Privacy Policy

1. Introduction & Scope

H&D Technologies, LLC, doing business as "HD Tech" ("Company," "we," "us," or "our"), is committed to protecting the privacy and security of the personal information entrusted to us. As a provider of managed IT services, cybersecurity solutions, help desk support, and data backup and recovery services, we understand the critical importance of data protection.

This Privacy Policy describes how we collect, use, disclose, store, and protect personal information when you:

• Visit our website at hdtech.com (the "Site")
• Use our managed IT services, cybersecurity services, help desk support, data backup and recovery solutions, or any other services we offer (collectively, the "Services")
• Communicate with us via email, phone, contact forms, live chat, or other channels
• Interact with our advertisements, social media pages, or marketing communications
• Attend our events, webinars, or participate in surveys or promotions

This Policy applies to all individuals who interact with HD Tech, including current and prospective clients, website visitors, business contacts, vendors, and any other individuals whose personal information we process in connection with our business operations.

By accessing our Site or using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with the terms of this Policy, please do not access the Site or use our Services.

2. Information We Collect

We collect several categories of information depending on how you interact with us. The types of information we collect include:

2.1 Personal Information

Personal information is information that identifies, relates to, describes, or could reasonably be linked to you or your household. This includes but is not limited to:

• Identifiers: Full name, email address, postal address, telephone number, and job title
• Account credentials: Usernames, passwords, and security questions used to access our client portals or services
• Professional information: Company name, company size, industry, role, and professional affiliations
• Communication records: Content of emails, support tickets, phone call logs, chat transcripts, and other correspondence with our team
• Financial information: Billing address, payment card details (processed through secure third-party payment processors), purchase history, and invoice records

2.2 Business and Technical Information

In the course of providing our managed IT, cybersecurity, help desk, and data backup services, we may collect or have access to:

• IT infrastructure data: Network configurations, hardware and software inventories, system logs, firewall logs, and endpoint security data
• Security event data: Threat detection logs, incident reports, vulnerability scan results, and audit trails
• Backup and recovery data: Backup schedules, recovery point data, and system restore configurations
• Help desk records: Support ticket details, issue descriptions, resolution notes, and service level metrics
• User activity logs: Login records, access permissions, and system usage data as part of IT management services

2.3 Technical and Usage Data

When you visit our Site, we automatically collect certain technical information, including:

• Device information: Device type, operating system, browser type and version, screen resolution, and device identifiers
• Network information: IP address, internet service provider, and approximate geographic location derived from IP address
• Usage data: Pages visited, time spent on each page, click-through rates, referring and exit URLs, scrolling behavior, and navigation paths
• Performance data: Page load times, errors encountered, and other diagnostic data

2.4 Cookies and Similar Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your interactions with our Site. For detailed information, please see Section 6 (Cookies and Tracking Technologies) below.

3. How We Collect Information

3.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including when you:

• Fill out contact forms, request a quote, or schedule a consultation
• Create an account or register for our client portal
• Subscribe to our newsletter, blog, or marketing communications
• Submit a support ticket or contact our help desk
• Enter into a service agreement or contract with us
• Provide information during the onboarding process for our IT services
• Participate in surveys, webinars, events, or promotional activities
• Communicate with us by email, phone, chat, or other means

3.2 Information Collected Automatically

We automatically collect certain information when you visit our Site or use our Services through:

• Server logs: Our web servers automatically record information including your IP address, browser type, referring pages, pages visited, and timestamps
• Cookies and tracking technologies: As described in Section 6, we use cookies and similar technologies to collect usage data and personalize your experience
• Analytics tools: We use third-party analytics services (such as Google Analytics) to understand how visitors use our Site and to improve our content and user experience
• Monitoring tools: In the course of providing managed IT services, our remote monitoring and management (RMM) tools collect system performance data, security events, and other technical metrics from client systems

3.3 Information from Third Parties

We may receive information about you from third-party sources, including:

• Business partners and referrals: Companies or individuals who refer you to us for IT services
• Public databases and directories: Publicly available business information used for marketing and business development purposes
• Social media platforms: If you interact with us through social media, we may receive profile information in accordance with your privacy settings on those platforms
• Threat intelligence feeds: In the course of providing cybersecurity services, we may receive threat intelligence data that could include IP addresses or other identifiers
• Vendors and service providers: Third parties who provide data enrichment, identity verification, or fraud prevention services

