Privacy Policy

Last updated: February 2025

Brindleford Technologies Ltd ("we", "us", "our") operates the Linux RMM service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our remote monitoring and management platform.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Organisation/company name
  • Billing information (processed securely via our payment provider)
  • Password (stored using industry-standard hashing)

1.2 Device and System Information

When you install our agent on managed devices, we collect:

  • Hostname, IP addresses, and MAC addresses
  • Operating system type and version
  • Hardware specifications (CPU, memory, disk)
  • System performance metrics (CPU usage, memory usage, disk usage, network statistics)
  • Installed software and running processes
  • System logs as configured by you

1.3 Usage Information

We automatically collect:

  • Log data including IP address, browser type, and pages visited
  • Actions taken within the platform (for audit logging)
  • Script execution history and results
  • API usage patterns

1.4 Credentials Vault

You may optionally store credentials (SSH keys, passwords, API tokens) in our encrypted vault. These are encrypted using AES-256-GCM and can only be decrypted during authorised script execution.

2. How We Use Your Information

We use the collected information to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Send technical notices, updates, and security alerts
  • Respond to your comments, questions, and support requests
  • Monitor and analyse usage patterns to improve user experience
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and United Kingdom, we process your personal data based on:

  • Contract Performance: Processing necessary to provide our services to you
  • Legitimate Interests: Processing for our legitimate business interests, such as fraud prevention, security, and service improvement
  • Legal Obligation: Processing required to comply with applicable laws
  • Consent: Where you have given explicit consent for specific processing activities

4. Data Sharing and Disclosure

We do not sell your personal data. We may share information with:

  • Service Providers: Third parties who perform services on our behalf (hosting, payment processing, analytics)
  • Legal Requirements: When required by law, court order, or governmental authority
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you have given explicit permission

4.1 Sub-processors

We use the following categories of sub-processors:

  • Cloud infrastructure providers (data hosting)
  • Payment processors (billing and subscription management)
  • Email service providers (transactional emails)
  • Analytics providers (usage analytics)

5. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specifically:

  • Account data: Retained until account deletion, then deleted within 30 days
  • Device metrics: Retained according to your subscription plan (typically 30-90 days)
  • Audit logs: Retained for 12 months for security and compliance
  • Backup data: Retained for 30 days after deletion from primary systems

6. Data Security

We implement appropriate technical and organisational measures to protect your data:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Monitoring and logging of system access
  • Regular backups and disaster recovery procedures

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request limitation of processing
  • Portability: Request transfer of your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw previously given consent

To exercise these rights, contact us at [email protected].

8. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data processing agreements with all sub-processors
  • Adequacy decisions where applicable

9. Children's Privacy

Our service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the service interface. Continued use after changes constitutes acceptance of the updated policy.

11. Contact Us

For questions about this Privacy Policy or our data practices:

Brindleford Technologies Ltd

71–75 Shelton Street

Covent Garden

London, WC2H 9JQ

United Kingdom

Email: [email protected]

12. Supervisory Authority

If you are in the UK or EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO):

Information Commissioner's Office

Wycliffe House, Water Lane

Wilmslow, Cheshire, SK9 5AF

Website: ico.org.uk