Privacy Policy

Date of Last Revision:  February 24, 2026

Our Policy

This Privacy Policy describes how Tomahawk Strategic Solutions LLC, including the Tomahawk Institute online learning pages located at www.tomahawkinstitute.com (“Tomahawk,” “we,” “us,” or “our”), collects personal information about you, uses your personal information, discloses your personal information, and the circumstances under which we may share your personal information with others.  This Privacy Policy applies to information that we may collect from or about you when you access or use the Tomahawk website, mobile application, or other online or mobile service that links to or otherwise presents this Privacy Policy to you (the “Services”), or by any other means described herein. 

PLEASE READ THIS PRIVACY POLICY CAREFULLY TO UNDERSTAND HOW WE HANDLE YOUR INFORMATION.  IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, PLEASE DO NOT USE THE SERVICES.

California Privacy Rights (CPRA) and Other U.S. State Laws. For certain processing activities—such as operating our websites, managing accounts, billing, marketing, customer support, and security—Tomahawk acts as a “business” under the California Consumer Privacy Act as amended by the California Privacy Rights Act (together, “CPRA”) and as a “controller” under similar U.S. state privacy laws.  For other activities, we act as a “service provider”/“processor” to our enterprise customers, processing personal information under their instructions and contracts.  We do not “sell” personal information as defined by CPRA. We may “share” personal information for cross‑context behavioral advertising only if you opt in where required or do not opt out; you may exercise your right to opt out of “sale”/“sharing” and targeted advertising as described below, and we honor Global Privacy Control signals. California and other state residents have specific rights over their personal information, described in “Your Privacy Rights” below.

SCOPE AND ROLES

This Privacy Policy covers personal information we collect as a business/controller from visitors to and users of the Services, from individuals who communicate with us, purchase from us, or otherwise interact with us directly.  When we provide services to our enterprise customers and process personal information on their behalf, we act as a service provider/processor.  In those cases, our processing is governed by our contract with the customer, and the customer’s privacy policy applies.  If you submit a request relating to information we process as a service provider/processor, we may refer your request to the relevant customer.

NOTICE AT COLLECTION

We collect personal information for the purposes described in this Privacy Policy. We will provide a notice at or before the point of collection when required by law, which may include links on forms, banners, or other just‑in‑time disclosures summarizing the categories of personal information collected, purposes of use, whether we “sell” or “share” personal information, and how long we intend to retain the information (or the criteria used to determine the retention period).

INFORMATION WE COLLECT

We obtain information about you through the means discussed below when we provide the Services.  Please note that we need certain types of information so that we can provide the Services to you.  If you do not provide us with such information, or ask us to delete it, you may no longer be able to access or use our Services.

1. Information You Provide to Us

We collect a variety of information that you provide directly to us.  For example, we collect information from you through:

  • the Services you use or processing your orders;
  • requests or questions you submit to us via online forms, email, or otherwise;
  • Uploads or posts you may choose to make to, or in connection with the Services
  • account registration and administration of your account; and
  • requests for customer support and technical assistance.

 

Information about you.  While parts of the Services may not require you to provide any information that can directly identify you by name (such as if you choose to browse the website without logging in), the specific types of information we collect will depend upon the Services you use, how you use them, and the information you choose to provide.  The types of data we collect directly from you includes:

  • email address;
  • name;
  • log-in credentials, if you create a Tomahawk account;
  • billing and account information, including billing address, credit or debit card numbers, verification numbers, and expiration date;
  • information about purchases or other transactions with us;
  • information about your customer service interactions with us;
  • demographic and other information about you that you choose to provide in connection with the Services;
  • any other information you choose to directly provide to us in connection with your use of the Services.

2. Information We Collect Through Automated Means

When you use our Services, we collect certain information as described in this Section.  As discussed further below, we and our service providers (which are third party companies that work on our behalf) may use a variety of technologies, including cookies and similar tools, to assist in collecting this information.

Websites.  When you use our website, we collect and analyze information such as your IP address, browser types, browser language, operating system, software and hardware attributes (including device IDs) referring and exit pages and URLs, the number of clicks, pages viewed and the order of those pages, the date and time you used the Services, error logs, and other similar information.

Location Information.  When you use the Services, we and our service providers may automatically collect general location information (e.g., IP address, city/state and or postal code associated with an IP address) from your computer or mobile device.

3. Information We Obtain From Third Parties

We may obtain information about you from third parties, including from vendors and service providers who may collect information on our behalf, such as:

  • Companies who support our website and Services.
  • Our payment processors, who collect payment information (e.g., bank account, credit or debit card information, billing address) to process your donation or other payment in order to fulfill your orders and provide you with products or services you have requested.
  • When you visit our website, open or click on emails we send you, or interact with our Services or advertisements, we, or third parties we work with, may automatically collect certain information using online tracking technologies such as pixels, web beacons, software developer kits, third-party libraries, and cookies.

 

Any information we obtain from third parties will be treated in accordance with this Privacy Policy. We are not responsible or liable for the accuracy of the information provided to us by third parties and are not responsible for any third party's policies or practices.

HOW WE USE YOUR INFORMATION

We, or our service providers, use your information for various purposes depending on the types of information we have collected from and about you, in order to:

  • complete a purchase or provide the Services you have requested, including invoicing and accounting;
  • respond to your request for information and provide you with more effective and efficient customer service;
  • provide you with updates and information about classes in which you have enrolled;
  • contact you by email, postal mail, or phone regarding the Services;
  • help us better understand your interests and needs, and improve the Services, including through research and reports, and test and create new products, features, and services;
  • secure our websites and applications;
  • comply with any procedures, laws, and regulations which apply to us where it is necessary for our legitimate interests or the legitimate interests of others; and
  • establish, exercise, or defend our legal rights where it is necessary for our legitimate interests or the legitimate interests of others.

COOKIES AND SIMILAR TECHNOLOGIES

The Services may be provided in part through third-party platforms and service providers.  We and our service providers use Internet server logs, cookies, SDKs, pixels, and similar technologies to operate the Services, remember your preferences, perform analytics, improve performance, and, where enabled, deliver advertising or measure marketing effectiveness.  Cookies are small text files placed on your device that may: recognize your device; store your settings; help understand which pages you visit; enhance your experience; perform searches and analytics; and assist with security and administrative functions. Some technologies are stored in your browser cache, and others may be stored with your device settings.

As we adopt additional technologies, we may also gather information through other methods. You can change your browser settings to notify you when a cookie is set or updated, or to block cookies altogether.  You can also manage certain technologies (e.g., Flash) with the provider’s tools. Please note that by blocking, disabling, or managing any or all non‑essential cookies, you may not have access to certain features or offerings of the Services.  Where required by law (e.g., in the EEA/UK), we will obtain your consent before setting non‑essential cookies.  In California and other U.S. states with similar requirements, you may opt out of the “sale”/“sharing” of personal information and targeted advertising, and we honor browser‑based Global Privacy Control signals.

HOW WE SHARE AND DISCLOSE YOUR INFORMATION

Tomahawk will share your information in the following ways: with service providers/contractors that process information on our behalf under appropriate contractual restrictions (e.g., hosting, cloud infrastructure, analytics, payment processing, customer support, communications, security); with affiliates and subsidiaries to deliver products and services to you, ensure a consistent level of service, and enhance our products, Services, and your customer experience; with professional advisors (e.g., auditors, lawyers, accountants) under confidentiality; with third parties as necessary for corporate transactions; and with authorities or other parties as required by law or to protect rights and safety.

Affiliates and Subsidiaries.  We may share information we collect within the Tomahawk family of companies to deliver products and services to you, ensure a consistent level of service, and enhance our products, Services, and your customer experience.

Protection of Tomahawk and Others.  By using the Services, you acknowledge and agree that we may access, retain and disclose the information we collect and maintain about you if required to do so by law or in a good faith belief that such access, retention or disclosure is reasonably necessary to:  (a) comply with legal process (e.g., a subpoena or court order); (b) enforce our Terms of Service, this Privacy Policy, or other contracts with you, including investigation of potential violations thereof; (c) respond to claims that any content violates the rights of third parties; (d) respond to your requests for customer service; and/or (e) protect the rights, property or personal safety of Tomahawk, its agents and affiliates, its users and/or the public.  This includes exchanging information with other companies and organizations for fraud protection, and spam/malware prevention, and similar purposes.

Selling/Sharing Personal Information; Targeted Advertising.  We do not “sell” personal information for money.  We may “share” personal information for cross‑context behavioral advertising or engage in “targeted advertising” as defined by certain state laws when we enable advertising cookies or pixels; you can opt out as described below, and we honor Global Privacy Control signals.

RETENTION OF YOUR INFORMATION

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, to meet our legal, regulatory, accounting, or reporting requirements, to resolve disputes, and to enforce our agreements.  We apply the following criteria to determine retention periods: the nature and sensitivity of the information; the potential risk of harm from unauthorized use or disclosure; the purposes of processing and whether we can achieve those purposes through other means; and applicable legal requirements.  By way of example, transaction records are retained for tax and accounting requirements, while analytics data may be retained for a shorter period aligned to business needs.  We will not retain personal information longer than reasonably necessary and proportionate to the disclosed purposes.

YOUR PRIVACY RIGHTS AND CHOICES

You have certain rights with respect to your information as further described in this section.

