Legal

Privacy Policy

Last updated: April 3, 2026

1. Introduction

CinnTech Ltd. ("CinnTech," "we," "us," or "our") is committed to protecting the privacy of the individuals and businesses we serve. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information in connection with our managed IT services, website, and related offerings.

CinnTech operates in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Ontario privacy law. By using our website or services, you consent to the practices described in this policy.

2. Information We Collect

2.1 Information You Provide Directly

We collect personal information you provide when you:

  • Fill out a contact, quote, or assessment form on our website
  • Enroll in a Managed Services subscription (Device Shield, User Plans)
  • Communicate with us by phone, email, or chat
  • Enter into a service agreement with CinnTech

This may include your name, business name, email address, phone number, mailing address, and billing information.

2.2 Information Collected Automatically

When you visit our website, we may collect certain information automatically, including:

  • IP address and approximate geographic location
  • Browser type and version
  • Pages visited and time spent on the site
  • Referring URL
  • Device type and operating system

This information is collected through server logs, cookies, and similar technologies. See Section 5 for more detail on cookies.

2.3 Information Collected Through Service Delivery

In providing managed IT services, we may access or process:

  • Information about enrolled devices (hardware identifiers, operating system, software inventory, performance and health data)
  • Microsoft 365 tenant configuration and user account details (for User Plans)
  • Security event logs and alert data generated by endpoint protection tools (for Device Shield)
  • Network configuration and IT environment details

We collect only the information necessary to deliver and support the services you have engaged us for.

2.4 Information from Third Parties

We may receive information about you from third-party platforms in connection with service delivery, including Microsoft, software vendors, and our IT management platforms. This information is used solely to deliver services and is handled in accordance with this policy.

3. How We Use Your Information

We use personal information for the following purposes:

  1. Service Delivery: To provision, configure, manage, and support your IT services.
  2. Account Management: To manage your subscription, process payments, and communicate about your account.
  3. Security and Monitoring: To detect, investigate, and respond to security threats or incidents on enrolled devices and systems.
  4. Communications: To send service notifications, invoices, maintenance notices, and responses to your inquiries.
  5. Compliance: To meet our legal obligations under applicable law.
  6. Improvement: To improve our services, website, and internal operations using aggregated or de-identified data.

We do not sell, rent, or trade personal information to third parties for marketing purposes.

4. Storage and Data Location

Personal information collected by CinnTech may be stored on servers located in Canada or the United States, depending on the platforms and services in use. These include cloud infrastructure and third-party IT management tools that store data in North American data centres.

By using our services, you acknowledge that your data may be transferred to and processed in the United States in connection with third-party platforms. Where data is stored or processed outside Canada, we take reasonable steps to ensure comparable privacy protections are in place.

5. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to support site functionality and improve your experience:

  • Essential cookies: Required for core site functionality (e.g., form submissions, session state).
  • Analytics cookies: Used to understand site traffic and usage patterns. Analytics data is aggregated and not linked to identifiable individuals.

You may disable cookies through your browser settings. Disabling essential cookies may affect your ability to use certain features of our website.

We do not use cookies to track your activity across third-party websites for advertising purposes.

6. Disclosure of Personal Information

We do not sell or rent personal information. We may share personal information in the following limited circumstances:

  • Service Providers: With third-party vendors and platforms used to deliver our services. These parties are contractually obligated to handle personal information only as necessary to perform services on our behalf.
  • Legal Requirements: Where required by law, court order, or lawful government authority.
  • Business Transfers: In connection with a merger, acquisition, or sale of business assets, subject to confidentiality obligations. Affected Clients will be notified.
  • With Your Consent: In any other circumstances where you have expressly authorized disclosure.

7. Third-Party Links

Our website may contain links to third-party websites. CinnTech is not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party sites you visit.

8. Children's Privacy

CinnTech's services are designed for businesses and business owners. We do not knowingly collect personal information from individuals under the age of 13. If you believe a minor has provided us with personal information, please contact us at [email protected] and we will promptly delete it.

9. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.

  • Active Client records: Retained for the duration of the service relationship plus a minimum of 7 years to meet standard business and tax record-keeping obligations.
  • Device and security event data: Retained for the duration of the service engagement and removed within 60 days of account termination.
  • Website analytics: Retained for up to 26 months in aggregate form.
  • Inactive inquiries: Records of unanswered inquiries or prospects who did not become clients are retained for up to 2 years.

When personal information is no longer required, it is securely deleted or de-identified.

10. Your Rights Under PIPEDA

Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), you have the following rights with respect to your personal information held by CinnTech:

  1. Right to Access: You may request a copy of the personal information we hold about you, and information about how it is being used.
  2. Right to Correction: If information we hold is inaccurate or incomplete, you have the right to request a correction.
  3. Right to Withdraw Consent: You may withdraw consent to our collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions and reasonable notice. Note that withdrawal of consent may affect our ability to provide services.
  4. Right to Lodge a Complaint: If you believe we have not complied with PIPEDA, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

To exercise any of the above rights, submit your request in writing to [email protected]. We will respond within 30 days.

11. Mobile Phone and SMS Communications

If you provide your mobile phone number to CinnTech, it may be used for the following purposes:

  • Appointment scheduling and reminders
  • Account notifications and service alerts
  • Responses to support requests you have initiated

We do not use mobile phone numbers for unsolicited marketing or mass SMS campaigns. Mobile numbers are not shared with third parties for marketing purposes.

12. Security Practices

CinnTech implements reasonable administrative, technical, and physical safeguards to protect personal information against unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Encrypted transmission of data in transit (TLS)
  • Access controls and authentication requirements for internal systems
  • Regular review of security practices and third-party vendor security posture

No method of transmission or storage is completely secure. In the event of a breach of personal information that poses a real risk of significant harm, we will notify affected individuals and the Office of the Privacy Commissioner of Canada as required under PIPEDA's breach notification provisions.

13. Modifications to This Policy

CinnTech may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. Material changes will be communicated to active Clients via email at least 30 days before taking effect. The updated policy will also be posted on our website with a revised "Last Updated" date.

14. Contact and Privacy Questions

For questions, concerns, or requests related to this Privacy Policy or our handling of personal information, contact our Privacy Officer:

CinnTech Ltd.
Attn: Privacy Officer
PO Box 294, Morewood, Ontario K0A 2R0, Canada
Phone: (613) 317-5583
Email: [email protected]

For complaints that are not resolved to your satisfaction, you may contact the Office of the Privacy Commissioner of Canada:

Office of the Privacy Commissioner of Canada
30 Victoria Street, Gatineau, QC K1A 1H3
1-800-282-1376
priv.gc.ca