Privacy Policy | Prytania Managed Services

1. Scope & Who This Policy Covers

This Privacy Policy ("Policy") applies to:

Visitors to the Prytania Managed Services website (www.prytaniams.com) and any related online properties ("Website")
Current, prospective, and former clients of Prytania Managed Services ("Clients") and their authorized contacts
Employees, contractors, and end-users of Client organizations whose information Prytania may access in the course of providing managed IT services

This Policy covers information collected and processed by Prytania Managed Services LLC ("Prytania," "we," "us," or "our"), headquartered in New Orleans, Louisiana. It does not cover third-party websites, services, or platforms linked from our Website, which have their own privacy practices.

Prytania operates in two distinct data roles depending on context: (1) as a Data Controller with respect to information collected directly on our Website and in our business operations; and (2) as a Data Processor or Service Provider acting on behalf of Clients with respect to Client data accessed in the course of delivering managed IT services.

2. Information We Collect

2.1 Information Clients and Contacts Provide Directly

When you inquire about our services, enter into a service agreement, or communicate with us, we may collect:

Business contact information: name, title, company name, email address, phone number, and mailing address
Billing and payment information: invoicing details, payment method information (processed securely through our payment processor; Prytania does not store full payment card numbers)
Service-related information: technical environment details, system inventories, credentials, network diagrams, and other information necessary to deliver IT services
Communications: emails, support tickets, chat logs, and call recordings (where permitted by law and disclosed to participants) related to our service delivery

2.2 Information We Collect Automatically from Our Website

When you visit our Website, we and our service providers may automatically collect:

Log data: IP address, browser type and version, operating system, referring URL, pages viewed, and time and date of your visit
Device information: device type, screen resolution, and unique device identifiers
Cookie and tracking data: see Section 6 (Cookies & Tracking Technologies) for full details

2.3 Information We Access in the Course of Providing Services

To deliver managed IT services, Prytania's personnel and remote management tools may access or encounter:

Data stored on Client systems, servers, cloud environments, and endpoints, including files, emails, databases, and application data
Personal information of Client employees and end-users, such as usernames, email addresses, work profiles, and device activity logs
Network traffic and security event logs generated by monitoring tools deployed in Client environments

Prytania accesses this information solely to perform contracted services. We treat all Client system data as Confidential Information under our Terms of Service and do not use it for our own commercial purposes.

2.4 Information from Third Parties

We may receive business contact information from referral partners, industry directories, or publicly available sources for the purpose of marketing our services to potential clients. We handle such information in accordance with this Policy.

3. How We Use Information

Prytania uses the information we collect for the following purposes:

3.1 Delivering and Improving Services

Provisioning, managing, monitoring, and supporting Client IT environments
Responding to support requests, diagnosing technical issues, and performing remote remediation
Managing user accounts, access credentials, and software licenses on Client systems
Analyzing service performance to improve our tools, processes, and offerings

3.2 Business Operations

Processing invoices, tracking payments, and managing billing disputes
Executing and administering service agreements, SOWs, and legal obligations
Communicating with clients regarding service updates, maintenance windows, incidents, and renewals
Conducting internal audits, risk assessments, and compliance activities

3.3 Security & Incident Response

Detecting, investigating, and responding to cybersecurity threats, anomalies, and incidents affecting Client and Prytania systems
Maintaining security logs for forensic analysis and audit purposes
Protecting the integrity, confidentiality, and availability of Client and Prytania data

3.4 Website & Marketing

Analyzing Website traffic and user behavior to improve our online presence
Sending marketing communications and service announcements to current and prospective clients who have expressed interest in our services (see Section 10 for opt-out information)
Responding to inquiries submitted through our Website contact forms

3.5 Legal Compliance

Complying with applicable laws, regulations, and legal processes
Enforcing our Terms of Service and other agreements
Establishing, exercising, or defending legal claims

4. Legal Bases for Processing

Prytania processes personal information on the following legal bases:

Contract performance: processing necessary to perform our managed services agreements with Clients and to fulfill pre-contractual obligations (e.g., responding to service inquiries)
Legitimate interests: processing for fraud prevention, network and information security, internal analytics, and direct marketing to business contacts, where our legitimate interests are not overridden by individual privacy rights
Legal obligation: processing required by applicable federal, state, or local law, including data retention obligations and responses to lawful government requests
Consent: where required by law, we obtain consent before sending marketing communications or placing non-essential cookies

Where we rely on legitimate interests, we have assessed that those interests are not outweighed by individuals' privacy rights. Individuals may object to processing based on legitimate interests at any time (see Section 10).

5. HIPAA & Protected Health Information

If Prytania provides managed IT services to a Covered Entity or Business Associate under the Health Insurance Portability and Accountability Act (HIPAA), Prytania acts as a Business Associate and will enter into a Business Associate Agreement (BAA) with that client prior to accessing any Protected Health Information (PHI). The BAA governs Prytania's obligations with respect to PHI and supplements this Privacy Policy.

