Privacy Policy

This Privacy Policy describes how Ottomated IT, LLC (“Ottomate IT,” “we,” “our,” or “us”) collects, uses, discloses, and safeguards information when you visit ottomateit.com (the “Site”) or engage our managed IT, managed security, or professional services (collectively, the “Services”). By using the Site or the Services, you agree to the terms of this Privacy Policy.

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily submit, including:

• Name, email address, phone number, and company name submitted through our contact form
• Service details, project scope, and environment information you share during consultation
• Billing and payment information (processed by our third-party payment processors — we never store full payment card data on our systems)
• Correspondence and communications you send to us

1.2 Information Collected Automatically

When you visit the Site, our hosting provider and edge security provider (Cloudflare) may automatically collect limited technical data for security and reliability purposes, including IP address, user-agent string, request timestamps, and referrer URL. This data is used solely to protect the Site from abuse and to maintain operational integrity.

We do not use third-party analytics, advertising pixels, social-media trackers, or behavioral profiling tools on this Site.

1.3 Cookies

The Site does not set its own tracking cookies. Cloudflare may set a minimal security cookie (e.g., __cf_bm) strictly for bot mitigation and Turnstile verification on our contact form. No advertising or analytics cookies are used.

2. How We Use Information

We use collected information to:

• Respond to inquiries and deliver the Services you request
• Prepare proposals, quotes, and service agreements
• Manage client relationships, billing, and support
• Improve and secure the Site and the Services
• Comply with legal, regulatory, and contractual obligations
• Prevent fraud, abuse, and security incidents

3. How We Share Information

We do not sell, rent, or trade personal information. We may disclose information only in the following limited circumstances:

• Service providers: vetted subprocessors (e.g., hosting, email, Cloudflare, payment processors) who assist us in operating the Site or delivering the Services, under written confidentiality obligations
• Legal requirements: when required by law, subpoena, court order, or legal process
• Protection of rights: to investigate, prevent, or respond to suspected fraud, security incidents, or violations of our Terms
• Business transfers: in connection with a merger, acquisition, or sale of assets, subject to equivalent protections

4. Data Security

We apply the same security discipline to our own infrastructure that we bring to client engagements. Reasonable and appropriate administrative, technical, and physical safeguards are used to protect information against unauthorized access, alteration, disclosure, or destruction, including:

• TLS 1.2+ encryption for all Site traffic and service communications
• Encrypted storage for sensitive data at rest
• Role-based access control and least-privilege principles
• Multi-factor authentication on all administrative accounts
• Continuous monitoring and logging
• Regular security reviews aligned to NIST Cybersecurity Framework

No method of transmission or storage is 100% secure; however, we commit to using commercially reasonable measures to protect your information and to notify affected individuals without undue delay in the event of a confirmed breach of personal data, as required by applicable law.

5. Data Retention

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, to provide the Services, to comply with legal obligations, to resolve disputes, and to enforce our agreements. Contact-form submissions and prospect communications are typically retained for up to three (3) years unless a client relationship is established or a longer retention period is required.

6. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict the processing of your personal information, and to receive a copy of the information we hold about you. To exercise any of these rights, contact us through the contact form. We will respond within the timeframe required by applicable law.

7. Children’s Privacy

The Site and the Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

8. International Users

The Site is operated from the United States. If you access the Site from outside the United States, you acknowledge that your information may be processed in the United States under U.S. law, which may differ from the data protection laws of your country.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the “Effective Date” at the top of this page. Your continued use of the Site or the Services after any changes indicates your acceptance of the revised Policy.

10. Contact

Questions about this Privacy Policy or our data practices should be directed to us through the secure contact form on ottomateit.com. The operator of this Site and the controller of personal information collected through it is Ottomated IT, LLC.

// This Privacy Policy is provided for informational purposes and does not constitute legal advice. Clients requiring a formal Data Processing Agreement (DPA) or Business Associate Agreement (BAA) should request one during proposal.