IT pal

Privacy Policy

Last updated: January 1, 2025

Introduction

IT-PAL SSPR ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our self-service password reset solution and related services.

Information We Collect

Personal Information

We may collect personal information including:
  • Name and contact information
  • Email addresses
  • Employee ID and organizational information
  • Authentication credentials and security questions
  • Usage data and system logs

Technical Information

We automatically collect technical information including IP addresses, browser type, device information, and system performance metrics to ensure service reliability and security.

How We Use Your Information

We use collected information for:
  • Providing and maintaining our password reset services
  • User authentication and identity verification
  • Security monitoring and threat detection
  • Service improvement and analytics
  • Customer support and technical assistance
  • Compliance with legal obligations

Data Security

We implement enterprise-grade security measures including:
  • End-to-end encryption for all data transmission
  • Zero-trust security architecture
  • Regular security audits and penetration testing
  • Multi-factor authentication requirements
  • SOC 2 Type II compliance
  • ISO 27001 certified data centers

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information only in the following circumstances:
  • With your explicit consent
  • To comply with legal obligations
  • To protect our rights and safety
  • With trusted service providers under strict confidentiality agreements
  • In connection with business transfers (with notice)

Your Rights

You have the right to:
  • Access your personal data
  • Correct inaccurate information
  • Request deletion of your data
  • Object to processing
  • Data portability
  • Withdraw consent at any time

Data Retention

We retain personal data only as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, and resolve disputes. Security logs are typically retained for 90 days, while account information is retained during active service periods.

International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including Standard Contractual Clauses and adequacy decisions where applicable.

Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of our services constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:
Email: privacy@itpal.comAddress: IT-PAL SSPR Privacy OfficerData Protection Department