5.1 Our Role as a Business Associate

As a Business Associate, Prytania does not use or disclose PHI except as permitted or required by the applicable BAA and HIPAA regulations. Prytania accesses PHI only to the minimum extent necessary to perform the contracted IT services (the "Minimum Necessary" standard).

5.2 Safeguards for PHI

Prytania implements the administrative, physical, and technical safeguards required by the HIPAA Security Rule (45 CFR Part 164, Subpart C) for electronic PHI (ePHI) encountered in Client environments covered by a BAA. These safeguards include:

Access controls limiting ePHI access to authorized Prytania personnel with a need to know
Audit logging of access to systems containing ePHI
Encryption of ePHI in transit using industry-standard protocols (e.g., TLS 1.2 or higher)
Workforce training on HIPAA obligations and privacy practices
Breach notification procedures consistent with the HIPAA Breach Notification Rule (45 CFR Part 164, Subpart D)

5.3 HIPAA Breach Notification

In the event of a Breach of Unsecured PHI (as defined by HIPAA) discovered by Prytania, we will notify the applicable Covered Entity Client without unreasonable delay and in no case later than 60 calendar days after discovery, in accordance with our BAA and 45 CFR Section 164.410. Notifications will include the information required by HIPAA to the extent known at the time of notification.

5.4 Subcontractors

Where Prytania engages subcontractors who may have access to PHI, Prytania will enter into BAAs with those subcontractors that impose HIPAA-equivalent obligations. Prytania remains responsible to the Covered Entity for the actions of its subcontractors with respect to PHI.

5.5 General Clients

This Section 5 applies only to Clients who have executed a BAA with Prytania. For all other Clients, data accessed during service delivery is governed by the confidentiality provisions of our Terms of Service and this Policy, but HIPAA's specific requirements do not apply.

6. Cookies & Tracking Technologies

6.1 What We Use

Our Website uses the following types of cookies and similar technologies:

Strictly necessary cookies: required for the Website to function (e.g., session management, security). These cannot be disabled.
Analytics cookies: help us understand how visitors use our Website (e.g., Google Analytics). Data is aggregated and anonymized where possible.
Preference cookies: remember your settings and preferences to improve your experience.
Marketing cookies: used to track visitors across websites for remarketing purposes. We use these sparingly and only with consent where required.

6.2 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies; however, doing so may affect Website functionality. Where required by applicable law, we obtain your consent before placing non-essential cookies. You may withdraw consent at any time through our cookie preference center or by adjusting your browser settings.

6.3 Do Not Track

Some browsers transmit "Do Not Track" signals. Our Website does not currently respond to Do Not Track signals in a standardized way, as no uniform standard exists. We will revisit this position as the standard evolves.

7. Information Sharing & Disclosure

Prytania does not sell, rent, or trade personal information. We share information only in the following limited circumstances:

7.1 Service Providers & Subprocessors

We engage trusted third-party vendors to help operate our business and deliver services, including:

Remote monitoring and management (RMM) platform providers
Professional services automation (PSA) and ticketing system vendors
Cloud storage and backup providers
Billing, invoicing, and payment processing platforms
Cybersecurity tool vendors (EDR, DNS filtering, SIEM)
Communication platforms (email, video conferencing, VoIP)

All service providers are contractually required to protect information with standards at least as protective as this Policy and to use information only to provide services to Prytania. Where applicable, we execute Data Processing Agreements (DPAs) with subprocessors.

7.2 Legal Requirements & Law Enforcement

We may disclose information when required by law, court order, subpoena, or other legal process, or when we believe in good faith that disclosure is necessary to: (a) comply with applicable law or legal obligations; (b) protect the rights, property, or safety of Prytania, our clients, or the public; or (c) detect or prevent fraud, security threats, or illegal activity. Where legally permitted, we will notify affected clients prior to disclosure.

7.3 Business Transfers

If Prytania undergoes a merger, acquisition, reorganization, or sale of all or substantially all of its assets, Client and Website visitor information may be transferred to the acquiring entity as part of that transaction. We will provide reasonable notice of any such transfer and the opportunity for affected parties to exercise applicable rights.

7.4 With Your Consent

We may share information with third parties for purposes not described in this Policy when we have your explicit consent to do so.

7.5 Aggregated & De-Identified Data

We may share aggregated, de-identified, or anonymized data (from which personal identifiers have been removed) with partners, in public reports, or for industry analysis. Such data cannot reasonably be used to identify any individual.

