Privacy Policy

Effective Date: April 8, 2026 · Last Updated: April 8, 2026

Informational Purposes Only. This Privacy Policy is provided for informational purposes and describes how ATTM Technologies collects, uses, and protects information. It does not constitute legal advice. We recommend consulting with a licensed attorney for legal advice specific to your situation, your compliance obligations, or your data privacy rights.

Information We Collect
How We Use Your Information
How We Share Your Information
Data Security
Data Retention
Your Privacy Rights
Children's Privacy
Third-Party Links
Changes to This Policy
Contact Information

ATTM Technologies ("ATTM," "we," "our," or "us") is a managed IT and cybersecurity services provider headquartered in Seattle, Washington, serving clients nationwide. We provide managed IT services, cybersecurity solutions, and compliance consulting to regulated small and mid-sized businesses (SMBs). This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you visit our website at attm-tech.com, communicate with us, or when we provide services to you or your organization.

By using our website or engaging our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the terms of this policy, please discontinue use of our website and contact us before engaging our services.

1. Information We Collect

We collect information in several ways: directly from you, automatically through your use of our website, and in connection with the delivery of our managed IT and cybersecurity services. The categories below describe the types of information we may collect.

1.1 Information You Provide to Us

When you interact with ATTM — whether through our website, by scheduling a consultation, or in the course of our business relationship — you may provide the following personal information:

Contact and identity information: Your full name, business name, job title, business email address, phone number, and mailing address.
Meeting and scheduling information: When you schedule a consultation through Microsoft Bookings (embedded on or linked from our website), we collect the information you submit in that booking form, including your name, email address, phone number, company name, and any notes you provide regarding your IT environment or needs.
Inquiry and communication data: The content of emails, calls, or written communications you send to us, including questions, requests, and any information you voluntarily share.
Business and organizational information: Information about your company's size, industry, number of employees, current IT infrastructure, software licensing, compliance requirements, and related details that you share during the sales process or service engagement.

1.2 Information We Collect Automatically (Website Usage Data)

When you visit our website, we and our third-party analytics and infrastructure partners may automatically collect certain technical and usage information, including:

Log and device data: IP address, browser type and version, operating system, device type, referring URL, pages visited, time and date of visit, time spent on pages, and other clickstream data.
Cookie and tracking data: We use cookies, pixel tags, and similar tracking technologies to recognize returning visitors, understand how users navigate our website, and improve site performance. See Section 1.4 (Cookies) for more detail.
Analytics data: Aggregated and de-identified statistics about website traffic patterns, popular content, and general geographic regions of visitors (derived from IP address).

1.3 Information Collected in the Course of Providing IT Services

When ATTM provides managed IT, cybersecurity, or compliance consulting services to client organizations, we may access, process, or come into contact with data belonging to or associated with those organizations and their employees. This may include, but is not limited to:

IT infrastructure and configuration data: Network topology, server and workstation configurations, hardware inventories, software licensing information, Azure and cloud environment settings, firewall rules, and related system metadata managed through platforms including Microsoft Azure, Cisco Meraki, and related tools.
Endpoint and device data: Device identifiers, device health status, application inventory, security posture data, update and patch status, and device configuration profiles, managed primarily through Microsoft Intune and Microsoft Defender for Endpoint.
Identity and access data: Usernames, role assignments, group memberships, multifactor authentication (MFA) status, sign-in logs, access policies, and conditional access configurations managed through Microsoft Entra ID (formerly Azure Active Directory) and 1Password.
Email security data: Email metadata (sender, recipient, subject, timestamp), message routing logs, spam and phishing detection results, quarantined message information, and security alert data processed through Microsoft Defender for Office 365 and related email security tooling.
Network traffic and security data: Firewall logs, DNS query logs, traffic flow data, network security alerts, and related telemetry from Cisco Meraki and Microsoft-integrated network monitoring tools.
Endpoint detection and response (EDR) data: Security alerts, behavioral telemetry, threat detections, remediation actions, and related incident data processed through Huntress MDR (Managed Detection and Response) and Microsoft Defender.
Backup and disaster recovery data: Backup job logs, restore point metadata, backup status, and related operational data managed through Axcient backup and business continuity solutions.
Compliance and audit data: Compliance posture assessments, policy configurations, audit logs, and documentation developed as part of compliance consulting engagements.