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 Service Delivery and Operations

• Providing, maintaining, and improving our managed IT services, cybersecurity solutions, help desk support, and data backup and recovery services
• Setting up and managing client accounts and service configurations
• Processing transactions, invoicing, and collecting payments
• Monitoring, diagnosing, and resolving technical issues on client systems
• Performing security assessments, vulnerability scans, and penetration testing
• Executing data backup procedures and disaster recovery operations
• Responding to support tickets and help desk inquiries

4.2 Communications

• Responding to your inquiries, requests, and support needs
• Sending service-related notices, including maintenance alerts, security advisories, and system status updates
• Providing onboarding communications and training materials
• Delivering billing statements, invoices, and payment confirmations

4.3 Marketing and Business Development

• Sending promotional emails, newsletters, and marketing communications (with your consent or as permitted by law)
• Personalizing content, offers, and recommendations based on your interests and interactions
• Conducting market research and analyzing trends to improve our offerings
• Managing and optimizing our advertising campaigns across digital platforms
• Administering contests, promotions, surveys, and other marketing activities

4.4 Security and Fraud Prevention

• Detecting, preventing, and responding to security threats, fraud, abuse, and other harmful activities
• Monitoring for unauthorized access to our systems and client environments
• Verifying identities and authenticating users
• Investigating and reporting suspected security incidents

4.5 Legal and Compliance

• Complying with applicable federal, state, and local laws, regulations, and legal processes
• Enforcing our terms of service, service agreements, and other contractual obligations
• Protecting our rights, property, and safety, and those of our clients and the public
• Responding to lawful requests from law enforcement and governmental authorities
• Maintaining records as required by applicable regulatory frameworks

4.6 Website and Service Improvement

• Analyzing website usage patterns to improve site functionality, navigation, and content
• Conducting A/B testing and user experience research
• Developing new features, services, and products
• Generating aggregated, de-identified statistical data for internal analysis

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers and Business Partners

We share information with trusted third-party service providers who assist us in operating our business and delivering our Services, including:

• Cloud hosting and infrastructure providers
• Payment processors and billing platforms
• Customer relationship management (CRM) systems
• Email and communication platforms
• Analytics and marketing automation tools
• Security software and threat intelligence vendors
• Remote monitoring and management (RMM) tool providers
• Professional services firms (e.g., legal, accounting, auditing)

These service providers are contractually obligated to use your information only for the purposes for which it was disclosed and are required to maintain the confidentiality and security of your personal information.

5.2 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, asset sale, or other business transaction, your personal information may be transferred to the acquiring entity or successor organization. We will provide notice before your personal information becomes subject to a different privacy policy.

5.3 Legal Requirements and Protection of Rights

We may disclose your information when we believe in good faith that disclosure is necessary to:

• Comply with applicable laws, regulations, legal processes, or enforceable governmental requests
• Respond to subpoenas, court orders, or other lawful requests by public authorities, including to meet national security or law enforcement requirements
• Enforce our terms of service, service agreements, or other policies
• Protect the rights, property, or safety of HD Tech, our clients, employees, or the public
• Detect, prevent, or address fraud, security issues, or technical problems

5.4 With Your Consent

We may share your personal information for purposes not described in this Privacy Policy when we have obtained your explicit consent.

5.5 Aggregated or De-Identified Data

We may share aggregated or de-identified data that cannot reasonably be used to identify you for any purpose, including research, analysis, and marketing.

6. Cookies and Tracking Technologies

6.1 What Are Cookies

Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work more efficiently, provide reporting information, and assist with personalization.

6.2 Types of Cookies We Use

• Strictly Necessary Cookies: These cookies are essential for the operation of our Site. They enable core functionality such as security, account authentication, and session management. These cookies cannot be disabled.
• Performance and Analytics Cookies: These cookies help us understand how visitors interact with our Site by collecting and reporting information anonymously. We use services such as Google Analytics to analyze usage patterns, measure performance, and improve our Site.
• Functionality Cookies: These cookies allow our Site to remember choices you have made (such as your preferred language or region) and provide enhanced, personalized features.
• Advertising and Targeting Cookies: These cookies are used to deliver advertisements that are relevant to your interests. They also help limit the number of times you see an advertisement and measure the effectiveness of advertising campaigns.

