Windows Autopatch: Some admins may have seen Quality and Feature Update reports incorrectly showing "SYSTEM_SCRUBBED" in Windows Autopatch (incident).
View Microsoft 365 Status
Get Started
Need IT support or a security review?
Talk with OpenTech about managed IT, cybersecurity, Microsoft 365, or urgent support.
Request Service Create Ticket
Home / Privacy Policy
Legal

Privacy Policy

How OpenTech Support collects, uses, shares, stores, and protects information across our website, support channels, client portal, AI assistant, and managed IT and cybersecurity services.

Last updated: April 16, 2026

OpenTech Support ("OpenTech," "we," "our," or "us") is committed to protecting the personal information of everyone who interacts with our website, services, and support systems. This Privacy Policy explains what information we collect, how we use and share it, how long we keep it, and what rights you have over it.

Please read this policy carefully. By using our website or services, you acknowledge that you have reviewed this policy. If you do not agree with our practices, please do not use our services.

1. Scope of This Policy

This Privacy Policy applies to information collected when you:

  • visit opentech.support or any OpenTech-operated web property,
  • submit a service request, contact form, ticket, or bug report,
  • use our account portal, client portal, or support desk,
  • interact with our AI assistant or automated support tools,
  • receive managed IT, cybersecurity, backup, cloud, or remote support services from OpenTech,
  • communicate with us by email, phone, or any other channel.

This policy does not cover data processed solely under a separate written services agreement or data processing addendum ("DPA") with a client organization. Enterprise and managed service clients should refer to their applicable service agreement for data handling obligations specific to that engagement.

2. Information We Collect

The categories of information we collect depend on how you interact with us. We collect information that you provide directly, information generated automatically when you use our services, and information received from third parties.

Information you provide directly

  • Contact information: name, email address, phone number, company name, job title, and mailing address.
  • Account credentials: email address and authentication tokens used to access our portals.
  • Support request content: subject lines, descriptions, steps to reproduce, uploaded files, screenshots, error messages, and diagnostic information submitted through ticket or bug report forms.
  • Service request details: the nature of services requested, urgency, affected users or devices, and related business context.
  • AI assistant inputs: queries, messages, and contextual details you submit to our on-site assistant.
  • Communications: emails, notes, call records, and other correspondence with our team.

Information collected automatically

  • IP address and network information: your public IP address, approximate geographic location derived from that address, and related network identifiers.
  • Device and browser information: browser type and version, operating system, screen resolution, language preferences, and device type.
  • Usage data: pages visited, navigation paths, referring URLs, time spent on pages, form interactions, and feature usage.
  • Security telemetry: request patterns, rate-limiting signals, honeypot interactions, and other fraud- and abuse-prevention data.
  • Session and cookie data: session tokens, consent records, and similar identifiers described in our Cookie Policy.
  • Country code: two-letter country code derived from your IP address, used for regional context and security.

Information from third parties

  • Information from our client portal provider (Zoho Desk) relating to support tickets and contact records.
  • Network, security, and infrastructure telemetry from monitoring and endpoint management tools used to deliver managed services.
  • Authentication signals from magic-link or token-based login systems.

3. How We Use Information

We use collected information for the following purposes:

Service delivery

  • Providing managed IT, cybersecurity, cloud, backup, remote support, and related services.
  • Creating, managing, and resolving support tickets and service requests.
  • Diagnosing technical issues, remediating incidents, and documenting service history.
  • Sending authentication links, account notifications, and service communications.

Website and portal operations

  • Operating our website, forms, AI assistant, and online tools.
  • Authenticating portal access and maintaining account security.
  • Monitoring site performance and fixing technical issues.

Security and abuse prevention

  • Detecting, investigating, and responding to unauthorized access, fraud, abuse, bot traffic, or security incidents.
  • Enforcing rate limits and protecting our infrastructure.
  • Maintaining logs for audit and forensic purposes.

Improvement and analytics

  • Understanding how visitors use our website and improving content, navigation, and performance.
  • Improving our AI assistant responses and support workflows.
  • Conducting internal analysis of service quality and operational efficiency.

Legal and compliance

  • Meeting legal, regulatory, contractual, and operational obligations.
  • Responding to legal process, court orders, or regulatory inquiries.
  • Establishing, exercising, or defending legal claims.