ATTM accesses this category of data solely to deliver contracted services and does not use client operational data for our own marketing, analytics, or commercial purposes. Our access to and processing of this data is governed by individual client service agreements and, where applicable, data processing agreements (DPAs).

1.4 Cookies and Tracking Technologies

Our website uses cookies and similar technologies. Cookies are small text files placed on your device by a website you visit. We use the following types:

Essential cookies: Required for core website functionality and security. These cannot be disabled.
Analytics cookies: Used to collect aggregated, anonymous information about how visitors use our site, such as which pages are most popular. This data helps us improve site performance and content.
Preference cookies: Store user preferences such as display settings or region selections to improve your experience on return visits.
Third-party cookies: Certain embedded functionality on our website (such as the Microsoft Bookings scheduling widget) may set cookies associated with Microsoft's services. These cookies are governed by Microsoft's privacy policy.

Most web browsers allow you to control cookies through browser settings. Disabling cookies may affect certain features of our website. To learn more about cookies and how to manage them, visit allaboutcookies.org.

2. How We Use Your Information

We use the information we collect for the following purposes and on the following legal bases:

2.1 To Communicate With You and Respond to Inquiries

We use your contact information and inquiry content to respond to your questions, provide information about our services, and schedule consultations. This processing is based on your consent (when you initiate contact) and our legitimate interest in communicating with prospective and current clients.

2.2 To Deliver Our Services

We use and process information — including client IT infrastructure data, identity data, endpoint data, and security telemetry — as necessary to perform our managed IT, cybersecurity, and compliance services under our client agreements. This processing is based on contractual necessity.

2.3 To Operate and Improve Our Website

We use automatically collected usage data and analytics to understand how visitors interact with our website, identify technical issues, improve site navigation and content, and measure the effectiveness of our marketing. This processing is based on our legitimate interest in maintaining and improving our online presence.

2.4 To Schedule and Manage Consultations

Information submitted through Microsoft Bookings is used to confirm appointments, send calendar invitations and reminders, and prepare for discovery calls. This processing is based on your consent and contractual necessity (facilitating a requested meeting).

2.5 To Send Service and Administrative Communications

We may use your contact information to send service-related communications, such as updates to this Privacy Policy, changes to our terms of service, security advisories relevant to our services, or important operational notices. These communications are not marketing and are based on our legitimate interest or legal obligation.

2.6 To Send Marketing Communications (With Your Consent)

If you have opted in, we may send you newsletters, case studies, cybersecurity tips, or announcements about our services. You may unsubscribe from marketing communications at any time by clicking the unsubscribe link in any such email or by contacting us at support@attm-tech.com.

2.7 To Comply With Legal Obligations

We may process personal information as required to comply with applicable laws, respond to lawful requests from government authorities, enforce our agreements, or protect the rights, property, or safety of ATTM, our clients, or others.

2.8 To Detect and Prevent Fraud and Security Threats

We may use information to detect, investigate, and prevent fraudulent activity, unauthorized access, and other security incidents, based on our legitimate interest in maintaining the integrity and security of our systems and services.

3. How We Share Your Information

ATTM Technologies does not sell personal information. We do not sell, rent, or trade your personal information to third parties for their own commercial purposes.

