Privacy Policy & Data Processing Agreement (DPA)

Effective Date: 01/01/2025
Last Updated: 10/16/2025

At Midnight Technologies, your privacy and data protection are our top priorities. This Privacy Policy and Data Processing Agreement (“Policy”) describe how we collect, process, and protect your information when you use our Managed IT Services, Cloud Solutions, or related support offerings.

1. Who We Are

Midnight Technologies is an Onsite Tech Support and Managed Service Provider (MSP), Security System Installer, and Onsite Tech Support Company offering IT support, cybersecurity monitoring, cloud hosting, camera systems, and network management solutions to businesses.

Company Details:
📍 Address: 453 Ashland Dr, Corpus Christi, TX 78412
📞 Phone: 361-429-4443
📧 Email: support@midnighttechnologies.com
🌐 Website: midnighttechnologies.com

2. Information We Collect

We collect and process information to deliver secure and reliable managed IT services. This includes:

a. Client and User Information

  • Name, company name, and business contact details

  • Account credentials and access permissions

  • Service usage and support ticket history

b. Technical and System Data

  • IP addresses and device identifiers

  • System logs, network performance metrics, and diagnostic data

  • Backup, recovery, and security monitoring information

c. Payment and Billing

  • Company billing details

  • Payment data (processed via secure, compliant third-party platforms)

d. Cookies and Tracking

We use cookies and analytics tools to improve functionality and monitor performance. You can manage cookie preferences in your browser settings.

3. How We Use Your Information

We use collected data to:

  • Deliver and manage managed IT and cloud services

  • Provide remote monitoring and technical support

  • Ensure cybersecurity and network reliability

  • Manage user accounts and authentication

  • Process billing and service renewals

  • Communicate reports, updates, and alerts

  • Meet legal and contractual obligations

We never sell or lease your data.

4. Data Sharing and Disclosure

We only share your data when necessary to provide services or comply with law:

  • Authorized Service Partners: Trusted vendors (e.g., data centers, backup platforms, cloud providers) under strict confidentiality and security agreements.

  • Legal Requirements: When disclosure is required by law, subpoena, or court order.

  • Business Transfers: In mergers or acquisitions, under equivalent data protection standards.

5. Data Retention

We keep personal and system data only as long as needed for operational, contractual, or legal purposes. Afterward, data is securely deleted or anonymized according to industry best practices.

6. Data Security

We employ layered security measures to protect all client data, including:

  • Multi-factor authentication

  • Access control and audit logging

  • Continuous system monitoring

  • Regular vulnerability assessments

  • Secure backup and disaster recovery protocols

While we use advanced safeguards, no system is completely immune from risk. We continually review and improve our security practices.

7. Your Rights

Depending on your jurisdiction (e.g., under GDPR, CCPA), you may have the right to:

  • Access, correct, or delete your data

  • Restrict or object to processing

  • Request data portability

  • Withdraw consent (where applicable)

To exercise these rights, contact us at lindsey@midnighttechnologies.com. We will respond promptly and in compliance with applicable laws.

8. International Data Transfers

If we transfer your data outside your country (e.g., for cloud hosting or remote management), we ensure appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs)

  • Binding Corporate Rules

  • Other lawful data transfer mechanisms

9. Third-Party Links and Tools

Our website and systems may link to or integrate with third-party services. We are not responsible for their privacy practices and encourage you to review their policies before providing personal information.

10. Policy Updates

We may update this Privacy Policy and DPA from time to time. Updates will be posted on this page with a revised “Last Updated” date. Continued use of our services means you accept any changes.

Appendix A: Data Processing Agreement (DPA)

This Data Processing Agreement forms part of the Privacy Policy and governs how Midnight Technologies (“Processor”) handles data on behalf of its clients (“Controller”).

1. Purpose and Scope

This DPA covers all processing of personal or system data performed by Midnight Technologies as part of Managed IT, cloud, and cybersecurity services provided to the Controller.

2. Roles and Responsibilities

  • The Controller determines the purposes and means of processing.

  • The Processor acts only under the Controller’s documented instructions and solely for the purpose of providing agreed services.

3. Categories of Data

The Processor may process:

  • Identification and contact data (e.g., names, emails, business info)

  • Network and system data (e.g., IP logs, event records)

  • Access credentials (securely encrypted)

  • Backup and recovery data

No special (sensitive) categories of personal data are intentionally processed unless explicitly agreed in writing.

4. Security Measures

The Processor shall implement and maintain appropriate technical and organizational security measures, including:

  • Encryption, access control, and secure configurations

  • Segregation of client environments

  • Regular security audits and penetration testing

  • Incident detection and response protocols

5. Sub-Processors

The Processor may use approved sub-processors (e.g., cloud or monitoring providers) who are contractually bound to maintain equivalent data protection standards.
A current list of sub-processors is available upon request.

6. Data Breach Notification

In the event of a confirmed data breach, the Processor will notify the Controller without undue delay, providing details of:

  • The nature and scope of the breach

  • Affected data types

  • Mitigation and containment actions taken

7. Assistance with Data Subject Requests

The Processor will assist the Controller in responding to any data subject requests (access, correction, deletion, etc.) in accordance with applicable laws.

8. Data Return and Deletion

Upon termination or expiration of services, all client data will be securely returned or permanently deleted, unless retention is required by law or regulatory obligation.

9. Audits and Compliance

The Controller may request documentation or certifications demonstrating the Processor’s compliance with this DPA (e.g., SOC 2, ISO 27001).
The Processor agrees to cooperate with regulators if required.

10. Governing Law

This DPA and Privacy Policy are governed by the laws of Texas, USA, without regard to conflict of law principles.

11. Contact Information

For questions about data privacy or processing, contact:

📧 lindsey@midnighttechnologies.com
📞 361-429-4443, option 1
🏢 453 Ashland Dr, Corpus Christi TX, 78412