Where data protection law requires us to have a legal basis for processing personal information, we rely on one or more of the following:

  • Consent: where you have given clear consent for a specific purpose, such as accepting cookies.
  • Contract: where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.
  • Legitimate interests: where processing is necessary for our legitimate interests (or those of a third party) and those interests are not overridden by your rights. This includes operating and securing our services, preventing fraud, and improving our products.
  • Legal obligation: where we are required to process information to comply with a legal obligation.
  • Vital interests: where processing is necessary to protect someone's life in an emergency.

5. Cookies and Tracking Technologies

We use cookies, session identifiers, local storage, and similar technologies to operate and improve our website. These tools help us maintain security, remember preferences, and understand usage patterns. For a full description of the specific technologies we use and your options for managing them, please see our Cookie Policy.

6. How We Share Information

We do not sell personal information. We do not share personal information with third parties for their own marketing purposes. We may share information in the following circumstances:

  • Service providers: vendors and subprocessors who help us host, secure, monitor, deliver email, process payments, manage support tickets, or operate our systems. These providers are bound by data processing agreements or similar contractual protections.
  • Authorized personnel: OpenTech employees, contractors, and support staff who need access to information to deliver services or support your account.
  • Client representatives: authorized contacts at a client organization when information relates to services provided to that organization.
  • Legal and regulatory: law enforcement, regulators, courts, or other parties when required by applicable law, legal process, or to protect our legal rights.
  • Business transfers: in connection with a merger, acquisition, reorganization, or sale of assets, in which case personal information may transfer as part of that transaction.
  • With your consent: in any other circumstance where you have given explicit authorization.

7. Third-Party Service Providers

Our operations rely on a number of third-party platforms. These may include, but are not limited to:

  • Cloudflare — content delivery, DDoS protection, DNS, and security services. Data may pass through Cloudflare's global network.
  • Amazon Web Services (AWS) — cloud infrastructure and email delivery via Amazon SES.
  • Zoho Desk — customer support ticketing, client portal, and contact management.
  • OpenAI — AI-powered assistance features on our website. Inputs to the AI assistant may be processed by OpenAI's API.
  • Plausible Analytics — privacy-focused, cookie-free website analytics. No personal data or cross-site tracking is involved.
  • Microsoft 365 — productivity, communication, and collaboration tools used internally.

Our vendor stack evolves over time. This list is representative and may not reflect every subprocessor. For a current list relevant to a managed services engagement, please contact us.

8. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this policy, including service delivery, security, legal compliance, and business operations. Specific retention periods depend on the nature of the data and the context in which it was collected:

  • Support ticket data: retained for the duration of the support relationship and for a reasonable period afterward for dispute resolution, quality review, and audit purposes.
  • Account portal records: retained while your account is active and for a reasonable period following account closure.
  • Security and access logs: retained as required for security monitoring and incident investigation, typically between 30 days and 12 months depending on the log type.
  • Contact and inquiry data: retained for the period reasonably necessary to respond to and follow up on the inquiry, and longer if required by law or legitimate business interest.
  • Legal holds: if required by a legal obligation, regulatory requirement, or active dispute, data may be retained beyond standard periods.

When data is no longer required, we take reasonable steps to delete, anonymize, or de-identify it.

9. Security Measures

We implement administrative, technical, and organizational safeguards appropriate to the sensitivity of the information we process. These include:

  • Encryption in transit (TLS/HTTPS) for all data exchanged with our website and APIs.
  • Access controls and least-privilege principles for internal systems.
  • Authentication protections including rate limiting and token-based authentication for portal access.
  • Security monitoring, logging, and alerting for our infrastructure.
  • Vendor due diligence and contractual data protection requirements.
  • Regular internal review of security practices and access permissions.

Despite our efforts, no method of transmission over the internet or electronic storage is fully secure. We cannot guarantee absolute security and encourage you to use appropriate precautions when submitting sensitive information online.

10. Remote Support and Diagnostics

When you request remote support, OpenTech personnel or authorized systems may temporarily access devices, files, configurations, system logs, installed software, or other technical environments as reasonably necessary to diagnose and resolve issues. This may include viewing screens, running diagnostic commands, reviewing log files, or making approved configuration changes.

