Your data,
Handled Right.

This Privacy Policy ("Policy") describes how Techila Global Services, Inc. ("Techila," "we," "us," or "our"), a Salesforce Summit Partner headquartered at 9300 John Hickman Pkwy, Frisco TX 75035, USA, collects, uses, discloses, and protects personal information.

This Policy applies to: (a) visitors to techilaservices.com and any Techila-operated subdomains; (b) prospective clients who submit enquiries or book discovery calls; (c) clients and their personnel engaged in active SOWs or MSAs; (d) licensed users of our AppExchange products and managed packages; and (e) partners, candidates, and other third parties who interact with us in a business context.

If you are a Techila client and we process personal data on your behalf as a data processor, the terms of the applicable Data Processing Addendum ("DPA") in your MSA govern that processing. This Policy addresses our activities as a data controller.

We collect personal information through multiple channels and in several categories:

We use personal information only for defined, legitimate purposes:

• 01Service delivery — to scope, design, implement, and support Salesforce programmes and managed services engagements
• 02Product licensing — to manage AppExchange product installations, licence entitlements, and renewals for Advisor Console Pro, Agentforce Pilot Kit, Unify Harmoniser, Quote-to-Cash Blueprint, Patient 360 Accelerator, Aftermarket Service Suite, Platform Guardian, and Executive Signal
• 03Client relationship management — to manage accounts, issue invoices, process payments, and conduct quarterly value reviews
• 04Communication — to respond to enquiries, send project updates, deliver insights articles, and (where consented) distribute marketing communications
• 05Product improvement — to analyse usage patterns of our products and website to improve functionality and user experience
• 06Security & fraud prevention — to detect, investigate, and prevent unauthorised access to our systems and client data
• 07Legal compliance — to meet obligations under applicable law, including tax reporting, regulatory requirements, and contractual duties
• 08Recruitment — to evaluate job applications and manage the hiring process

We do not use your personal information for automated decision-making that produces legal or similarly significant effects without human review.

Where GDPR, UK GDPR, or equivalent legislation applies, we rely on the following lawful bases:

• 01Contract — processing necessary to perform or take steps to enter into a contract with you (e.g. delivering consulting services, managing product licences)
• 02Legitimate interests — processing necessary for our legitimate interests, provided those interests are not overridden by your rights; this includes business development, security monitoring, and improving our products
• 03Legal obligation — processing required to comply with applicable laws (e.g. tax records, regulatory reporting)
• 04Consent — where we send marketing emails or deploy non-essential cookies; you may withdraw consent at any time without affecting prior processing

For residents of California (CCPA/CPRA) and other jurisdictions with specific statutory rights, please see Section 07.

We do not sell personal information. We share it only as described below:

• 01Salesforce, Inc. — as our primary platform provider; processing is governed by Salesforce's privacy and data processing terms
• 02Subcontractors & delivery partners — vetted consultants and near-shore delivery centres engaged on specific projects, bound by confidentiality and data processing obligations
• 03Technology vendors — hosting (AWS / Azure), CRM, project management, analytics, video conferencing, and email service providers; all are assessed against our supplier security standards
• 04Professional advisers — lawyers, auditors, insurers, and accountants engaged in the ordinary course of business
• 05Business transfers — in connection with a merger, acquisition, or sale of assets, subject to standard confidentiality protections
• 06Law enforcement & regulators — where required by applicable law, court order, or to protect the rights and safety of Techila, our clients, or the public

When we engage subprocessors to handle personal data on our behalf, we execute appropriate data processing agreements and apply the safeguards described in this Policy.

Techila implements a layered security programme consistent with ISO 27001 principles and Salesforce's Trusted Cloud standards. Our controls include:

• 01Encryption in transit (TLS 1.2+) and at rest for all client and personal data
• 02Role-based access controls and the principle of least privilege across all internal systems
• 03Multi-factor authentication for all systems holding personal or client data
• 04Regular penetration testing and vulnerability assessments by independent third parties
• 05Security awareness training for all Techila personnel, conducted annually and at onboarding
• 06Incident response procedures with defined notification timelines for data breaches

No method of transmission or storage is 100% secure. In the event of a personal data breach that is likely to result in high risk to your rights, we will notify affected individuals and relevant supervisory authorities within the timeframes required by applicable law.