We may share information with third parties in the following limited circumstances:

3.1 Technology Sub-Processors and Service Providers

We engage trusted third-party technology vendors and sub-processors to help us deliver our services and operate our business. These parties process personal or client data only on our behalf and subject to appropriate contractual protections, including data processing agreements where required. Our current key sub-processors and technology partners include:

Microsoft Corporation — Microsoft 365, Azure cloud infrastructure, Intune endpoint management, Entra ID identity management, Defender for Endpoint, Defender for Office 365, Microsoft Bookings. Microsoft processes data in accordance with the Microsoft Products and Services Data Protection Addendum (DPA). Learn more at privacy.microsoft.com.
Huntress Labs, Inc. (Huntress MDR) — Managed Detection and Response (MDR) services; endpoint threat detection, triage, and remediation. Huntress processes endpoint security telemetry from client environments to identify and respond to threats.
Axcient — Cloud backup, business continuity, and disaster recovery services. Axcient stores and manages backup data on behalf of ATTM and our clients.
1Password — Enterprise password management and credential security. 1Password processes credential metadata and vault access logs for identity security management.
Cisco Meraki — Cloud-managed networking, including firewall, wireless, and switching infrastructure. Meraki processes network telemetry and device configuration data.

We maintain a list of key sub-processors and will update this policy when material changes occur. You may request the current sub-processor list by contacting us at support@attm-tech.com.

3.2 Business Operations Providers

We may also share limited personal information with vendors who support our internal business operations, such as email delivery services, scheduling tools, invoicing and accounting platforms, and CRM software. These vendors are contractually prohibited from using your information for any purpose other than providing services to ATTM.

3.3 Legal Requirements and Protection of Rights

We may disclose personal information if we believe in good faith that such disclosure is necessary to:

Comply with a legal obligation, court order, subpoena, or other lawful governmental request;
Enforce or apply our terms of service or client agreements;
Protect the rights, property, or personal safety of ATTM Technologies, our clients, employees, or the public; or
Detect, prevent, or address fraud, security vulnerabilities, or technical issues.

3.4 Business Transfers

If ATTM Technologies is involved in a merger, acquisition, asset sale, financing, bankruptcy, or other corporate transaction, personal information we hold may be transferred as part of that transaction. We will provide notice of any such transfer and any material change in privacy practices through this Privacy Policy or by other appropriate means before the transfer occurs, to the extent required by applicable law.

3.5 With Your Consent

We may share your information with third parties for purposes not described in this policy when we have obtained your explicit consent to do so.

4. Data Security

Data security is central to our business, and we apply appropriate administrative, technical, and physical safeguards to protect personal information from unauthorized access, use, disclosure, alteration, and destruction. Our security practices include, but are not limited to:

Encryption in transit and at rest: Communications between our systems and clients are encrypted using industry-standard protocols (TLS 1.2+). Data stored in cloud environments is encrypted at rest using platform-provided encryption (e.g., Azure Storage Service Encryption).
Access controls and least-privilege: Access to personal and client data is restricted to ATTM personnel who require it to perform their job duties. We enforce role-based access controls (RBAC) and the principle of least privilege across our operational systems.
Multi-factor authentication (MFA): All ATTM personnel are required to use multi-factor authentication to access production systems, email, and client-related tooling.
Endpoint and identity security: ATTM staff endpoints are managed with Microsoft Intune and protected by Microsoft Defender. Identity governance is administered through Microsoft Entra ID.
Vendor security assessment: We evaluate the security practices of our technology sub-processors and require that they maintain appropriate security standards.
Incident response: We maintain an incident response plan and will notify affected parties and relevant authorities of data breaches as required by applicable law.

No method of data transmission over the internet or electronic storage is 100% secure. While we strive to use commercially reasonable means to protect personal information, we cannot guarantee its absolute security. In the event of a breach that is likely to result in a risk to your rights and freedoms, we will notify you as required by applicable law.

5. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Our retention practices are as follows:

Website inquiries and contact form data: Retained for up to 3 years from the date of last interaction, to support follow-up communication and business relationship management.
Scheduling and meeting data: Retained for up to 2 years in connection with our Microsoft Bookings integration and CRM system.
Client service data: Personal and operational data collected in the course of providing managed IT services is retained for the duration of the client engagement plus a period of up to 7 years following contract termination, to comply with legal, regulatory, and audit requirements common in industries we serve (including tax, legal, and financial services sectors).
Security and audit logs: Security event logs and audit trails are retained for periods consistent with our clients' compliance requirements and applicable law, typically between 1 and 7 years depending on the regulatory framework.
Marketing and communications data: If you have opted into marketing communications, we retain your contact information until you withdraw consent or unsubscribe.

After the applicable retention period, personal information is securely deleted or anonymized. Where we are required by law to retain certain records, we retain the minimum necessary information for the minimum required period.

Clients with specific data retention requirements may negotiate custom retention terms within their service agreements.

6. Your Privacy Rights

Depending on where you reside, you may have specific rights under applicable state or federal privacy laws with respect to your personal information. We describe these rights below. To exercise any of these rights, see Section 10 (Contact Information) for how to submit a request.

We will respond to verifiable consumer requests within the timeframes required by applicable law — generally 45 days, with an extension of an additional 45 days where reasonably necessary and upon notice to you. We will not discriminate against you for exercising your privacy rights.

ATTM Technologies does not sell personal information and does not engage in targeted advertising based on personal information. We do not share personal information for cross-context behavioral advertising.

6.1 California Residents — CCPA / CPRA

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you the following rights with respect to your personal information:

Right to Know: You have the right to request that we disclose: (a) the categories of personal information we have collected about you; (b) the categories of sources from which personal information is collected; (c) our business or commercial purpose for collecting personal information; (d) the categories of third parties with whom we share personal information; and (e) the specific pieces of personal information we have collected about you.
Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions (e.g., where the information is necessary to complete a transaction, detect security incidents, comply with a legal obligation, or enable solely internal uses reasonably aligned with your expectations).
Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you, taking into account the nature of the information and the purposes for which it is processed.
Right to Opt Out of Sale or Sharing: You have the right to opt out of the sale of your personal information and the sharing of your personal information for cross-context behavioral advertising. ATTM does not sell personal information and does not share personal information for cross-context behavioral advertising.
Right to Limit Use of Sensitive Personal Information: To the extent we collect sensitive personal information (as defined by CPRA), you have the right to direct us to limit our use of such information to the specific purposes permitted by the CPRA. ATTM does not use sensitive personal information for purposes beyond those necessary to perform our services.
Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising any of your rights under the CCPA/CPRA. We will not deny you goods or services, charge you different prices, or provide a different quality of service because you exercised your privacy rights.

To submit a CCPA/CPRA request, contact us at support@attm-tech.com or call +1 (206) 350-2886. We will take reasonable steps to verify your identity before processing your request. Authorized agents may submit requests on your behalf with appropriate verification and authorization.

Note: The CCPA/CPRA applies primarily to information collected about individuals in their capacity as consumers, not to information we process in our role as a service provider to a business. Personal information we process on behalf of our business clients is governed by the applicable client service agreement and data processing addendum.

6.2 Virginia Residents — VCDPA

The Virginia Consumer Data Protection Act (VCDPA) grants Virginia residents the following rights with respect to their personal data:

Right to Access: You may request confirmation as to whether we process your personal data and request access to such data.
Right to Correct: You may request that we correct inaccuracies in your personal data.
Right to Delete: You may request that we delete personal data you have provided or that we have obtained about you.
Right to Data Portability: Where technically feasible, you may request a copy of your personal data in a portable, readily usable format.
Right to Opt Out: You have the right to opt out of the processing of personal data for purposes of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects. ATTM does not engage in these activities.
Right to Appeal: If we decline to take action on your request, you may appeal our decision by contacting us. We will respond to your appeal within 60 days and, if we deny your appeal, provide information on how to submit a complaint to the Virginia Attorney General.

6.3 Colorado Residents — CPA

The Colorado Privacy Act (CPA) grants Colorado residents rights to access, correct, delete, and obtain a portable copy of their personal data, as well as the right to opt out of the processing of personal data for purposes of targeted advertising, sale of personal data, or profiling that produces legal or similarly significant effects. ATTM does not engage in such processing. Colorado residents who wish to exercise any of these rights, or who wish to appeal a decision, may contact us using the information in Section 10.

