Privacy Policy

1. Who We Are

This Privacy Policy explains how ShawTech Security Operations (“ShawTech,” “we,” “our,” or “us”) collects, uses, shares, and protects information when you:

• Use the ShawTech Portal at https://portal.shawtechpgh.com (the “Portal”),
• Receive ShawTech’s security monitoring, reporting, or alerting services,
• Contact ShawTech support (including emailing [email protected] or using the Portal support form), or
• Purchase ShawTech services or subscriptions.

ShawTech is built for businesses (restaurants, retail, offices, etc.). It’s not marketed to individual consumers or minors. If you do not agree with this Privacy Policy, do not use the Portal.

2. Scope of This Policy

This Policy covers:

• Portal account data (admin login email, MFA, etc.)
• Security / device telemetry we collect from systems you enroll
• Payment and subscription info we get from Stripe after checkout
• Support/ticket content you send us (including screenshots)
• Operational data we generate (dashboards, historical reports, alerts)

If you sign a separate services agreement with ShawTech, and that agreement conflicts with this Privacy Policy, the signed agreement controls.

3. Information We Collect

A. Account & Business Info

When your business signs up, we collect:

• Business / company name (how you want it shown on invoices/reports)
• Primary technical contact name, email, phone
• Billing contact email
• Approximate number of Windows PCs / servers we’ll monitor
• Location(s) we’re covering (e.g. “front bar POS,” “office upstairs”)
• Admin login email and password for your first Portal admin
• Multi-factor authentication (MFA) setup info

We also generate:

• Your customer ID (for example, “C-001”)
• An enrollment token used to register endpoints into your tenant
• Internal onboarding notes (status, service tier, etc.)

B. Security & Device Telemetry

Our agent / monitoring stack (and, if authorized, our remote management tooling) can send:

• Hostname, OS version, device type (workstation/server/POS)
• Patch status / missing updates
• Antivirus or EDR presence/coverage
• Open or risky network ports/services
• Security or event log summaries
• Online/offline check-in status, last seen time

We display that in your Portal dashboard and reports so you can see where you’re exposed.

C. Support / Ticketing

When you email [email protected] or submit a request in the Portal, we store:

• Your name and role
• Your contact email / phone
• Issue details and urgency (“POS server offline,” “Ransomware alert,” etc.)
• Screenshots, logs, or text you send us

We route that into our ticketing system so we can follow up.

D. Payment & Billing

We use Stripe for checkout. Stripe collects billing info (card, billing name, billing address) and confirms payment. ShawTech does not store raw card numbers.

E. Portal Usage & Security Logs

We log activity needed to run and secure the Portal, including:

• Successful / failed login attempts
• MFA events
• Session metadata (time, IP address, browser type)
• Admin actions (rotating enrollment tokens, adding users)
• Error logs for debugging

4. How We Use Information

We use the information above to:

• Provide the service and run your Portal tenant
• Authenticate you, enforce MFA, and protect access
• Show device health, patch status, antivirus coverage, and risky services
• Generate dashboards and reports for your business
• Respond to tickets / support requests
• Confirm billing and subscription status (via Stripe)
• Investigate abuse, fraud, or suspicious activity
• Comply with legal requirements

5. Legal Bases (EEA/UK note)

If you’re in the EU/UK: we process data (1) to perform our contract with you, (2) for our legitimate interest in keeping your systems secure and improving service quality, and (3) sometimes with your consent (for example, optional marketing). If you’re in the U.S., we process data to run the service you’re subscribing to and to protect your environment.

6. How We Share Information

A. Service Providers

We use vendors to host infrastructure, send email/tickets, process payments (Stripe), and provide remote monitoring (for example, TacticalRMM). They only get what they need to do their job, and they’re expected to protect it.

B. Your Own Team

Users you authorize in your Portal tenant can see device status, risk indicators, support tickets, and installer/enrollment info. You control who you invite.

C. Compliance / Safety

We may disclose information if required by law or if we believe in good faith it’s necessary to investigate fraud, abuse, unauthorized access, or harm.

D. Business Change

If ShawTech is involved in a merger, acquisition, financing, or sale of assets, customer information may transfer as part of that deal.

7. Data Retention

We keep data while we’re actively providing monitoring/reporting for you, and as long as needed to meet legal, audit, tax, and security obligations. After offboarding, we may archive historical records for a period, then delete or anonymize data that’s no longer required.

If you need a custom retention/deletion commitment (for example, “delete all endpoint telemetry 30 days after termination”), email [email protected].

8. Security Measures

We apply reasonable safeguards including MFA enforcement, per-tenant enrollment tokens, TLS encryption in transit, hardened infrastructure, and restricted internal access. That said, no hosted service or security product can guarantee 100% prevention of compromise.

9. Your Rights

Depending on where you are, you may have rights to access, correct, or delete certain personal data; request a copy; or ask us to limit some processing. Email [email protected] with: (1) who you are, (2) what company you’re with, and (3) what you’re asking for.

We’ll verify identity/authorization before fulfilling sensitive requests, especially for portal data tied to a business tenant.

10. Children’s Privacy

ShawTech is not marketed to children, and we do not knowingly collect personal information from children under 13. If you believe a minor was added to a Portal tenant, contact us so we can address it.

11. International Data Transfers

ShawTech’s infrastructure and providers are primarily located in the U.S. If you access the Portal from outside the U.S., you understand your data may be transferred to and processed in the U.S. or other countries with different data protection rules.

12. Updates to This Policy

We may update this Privacy Policy if our products, data practices, or legal requirements change. When we do, we’ll update the “Last Updated” date above and may also send a notice (for example, email or a Portal banner). If you keep using the Portal after changes take effect, you’re accepting the updated Policy.

13. Contact Us

Questions or privacy requests:

• Email: [email protected]
• Mailing address: [Business mailing address here]
• Subject line: “Privacy / Security”

If you’re an active ShawTech customer, you can also open a ticket in the Portal and mark it “Privacy / Data Request.”