Effective Date: January 26, 2026

JTT Tech (referred to as "we," "us," or "our") is a US-based technology consulting and reseller firm specializing in AI, cybersecurity, data management, and DevOps services. We are committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website jtttech.net, interact with our services, submit inquiries via contact forms, or engage with us in any other way.

This policy applies to all users of our website and services, including clients, visitors, and potential customers. If you are located in the European Union (EU), California, or other regions with specific data protection laws, additional provisions may apply as noted below. By using our website or services, you agree to the terms of this Privacy Policy.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on our website and updating the effective date. Your continued use of our services after such changes constitutes your acceptance of the updated policy.

We collect information that you provide directly to us and information that is automatically collected when you interact with our website or services.

• Contact and Identification Information: When you submit a "Get in Touch" form, request a consultation, or inquire about our AI, cybersecurity, data, or DevOps services or resold products, we may collect your name, email address, phone number, company name, and any other details you provide (e.g., project descriptions or file attachments).
• Account Information: If you create an account for ongoing consulting or reseller services, we may collect login credentials, billing details, and preferences.
• Payment Information: For reseller transactions or paid consulting services, we collect payment details such as credit card numbers or bank information, processed securely via third-party providers.

• Usage Data: We collect data about your interactions with our website, such as IP address, browser type, device information, pages visited, time spent on pages, and referral sources.
• Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to analyze traffic, optimize user experience, and track performance. This includes essential cookies for site functionality, analytics cookies (e.g., for Google Analytics to measure engagement with our AI and DevOps content), and performance cookies. For more details, see our Cookie Policy section below.
• Log Files: Server logs automatically record information like access times and error data for security and troubleshooting purposes, especially relevant to our cybersecurity services.

We do not intentionally collect sensitive personal information (e.g., health data, racial or ethnic origins) unless it is voluntarily provided and necessary for specific consulting projects (e.g., data compliance audits).

We use the collected information for the following purposes:

• To Provide and Improve Services: To respond to inquiries, deliver AI consulting, cybersecurity assessments, data management solutions, DevOps implementations, or resell products (e.g., software tools).
• Communication: To send emails, newsletters, or updates about our services, promotions, or industry insights (e.g., cybersecurity threats or AI trends). You can opt out at any time.
• Business Operations: For billing, contract fulfillment, internal analytics, and performance monitoring of our website and services.
• Security and Compliance: To detect and prevent fraud, especially in cybersecurity contexts, and to comply with legal obligations (e.g., data retention for audits).
• Marketing and Personalization: To tailor content or recommendations based on your interests, such as suggesting relevant DevOps tools.
• Research and Development: Anonymized data may be used to improve our AI models or cybersecurity offerings.

We process your data based on legal grounds such as your consent, contract necessity, or legitimate business interests.

We do not sell your personal information. However, we may share it in the following circumstances:

• Service Providers and Vendors: With third-party vendors who assist us, such as Google for reCAPTCHA (spam protection on forms), analytics tools, payment processors, or reseller partners (e.g., for delivering DevOps software).
• Business Partners: With affiliates or partners for joint consulting projects or resold products.
• Legal Requirements: If required by law, subpoena, or government request, or to protect our rights, safety, or property.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred.
• With Your Consent: For any other purpose with your explicit approval.

For EU users under GDPR, we ensure appropriate safeguards (e.g., Standard Contractual Clauses) for international data transfers to the US.

Our website uses cookies to enhance functionality and user experience. Categories include:

• Essential Cookies: Necessary for site operation (e.g., session management).
• Analytics Cookies: To track usage and optimize content (e.g., via Google Analytics).
• Performance Cookies: To measure site speed and errors.

You can manage cookies through your browser settings or our cookie consent banner, which allows you to accept, reject, or customize preferences. Rejecting cookies may limit site features. For details on third-party cookies (e.g., Google), see their privacy policies.

