Torrico Sales Group

Client Portal · Legal

← All policies

Privacy Policy

Effective: 2026-05-04Last updated: 2026-05-04Version: 1.0

Torrico Sales Group LLC · portal.torricosalesgroup.com

This Privacy Policy describes how Torrico Sales Group LLC (“TSG,” “we,” “us,” or “our”) collects, uses, stores, shares, and protects personal information when you use our websites (including torricosalesgroup.com and portal.torricosalesgroup.com), the TSG Client Portal platform, and related services (collectively, the “Services”). By accessing or using our Services, you agree to the practices described in this policy.

1. Information We Collect

1.1 Information you provide directly

When you create an account, submit forms, or contact us, we collect: name, email address, phone number, company name, job title or role, industry, website URLs, social media profile URLs, project details, and any other information you voluntarily provide. If you are an end user booking an appointment through a customer’s booking widget, we collect your name, email, phone number, and optional booking notes.

1.2 Information collected through Google Workspace integration

When you connect your Google Workspace account to the TSG Client Portal, we request the following specific Google OAuth scopes:

  • gmail.send — Allows the portal to send outreach emails you compose within the admin interface, using your Gmail address. We do NOT request gmail.readonly or gmail.modify. We do not read, access, scan, or store any content from your Gmail inbox.
  • calendar.events — Allows the portal to create calendar events on your Google Calendar when appointments are booked through the booking widget, and to read existing events for availability/conflict checking.
  • calendar.readonly — Allows the portal to read your Google Calendar free/busy information to compute available booking slots displayed on the public booking page.

1.3 Information collected automatically

When you use our Services, we may automatically collect: IP address, browser type and version, device type and operating system, pages visited and actions taken within the portal, referring URLs, and access timestamps. This information is collected through server logs and may be used with cookies or similar technologies.

1.4 Payment information

Payment processing is handled by Stripe. We do not directly collect, store, or have access to your full credit card number. Stripe’s privacy policy governs their handling of your payment information.

1.5 Recipients of outreach emails

If you receive an email sent through the TSG Client Portal by one of our customers, the message may contain a tracked URL with a unique reference parameter (e.g., ?ref=abc123). When you click such a URL, our infrastructure logs the reference parameter, timestamp, IP address, and user agent to provide click-tracking analytics to the sending customer. We do not associate this click data with you beyond what the sending customer already maintains in their own contact records. The sending customer is the controller of their contact data and the primary contact for any privacy questions about that relationship. To request that your information not be tracked further, contact the sender directly or use the unsubscribe mechanism in any commercial email.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing, operating, maintaining, and improving the TSG Client Portal and related services
  • Sending outreach emails on your behalf when you use the compose feature (via the Gmail API gmail.send scope)
  • Displaying your calendar availability and creating booking events when appointments are scheduled (via Google Calendar API calendar.events and calendar.readonly scopes)
  • Processing and managing customer relationships, contacts, companies, projects, and subscriptions within the portal
  • Communicating with you about your account, services, updates, and support requests
  • Processing payments and managing billing through Stripe
  • Detecting, preventing, and addressing technical issues, security incidents, and fraudulent or illegal activity
  • Complying with legal obligations and protecting our rights

2.1 Outreach communications

The portal supports two distinct sending modes: (a) Sequences — automated nurture sent only to opted-in audiences (form submissions, existing contacts, manual enrollments by you); and (b) Cold outreach — manual, one-off compose by the account owner. Both modes comply with the CAN-SPAM Act, including sender identification, accurate subject lines, a physical postal address, and a functional unsubscribe mechanism in every commercial message. Sequences additionally honor opt-in records when present.

3. Google API Services — Limited Use Disclosure

The TSG Client Portal’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google user data for the purposes described in this Privacy Policy and as explicitly authorized by the user through the Google OAuth consent screen.
  • We do not use Google user data for serving advertisements or for any purpose unrelated to providing and improving the portal’s functionality.
  • We do not allow humans to read Google user data unless: (a) we have your affirmative agreement for a specific purpose, (b) it is necessary for security purposes such as investigating abuse, (c) it is required to comply with applicable law, or (d) the data has been aggregated and anonymized for our internal operations.
  • We do not transfer, sell, or disclose Google user data to third parties except: (a) as necessary to provide or improve the Services as described in this policy, (b) as required by law, or (c) in connection with a merger, acquisition, or sale of assets with prior notice to affected users.

4. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We may share information in the following circumstances:

  • Service providers: We use third-party service providers operating in the United States to deliver the Services (including hosting, database, payment processing, and transactional email). These providers process data only as necessary to perform their services for us and are bound by their own privacy policies and data processing obligations. The specific list of providers is available to active customers and qualified prospects on request via our contact form.
  • Google APIs: When you connect your Google account, data flows between the portal and Google’s Gmail and Calendar APIs strictly as described in Sections 1.2 and 3. No Google user data is shared with other third parties.
  • Legal requirements: We may disclose information if required by law, regulation, legal process, or enforceable governmental request, or to protect the rights, property, or safety of TSG, our users, or the public.
  • Business transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred to the acquiring entity. We will notify you via email or prominent notice on our website before your information becomes subject to a different privacy policy.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include: encryption of OAuth tokens at rest, data isolation per customer using row-level security (RLS) in our database, HTTPS encryption for all data in transit, and access controls limiting data access to authorized personnel.

Hosting: The Services are hosted on third-party cloud infrastructure providers operating in the United States. Personal information is stored encrypted at rest and transmitted over encrypted connections (HTTPS/TLS). OAuth tokens, where applicable, are encrypted at rest using column-level encryption.

However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

5.1 Breach notification

In the event of a confirmed personal data breach affecting your personal information, we will notify affected customers without undue delay, and in any event within 72 hours of confirmation, via email to the address on file. The notification will include the nature of the breach, the categories of data affected, and the remediation steps taken or planned, to the extent reasonably available at the time of notification. We may delay notification at the direction of law enforcement or where required to preserve the integrity of an ongoing investigation.

6. Data Retention and Deletion

We retain your personal information for as long as your account is active or as needed to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements.

  • Account data: Retained for the duration of your active subscription. Upon account termination, we retain data for up to 90 days to allow for reactivation or data export requests, after which it is permanently deleted.
  • Outreach send logs: Metadata about emails sent through the portal (recipient, timestamp, template used) is retained as part of your CRM records for the duration of your account. Email body content is not stored.
  • Booking records: Retained as historical data for the duration of your account.
  • Google OAuth tokens: If you disconnect your Google account, we immediately revoke and delete your access and refresh tokens. Portal records created during the connection period (outreach logs, booking history) are retained as part of your CRM data.
  • Deletion requests: You may request deletion of your account and all associated data via the contact form. We will process deletion requests within 30 days, except where retention is required by law.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal information.
  • Deletion: Request deletion of your personal information, subject to legal retention obligations.
  • Data portability: Request an export of your data in a machine-readable format (CSV or JSON).
  • Google account disconnect: You may disconnect your Google account at any time through the portal’s Settings page, or by revoking access at myaccount.google.com/permissions.
  • Opt out of marketing: You may opt out of marketing communications by following the unsubscribe instructions in any marketing email or by contacting us directly.

7.1 California residents

If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA), as amended by the CPRA, including the rights to know what personal information we collect, to delete personal information, to correct inaccurate personal information, and to limit the use of sensitive personal information. We do not sell or share personal information for cross-context behavioral advertising. To exercise these rights, submit a verifiable request via our contact form.

8. Cookies and Tracking Technologies

The portal uses essential cookies to maintain your authenticated session (Supabase auth cookies) and functional cookies to remember your UI preferences (theme selection). We do not use advertising cookies, analytics cookies, or third-party tracking pixels. No cookie consent banner is shown because no consent is required for essential and functional cookies under applicable U.S. and EU law. You can clear or block cookies via your browser settings; clearing the auth cookie will sign you out.

9. Children’s Privacy

Our Services are designed for business use and are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

10. Third-Party Links and Services

Our Services may contain links to third-party websites or integrate with third-party services (such as Google Workspace, Stripe, and customer websites). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you interact with.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website with a revised effective date and, where appropriate, by sending you an email notification. Your continued use of the Services after the effective date of any updated Privacy Policy constitutes your acceptance of the changes.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

Torrico Sales Group LLC
Contact form: portal.torricosalesgroup.com/contact
Location: Tampa, Florida, United States

TermsPrivacyContact
© 2026 Torrico Sales Group LLC