Legal Document

Privacy Policy

Last Updated: January 1, 2025

1. Introduction and Scope

Rough Setup ("Company," "we," "our," or "us") is committed to protecting the privacy and security of personal information collected through our remote infrastructure deployment services. This Privacy Policy explains how we collect, use, disclose, store, and protect information obtained from clients, website visitors, and service engagement participants.

This Privacy Policy applies to all information collected through our website, email communications, project management platforms, video conferencing systems, documentation submission portals, and any other digital or electronic means used during service delivery. By engaging our services or using our website, you acknowledge and consent to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide when engaging our services, requesting information, or communicating with us. This includes:

  • Contact Information: Full name, business name, email address, phone number, mailing address, and job title or role within your organization.
  • Project Information: Project descriptions, technical requirements, site locations, timeline constraints, budget parameters, and specific service needs.
  • Business Information: Company details, industry sector, organizational structure, decision-maker contacts, and vendor relationships.
  • Communication Content: Email correspondence, video conference recordings (when authorized), chat messages, documentation submissions, and any other information shared during project communications.
  • Payment Information: Billing addresses, payment authorization details, and transaction records (though credit card numbers are processed through third-party payment processors and not stored by Rough Setup).
  • Feedback and Surveys: Responses to satisfaction surveys, service feedback, testimonials, and improvement suggestions.

2.2 Technical Documentation and Project Files

During service delivery, we collect various forms of project documentation including:

  • Site Documentation: Photographs, videos, floor plans, equipment specifications, wiring diagrams, and facility layouts submitted for remote review and assessment.
  • Vendor Documentation: Quotes, proposals, technical specifications, installation manuals, warranty information, and compliance certificates.
  • Compliance Materials: Safety certifications, regulatory permits, inspection reports, and industry standard verification documentation.
  • Project Records: Timeline trackers, milestone reports, change orders, issue logs, and completion documentation.

2.3 Automatically Collected Information

When you visit our website or use our digital platforms, certain information is collected automatically:

  • Device Information: IP address, browser type and version, operating system, device type, screen resolution, and unique device identifiers.
  • Usage Data: Pages visited, time spent on pages, click patterns, navigation paths, referring websites, and exit pages.
  • Location Data: General geographic location derived from IP address (city and state level, not precise geolocation).
  • Cookies and Similar Technologies: Session cookies, preference cookies, and analytics cookies as detailed in our Cookie Policy.

3. How We Use Your Information

3.1 Service Delivery

We use collected information primarily to deliver contracted services effectively:

  • Project planning, coordination, and execution according to agreed scopes of work
  • Communication with clients, vendors, and project stakeholders
  • Documentation review, analysis, and compliance verification
  • Timeline management, milestone tracking, and progress reporting
  • Issue identification, resolution coordination, and quality assurance
  • Deliverable preparation, report generation, and final documentation

3.2 Business Operations

Information is used to support essential business functions:

  • Invoice generation, payment processing, and financial record-keeping
  • Customer relationship management and service history tracking
  • Internal quality control, process improvement, and training
  • Legal compliance, contractual obligation fulfillment, and dispute resolution
  • Security monitoring, fraud prevention, and system integrity protection

3.3 Communication and Marketing

With appropriate consent, we may use contact information for:

  • Service updates, project notifications, and important announcements
  • Industry insights, technical articles, and educational content
  • Service expansion announcements and capability updates
  • Satisfaction surveys, feedback requests, and testimonial solicitations

Marketing communications always include opt-out mechanisms, and we respect unsubscribe requests promptly.