6.3 Other Tracking Technologies

In addition to cookies, we may use:

• Web beacons (pixels): Small, transparent images embedded in web pages or emails that track whether a page or email has been viewed
• Local storage: Browser-based storage mechanisms that store data on your device for longer periods than session cookies
• Session replay tools: Technologies that record how visitors interact with our Site (such as mouse movements, clicks, and scrolling) to identify usability issues and improve user experience

6.4 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to:

• View what cookies are stored on your device and delete them individually or all at once
• Block third-party cookies
• Block cookies from specific websites
• Block all cookies
• Delete all cookies when you close your browser

Please note that disabling cookies may affect the functionality of our Site and may prevent you from accessing certain features.

To opt out of Google Analytics tracking, you may install the Google Analytics Opt-out Browser Add-on. To learn more about interest-based advertising and your opt-out options, visit the Network Advertising Initiative or the Digital Advertising Alliance.

7. Data Security

As a cybersecurity and managed IT services provider, we take the security of your personal information extremely seriously. We implement and maintain a comprehensive information security program that includes administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction.

7.1 Technical Safeguards

• Encryption: We use industry-standard encryption protocols (including TLS/SSL) to protect data in transit and AES-256 encryption for data at rest
• Access controls: Role-based access controls (RBAC) ensure that only authorized personnel can access personal information on a need-to-know basis
• Multi-factor authentication: We require multi-factor authentication for access to systems containing sensitive personal information
• Network security: Enterprise-grade firewalls, intrusion detection and prevention systems (IDS/IPS), and continuous network monitoring
• Endpoint protection: Advanced endpoint detection and response (EDR) solutions on all company devices
• Vulnerability management: Regular vulnerability scanning, penetration testing, and timely application of security patches

7.2 Administrative Safeguards

• Security policies: Comprehensive written information security policies and procedures
• Employee training: Regular security awareness training for all employees, including phishing simulations and data handling best practices
• Background checks: Pre-employment screening for team members with access to sensitive information
• Vendor management: Security assessments and contractual requirements for third-party service providers

7.3 Incident Response

We maintain a documented incident response plan that includes procedures for detecting, containing, investigating, and remediating security incidents. In the event of a data breach involving your personal information, we will notify affected individuals and relevant authorities in accordance with applicable law.

While we implement robust security measures, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

8. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements. The specific retention period depends on the nature of the information and the purpose for which it was collected.

In determining the appropriate retention period, we consider:

• The nature and sensitivity of the personal information
• The potential risk of harm from unauthorized use or disclosure
• The purposes for which we process the information and whether we can achieve those purposes through other means
• Applicable legal, regulatory, and contractual requirements
• Applicable statutes of limitations for potential legal claims

Client service data is generally retained for the duration of the client relationship plus a period of seven (7) years thereafter, unless a longer retention period is required by law or contract.

Marketing data is retained until you opt out of receiving marketing communications or request deletion.

Website analytics data is typically retained in an aggregated or anonymized form and may be kept indefinitely for trend analysis and reporting purposes.

9. Your Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information:

9.1 Right to Access

You have the right to request information about the personal information we have collected about you, including the categories of information, the sources from which it was collected, the purposes for collection, and the categories of third parties with whom we have shared it.

9.2 Right to Correction

You have the right to request that we correct inaccurate personal information that we maintain about you, taking into account the nature of the information and the purposes of processing.

9.3 Right to Deletion

You have the right to request that we delete your personal information, subject to certain exceptions. We may deny your deletion request if retaining the information is necessary for us or our service providers to complete a transaction, detect security incidents, comply with legal obligations, or exercise other lawful purposes.

