI-assisted output before delivery. However:

  • not every draft, suggestion, automation, or intermediate output receives line-by-line human review;

  • AI-assisted output should always be treated as requiring business judgment and independent validation; and

  • final responsibility for use, publication, implementation, and compliance remains with the customer or end user unless a separate written agreement says otherwise.

3. Limits of AI

AI systems can produce incorrect, incomplete, outdated, biased, generic, or non-unique outputs. They may also reflect limitations in training data, context windows, tool integrations, or prompt design.

For that reason:

  • AI output should not be treated as guaranteed accurate;

  • AI output should not be the sole basis for legal, tax, accounting, HR, cybersecurity, medical, or other professional decisions;

  • AI-generated strategies, content, or recommendations may require editing, testing, approvals, and contextual adaptation; and

  • similar outputs may be generated for other users, businesses, or prompts.

4. Data Handling and AI Providers

To provide some Services, we may use third-party AI tools, APIs, or platforms. This means:

  • customer inputs, files, prompts, or instructions may be processed by third-party providers;

  • retention, logging, residency, safety review, and model-improvement settings may vary by provider and service tier;

  • we may change providers, tools, or configurations over time; and

  • specific data-handling commitments, if any, should be confirmed in the applicable contract, statement of work, or written service terms.

Unless expressly agreed in writing, you should not send highly sensitive, regulated, privileged, or third-party confidential information through AI-assisted workflows.

5. No Promise of Specific Business Outcomes

Use of AI does not guarantee growth, revenue, savings, compliance, speed, rankings, leads, customer support performance, or profitability. AI is a tool, not a guarantee.

6. Your Responsibilities

If you use or rely on our Services, you remain responsible for:

  • verifying important facts, claims, citations, calculations, and recommendations;

  • reviewing content for brand fit, legality, accuracy, and appropriateness;

  • obtaining legal or professional review when needed;

  • ensuring you have the right to submit any data or materials you provide; and

  • deciding whether and how to publish, automate, deploy, or operationalize any output.

7. Questions About AI Use

If you want to understand whether a particular service or workflow may involve AI assistance, contact:

Tonnia Theory LLC
legal@tonniatheory.com