Privacy Policy

Introduction

ThinkOpen Inc. ("we", "us", "our") operates thinkopen.net and provides managed IT and cybersecurity services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or engage our services. Please read this policy carefully. By using our site or services, you consent to the practices described herein.

Information We Collect

Personal Information

We collect information you provide directly, including your name, email address, phone number, company name, and job title when you fill out contact forms, request security assessments, or engage our services. For contracted clients, we also collect billing information necessary to process payments.

Automatically Collected Information

When you visit our website, we automatically collect certain technical information including your IP address, browser type and version, operating system, referring URLs, pages visited, time spent on pages, and device identifiers. This data is collected via Vercel Analytics, a privacy-respecting analytics platform that does not use cookies and does not require a cookie consent banner.

Client Engagement Data

During service delivery, we may access and process technical data from your environment, including network configurations, Active Directory exports, Microsoft 365 tenant data, and vulnerability scan results. This data is governed by your service agreement and treated as strictly confidential.

How We Use Your Information

We use the information we collect to: respond to inquiries and deliver contracted services; process transactions and send invoices; send service-related communications such as audit reports, finding notifications, and security advisories; improve our website and service offerings; comply with legal obligations and regulatory requirements; protect against fraud, unauthorized access, and security threats. We do NOT sell, rent, or share your personal information with third parties for marketing purposes.

Information Sharing & Disclosure

We may share your information with: service providers who assist our operations (Supabase for data hosting, Resend for transactional email, Vercel for web hosting) — all bound by data processing agreements; law enforcement or government agencies when required by valid legal process; parties involved in a merger, acquisition, or asset sale — you would be notified in advance of any such transfer. We never sell personal data to third parties.

Data Retention

We retain personal information only as long as necessary to fulfill the purposes described in this policy and to comply with legal obligations. Contact form submissions are retained for 2 years. Client engagement data is retained for the duration of the service agreement plus 3 years. Analytics data is retained for 26 months. You may request deletion of your personal data at any time by contacting us.

Data Security

We implement industry-standard security measures to protect your information, including: encryption in transit (TLS 1.3) and at rest; access controls enforcing least-privilege principles; regular security assessments of our own infrastructure; mandatory security training for all employees and contractors. As a cybersecurity firm, we hold ourselves to the same standards we set for our clients. While no system is 100% secure, we commit to prompt notification if a data breach affects your information.

Cookies & Tracking

We use Vercel Analytics, a privacy-respecting, cookieless analytics platform. We do not use third-party tracking cookies, Google Analytics, or advertising pixels. Only essential cookies required for basic site functionality are used. Because we do not use tracking cookies, no cookie consent banner is required.

Your California Privacy Rights (CCPA)

If you are a California resident, you have the right to: know what personal information we collect and how it is used; request deletion of your personal information; opt out of the sale of personal information (we do not sell it); receive equal service and pricing regardless of exercising your privacy rights. To exercise these rights, email privacy@thinkopen.net or write to us at our mailing address. We will respond to verified requests within 45 days.

Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 16, we will delete that information promptly.

International Data Transfers

Our services are hosted in the United States. If you access our website from outside the United States, your information may be transferred to and processed in the US, where data protection laws may differ from those in your jurisdiction.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Changes become effective when posted with a revised "Last updated" date. We will notify active clients of material changes via email.

Contact Us

For privacy-related inquiries: privacy@thinkopen.net | ThinkOpen Inc., 5420 McConnell Ave, Los Angeles, CA 90066 | 424.437.8173