Information Privacy Notice 


Effective Date: November 2013 
Last Updated: November 2025 


Massive IT (“we,” “us,” or “our”) is committed to protecting the privacy, confidentiality, and security of the information entrusted to us by our clients, their employees, and other individuals. 

This Information Privacy Notice describes how we collect, use, store, and protect personal and business information when providing managed IT, cybersecurity, compliance, and cloud services. 


1. Scope 


This notice applies to all personal information processed by Massive IT in connection with: 


  • Managed IT and help desk services 
  • Cloud hosting, Microsoft 365, Azure, and security services 
  • Professional services and consulting engagements 
  • Website visitors, marketing communications, and partner interactions 

If you are a client, this notice supplements the confidentiality and data protection terms included in your Master Services Agreement (MSA) or Statement of Work (SOW). 


2. Information We Collect 


We collect and process information that is necessary to deliver contracted services and maintain business operations, including: 


A. Client and User Information 


  • Name, title, email address, phone number, and business contact details 
  • User account and credential information (e.g., Microsoft Entra ID, help desk logins) 
  • Device identifiers, IP addresses, and system log data for managed assets 


B. Service Operations and Monitoring Data 


  • System performance metrics, event logs, and alert data collected via tools such as Auvik, Microsoft Defender, and Fortinet 
  • Network, firewall, and endpoint telemetry necessary for security monitoring and incident response 
  • Audit logs, ticket histories, and change management documentation 


C. Billing and Administrative Data 


  • Business billing contact information, invoices, and payment records (processed via secure third-party payment processors) 


We do not sell or rent personal information. 


3. How We Use Information 


Massive IT uses personal and system information for the following purposes: 


  1. Delivering contracted managed and professional services 
  2. Managing accounts, billing, and service renewals 
  3. Providing technical support and incident response 
  4. Monitoring and securing networks, endpoints, and cloud environments 
  5. Conducting audits, security assessments, and regulatory compliance checks 
  6. Improving service quality, reliability, and security posture 
  7. Meeting legal, regulatory, or contractual obligations 


We process data strictly under lawful bases such as contract performance, legitimate business interest, or legal compliance. 


4. How We Protect Information 


Massive IT employs multiple layers of security to protect personal and business information: 


  • Encryption: AES-256 encryption for data at rest and TLS 1.2+ for data in transit. 
  • Access Control: Multi-factor authentication (MFA), role-based permissions, and least-privilege access models. 
  • Endpoint and Network Protection: Microsoft Defender for Endpoint, Fortinet firewalls, and Auvik network monitoring. 
  • Monitoring: 24×7 SOC monitoring and centralized SIEM alerting through Microsoft Sentinel. 
  • Backups and Resilience: Immutable off-site backups (Veeam, Acronis) with periodic recovery testing. 
  • Vendor Oversight: Use of only SOC 2-certified or ISO 27001-certified subservice providers. 


5. Data Retention 


Data is retained only as long as necessary to provide services, meet legal obligations, or fulfill contractual requirements: 


  • Service and ticket data – 7 years 
  • Audit and security logs – 7 years 
  • Financial and billing records – per IRS and GAAP retention schedules 
  • Data backups – per client’s backup and recovery policy 


Upon contract termination, client data is securely deleted or returned per the Data Retention and Secure Disposal Policy and MSA terms. 


6. Data Sharing and Disclosure 


We may share information only under these limited circumstances: 


  • Authorized Third Parties: Trusted vendors (e.g., Microsoft, Fortinet, Acronis, Pax8, TD Synnex) under written confidentiality and data-processing agreements. 
  • Legal or Regulatory Requests: When required by law, court order, or government regulation. 
  • Business Transfers: In the event of merger or acquisition, subject to confidentiality protections. 


We do not disclose data to unrelated third parties for marketing or advertising purposes. 


7. Cross-Border Data Transfers 


As a U.S.-based company, Massive IT primarily stores and processes data in U.S. data centers.
If data is transferred internationally (for example, when using Microsoft 365 or Azure regional services), we ensure adequate protections through contractual clauses, encryption, and adherence to GDPR and data-transfer mechanisms such as Standard Contractual Clauses (SCCs). 


8. Your Rights 


Depending on your jurisdiction, you may have the right to: 


  • Access and request a copy of your data 
  • Request correction or deletion of inaccurate information 
  • Restrict or object to specific data processing activities 
  • Receive notice of data incidents affecting your personal information 

Requests may be submitted to privacy@massiveit.com.


We verify identity before releasing information and respond within applicable legal timeframes. 


9. Data Breach Response 


In the event of a data breach involving personal or confidential information, Massive IT will: 


  1. Contain and investigate the incident immediately. 
  2. Notify affected clients or individuals without undue delay. 
  3. Provide details of the nature, scope, and remedial measures taken. 
  4. Cooperate fully with clients, regulators, and law enforcement as required by law. 


All incidents follow the Incident Response Policy and are logged for audit purposes. 


10. Children’s Privacy 


Massive IT does not knowingly collect or process personal information from individuals under the age of 16. If we discover that such data has been collected inadvertently, it will be promptly deleted. 


11. Policy Updates 


This notice may be updated periodically to reflect legal, technical, or operational changes.
The latest version is always available at https://www.massiveit.com/privacy or upon request to privacy@massiveit.com


12. Contact Information 


For privacy-related inquiries, data requests, or compliance questions, please contact: 


Massive IT – Privacy Office 
Email: privacy@massiveit.com 
Address: 9630 W Linebaugh Avenue Tampa, Florida 33626] 
Phone: (813) 518-5454