Effective Date: March 2026

ITWiseCyber (“we,” “our,” or “us”) is committed to protecting the privacy and security of our clients’ data. This policy outlines how we collect, use, and safeguard information when delivering remote management and cybersecurity services.

1. Data Collection

We collect minimal data necessary for remote management and security monitoring. This includes system logs, device metadata (OS version, patch status, hardware identifiers), and network telemetry related to threat detection. We do not collect personal files, emails, or browsing history unless explicitly required for a specific incident investigation with client consent.

2. Use of Information

Collected data is used exclusively to:

• Monitor system health and patch compliance
• Automate remediation of known issues
• Detect and respond to security incidents
• Improve our automation scripts and policies

3. Confidentiality & Encryption

All data transmitted between endpoints and our management platforms is encrypted using TLS 1.3. At rest, data is stored with AES-256 encryption. Access is restricted via Role‑Based Access Control (RBAC) and is logged for audit purposes.

4. No Third‑Party Sharing

We do not sell, rent, or share system telemetry data with third‑party marketing entities. Limited data may be shared with subprocessors (e.g., Datto, AWS) only as necessary to deliver the contracted services, under strict data protection agreements.

5. Data Retention

Telemetry data is retained for up to 12 months, after which it is anonymized or deleted. Clients may request data deletion at any time by contacting us.

6. Your Rights

You have the right to access, correct, or request deletion of your data. For privacy inquiries, contact admin@itwisecyber.com.

This policy is aligned with SOC2 and GDPR principles and is reviewed annually.