Privacy Policy for Tech Heads Managed Services

Effective Date: June 27th, 2025

Thank you for choosing Tech Heads. This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our managed services programs, THInc Ops and THInc Secure, and when you access our web app portal.

1. WHAT INFORMATION DO WE COLLECT?

We collect both personal and operational data to deliver our managed services effectively:

Personal Information:

  • Contact details (e.g., names, email addresses)
    • Login credentials for systems we manage or monitor
    • Credentials stored in Passportal

Operational and Technical Information:

  • System and software status data collected via NinjaRMM
    • Network performance and event logs from Auvik
    • Ticketing and support request data from ConnectWise Manage
    • Security event logs and alerts from Field Effect MDR (THInc Secure clients only)
    • Vulnerability scanning results from ConnectSecure
    • Usage and access logs from our web app portal

2. HOW DO WE PROCESS YOUR INFORMATION?

We use your information to:

  • Provide OS and software patching
    • Monitor network and system health
    • Respond to IT support tickets
    • Present aggregated service and performance dashboards via Power BI
  • Manage and respond to security alerts and vulnerabilities
    • Maintain and secure your account access through Microsoft SSO

3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

We do not sell your personal data. We share data only with:

  • Third-party tools we use to deliver services (e.g., NinjaRMM, Auvik, ConnectWise, Passportal, Field Effect MDR, ConnectSecure)
    • Microsoft Entra for authentication
    • Internal Tech Heads systems for ticket aggregation, storage, and analytics

All third-party tools used are industry-recognized and governed by strict data protection agreements. Contact secops@techheads.com for partner-specific compliance documentation.

4. HOW LONG DO WE KEEP YOUR INFORMATION?

We retain client information:

  • As long as necessary to provide services under the active contract
    • In accordance with applicable legal and regulatory requirements
    • Logs and backups may be retained for a defined period (e.g., 90-180 days) after service termination, after which they are securely deleted

5. HOW DO WE KEEP YOUR INFORMATION SAFE?

We apply the following safeguards:

  • Secure login via Microsoft SSO
    • Role-based least privilege access controls across platforms
    • Encrypted storage for passwords in Passportal
    • Segmented storage of operational and monitoring data on production systems
  • Regular reviews of audit logs and security configurations

6. DO WE COLLECT INFORMATION FROM MINORS?

No. Our services are intended for businesses and are not directed at individuals under the age of 18.

7. WHAT ARE YOUR PRIVACY RIGHTS?

You have the right to:

  • Access the personal data we hold about you
    • Correct inaccurate data
    • Request deletion, subject to contractual and legal limitations Requests can be sent to: secops@techheads.com

8. CONTROLS FOR DO-NOT-TRACK FEATURES

Our systems do not currently respond to browser-based Do-Not-Track (DNT) signals.

9. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

Yes. If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). These include the right to:

  • Know what personal data is collected, used, disclosed, and sold
    • Access a copy of your personal data
    • Request deletion of your personal data
    • Correct inaccurate personal data
    • Opt out of the sale or sharing of your personal data

Requests can be made by emailing: secops@techheads.com

10.  DO VIRGINIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

Yes. If you are a Virginia resident, you may have rights under the Virginia Consumer Data Protection Act (VCDPA). These include the right to:

  • Confirm whether your data is being processed
    • Access and obtain a copy of your personal data
    • Correct inaccuracies in your data
    • Request deletion of your personal data
    • Opt out of targeted advertising, the sale of personal data, and profiling
    • Appeal a denial of any such request

To make a request, contact us at: secops@techheads.com

11.  DO WE MAKE UPDATES TO THIS NOTICE?

Yes. We may update this policy periodically. When we do, the “Effective Date” at the top will be revised. Significant changes will be communicated directly to clients or posted prominently on our web app portal.

12.  HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

For questions or concerns about this policy:

13.  HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Submit a request to secops@techheads.com We will respond within the timeframe required by applicable law.

Tech Heads is committed to protecting client data while delivering managed IT and security operations services through THInc Ops and THInc Secure.