Skip to main content
Training Tiger

Privacy Policy

Last updated: March 7, 2026 (rev. 4)

1. Introduction

Training Tiger LLC ("we," "us," or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Training Tiger ("the Service"), visit our website, or download free resources we provide.

By using the Service or our website, you agree to the collection and use of information as described in this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Company/organization name
  • Password (stored in encrypted form via Supabase Auth)
  • Employee ID (optional)
  • Role within your organization (Admin, Manager, Contributor, or User)

2.2 Training and Compliance Records

As part of providing the Service, we collect and store:

  • Training assignment records (documents assigned, due dates, status)
  • Training completion records and timestamps
  • Quiz attempts, scores, and answers
  • Certification records (trainer name, training method, knowledge verification, duration)
  • Retraining due dates
  • Training group assignments and manager-employee relationships
  • Document access history and acknowledgment records

2.3 Usage Data

We automatically collect:

  • Log data (IP address, browser type, pages visited, time and date of visits)
  • Device information (device type, operating system)
  • Session activity data (mouse movements, clicks, page interactions, and scroll behavior — see Section 4.3 for a full breakdown by tool)
  • UTM campaign parameters (which ad, search result, or referral source brought you to our site)
  • Page performance metrics (load times)

2.4 Content You Upload

You may upload:

  • Training documents, procedures, and materials
  • Company policies and work instructions
  • Quiz content generated from your documents

2.5 Payment Information

Payment processing is handled by Stripe. We do not store your credit card numbers or full payment details. Stripe's privacy policy governs their handling of payment data.

3. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain the Service
  • Process transactions and send billing communications
  • Send service-related notifications (training assignments, completions, retraining reminders)
  • Generate training reports and compliance records on your behalf
  • Respond to support requests and troubleshoot issues
  • Improve the Service and develop new features
  • Analyze how the Service is used to improve user experience
  • Ensure security and prevent fraud or abuse
  • Comply with legal obligations

4. Information Sharing and Disclosure

We do not sell your personal information. We may share information as follows:

4.1 Infrastructure and Service Providers

We use the following third-party service providers to operate the Service. Each has access only to the data necessary to perform their specific function:

  • Supabase — database, authentication, and file storage (United States)
  • Vercel — application hosting and content delivery (United States)
  • Stripe — subscription billing and payment processing
  • Resend — transactional email delivery (training notifications, billing receipts)
  • Anthropic — AI-powered quiz generation (see Section 4.2)

4.2 AI Processing (Anthropic)

Our AI quiz generation feature uses Anthropic's API to create quiz questions from your uploaded training documents. When you use this feature:

  • The content of the document you select is transmitted to Anthropic's API for processing
  • Anthropic does not use API-submitted data to train their AI models
  • Document content is processed transiently and is not retained by Anthropic
  • Generated quiz questions are stored in our database and are owned by you

Use of the AI quiz generation feature is optional. If your organization prohibits transmission of internal documents to AI providers, you may use the manual manager certification workflow instead, which does not involve AI processing.

4.3 Analytics and Session Recording

We use the following analytics tools to understand how users interact with our service and improve user experience:

  • Google Analytics 4 (GA4) via Google Tag Manager — active on our public marketing website only. Collects anonymized data about page visits, traffic sources, device type, and general user behavior. Google may use this data in accordance with their privacy policy. You can opt out using Google's opt-out browser add-on or by adjusting your browser's cookie settings.
  • Microsoft Clarity — active on our public marketing website only. We partner with Microsoft Clarity to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products and services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. Clarity does not capture passwords or payment information. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement. You can opt out by adjusting your browser's cookie settings or using a privacy browser extension.

  • PostHog — active on both our public marketing website and the authenticated platform. PostHog is our primary product analytics tool. Here is exactly what we collect:

    On the public marketing website:

    • Page views and page exits
    • Button and link clicks, form submissions (via autocapture)
    • Heatmap data (aggregated click and scroll patterns across pages)
    • How far down articles you scroll (we record milestones of 25%, 50%, 75%, and 100%)
    • Template downloads (template name and type — blank or filled example)
    • UTM campaign parameters (e.g., which ad or search result brought you to the site)
    • Page load and performance timing

    Inside the authenticated platform (when you are logged in):

