Privacy Policy

Effective Date: January 1, 2026  |  Last Updated: March 10, 2026

1. Introduction and Scope

This Privacy Policy describes how CRC Cloud® and its TPAIT™ initiative ("TPAIT," "we," "us," or "our"), collects, uses, discloses, and protects personal information when you visit our website at tpait.com (the "Website"), submit inquiries through our contact form, schedule consultations, or otherwise interact with us. This policy applies to all visitors, prospective clients, and users of our Website.

TPAIT is headquartered at 4695 MacArthur Ct, 11th Floor, Newport Beach, California 92660. We provide managed IT, cybersecurity, and private cloud services to Third-Party Administrators in the retirement plan industry.

2. Categories of Personal Information We Collect

We collect the following categories of personal information as defined under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Information You Provide Directly:

  • Identifiers: Name, email address, phone number, company name, and job title when you submit our contact form or schedule a consultation.
  • Professional Information: Your role, company size, TPA software platforms used, and IT needs as described in your inquiry.
  • Communication Records: The content of messages you send through our contact form or email correspondence with us.

Information Collected Automatically:

  • Internet Activity Information: IP address, browser type, operating system, device type, referring URL, pages visited, time spent on pages, and click patterns.
  • Geolocation Data (General): Approximate geographic location derived from your IP address.

3. How We Collect Information

We collect personal information through the following methods:

  • Contact Form Submissions: When you complete the form on our Contact page, your submission is processed through Formspree, Inc., a third-party form processing service. Formspree receives your name, email, phone number, company name, and message content.
  • Consultation Scheduling: When you book a consultation through our Microsoft Outlook scheduling link, Microsoft Corporation processes your scheduling information pursuant to Microsoft's own privacy policy.
  • Google reCAPTCHA: Our contact form uses Google reCAPTCHA v3 to prevent spam and abuse. Google collects hardware and software information (such as device and application data), cookies, and behavioral data to assess whether a submission is legitimate. This data is processed pursuant to Google's Privacy Policy at policies.google.com/privacy.
  • Google Fonts: Our Website uses Google Fonts, a web font hosting service. When you load a page, your browser connects to Google's servers to retrieve font files. Google may collect your IP address and browser information in connection with this request.
  • Server Logs: Our web hosting provider automatically records standard server log data when you visit our Website.

4. Cookies and Tracking Technologies

Our Website uses the following cookies and tracking technologies:

  • Google reCAPTCHA Cookies: Functional cookies set by Google to distinguish human visitors from automated bots. These cookies may persist for up to 6 months.
  • Theme Preference: A local storage entry ("tpait-theme") that remembers whether you selected light or dark mode. This is stored only on your device and is not transmitted to us.

We do not use advertising cookies, analytics tracking cookies, or cross-site tracking technologies. We do not use Google Analytics, Facebook Pixel, or similar analytics platforms on this Website.

5. How We Use Your Information

We use personal information for the following business purposes:

  • Responding to your inquiries and providing information about our services
  • Scheduling and conducting consultations
  • Communicating with you about our services, including follow-up correspondence related to your inquiry
  • Preventing spam, fraud, and abuse of our Website
  • Maintaining and improving our Website's functionality and security
  • Complying with applicable legal obligations

6. Information Sharing and Disclosure

We do not sell your personal information. We have not sold personal information in the preceding 12 months, and we do not intend to sell personal information.

We do not share your personal information for cross-context behavioral advertising.

We may disclose personal information to the following categories of third parties for the business purposes described in this policy:

  • Service Providers: Formspree, Inc. (contact form processing), Google LLC (reCAPTCHA spam prevention and font delivery), Microsoft Corporation (consultation scheduling), and our web hosting provider. These providers process data on our behalf and are contractually prohibited from using your information for their own purposes.
  • Legal Requirements: We may disclose information when required by law, subpoena, court order, or other legal process, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, personal information may be transferred as part of that transaction. We will notify you via prominent notice on our Website of any change in ownership or use of your personal information.

7. Your Privacy Rights Under California Law (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act:

  • Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, our business purpose for collecting it, and the categories of third parties with whom we shared it.
  • Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions provided by law.
  • Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
  • Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising. Therefore, there is no need to opt out of such activities.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.
  • Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined under CPRA beyond what is necessary for the purposes disclosed in this policy.

To exercise any of these rights, contact us at privacy@tpait.com or by mail at the address below. We will verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf by providing the agent with written authorization.

We will respond to verifiable consumer requests within 45 days of receipt. If we require additional time, we will inform you of the reason and extension period in writing (up to an additional 45 days).

8. Data Retention

We retain personal information for as long as reasonably necessary to fulfill the purposes for which it was collected. Specifically:

  • Contact form submissions: Retained for 24 months from the date of submission, unless you become a client (in which case retention is governed by your service agreement) or request earlier deletion.
  • Server logs: Retained for 12 months, then automatically purged.
  • Communication records: Retained for 24 months from the last communication.

9. Data Security

We implement appropriate technical and organizational security measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS 1.2+), access controls, and secure hosting infrastructure. However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

10. Do Not Track Signals

Our Website does not track users across third-party websites and therefore does not respond to Do Not Track (DNT) signals. As noted above, we do not use analytics tracking or advertising cookies.

11. Children's Privacy

Our Website and services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal information, please contact us at privacy@tpait.com.

12. International Users

Our Website and services are intended for use within the United States. If you access our Website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will post the updated policy on this page with a revised "Last Updated" date. Material changes will be indicated by updating the effective date at the top of this policy. We encourage you to review this policy periodically.

14. Contact Information

For questions about this Privacy Policy or to exercise your privacy rights, contact us:

TPAIT (A CRC Cloud® Initiative)
CRC Cloud®
4695 MacArthur Ct, 11th Floor
Newport Beach, CA 92660
Email: privacy@tpait.com
Phone: (949) 916-6444