8. Data Retention

Prytania retains personal and Client information for as long as necessary to fulfill the purposes described in this Policy, to satisfy our contractual and legal obligations, and to resolve disputes. Our standard retention guidelines are:

Client contact and account information: retained for the duration of the service relationship and for seven (7) years following termination, consistent with standard business record-keeping requirements
Support tickets and service records: retained for five (5) years following ticket closure
Security event and audit logs: retained for a minimum of one (1) year, or longer where required by applicable law or a client's compliance framework (e.g., HIPAA requires six years for BAA-related documentation)
Financial and billing records: retained for seven (7) years in accordance with IRS and state tax requirements
Website analytics data: retained in aggregated form for up to two (2) years
PHI accessed under a BAA: retained only as long as necessary to perform the contracted services; PHI is returned or securely destroyed upon BAA termination in accordance with HIPAA requirements

When information is no longer needed, Prytania will securely delete or anonymize it in accordance with our data destruction procedures. Secure destruction of physical media containing sensitive data follows NIST SP 800-88 guidelines.

9. Data Security

Prytania implements a layered security program designed to protect the confidentiality, integrity, and availability of the information we collect and process. Our security controls include:

Encryption of data in transit using TLS 1.2 or higher for all network communications
Encryption of sensitive data at rest on Prytania-managed systems
Multi-factor authentication (MFA) required for all Prytania staff accessing client systems and internal platforms
Role-based access controls limiting information access to personnel with a legitimate business need
Continuous endpoint protection and threat monitoring on Prytania-managed devices
Regular vulnerability assessments and patching of Prytania's own systems
Annual security awareness training for all Prytania employees and contractors
A documented incident response plan that is reviewed and tested annually

No security system is impenetrable. While Prytania takes significant measures to protect your information, we cannot guarantee absolute security against all threats. In the event of a data breach affecting personal information, Prytania will notify affected parties in accordance with applicable state breach notification laws and, where applicable, HIPAA requirements.

10. Your Privacy Rights

10.1 General Rights

Depending on your location and applicable law, you may have the following rights with respect to your personal information:

Right of access: to know what personal information we hold about you and to receive a copy
Right to correction: to request correction of inaccurate or incomplete information
Right to deletion: to request deletion of your personal information, subject to our legal retention obligations
Right to restriction: to request that we limit how we use your information in certain circumstances
Right to object: to object to processing based on legitimate interests or for direct marketing purposes
Right to data portability: to receive your information in a structured, machine-readable format where technically feasible

To exercise any of these rights, please contact us at privacy@prytaniams.com. We will respond to verified requests within 30 days. We may need to verify your identity before processing your request.

10.2 Louisiana Residents

Louisiana residents have rights under the Louisiana Consumer Privacy Act (effective January 1, 2026) including the right to access, correct, delete, and opt out of the sale or sharing of personal data. Prytania does not sell personal data. Louisiana residents may exercise their rights by contacting us using the information in Section 14. We will respond to verified requests within 45 days, with one 45-day extension where reasonably necessary.

10.3 Marketing Opt-Out

You may opt out of receiving marketing communications from Prytania at any time by: (a) clicking the "unsubscribe" link in any marketing email; (b) emailing privacy@prytaniams.com with the subject line "Unsubscribe"; or (c) calling us at the number listed in Section 14. We will process opt-out requests within 10 business days. Note that opting out of marketing communications does not affect service-related communications necessary to manage your account or provide the services.

10.4 Client Employee Rights

If you are an employee or end-user of a Prytania Client organization and believe that Prytania holds personal information about you in connection with IT services provided to your employer, please direct your request first to your employer. Prytania will cooperate with Client's reasonable instructions regarding end-user data in accordance with our service agreement with that Client.

11. Third-Party Links & Integrations

Our Website may contain links to third-party websites, tools, or platforms. Clicking these links will take you to sites governed by their own privacy policies, which may differ from ours. Prytania has no control over and takes no responsibility for the privacy practices or content of third-party sites.

In delivering managed IT services, Prytania may configure, support, or integrate third-party software platforms (e.g., Microsoft 365, Google Workspace, QuickBooks, Salesforce) on Client systems. Prytania acts as a service provider when accessing these platforms; the platform vendors' own privacy policies and terms govern their data handling with respect to Client data stored within those platforms.

12. Children's Privacy

Prytania's Website and services are directed exclusively to business clients and are not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If we learn that we have inadvertently collected personal information from a minor, we will promptly delete it. If you believe we may have information about a minor, please contact us at privacy@prytaniams.com.

13. Changes to This Privacy Policy

Prytania may update this Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will:

Post the updated Policy on our Website with a revised effective date
Notify active Clients by email at least 30 days before the updated Policy takes effect
Where required by law, obtain consent for material changes affecting how we process your personal information

Your continued use of our Website or services after the effective date of an updated Policy constitutes acceptance of the changes. We encourage you to review this Policy periodically.

14. Contact & How to Raise a Concern

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have a concern about how Prytania handles your information, please contact us:

Prytania Managed Services

Privacy Inquiries: privacy@prytaniams.com

General Inquiries: info@prytaniams.com

Website: www.prytaniams.com

We aim to respond to all privacy inquiries within 30 days. If you are not satisfied with our response to a complaint, you may have the right to lodge a complaint with your applicable state attorney general's office or other supervisory authority.