Our Commitment
We earn trust by protecting your data, being transparent about how we work, and giving you control. This page summarizes our security practices, privacy commitments, and the vendors we use at a level that is informative without exposing sensitive details.
How We Protect Data
- Identity & access: SSO and MFA for all admins; least privilege roles and regular access reviews.
- Remote support safety: Technician actions are logged; session recordings are off by default and enabled only with client approval.
- Endpoint & email security: Managed detection and response with layered protections.
- Network edge protection: DDoS mitigation and WAF shielding public endpoints.
- Monitoring & response: Centralized logging and alerting; change management and incident response procedures.
- Backups & recovery: Tested backups with client defined retention.
Our Technology Partners (names only)
We publish vendor names only. We never publish admin URLs, tenant IDs, IPs, or configuration details. A complete list is available to customers under NDA or DPA on request.
- Network edge security & DNS: Cloudflare (CDN, WAF, DDoS)
- Identity & access: Microsoft Entra ID (SSO, MFA, Conditional Access)
- Endpoint protection: Microsoft Defender (EDR/AV, threat detection)
- Productivity & collaboration: Microsoft 365
- Device management: Microsoft Intune (UEM/MDM)
- AI assistance: Microsoft Copilot for Microsoft 365
- Cloud infrastructure (internal systems): Microsoft Azure; Amazon Web Services (AWS)
- CRM & forms (website/marketing): HubSpot; Formspree
- Project management: Monday.com
Change notice: We notify customers 30 days in advance of material changes to our sub processor list where required by contract. Contact us to receive notifications.
Data Residency
- We configure US only processing for our Microsoft 365 and Entra, Intune, Azure, and AWS tenants where residency controls are available.
- Cloudflare operates globally at the network edge to improve resilience and performance.
How We Use AI (Safely)
- We use enterprise AI tools including Microsoft Copilot for Microsoft 365, and where appropriate Google Gemini and OpenAI ChatGPT in enterprise configurations.
- No credentials, secrets, or unredacted regulated data are entered into conversational interfaces.
- For restricted data, we use API based workflows with zero data retention when available and regional controls.
- All outputs receive human review before client delivery.
See our AI Usage Policy for details.
Your Privacy Rights
Colorado residents have the right to access, correct, delete, and obtain a copy of personal data we control, and to opt out of targeted advertising, the sale of personal data, and certain profiling. We honor recognized universal opt out signals (for example Global Privacy Control) where applicable.
Read our full Privacy Policy for how to submit a request and appeal decisions.
Remote Services Transparency
- Remote sessions begin only with user authorization or notice.
- Actions performed by technicians are logged. Audit logs are typically retained 90 days.
- Clients can set policies for recording, clipboard and file transfer, and after hours access.
Responsible Disclosure
If you believe you have found a security issue, please email privacy@tecnicodesk.com with details. We will investigate and respond.
Last updated: 2025-08-08. This page is provided for transparency and is not a contractual commitment on its own. Contractual terms appear in our MSA/SOW and, where applicable, DPA/BAA.