Your privacy, our engineering discipline.
We handle personal data the way we handle code — with care, precision, and strict access controls. This policy explains what we collect, how we use it, and your rights.
01Information we collect
We collect minimal information required to deliver our services. When you contact us through our website, we collect your name, email address, company, and details about your project inquiry.
When you engage us as an engineering partner, we collect information necessary for service delivery — contract details, communication logs, technical specifications, and access to relevant systems you authorize.
We do not collect sensitive personal data, health information, or financial account details unless specifically required for a project and governed by a separate data processing agreement.
02How we use your information
Contact form submissions are used solely to respond to your inquiry. We do not add you to marketing lists, share your information with third parties, or use it for any purpose beyond the immediate conversation.
Client project data is used exclusively for engineering delivery — building, testing, deploying, and maintaining the software you hire us to build. We follow strict access controls and data minimization principles.
We retain project data for the duration of the engagement plus a reasonable period for legal and operational purposes, typically 3 years unless a shorter period is requested.
03Data sharing and third parties
We do not sell, rent, or trade your personal information. We do not share your data with advertisers or marketing networks.
We use a limited set of third-party services necessary for our operations: email providers (Google Workspace), cloud infrastructure (AWS, Cloudflare), and project management tools (Linear, GitHub). These services have their own privacy practices we evaluate carefully.
When required for a specific project, we sign data processing agreements (DPAs) and security addenda that bind us and any sub-processors to your privacy and security requirements.
04Data security
We apply defense-in-depth security practices to all data we handle: encryption at rest and in transit, role-based access control, hardware security keys for authentication, audit logging, and regular security reviews.
For client engagements, we offer additional controls including isolated environments, on-premise or private cloud deployment, end-to-end encryption for communications, and custom compliance frameworks (SOC 2, ISO 27001, HIPAA, etc.).
We maintain an incident response process and notify affected parties within 72 hours of discovering any material security incident involving their data.
05Your rights
You have the right to access, correct, export, or delete your personal information at any time. Email privacy@itechsoftsolutions.com with your request and we'll respond within 30 days.
EU residents have additional rights under GDPR including the right to object to processing, restrict processing, and data portability. California residents have rights under CCPA/CPRA.
You can withdraw consent for any processing based on consent at any time. Withdrawing consent does not affect the lawfulness of processing before withdrawal.
06Cookies and tracking
Our website uses minimal cookies: a session cookie for functionality, and anonymous analytics cookies to understand traffic patterns. We do not use third-party advertising cookies or tracking pixels.
You can disable cookies through your browser settings without breaking site functionality. Analytics can be disabled via the opt-out mechanism at the bottom of our website.
07Changes to this policy
We may update this privacy policy from time to time. When we make material changes, we'll update the 'Last updated' date at the top and, where appropriate, notify clients via email.
Continued use of our services after a policy update constitutes acceptance of the revised policy.
Questions about our privacy practices?
Email our privacy team. Real humans, real responses — typically within one business day.