Privacy Policy for ShawTech PGH, LLC

1. Who we are and where this applies

ShawTech PGH, LLC is a business based in Pennsylvania, USA. We provide IT and cybersecurity monitoring services, including a Proactive Grid Hub that helps small businesses see the health and risk of their systems more clearly.

This policy applies to information we collect:

• On our public website (for example, informational pages about ShawTech PGH).
• Through any customer portals, dashboards, or reports that we host.
• Through agents or tools that you install on your systems as part of our services.
• Through direct communication with you, such as email or support tickets.

2. Information you provide to us

We collect information that you or your team choose to share with us, such as:

• Business contact details (name, role, business name, email address, phone number).
• Account details for people who log into our portals (for example, usernames and role information).
• Billing and subscription details, such as billing contact and basic payment-related information.
• Content in emails, support tickets, or other messages sent to us.

When you provide information about other people in your organization (for example, listing staff devices), you confirm that you are allowed to share that information with us for the purposes described in this policy.

3. Information collected automatically

When you visit our website or use our portals, we may automatically collect some technical information, such as:

• IP address and basic device details (browser type, operating system, screen size).
• Pages you view, links you click, and general usage patterns.
• Date and time of access and basic performance metrics.

We may use standard web technologies, such as server logs and basic analytics tools, to understand how the site and portals are being used so we can keep them stable and improve them over time.

4. Information collected through monitoring agents

If you install an agent or allow us to connect to your systems as part of ShawTech PGH, we may collect information such as:

• Device identifiers and basic system details (hostname, operating system version, hardware details).
• Installed software, patch levels, and update status.
• Selected security-related signals (for example, certain event log entries or vulnerability scan results).
• Connectivity and uptime information, such as whether a system appears online or offline.

We do not intend for the agent to collect the contents of your files, emails, or databases. Our focus is on system health and security posture, not the specific business data you store.

5. How we use information

We use the information we collect for purposes such as:

• Providing, operating, and maintaining the ShawTech PGH services.
• Generating dashboards and reports that show the health and risk of your systems.
• Communicating with you about the service, including updates, notices, and support.
• Improving the service, including troubleshooting, analytics, and planning new features.
• Protecting the security and integrity of our systems and our customers' systems.
• Meeting legal, regulatory, or compliance obligations where applicable.

6. Legal bases for processing (for some regions)

If you are in a place where data protection laws such as the GDPR apply, we typically rely on one or more of the following legal bases to process your information:

• Contract: we need to process information to provide the services you signed up for.
• Legitimate interests: we process information to operate, improve, and secure the service in a way that is balanced against your privacy.
• Consent: in some cases, we may ask for your consent for specific uses, such as certain types of analytics or communications.
• Legal obligations: we may need to process or retain certain information to meet legal or regulatory requirements.

7. How we share information

We do not, and will not, sell any data we collect, including personal information, business information, or monitoring data from your systems. We may share information in the limited situations described below, and we take data privacy very seriously.

• Service providers: we work with trusted vendors that help us host our systems, send email, provide monitoring, ticketing, and similar support functions. They may process information on our behalf and are expected to protect it appropriately.
• IT partners: if you work with a local IT provider or MSP and explicitly ask us to coordinate with them, we may share relevant information and reports to support that relationship.
• Legal and safety reasons: we may share information if we believe it is necessary to comply with the law, respond to a legal request, or protect the rights, property, or safety of you, us, or others.
• Business changes: if we are involved in a merger, acquisition, or similar transaction, information may be transferred as part of that process, subject to appropriate safeguards.

8. Data retention

We keep information for as long as it is reasonably needed to provide the services, to meet legal or accounting requirements, or to resolve disputes. The exact retention period can vary depending on the type of information and how it is used.

When information is no longer needed, we will take reasonable steps to delete it or de-identify it.

9. Security

We take security seriously and use reasonable technical and organizational measures to protect the information we process. No system can be guaranteed to be perfectly secure, but we work to reduce risk and react promptly to issues that arise.

You can help by using strong passwords, limiting who has access to your portals, and letting us know quickly if you suspect any unauthorized access related to our services.

10. International transfers

Our systems and service providers may be located in different regions or countries. If you are outside the United States, this may mean that your information is transferred to, stored in, or processed in a country that may have different data protection laws than your own.

Where applicable, we take steps to help ensure that such transfers comply with relevant legal requirements and that your information remains protected.

11. Your choices and rights

Depending on where you live, you may have certain rights over your personal information, such as the right to access, correct, or delete it, or to object to certain types of processing.

Even where specific legal rights do not formally apply, we aim to be reasonable. If you want to review, update, or remove information that directly identifies you in our systems, contact us using the details below and we will do our best to help, subject to any legal or contractual limits.

You can also request to stop receiving non-essential emails (for example, marketing or announcement emails) by following unsubscribe instructions in those messages or by contacting us.

12. Children's privacy

ShawTech PGH does not target or knowingly provide services to children under the age of 13. If we learn that we have collected personal information from a child under 13 without appropriate permission, we will take steps to delete that information as soon as practical.

13. Changes to this Privacy Policy

We may update this policy from time to time as our services, practices, or legal requirements change. When we make material updates, we will change the “last updated” date at the top of this page and, when appropriate, provide additional notice (for example, through the portal or by email).

Your continued use of the services after an updated policy takes effect means you agree to the new version.