Privacy Policy

1. What We Collect

• Account Information: Name, email address, and authentication data via Firebase Auth.
• Usage Data: Pages visited, features used, session duration.
• Infrastructure Telemetry: System metrics from connected infrastructure (only with explicit authorization).
• Payment Information: Processed securely by Stripe. We never store card numbers.

2. How We Use It

• Providing and improving the iTechSmart platform
• AI-assisted diagnostics and remediation
• Generating immutable audit receipts
• Compliance reporting (SOC2, HIPAA, NIST, FedRAMP)
• Customer support and communication

3. PHI Handling (Healthcare)

For healthcare customers, iTechSmart supports HIPAA compliance. Protected Health Information (PHI) is classified, encrypted at rest and in transit, with access logged via immutable receipts. Business Associate Agreements (BAAs) are available upon request.

4. Data Retention

• Audit receipts: Retained for 7 years (immutable)
• Account data: Retained until account deletion
• Telemetry data: 90 days rolling window
• AI conversation logs: 30 days, then anonymized

5. Third-Party Services

• Firebase: Authentication and database (Google Cloud)
• Stripe: Payment processing
• Google AI: Gemini for AI features
• Vercel: Website hosting

6. Your Rights

Under GDPR and CCPA, you have the right to:

• Access your personal data
• Request deletion of your data
• Export your data (portability)
• Opt out of data processing

To exercise these rights, contact privacy@itechsmart.dev.

7. Contact

Privacy questions: privacy@itechsmart.dev