Privacy Policy

1. Introduction

NinjaIT ("we," "us," or "our") operates the ninjait.app website and the NinjaIT platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Service.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree with the terms of this policy, please do not access the Service.

2. Information We Collect

2.1 Personal Data

When you register for an account or use our Service, we may collect:

• Name, email address, and phone number
• Company name, job title, and billing address
• Payment information (processed securely via third-party payment processors)
• Login credentials (passwords are hashed and never stored in plaintext)

2.2 Device and Endpoint Data

When you install the NinjaIT agent on devices, we collect system telemetry necessary to provide monitoring and management services:

• Hardware specifications (CPU, RAM, disk, network adapters)
• Operating system type and version
• Performance metrics (CPU usage, memory usage, disk I/O, network throughput)
• Installed software inventory
• Running services and processes
• Patch and update status

We do not collect personal files, browsing history, keystrokes, or any content stored on monitored devices.

2.3 Usage Data

We automatically collect certain information when you use the Service:

• IP address, browser type, and operating system
• Pages visited, time spent on pages, and referring URLs
• Feature usage patterns within the dashboard
• Error logs and performance data

3. How We Use Your Information

We use the collected information for the following purposes:

• Service delivery: Providing, operating, and maintaining the NinjaIT platform
• Monitoring and alerting: Processing device telemetry to detect issues and send alerts
• Account management: Creating and managing your account, processing billing
• Communication: Sending transactional emails, product updates, and support responses
• Improvement: Analyzing usage patterns to improve the Service and develop new features
• Security: Detecting and preventing fraud, abuse, and security threats
• Legal compliance: Fulfilling legal obligations and responding to lawful requests

4. Data Sharing and Disclosure

We do not sell your personal data. We may share information with:

• Service providers: Third-party vendors who assist in operating the Service (hosting, payment processing, email delivery, analytics), bound by data processing agreements
• Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction
• Legal requirements: When required by law, subpoena, or government request, or to protect our rights, safety, or property
• With your consent: When you explicitly authorize sharing with third parties (e.g., integrations with WHMCS, Slack, PagerDuty)

5. Data Security

We implement industry-standard security measures to protect your data:

• Encryption at rest: AES-256 encryption for all stored data
• Encryption in transit: TLS 1.3 for all data transmission
• Authentication: JWT-based authentication with bcrypt password hashing
• Access controls: Role-based access control (RBAC) with multi-tenant isolation
• Infrastructure: Data hosted in SOC 2 Type II certified data centers
• Monitoring: 24/7 security monitoring and intrusion detection
• Backups: Encrypted daily backups with point-in-time recovery

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Metric and telemetry data retention varies by plan:

• Starter plan: 30 days
• Professional plan: 90 days
• Business plan: 1 year
• Enterprise plan: Custom retention period

After account deletion, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records).

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Portability: Request a machine-readable export of your data
• Restriction: Request limitation of processing in certain circumstances
• Objection: Object to processing based on legitimate interests or direct marketing
• Withdraw consent: Withdraw consent at any time where processing is consent-based

To exercise any of these rights, contact us at privacy@ninjait.app. We will respond within 30 days.

8. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. When transferring data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

9. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will provide notice via email or an in-app notification.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

• Email: privacy@ninjait.app
• General: hello@ninjait.app
• Website: ninjait.app/contact