    • Page views within the application
    • Session replay (video-like recordings of your interactions) — enabled only inside the authenticated platform, never on public pages. All text input fields are masked — PostHog does not record anything you type, including names, passwords, document content, or training answers.
    • Account identity data passed at login: your user ID, name, email address, role (admin/manager/contributor), company name, subscription plan, trial status, and trial start date. This allows us to associate analytics with specific accounts.
    • Business actions you take: uploading documents, assigning training to employees, generating quizzes, completing quizzes (we record your pass/fail result and score percentage — not your individual answers), certifying employees, and viewing reports.
    • When you create an account, we may associate your prior anonymous browsing activity (such as pages visited or resources downloaded before signing up) with your account information in order to understand how users discover and engage with our platform.

    PostHog does not share your data with other Training Tiger customers, and company data is never mixed between organizations. For more information, visit the PostHog Privacy Policy.

Summary of tool coverage: Google Analytics and Microsoft Clarity are active on our public marketing website only. PostHog is active on both the marketing website and the authenticated platform. Session replay is limited to the authenticated platform only. These tools do not share data with each other.

4.4 Within Your Organization

Administrators and managers in your organization can view training records, completion status, and training transcripts for users in their company, as permitted by their assigned role. Regular users can view their own training records only.

4.5 Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect our rights, safety, property, or the rights and safety of others.

5. Cookies and Tracking Technologies

We use the following types of cookies and tracking technologies:

  • Essential cookies — required for the Service to function, including session authentication and security tokens. These cannot be disabled.
  • Analytics cookies — used by Google Analytics and Microsoft Clarity on our public website (see Section 4.3). These are not set inside the authenticated platform.

You can control non-essential cookies through your browser settings. Disabling analytics cookies will not affect your ability to use the Service.

6. Data Security

We protect your data using:

  • Encryption in transit (TLS/HTTPS) for all data transmissions
  • Encryption at rest for database storage
  • Role-based access controls enforced at the database level
  • Secure, SOC 2-compliant data centers operated by our infrastructure partners
  • Regular security reviews

While we implement industry-standard security measures, no method of transmission or storage is 100% secure. You acknowledge the inherent risks of transmitting data over the internet.

7. Data Location and Backup

Data Location: Your data is stored in the United States on servers operated by Supabase and Vercel.

Backup: Your data is automatically backed up on a regular basis. In the event of data loss, we can restore from backups. Backups are encrypted and stored separately from primary data.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Training records are retained to support your audit and compliance requirements.

After account termination, we retain data for 30 days to allow for export using the Service's built-in export features (CSV exports, employee training transcripts). After 30 days, data is permanently deleted unless we are legally required to retain it longer.

9. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users via email within 72 hours of becoming aware of the breach, where feasible. We will also notify relevant regulatory authorities as required by applicable law.

10. Your Privacy Rights

You have the following rights regarding your personal information:

  • Access — request a copy of the personal information we hold about you
  • Correction — request correction of inaccurate or incomplete data
  • Deletion — request deletion of your personal information, subject to legal retention requirements
  • Portability — export your training records and data using the Service's built-in export features
  • Objection — object to certain processing activities

To exercise these rights, contact us at support@trainingtiger.co. We will respond within 30 days.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know — you have the right to know what categories of personal information we collect, the purposes for collection, and whether we sell or share it.
  • Right to Delete — you have the right to request deletion of personal information we have collected, subject to certain exceptions.
  • Right to Opt-Out of Sale/Sharing — we do not sell your personal information. We do share limited data with analytics providers (Google Analytics, Microsoft Clarity) for website analytics purposes. You may opt out of this sharing by adjusting your browser cookie settings.
  • Right to Non-Discrimination — we will not discriminate against you for exercising your CCPA rights.

Categories of personal information we collect: identifiers (name, email, IP address), commercial information (subscription records), professional information (employer, role, training records), internet activity (usage data, session data on our public website).

To exercise your California privacy rights, contact us at support@trainingtiger.co.

12. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately at support@trainingtiger.co.

13. International Data Transfers

Your data is stored and processed in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, which may have different data protection laws than your country. By using the Service, you consent to this transfer.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top indicates when changes were last made. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

15. Contact Us

For questions about this Privacy Policy, our data practices, or to exercise your privacy rights, contact us at:
Email: support@trainingtiger.co
Training Tiger LLC — Phoenix, Arizona, USA

← Back to Home