Effective Date: September 8, 2025 | Last Updated: September 8, 2025
SurgeTK (“Company,” “we,” “us,” or “our”) values your privacy and is committed to safeguarding the confidentiality, integrity, and security of the personal information we receive through our platform. This Privacy & Security Policy explains how we collect, use, disclose, and protect information, consistent with applicable federal and state laws, including the Gramm-Leach-Bliley Act (GLBA), SEC and FINRA guidance, and other privacy regulations.
Information We Collect
We collect and maintain information necessary to provide secure financial technology services, including:
Personal Information: Name, email address, login credentials, authentication factors.
Financial Information: Client account identifiers, account balances, transaction data (as provided by you or your integrations).
Usage Data: Device, browser, IP address, login times, and interactions with the SurgeTK platform.
Communications: Messages exchanged with our support team through in-app chat or email.
How We Use Information
We use collected information to:
Deliver, maintain, and improve the SurgeTK platform.
Authenticate and protect user accounts.
Provide secure file storage and account management features.
Detect, investigate, and prevent fraudulent or unauthorized activity.
Comply with applicable legal, regulatory, and contractual obligations.
We do not sell or rent personal information to third parties.
Information Sharing & Disclosure
We share information only in limited circumstances:
Vendors & Service Providers: With trusted partners such as AWS (hosting), MongoDB Atlas (database), Stripe (payments), Intercom (support), Sendgrid (emails) and Heroku (infrastructure). These providers are contractually required to maintain data confidentiality and security.
Regulatory & Legal: When required by law, regulation, subpoena, or request from regulatory authorities such as the SEC, FINRA, or other government bodies.
Business Transfers: In the event of a merger, acquisition, or other corporate transaction, subject to appropriate confidentiality protections.
Data Security
We employ layered safeguards to protect your information:
Encryption: All data is encrypted in transit via HTTPS/TLS and at rest in Amazon S3 or MongoDB Atlas with server-side encryption.
Authentication: Two-factor authentication (2FA) is mandatory for all users.
Access Controls: Database and storage systems are accessible only from approved network locations.
Monitoring & Incident Response: Login activity is monitored for unusual behavior; unauthorized attempts are blocked and logged.
Vendor Oversight: Only vetted vendors are integrated into the platform; third-party access is strictly limited.
Data Retention & Disposal
We retain information only as long as necessary to fulfill the purposes described in this policy, meet legal or regulatory requirements, and enforce contractual obligations. Data that is no longer required is securely deleted or anonymized.
User Rights & Choices
Depending on your jurisdiction, you may have rights to:
Access, correct, or delete your personal information.
Request a copy of your information in a portable format.
Limit or object to certain data uses.
Requests can be submitted through the in-app support function or by email to [email protected].
Security Incidents and Breach Notification
SurgeTK maintains an incident response program designed to detect, investigate, and respond to potential security events. In the event of a data breach involving personal information, we will promptly investigate, mitigate risks, and notify affected users and regulators as required by applicable law. Notification may include details of the incident, information potentially impacted, and steps we are taking to remediate and protect against future occurrences.
Children’s Privacy
Our services are not directed to children under the age of 13, and we do not knowingly collect information from such individuals.
Changes to This Policy
We may update this Privacy & Security Policy from time to time. Any changes will be posted on our website and, where required, notified to you directly.
Contact Us
If you have questions regarding this policy or SurgeTK’s data practices, please contact:
SurgeTK Privacy Office
431 W 7TH AVE STE 100
Anchorage, AK 99501
Email: [email protected]
Compliance Statement
SurgeTK maintains administrative, technical, and physical safeguards consistent with industry standards and regulatory expectations to protect client information. These safeguards are reviewed and updated regularly to adapt to evolving threats and compliance requirements.