Your Legal Rights

Depending on your jurisdiction, you may have rights to request access to your personal information; deletion; correction of inaccurate information; portability of certain information; restriction or objection to certain processing; opt‑out of the sale or sharing of personal information, targeted advertising, and certain profiling; and to withdraw consent where processing is based on consent.  You may also have the right to appeal our decision if we deny your request.

How to Exercise Your Rights

You may submit a request using the contact information in the “Contact Information” section below.  We will take steps to verify your identity before responding, which may include verifying your contact details, matching information we maintain, or requesting additional information.  You may authorize an agent to submit a request on your behalf in accordance with applicable law; we may require proof of the agent’s authority and verification of your identity.  We will respond within the time required by applicable law.

Non Discrimination

We will not discriminate against you for exercising your rights under applicable privacy laws.

Marketing Communications and Sharing

You may instruct us not to use your contact information to contact you by email, postal mail, or phone regarding products, services, promotions and special events that might appeal to your interests by using the unsubscribe link in emails or contacting us as described below.  We may still send you important transactional or relationship notices (e.g., regarding classes in which you are enrolled or your account).

Do Not Sell or Share My Personal Information; Targeted Advertising Opt Out

You may opt out of the “sale” or “sharing” of your personal information and of targeted advertising by adjusting your cookie preferences through our cookie settings and by enabling browser‑based Global Privacy Control signals.  Where technically feasible, we will apply your preferences to your browser or account. Some opt‑out choices are browser‑ and device‑specific.

Appeals Process (Certain U.S. States)

If we deny your request, you may appeal our decision by contacting us using the information below and indicating “Privacy Request Appeal.”  We will inform you in writing of any action taken or not taken in response to your appeal, including the reasons for our decision and any further options that may be available to you under applicable law.

CHILDREN’S PRIVACY

The Services are intended for general audiences and not for children under the age of 13.  If we become aware that we have inadvertently collected “personal information” (as defined by the United States Children’s Online Privacy Protection Act) from children under the age of 13 without valid parental consent, we will take reasonable steps to delete it as soon as possible.  We do not knowingly process data of EU/UK residents under the age of 16 without parental consent.  If we become aware that we have collected data from an EU/UK resident under the age of 16 without parental consent, we will take reasonable steps to delete it as soon as possible.  We also comply with other age restrictions and requirements in accordance with applicable local laws.

HOW WE PROTECT YOUR INFORMATION

Tomahawk uses physical, technical and organizational security measures designed to protect the information provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction.  These measures include access controls, encryption in transit, network monitoring, and regular review of our practices.  However, no Internet or email transmission is ever fully secure or error free.  Please keep this in mind when disclosing any information to Tomahawk via the Internet.

INTERNATIONAL DATA TRANSFERS; EEA/UK INFORMATION

Please note that we may transfer, store and process your personal information outside the country you live in, including the United States, and these countries may have data protection laws that are different from the country in which you live. Your personal information also may be processed by staff and third-party service providers and partners in these countries.  Where required, we use appropriate safeguards for international transfers. For EEA/UK individuals, Tomahawk is the controller for Services‑related processing described in this Policy when we act as a controller.  The legal bases we rely on include performance of a contract, legitimate interests (such as securing and improving the Services), compliance with legal obligations, and consent where required (e.g., for certain cookies/marketing).  You have rights to access, rectification, erasure, restriction, objection, and portability, and the right to lodge a complaint with a supervisory authority.  When we process personal information as a processor on behalf of a customer, that customer’s privacy notice governs, and requests should be directed to that customer.

CHANGES TO OUR PRIVACY POLICY

We reserve the right to amend this Privacy Policy at any time to reflect changes in the law, our data collection and use practices, the features of our Services, or advances in technology.  We will make the revised Privacy Policy accessible through the Services, so you should review the Privacy Policy periodically.  You can know if the Privacy Policy has changed since the last time you reviewed it by checking the “Date of Last Revision” included at the beginning of the document.  If we make a material change to the Policy, you will be provided with appropriate notice as required by applicable law.  By continuing to use the Services, you are confirming that you have read and understood the latest version of this Privacy Policy.

CONTACT INFORMATION

Please feel free to contact us if you have any questions about Tomahawk’s Privacy Policy or the information practices of the Services, or to make any request relating to your personal information or this Policy.

You may contact us as follows:
4751 Trousdale Ave, STE 110
Nashville, Tennessee 37220
privacy@tomahawkss.com

ACCESSIBILITY

We are committed to ensuring the Tomahawk website and this Privacy Policy are accessible.  If you need this Policy in an alternative format or require assistance accessing any part of the Tomahawk website, please contact us using the information above.

en_USEnglish
da_DKDanish en_USEnglish