Who We Are

This Privacy Policy explains how cloudIT (“Company,” “we,” “our,” or “us”) collects, uses, shares, and safeguards personal information when we provide managed IT, cybersecurity, cloud, software-development, or other technology-related services (the “Services”) and when you interact with cloudIT.co (the “Site”). It applies to information we process as a service provider/processor on behalf of our business customers and to information we collect for our own business purposes.

Information We Collect

Category

Examples

Source

Identifiers

name, postal address, email, IP address, device ID, account credentials

• Site forms
• Customer onboarding docs

Commercial & Contract Data

service subscriptions, transaction history, license keys, project artifacts

• Service tickets
• Statements of Work

Usage Data

log files, browser type, time stamps, clickstream, metadata

• Our servers
• Third-party analytics

Geolocation

coarse location derived from IP or device settings

• Cloud infrastructure logs

Sensitive Data (only when required by contract)

health information⁄HIPAA, financial account numbers, or government IDs encrypted at rest

• Customer-provided files

We do not intentionally collect information from children under 13 and instruct minors to refrain from using the Site (Federal Trade Commission).

How We Use Information

Purpose

Legal/Contractual Basis*

Provide, secure, and support the Services

Contract performance

Configure endpoints, backups, MFA, SIEM, and other managed-security functions

Legitimate interests / Contract

Monitor, test, and improve our platforms and user experience

Legitimate interests

Billing, account management, and collections

Contract / Legal obligation

Marketing our solutions (opt-out any time)

Consent / Legitimate interests

Comply with laws, regulations, subpoenas, and breach-notification duties (e.g., FTC Safeguards Rule 16 C.F.R. § 314.4) (California DOJ)

Legal obligation

* Where the EU/UK GDPR applies, we rely on the lawful bases noted above. We process “special categories” of personal data only with appropriate safeguards or explicit consent.

Cookies & Similar Technologies

We use first, and third-party cookies, pixel tags, and local storage to:

  • keep you signed in,
  • remember preferences,
  • analyze Site traffic, and
  • deliver limited remarketing.

You can disable non-essential cookies in your browser or via our “Cookie Settings” banner (modeled on practices referenced at cloudit.co/cookie_policy) but some Site features may not work.

Sharing & Disclosure

We do not sell or rent personal information. We share it only:

  • with vetted sub-processors (e.g., cloud hosting, help-desk software) under confidentiality and data-processing agreements;
  • with authorities or auditors when required by law or to protect rights, safety, or property;
  • at your direction (for example, when onboarding a new SaaS integration).

A current list of sub-processors is available upon request.

Data Security

Consistent with FTC guidance on “Protecting Personal Information” (GDPR), we maintain an information-security program that includes:

  • Administrative controls: policies, least-privilege access, employee background checks, annual security-awareness training.
  • Technical controls: AES,256 encryption at rest, TLS 1.2+ in transit, MFA, network segmentation, EDR, and continuous vulnerability management.
  • Physical controls: badge-restricted facilities, locked racks, and CCTV.

We test controls through regular penetration testing and SOC 2 audits.

Data Retention

We keep personal information only as long as necessary to: (a) fulfill the purposes outlined above; (b) satisfy legal, tax, or regulatory requirements; or (c) resolve disputes. Standard retention is 7 years after contract termination unless otherwise agreed.

International Transfers

If we transfer data outside its country of origin (for example, to U.S. or EU data centers), we rely on:

  • Standard Contractual Clauses (SCCs) approved under GDPR, or
  • other recognized transfer mechanisms.

We monitor legal developments and will update safeguards as needed.

Your Privacy Rights

United States (California, Virginia, Colorado, etc.)
Residents may exercise the following under CCPA/CPRA: right to know/access, correct, delete, and opt-out of “sale” or “sharing” of personal information (Federal Trade Commission). We honor Global Privacy Control (GPC) signals. We will not discriminate for exercising your rights.

European Economic Area / UK / Switzerland
You have GDPR rights to access, rectify, erase (“right to be forgotten”), restrict processing, object, and data portability. If you believe we have infringed your privacy, you may lodge a complaint with your supervisory authority.

How to submit a request
Email privacy@cloudit.co or call [toll,free number]. We will verify identity and reply within the timeframe required by applicable law (30–45 days).

Incident Notification

In the event of a security incident affecting 500+ individuals, we will notify affected customers and, where applicable, the FTC and other regulators no later than 30 days after discovery, in line with the amended Safeguards Rule.

Third-Party Links

Our Site may link to external sites not governed by us. We are not responsible for their content or privacy practices. Review the privacy notices of any third-party site you visit.

Changes to This Policy

We may update this Policy periodically. Material changes will be highlighted on the Site or emailed to registered contacts at least 30 days before they take effect. The “Effective” date at the top will always show the latest version.

Contact Us

cloudIT
Attn: Privacy Office
920 E. Madison Street
Suite 120
Phoenix, AZ 85034
Email: privacy@cloudIT.co
Phone: 602-875-5400

If you have questions about this Policy or our privacy practices, please reach out, your trust is vital to us.

clouditTechnology Elevated