We implement reasonable security measures, including encryption, firewalls, and access controls, to protect your information—leveraging our expertise in cybersecurity. However, no method is 100% secure, and we cannot guarantee absolute protection against breaches. In case of a data incident, we will notify affected users as required by law (e.g., under state breach notification laws or GDPR).

We retain your personal information only as long as necessary for the purposes outlined in this policy, or as required by law. For example, contact form data may be kept for up to 2 years for follow-up, while usage data is retained for analytics for 1 year. After this period, data is securely deleted or anonymized.

This section provides specific information for California residents under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act (CPRA). It supplements the rest of this Privacy Policy and addresses CCPA/CPRA-specific requirements while aligning with our overall data practices.

We do not sell or share (as those terms are defined under the CCPA/CPRA) any personal information. In the preceding 12 months, we have not sold or shared any personal information of California residents.

In the last 12 months, we have collected the following categories of personal information (as defined by CCPA/CPRA):

• Identifiers: Name, email address, phone number, IP address, company name.
• Internet or other electronic network activity information: Browsing history, pages viewed, time spent on site, device information.
• Commercial information: Details of services inquired about or purchased (e.g., AI consulting or resold software).
• Professional or employment-related information: Company name, job title (if provided).

Sources: Directly from you (e.g., contact forms), automatically from your device/browser (e.g., cookies), and from third-party service providers (e.g., analytics tools).

Business or commercial purposes for collection: Providing and improving our consulting and reseller services, responding to inquiries, communicating updates, billing, security, and internal analytics.

Categories of personal information disclosed for business purposes (to service providers only):

• Identifiers and Internet activity information → to analytics providers (e.g., Google Analytics) and spam-protection services (e.g., reCAPTCHA).
• Commercial and professional information → to payment processors or reseller partners (only as needed to fulfill services).

We have not disclosed any personal information for any other purpose.

If you are a California resident, you have the following rights (subject to verification and legal exceptions):

• Right to Know/Access: Request details about the personal information we collected, used, and disclosed about you (including specific pieces of data).
• Right to Deletion: Request deletion of your personal information.
• Right to Correction: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: Not applicable – we do not sell or share your personal information.
• Right to Limit Use of Sensitive Personal Information: Not applicable – we do not collect sensitive personal information (e.g., precise geolocation, racial/ethnic data, health data).

We will not discriminate against you for exercising any of these rights (e.g., by denying service, charging higher prices, or providing lower-quality service).

To submit a verifiable request, contact us at:

• Email: privacy@jtttech.net
• Phone: [Insert Phone Number]

You may make up to two requests per 12-month period. We will respond within 45 days (extendable by 45 days if necessary). We will verify your identity (e.g., by matching provided details to our records) before processing your request. Authorized agents may submit requests on your behalf with written permission and verification.

Depending on your location, you may have the following rights in addition to those under CCPA/CPRA:

• Access and Correction: Request access to or correction of your personal information.
• Deletion: Request deletion of your data (subject to legal exceptions).
• Opt-Out: Opt out of marketing communications, data sharing, or cookie tracking.
• GDPR Rights (for EU Residents): Rights to object, restrict processing, data portability, or withdraw consent.

To exercise these rights, contact us at privacy@jtttech.net. We will respond within the legally required timeframe (e.g., 30 days under GDPR). We do not discriminate against users exercising rights.

As a US-based company, your data is primarily processed in the United States. If we transfer data internationally (e.g., for global consulting clients), we ensure compliance with applicable laws, such as the EU-US Data Privacy Framework or Standard Contractual Clauses for GDPR.

Our services are not directed to children under 13 (or 16 in some jurisdictions). We do not knowingly collect information from children. If we become aware of such collection, we will delete it. Parents or guardians can contact us for assistance.

Our website may contain links to third-party sites (e.g., reseller partners). We are not responsible for their privacy practices. Review their policies separately.

For questions about this Privacy Policy or your data, contact:

• Email:chris@jtttech.net
• Address: US Rte 1 Ste 273 Scarborough, ME 04074
• Phone: 857-310-1510