3.4 Analytics and Improvement

We analyze aggregated and de-identified data to:

  • Understand service usage patterns and client needs
  • Improve website functionality, user experience, and navigation
  • Develop new service offerings and refine existing methodologies
  • Benchmark performance metrics and operational efficiency
  • Identify industry trends and market opportunities

4. Information Sharing and Disclosure

4.1 Third-Party Service Providers

We share information with trusted third-party service providers who assist in business operations, including:

  • Cloud Infrastructure Providers: For secure data storage, file hosting, and backup services
  • Communication Platforms: Email service providers, video conferencing platforms, and project management tools
  • Payment Processors: For invoice generation, payment collection, and transaction processing
  • Analytics Services: For website analytics, performance monitoring, and usage insights
  • Professional Services: Legal advisors, accountants, and business consultants bound by confidentiality obligations

All third-party providers are carefully selected, contractually obligated to protect information, and permitted to use data only for specified purposes.

4.2 Legal Requirements

We may disclose information when required by law or in good faith belief that such disclosure is necessary to:

  • Comply with legal obligations, court orders, subpoenas, or regulatory requirements
  • Protect our rights, property, safety, or the rights and safety of others
  • Investigate, prevent, or take action regarding illegal activities, fraud, or security threats
  • Enforce our Terms of Service, contracts, or policies
  • Respond to government requests or law enforcement inquiries

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, client information may be transferred to the successor entity. We will provide notice of such transfers and any resulting changes to information handling practices.

4.4 With Your Consent

We may share information with third parties when you have provided explicit consent for such sharing, such as when requesting us to coordinate with specific vendors or share documentation with designated parties.

4.5 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you for research, marketing, industry analysis, or other business purposes without restriction.

5. Data Security Measures

5.1 Technical Safeguards

We implement industry-standard technical security measures including:

  • Encryption of data in transit using TLS/SSL protocols
  • Encryption of sensitive data at rest using AES-256 or equivalent standards
  • Secure authentication mechanisms and password protection requirements
  • Regular security updates, patches, and vulnerability assessments
  • Firewall protection, intrusion detection, and network security monitoring
  • Secure file transfer protocols for documentation exchange

5.2 Administrative Safeguards

Organizational security practices include:

  • Access controls limiting information access to authorized personnel only
  • Employee training on data protection, privacy, and security best practices
  • Confidentiality agreements with all employees and contractors
  • Regular security audits and compliance reviews
  • Incident response procedures for security breach management
  • Vendor security assessments and third-party risk management

5.3 Physical Safeguards

We protect physical access to information through:

  • Secure facility access controls and visitor management procedures
  • Locked storage for physical documents and backup media
  • Secure disposal procedures for retired equipment and documents
  • Environmental controls protecting against fire, flood, and other hazards

5.4 Limitations

While we implement robust security measures, no system can be guaranteed absolutely secure. We cannot ensure or warrant complete security of information transmitted to us or stored in our systems. You transmit information at your own risk and are responsible for maintaining the security of your account credentials and access devices.

6. Data Retention

6.1 Retention Periods

We retain different categories of information for varying periods based on legal, business, and operational requirements:

  • Project Documentation: Retained for three years following project completion for reference, quality assurance, and legal compliance purposes
  • Financial Records: Retained for seven years in accordance with tax and accounting regulations
  • Communication Records: Retained for three years for relationship management and dispute resolution purposes
  • Website Analytics: Aggregated data retained indefinitely; individual session data retained for 24 months
  • Marketing Data: Retained until consent is withdrawn or you request deletion

6.2 Secure Deletion

When information is no longer required, we securely delete or destroy it using:

  • Secure file deletion methods preventing data recovery
  • Physical destruction of hard copy documents through shredding
  • Certified data destruction for retired hardware and storage media
  • Removal of backups according to backup rotation schedules

7. Your Privacy Rights

7.1 Access Rights

You have the right to request access to personal information we hold about you. We will provide a copy of your information in a commonly used electronic format within 30 days of verified requests.

7.2 Correction Rights

You may request correction of inaccurate or incomplete personal information. We will make reasonable efforts to update records promptly upon verification of correction requests.

7.3 Deletion Rights

You may request deletion of personal information subject to certain exceptions for legal compliance, contractual obligations, dispute resolution, and legitimate business purposes. We will honor deletion requests to the extent legally permissible.

7.4 Portability Rights

Upon request, we will provide personal information in a structured, machine-readable format suitable for transfer to another service provider, subject to technical feasibility.

7.5 Objection Rights

You may object to certain uses of personal information, particularly for marketing purposes. We will respect objections and cease such processing unless we have compelling legitimate grounds.

7.6 Restriction Rights

You may request restriction of processing in certain circumstances, such as during dispute resolution regarding information accuracy or while assessing objection requests.

7.7 Exercising Your Rights

To exercise privacy rights, submit written requests to our contact channels listed at the end of this policy. We may require identity verification before processing requests. There is no fee for reasonable requests, but we may charge for excessive, repetitive, or manifestly unfounded requests.

8. Cookies and Tracking Technologies

8.1 Cookie Usage

Our website uses cookies and similar technologies to:

  • Remember your preferences and settings
  • Maintain session continuity during website visits
  • Analyze website traffic and usage patterns
  • Improve website functionality and user experience
  • Measure marketing campaign effectiveness

8.2 Cookie Types

We use several categories of cookies:

  • Essential Cookies: Necessary for website operation and cannot be disabled
  • Functional Cookies: Remember preferences and enable enhanced functionality
  • Analytics Cookies: Collect aggregated usage data for website improvement
  • Marketing Cookies: Track effectiveness of marketing campaigns (only with consent)

8.3 Cookie Management

You can control cookie preferences through browser settings. Disabling certain cookies may affect website functionality. Most browsers allow you to:

  • View and delete existing cookies
  • Block third-party cookies
  • Block all cookies (though this may impair website functionality)
  • Delete cookies upon closing the browser

9. Third-Party Links and Services

Our website may contain links to third-party websites, services, or resources not operated by Rough Setup. We are not responsible for the privacy practices, content, or security of third-party sites. We encourage you to review privacy policies of any third-party services you access through our website.

When we integrate third-party services (such as video conferencing platforms or project management tools) into our service delivery, we select reputable providers with strong privacy and security practices, but we cannot control their data handling beyond contractual agreements.

10. Children's Privacy

Our services are designed for business and commercial use and are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child without parental consent, we will take steps to delete such information promptly.

11. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request disclosure of categories and specific pieces of personal information collected, sources of collection, purposes of use, and third parties with whom information is shared
  • Right to Delete: Request deletion of personal information subject to certain exceptions
  • Right to Opt-Out: Opt-out of sale of personal information (Note: Rough Setup does not sell personal information)
  • Right to Non-Discrimination: Exercise privacy rights without receiving discriminatory treatment

California residents may exercise these rights by contacting us through the channels listed below. We will verify identity before processing requests and respond within 45 days.

12. International Data Transfers

Our operations are based in the United States. If you access our services from outside the United States, please be aware that information may be transferred to, stored, and processed in the United States where our servers and service providers are located. Data protection laws in the United States may differ from those in your jurisdiction.

By using our services, you consent to the transfer of information to the United States and processing in accordance with this Privacy Policy. For clients in the European Economic Area, we implement appropriate safeguards for international data transfers as required by GDPR.

13. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time to reflect changes in our practices, technologies, legal requirements, or business operations. Material changes will be communicated through:

  • Prominent notice on our website for 30 days following changes
  • Email notification to active clients
  • Updated "Last Updated" date at the top of this policy

Continued use of our services following notice of changes constitutes acceptance of the modified Privacy Policy. For significant changes affecting data use, we may seek renewed consent where required by applicable law.

14. Contact Information for Privacy Matters

For questions, concerns, or requests regarding this Privacy Policy or our data practices, or to exercise your privacy rights, please contact us through the following channels:

Contact Information

Email Channels
Physical Address 781 Thomas Ln
Walnut Creek, CA 94597
Phone +1 925 939 5218