Privacy Policy
MERGEguard by TLB Cloud · Last updated June 4, 2026
MERGEguard helps law firms identify and merge duplicate contacts in Clio. This policy explains what data we collect, how we use it, and how we protect it. We keep things simple. Only what's needed to run the service.
What we collect
| Data | What we collect |
|---|---|
| Account information | Your name, email address, and firm name, provided at signup. |
| Authentication data | Passkeys, hashed passwords, and any MFA methods you configure (authenticator app, SMS, or email). |
| Session and security data | Active sessions, trusted devices, and login attempt records used to protect your account. |
| Clio data | Contact records and related metadata accessed via your Clio account, used to detect and process duplicates. |
How we use it
- •Authenticate you and secure your account.
- •Connect to your Clio account and perform duplicate detection and merging on your behalf.
- •Maintain system security and prevent abuse.
We do not use your data for advertising, marketing, or any purpose other than running the service.
Data sharing
We do not sell your data or share it for marketing purposes. Data may be processed by infrastructure providers (hosting, database) strictly to operate the service, under appropriate confidentiality terms.
California residents
Under the California Consumer Privacy Act (CCPA), California residents have the right to know what personal information we collect, the right to request deletion of that information, the right to opt out of any sale of personal information (we do not sell data), and the right to non-discrimination for exercising these rights. To exercise these rights, contact info@tlbcloud.net.
SMS and MFA
If you enable SMS authentication:
- •Your phone number is used only to send one-time verification codes.
- •Messages are sent only when you log in or take a security action. Never for promotions.
- •Message frequency varies based on your activity.
- •Standard message and data rates from your carrier may apply.
Data retention
We retain different types of data for different periods based on operational and legal requirements.
| Data type | Retention period |
|---|---|
| Account and firm data | Until account deletion |
| Session data | Until logout or expiry |
| Merge snapshots | 90 days |
| Legal acceptances | Indefinite (compliance record) |
| Audit logs | Indefinite (security record) |
| Login attempts | Indefinite (security record) |
| Email logs | Indefinite (compliance record) |
| System error logs | Indefinite (operational record) |
You may request deletion of your account and associated data at any time by contacting info@tlbcloud.net. Deletion requests are processed within 30 days.
Security
We use encrypted authentication (passkeys, hashed passwords), secure session management, and access controls to protect your account. No system is perfectly secure, but we take reasonable precautions.
Your control
You can update or remove authentication methods (passkeys, MFA, password) from the security settings page at any time. You can disconnect your Clio account or request account deletion by contacting us.
Cookies
MERGEguard uses the following cookies to operate the service:
| Cookie | Purpose |
|---|---|
| auth_session | Keeps you logged in during your session. |
| mg_firm_id | Remembers which firm you’re working in. |
| mg_trusted_device | Skips MFA re-verification on devices you’ve marked as trusted (30-day expiry). |
| mg_pending_auth | Temporarily holds your Clio connection during signup (30-minute expiry, then deleted). |
No third-party tracking, advertising, or analytics cookies are used.
Contact
Questions or requests: info@tlbcloud.net