9.4 Right to Opt-Out of Marketing

You may opt out of receiving promotional communications from us at any time by:

• Clicking the "unsubscribe" link at the bottom of any marketing email
• Contacting us at info@hdtech.com
• Calling us at (877) 540-1684

Please note that even after you opt out of marketing communications, we may continue to send you transactional and service-related messages, such as maintenance alerts, security notifications, billing communications, and other non-promotional messages.

9.5 Right to Data Portability

Where applicable, you have the right to request a copy of your personal information in a structured, commonly used, and machine-readable format and to transmit that data to another service provider.

9.6 Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. We will not deny you services, charge you different prices, or provide a different level of service because you exercised a privacy right.

9.7 How to Exercise Your Rights

To exercise any of the rights described above, please submit a verifiable request by contacting us using the information provided in Section 16 (Contact Information). We will respond to verifiable requests within the timeframe required by applicable law (generally within 45 days). We may request additional information from you to verify your identity before processing your request.

You may designate an authorized agent to make a request on your behalf. To do so, you must provide the authorized agent with written permission and we may require that you verify your own identity directly with us.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), provides you with specific rights regarding your personal information. This section describes your rights and how to exercise them.

10.1 Categories of Personal Information Collected

In the preceding twelve (12) months, we have collected the following categories of personal information as defined by the CCPA/CPRA:

• Category A — Identifiers: Real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, or other similar identifiers
• Category B — Personal Information under Cal. Civ. Code § 1798.80(e): Name, address, telephone number, financial information
• Category D — Commercial Information: Records of services purchased, obtained, or considered, and other purchasing or consuming histories or tendencies
• Category F — Internet or Other Network Activity: Browsing history, search history, information regarding interaction with our website
• Category G — Geolocation Data: Approximate geographic location derived from IP address
• Category H — Sensory Data: Audio recordings of phone calls (with your consent where required)
• Category I — Professional or Employment-Related Information: Job title, company name, industry, and professional affiliations
• Category K — Inferences: Inferences drawn from any of the above categories to create a profile reflecting preferences, characteristics, and behavior

10.2 Your CCPA/CPRA Rights

As a California resident, you have the following rights:

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected the information, our business or commercial purposes for collecting the information, and the categories of third parties with whom we shared the information
• Right to Delete: You have the right to request that we delete the personal information we have collected from you, subject to certain exceptions
• Right to Correct: You have the right to request that we correct inaccurate personal information that we maintain about you
• Right to Opt-Out of Sale or Sharing:You have the right to opt out of the "sale" of your personal information and the "sharing" of your personal information for cross-context behavioral advertising. HD Tech does not sell personal information. If we share personal information for cross-context behavioral advertising purposes, you may opt out by contacting us using the information in Section 16
• Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of your sensitive personal information to uses necessary to perform our Services
• Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising any of your CCPA/CPRA rights

10.3 Exercising Your California Rights

To exercise your CCPA/CPRA rights, you may submit a verifiable consumer request by contacting us at info@hdtech.com or by calling us at (877) 540-1684. You may make a request up to twice in a 12-month period. We will respond within 45 days, unless we need an extension of up to an additional 45 days, in which case we will notify you.

To verify your identity, we may ask you to provide information that matches the personal information we have on file. We will only use this information to verify your identity or authority to make the request.

10.4 California "Shine the Light" Law

Under California Civil Code Section 1798.83, California residents who have an established business relationship with us may request a list of third parties to whom we have disclosed personal information for those third parties' direct marketing purposes during the preceding calendar year. HD Tech does not share personal information with third parties for their own direct marketing purposes.

11. Other State Privacy Laws

In addition to California, several other states have enacted comprehensive consumer privacy laws. If you are a resident of one of the following states, you may have additional rights:

11.1 Virginia Consumer Data Protection Act (VCDPA)

If you are a Virginia resident, you have the right to: (a) confirm whether we are processing your personal data and access such data; (b) correct inaccuracies in your personal data; (c) delete your personal data; (d) obtain a copy of your personal data in a portable and readily usable format; and (e) opt out of the processing of your personal data for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects. To appeal a decision regarding your privacy request, you may contact us using the information in Section 16.