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

• 01Access — request a copy of the personal information we hold about you
• 02Correction — request that inaccurate or incomplete data be corrected
• 03Erasure — request deletion of your personal information where we no longer have a lawful basis to retain it
• 04Restriction — request that we restrict processing of your data in certain circumstances
• 05Portability — receive your data in a structured, machine-readable format and transfer it to another controller
• 06Objection — object to processing based on legitimate interests or for direct marketing purposes
• 07Withdrawal of consent — where processing is based on consent, withdraw it at any time without affecting prior processing
• 08Non-discrimination — California residents: we will not discriminate against you for exercising your CCPA/CPRA rights

To exercise any of these rights, please contact us at privacy@techilaservices.com with the subject line "Privacy Rights Request." We will respond within 30 days (or within the period required by applicable law). We may need to verify your identity before processing your request.

If you are unhappy with how we handle your request, you have the right to lodge a complaint with your local supervisory authority (e.g. the ICO in the UK, or the relevant EU Data Protection Authority).

Our website uses cookies and similar technologies. We categorise them as follows:

• 01Strictly necessary — essential for the website to function (session management, security). These cannot be disabled.
• 02Analytics & performance — help us understand how visitors interact with our site (e.g. Google Analytics with IP anonymisation enabled). Set only with your consent.
• 03Functional — remember your preferences such as region or language settings. Set only with your consent.
• 04Marketing — used to deliver relevant content and track campaign performance. Set only with your consent and never for unrelated third-party advertising.

You can manage your cookie preferences via our consent banner when you first visit the site, or at any time through the Cookie Settings link in the footer. You may also configure your browser to block or delete cookies; note that doing so may affect site functionality.

We do not engage in cross-site tracking for the purpose of building advertising profiles without your explicit consent.

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention schedules are:

• 01Client & project records — 7 years from project completion, to meet tax and regulatory requirements
• 02Marketing & enquiry data — 3 years from last meaningful interaction, or until you unsubscribe
• 03Product licence data — duration of the licence plus 3 years
• 04Website analytics — 26 months (Google Analytics default, with IP anonymisation)
• 05Recruitment data — 12 months from the close of a recruitment process for unsuccessful candidates, unless you consent to longer retention
• 06Security logs — 12 months for intrusion-detection and access logs

When retention periods expire, data is securely deleted or anonymised. Anonymised data may be retained indefinitely for aggregate analysis and reporting.

Techila operates globally, with delivery teams across North America, EMEA, and APAC. Personal information may therefore be transferred to and processed in countries outside your own jurisdiction, including the United States.

Where we transfer personal data from the EEA, UK, or Switzerland to countries not recognised as providing an adequate level of protection, we rely on appropriate safeguards, including Standard Contractual Clauses ("SCCs") approved by the European Commission, the UK IDTA, or the Swiss equivalent, supplemented where necessary by additional technical and organisational measures.

Our primary cloud infrastructure providers (AWS, Azure) are certified under the EU-U.S. Data Privacy Framework or hold equivalent transfer mechanisms. Details of applicable transfer mechanisms are available on request.

Our website and Services are directed exclusively at business professionals and enterprises. We do not knowingly collect personal information from individuals under the age of 16.

If you believe we have inadvertently collected information from a minor, please contact us immediately at privacy@techilaservices.com and we will promptly delete it.

We may update this Policy periodically to reflect changes in our practices, the Services we offer, or applicable legal requirements. When we make material changes, we will post the revised Policy on our website with an updated effective date and, where we have your contact details, notify you by email.

Your continued use of our website or Services after the revised Policy takes effect constitutes your acceptance of the changes. If you do not agree, please discontinue use and contact us to discuss your options.

This Policy was last updated on 4 May 2026.

For questions about this Policy, to exercise your privacy rights, or to report a data protection concern, please contact our Privacy team: