Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Contact Information: Name, email address, phone number, company name
• Account Information: Username, password (encrypted), business details
• Service Information: Details about your security needs, IT infrastructure, compliance requirements
• Payment Information: Credit card details processed via Authorize.net (PCI DSS compliant)
• Communication Records: Emails, support tickets, phone call records (for quality and training)

1.2 Information We Collect Automatically

• Technical Information: IP address, browser type, operating system, device information
• Usage Information: Pages visited, time spent, features used, security tools accessed
• Analytics Data: Google Analytics data (anonymized where possible)
• Security Assessment Data: Results from free security tools (HIBP checker, SSL analyzer)

1.3 Information From Third Parties

• ActiveCampaign: Email engagement data (opens, clicks, automation triggers)
• Authorize.net: Payment processing confirmations
• Business Verification Services: Company information for B2B validation

2. How We Use Your Information

2.1 Primary Business Purposes

• Service Delivery: Provide managed security services, monitoring, and support
• Account Management: Create and maintain your service account
• Communication: Send service updates, security alerts, and support responses
• Billing: Process payments and maintain billing records
• Compliance: Meet regulatory requirements (HIPAA, PCI DSS, SOC 2, NIST 800-171)

2.2 Marketing Purposes (With Consent)

• Email Marketing: Send educational content, security tips, service updates via ActiveCampaign
• Lead Nurturing: Behavior-based automation sequences based on tool usage and engagement
• Newsletter: Weekly cybersecurity insights (10,000+ subscribers - opt-in required)
• Webinar Invitations: Training opportunities and educational events

2.3 Service Improvement

• Analytics: Understand how visitors use our website and security tools
• Product Development: Improve services based on usage patterns and feedback
• Security Research: Analyze threats and develop better protection methods
• Quality Assurance: Review support interactions for training and improvement

2.4 Legal Obligations

• Compliance: Meet legal and regulatory requirements
• Fraud Prevention: Detect and prevent fraudulent activity
• Legal Requests: Respond to subpoenas, court orders, or legal processes

3. How We Protect Your Information

3.1 Technical Safeguards

• Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
• Access Controls: Role-based access, multi-factor authentication, principle of least privilege
• Network Security: Firewall protection, intrusion detection, continuous monitoring
• Regular Audits: Penetration testing, vulnerability assessments, security reviews
• Backup Systems: Encrypted backups with geographic redundancy

3.2 Organizational Safeguards

• Staff Training: Regular security awareness training for all employees
• Background Checks: Pre-employment screening for all staff with data access
• Confidentiality Agreements: All staff sign NDAs and confidentiality agreements
• Incident Response: 24/7 monitoring with documented breach notification procedures
• Vendor Management: Third-party security assessments and contract reviews

3.3 Compliance Certifications

• NIST 800-171: Government contractor cybersecurity requirements
• CMMC-2: Cybersecurity Maturity Model Certification
• CIS-18: Center for Internet Security controls
• PCI DSS: Payment Card Industry Data Security Standards (via Authorize.net)
• HIPAA: Healthcare information privacy and security compliance

4. Sharing Your Information

4.1 Service Providers (Data Processors)

We share information with trusted third parties who help us provide services:

4.2 We DO NOT

• ❌ Sell your personal information to third parties
• ❌ Share your data with advertisers without consent
• ❌ Use your data for purposes unrelated to our services without permission

5. Your Privacy Rights

5.1 All Users

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Opt-Out: Unsubscribe from marketing emails (service emails may still be sent)
• Data Portability: Receive your data in a machine-readable format

5.2 California Residents (CCPA Rights)

5.3 European Economic Area Residents (GDPR Rights)

5.4 How to Exercise Your Rights

6. Cookies and Tracking Technologies

6.1 What Are Cookies?

Cookies are small text files stored on your device that help websites function and provide analytics.

6.2 Cookies We Use

6.3 Managing Cookies

• Browser Settings: Most browsers allow you to refuse or delete cookies
• Opt-Out Tools: Use Google Analytics opt-out browser add-on
• Do Not Track: We respect Do Not Track signals where possible
• Cookie Banner: Manage preferences via our cookie consent banner

Note: Disabling cookies may affect website functionality and prevent access to some features.

Read our full Cookie Policy →

7. Third-Party Services

7.1 Security Assessment Tools

We offer free security tools that may query third-party services:

• Have I Been Pwned (HIBP): Checks if email appears in data breaches
• SSL Labs: Analyzes website SSL/TLS configurations
• Shodan: IP reputation and exposure scanning

When you use these tools, your query may be sent to third-party APIs. Review their privacy policies for details on how they handle data.

7.2 Third-Party Links

Our website may contain links to third-party websites (e.g., security resources, industry news). We are not responsible for their privacy practices. Review their privacy policies before providing information.

8. Data Retention

8.1 How Long We Keep Your Data

9. Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children.

If we discover we have collected information from a child under 16, we will delete it immediately. Parents who believe we may have information about a child should call: (603) 285-9680 x5050

10. International Users

10.1 United States Operations

Mainstream Technology Group operates primarily in the United States. Information collected is processed and stored in the United States.

10.2 International Data Transfers

If you access our services from outside the United States:

• • Your information may be transferred to and processed in the United States
• • United States privacy laws may differ from your country's laws
• • By using our services, you consent to this transfer
• • We implement appropriate safeguards for international transfers

10.3 GDPR Compliance (EEA Users)

For users in the European Economic Area:

• • We provide GDPR-compliant data processing
• • Standard Contractual Clauses (SCCs) for data transfers
• • Right to lodge complaints with supervisory authorities
• • Designated contact for GDPR inquiries: (603) 285-9680 x5050

11. Changes to This Policy

We may update this Privacy Policy to reflect:

• • Changes in our services or business practices
• • New legal or regulatory requirements
• • Improvements to privacy protections
• • Technology changes affecting data processing

We will notify you of material changes:

• • Email notification to active clients and newsletter subscribers
• • Website banner for 30 days after updates
• • "Last Updated" date at top of this policy

Continued use of our services after changes constitutes acceptance. If you disagree with changes, you may terminate your account.

12. Contact Us

12.1 Privacy Questions

12.2 Data Protection Officer

For GDPR-related inquiries or to exercise your rights, call (603) 285-9680 x5050

12.3 Security Concerns

If you believe your data has been compromised:

• Immediate Contact: (603) 285-9680 x5050
• Phone: (603) 285-9680 x5050 for security issues
• 24/7 Response: We monitor security incidents around the clock