By requesting remote support, you acknowledge and consent to this access for the purposes of the support session. You remain responsible for informing us of any data classification requirements, restricted data environments, or access limitations that apply to your systems before a session begins.

Remote support session data may be logged for quality assurance, security review, and documentation purposes.

11. Business and Client Data

When OpenTech provides managed services to a business client, that client (the "data controller") may direct us to process personal information belonging to their employees, customers, or other individuals on their behalf. In that capacity, OpenTech acts as a "data processor" under the client's instructions.

OpenTech will process such data only as instructed by the client and as necessary to deliver contracted services, except where law requires otherwise. Clients are responsible for having a lawful basis for sharing personal data with us and for informing their individuals of relevant processing activities as required by applicable law.

Data processing obligations specific to business engagements are addressed in the applicable service agreement or data processing addendum.

12. Children's Privacy

Our website and services are intended for business users and adults aged 18 and older. We do not knowingly collect personal information from children under the age of 13 (or the applicable minimum age in your jurisdiction). If you believe we have inadvertently collected information about a child, please contact us at [email protected] and we will take steps to delete it promptly.

13. Your Privacy Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information:

  • Access: the right to request a copy of the personal information we hold about you.
  • Correction: the right to request correction of inaccurate or incomplete information.
  • Deletion: the right to request deletion of your personal information, subject to legal and contractual obligations.
  • Restriction: the right to ask us to limit how we use your information in certain circumstances.
  • Objection: the right to object to processing based on legitimate interests or for direct marketing.
  • Portability: the right to receive a structured, machine-readable copy of data you provided to us, where technically feasible.
  • Withdraw consent: where we rely on consent, the right to withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at [email protected]. We may ask you to verify your identity before responding. We will aim to respond within 30 days, or within the timeframe required by applicable law. Some requests may be subject to legal exemptions.

You also have the right to lodge a complaint with the relevant data protection authority in your jurisdiction if you believe we have not handled your information in accordance with applicable law.

14. California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) may give you additional rights.

Categories of information collected

In the last 12 months, we may have collected the following categories of personal information as defined by the CCPA: identifiers (name, email, IP address), commercial information (service requests), internet or other electronic network activity (usage data, browser type), geolocation data (approximate location from IP), and professional or employment-related information (company, job title).

Your CCPA rights

  • Right to Know: you may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, our business purpose, and categories of third parties with whom we share it.
  • Right to Delete: you may request deletion of personal information we have collected, subject to exceptions.
  • Right to Correct: you may request correction of inaccurate personal information.
  • Right to Opt-Out of Sale or Sharing: we do not sell or share personal information for cross-context behavioral advertising.
  • Right to Limit Use of Sensitive Personal Information: we do not use sensitive personal information beyond the purposes permitted by the CPRA.
  • Right to Non-Discrimination: we will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, contact us at [email protected]. We may need to verify your identity to process your request.

15. International Data Transfers

OpenTech is based in the United States. Information we collect may be processed or stored in the United States or in other countries where our service providers operate. If you are located outside the United States, your information will be transferred to and processed in countries that may have different data protection laws than your home country.

Where personal information is transferred internationally, we take reasonable steps to ensure appropriate safeguards are in place, including reliance on approved standard contractual clauses, data processing agreements, or other lawful transfer mechanisms.

16. Data Breach Notification

In the event of a data breach that is reasonably likely to result in harm to affected individuals, OpenTech will take prompt steps to investigate, contain, and remediate the incident. We will notify affected individuals and relevant regulatory authorities in accordance with applicable law, including within the timeframes required by state, federal, or international breach notification requirements.

Managed service clients are encouraged to maintain their own incident response plans and to ensure that applicable breach notification obligations under their service agreements or applicable law are accounted for.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will update the effective date at the top of this page. We encourage you to review this policy periodically. Your continued use of our website or services after changes are posted constitutes your acknowledgment of the updated policy.

18. Contact Us

For privacy-related questions, requests, or complaints, please contact us:

Email (privacy): [email protected]
Email (legal): [email protected]
Website: opentech.support/contact

We aim to respond to all privacy inquiries within 30 days.