11.2 Colorado Privacy Act (CPA)

If you are a Colorado resident, you have the right to: (a) confirm whether we are processing your personal data and access such data; (b) correct inaccuracies; (c) delete your personal data; (d) obtain a copy in a portable format; and (e) opt out of processing for targeted advertising, the sale of personal data, or profiling. You may exercise these rights by contacting us using the information in Section 16. You have the right to appeal our decision regarding your request by contacting us directly. If your appeal is denied, you may contact the Colorado Attorney General at coag.gov/file-complaint.

11.3 Connecticut Data Privacy Act (CTDPA)

If you are a Connecticut resident, you have the right to: (a) confirm whether we are processing your personal data and access such data; (b) correct inaccuracies; (c) delete your personal data; (d) obtain a copy in a portable format; and (e) opt out of the processing of your personal data for targeted advertising, the sale of personal data, or profiling. You may appeal our decision by contacting us, and if dissatisfied with the appeal outcome, you may file a complaint with the Connecticut Attorney General at portal.ct.gov/AG.

11.4 Utah Consumer Privacy Act (UCPA)

If you are a Utah resident, you have the right to: (a) confirm whether we are processing your personal data and access such data; (b) delete your personal data; (c) obtain a copy in a portable format; and (d) opt out of the processing of your personal data for targeted advertising or the sale of personal data.

11.5 Texas Data Privacy and Security Act (TDPSA)

If you are a Texas resident, you have the right to: (a) confirm whether we are processing your personal data and access such data; (b) correct inaccuracies; (c) delete your personal data; (d) obtain a copy in a portable format; and (e) opt out of processing for targeted advertising, the sale of personal data, or profiling. You may appeal our decision by contacting us. If dissatisfied with the outcome, you may file a complaint with the Texas Attorney General.

11.6 Other Emerging State Privacy Laws

Additional states continue to enact consumer privacy legislation. We are committed to complying with all applicable state privacy laws and will update this Policy as needed to reflect new legal requirements. If you believe you have privacy rights under your state's law that are not addressed here, please contact us using the information in Section 16.

12. Children's Privacy

Our Site and Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. We comply with the Children's Online Privacy Protection Act (COPPA) and will not knowingly collect, use, or disclose personal information from anyone under the age of 13.

If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete such information as quickly as possible. If you are a parent or guardian and believe that your child has provided personal information to us, please contact us immediately using the information in Section 16 so that we can take appropriate action.

We do not knowingly collect personal information from minors under the age of 16 for the purpose of selling or sharing that information, as defined under applicable state privacy laws.

13. Third-Party Links

Our Site may contain links to third-party websites, applications, or services that are not owned or controlled by HD Tech. These links are provided for your convenience and informational purposes only.

We are not responsible for the privacy practices, content, or security of any third-party websites or services. We encourage you to review the privacy policies of any third-party sites you visit before providing any personal information. The inclusion of a link on our Site does not imply endorsement of the linked website or its content.

Third-party services we may link to include, but are not limited to, social media platforms, payment processors, partner technology vendors, and industry resources. Each of these third-party services has its own privacy policy governing the collection and use of your information.

14. International Data

HD Tech is headquartered in the United States and our Services are primarily directed to businesses within the United States. All personal information we collect is processed and stored on servers located in the United States.

If you are accessing our Site or Services from outside the United States, please be aware that your personal information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those of your jurisdiction. By providing your personal information to us, you consent to the transfer of your information to the United States.

We do not specifically target or market our Services to individuals located outside the United States. If you are located in the European Economic Area (EEA), United Kingdom, or other regions with laws governing data collection and use, please note that we are not subject to the General Data Protection Regulation (GDPR) or similar international data protection frameworks unless specifically required by applicable law.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this Policy, we will:

• Post the updated Privacy Policy on our Site with a revised "Last Updated" date
• Provide notice of material changes through prominent notice on our Site, email notification, or other appropriate means
• Obtain your consent for material changes where required by applicable law

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Site or Services after any changes to this Policy constitutes your acceptance of those changes.

16. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using any of the following methods:

We will make every effort to respond to your inquiry promptly and within the timeframe required by applicable law. For privacy rights requests, we will acknowledge receipt of your request within ten (10) business days and provide a substantive response within forty-five (45) days, unless an extension is necessary.