6.4 Connecticut Residents — CTDPA

The Connecticut Data Privacy Act (CTDPA) provides Connecticut residents with rights to access, correct, delete, and obtain a portable copy of their personal data, as well as the right to opt out of the sale of personal data and targeted advertising. ATTM does not sell personal data or engage in targeted advertising. Connecticut residents may submit requests and appeals by contacting us at support@attm-tech.com.

6.5 Texas Residents — TDPSA

The Texas Data Privacy and Security Act (TDPSA) provides Texas residents with rights to access, correct, delete, and obtain a copy of their personal data, as well as the right to opt out of processing for purposes of targeted advertising, sale of personal data, or profiling. ATTM does not sell personal data or conduct targeted advertising. Texas residents may contact us to exercise these rights or to appeal a decision.

6.6 Oregon Residents — OCPA

The Oregon Consumer Privacy Act (OCPA) provides Oregon residents with rights to access, correct, delete, and obtain a copy of personal data ATTM holds about them, as well as the right to opt out of the sale of personal data, targeted advertising, and certain profiling. ATTM does not engage in these activities. Oregon residents may contact us to exercise any applicable right.

6.7 Residents of Other States

Additional state privacy laws are enacted and taking effect on an ongoing basis, including laws in states such as Montana, Florida, Iowa, Indiana, Tennessee, and others. To the extent your state's law applies to our processing of your personal information, we are committed to honoring your rights under applicable law. Please contact us if you have questions about your state's specific privacy rights.

6.8 How to Submit a Privacy Rights Request

To exercise any of the rights described above, please contact us by:

Email: support@attm-tech.com (include "Privacy Rights Request" in the subject line)
Phone: +1 (206) 350-2886

To process your request, we will need to verify your identity using information we already have on file. We will not use the information provided in a privacy request for any purpose other than verifying your identity and responding to your request. We will not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. Response time is generally 45 days from receipt of a verifiable request, with a possible 45-day extension where required.

7. Children's Privacy

Our website and services are directed to businesses and professionals and are not intended for children under the age of 13. We do not knowingly collect, solicit, or process personal information from children under 13 years of age, in accordance with the Children's Online Privacy Protection Act (COPPA).

If we learn that we have inadvertently collected personal information from a child under 13 without verifiable parental consent, we will take prompt steps to delete that information from our records. If you are a parent or guardian and believe that your child has provided personal information to us without your consent, please contact us immediately at support@attm-tech.com so that we can investigate and, if necessary, delete the information.

8. Third-Party Links

Our website may contain links to third-party websites, tools, or resources — including partner websites, technology vendor portals, and scheduling platforms. These links are provided for your convenience and informational purposes only.

We are not responsible for the privacy practices, security measures, or content of any third-party websites. When you follow a link to an external site, you leave our website, and your interactions with that site are governed by that site's own privacy policy and terms of use. We encourage you to review the privacy policies of any third-party websites you visit.

Third-party tools embedded on or linked from our website that may collect personal information independently include:

Microsoft Bookings — used for scheduling consultations. Subject to the Microsoft Privacy Statement.
Microsoft 365 / Outlook — used for email communications. Subject to the Microsoft Privacy Statement.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, provide additional notice — such as a notice on our website homepage or via email to clients and individuals whose personal information is affected.

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information. Your continued use of our website or services following any changes to this policy constitutes your acceptance of those changes, to the extent permitted by applicable law.

The version of this Privacy Policy posted on our website at any given time is the current, operative version. Prior versions may be obtained by contacting us at support@attm-tech.com.

10. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

ATTM Technologies
Headquartered in Seattle, Washington
Serving clients nationwide
Email: support@attm-tech.com
Phone: +1 (206) 350-2886

For privacy rights requests specifically, please include "Privacy Rights Request" in the subject line of your email. For general questions about our data practices, you may contact us at the same email address.

We strive to respond to all inquiries within 5 business days. For verifiable consumer rights requests under applicable state law, we will respond within the statutory timeframe (generally 45 days).

This Privacy Policy was prepared by ATTM Technologies and is effective as of April 8, 2026. It is subject to change. Consult a licensed attorney for legal advice specific to your privacy compliance obligations.