ManagedWay

Privacy Policy

1. Scope

This Privacy Policy describes how ManagedWay Company (“ManagedWay,” “we,” “us”) collects, uses, shares, and safeguards information when you (a) visit any ManagedWay-operated website (including but not limited to managedway.com — collectively, the “Sites”); (b) use our customer portal; or (c) purchase or use hosting, colocation, dedicated internet, or related services from us (the “Services”).

This policy does not cover content or data stored by you on infrastructure we operate for you (your servers, your applications, your databases). Our handling of that data is governed by the Master Service Agreement between you and ManagedWay and by our information security program, including our SOC 2 Type II controls.

2. Who is covered

Three populations are addressed separately where their rights or obligations differ:

  • Visitors — anyone browsing our public sites without an account.
  • Customers — individuals or organizations that hold a paid account with ManagedWay.
  • Customer end-users — individuals whose data is processed by our Customers using our Services. For end-users, ManagedWay acts as a processor (or “service provider” under California law) and the Customer is the controller.

3. Information we collect

3.1 Information you provide

  • Account information: name, business name, billing address, billing email, support contacts, phone numbers.
  • Authentication: email, password hash (bcrypt; we never store plaintext passwords), MFA configuration, OAuth identifiers when you sign in with Google.
  • Payment information: payment-method identifiers and the last four digits of card numbers. Full payment card data is processed by our PCI-DSS-compliant payment processor, Authorize.net. ManagedWay does not store full card numbers on our systems.
  • Tax and identity information where legally required for invoicing.
  • Support correspondence: the contents of tickets, chats, and emails you send us.
  • Marketing preferences: what subscriptions you’ve opted into.

3.2 Information collected automatically

  • Server logs: IP address, user agent, request method and path, response code, timestamp, referrer. Retained per Section 7.
  • Cookies and similar technologies: see Section 6.
  • Telemetry from customer-portal use: the pages and tools you visit while logged in.
  • AI assistant transcripts: when you interact with our chat assistants, the conversation contents are processed by our AI inference partners (Anthropic) and/or ManagedWay’s private large-language-model environment, and retained per Section 7.

3.3 Information from third parties

  • Authentication providers (Google OAuth): your verified email address and basic profile.
  • Public business records (state corporate registries, ARIN/RIPE WHOIS for circuit orders).
  • Credit and fraud screening providers when you apply for service.

3.4 What we do not collect

We do not request or store Social Security numbers, government ID numbers, mother’s maiden names, biometric identifiers, or precise geolocation. Do not send these to us.

4. How we use information

We use the information above for these purposes, with the listed legal basis where required by applicable law (GDPR Article 6 / UK GDPR / Canadian PIPEDA):

PurposeLawful basis
Provide and operate the Services you contracted forContract
Bill you and process paymentsContract; legal obligation (tax)
Authenticate you and secure your accountContract; legitimate interest (security)
Respond to your support requestsContract; legitimate interest
Detect, investigate, and prevent abuse, fraud, and security incidentsLegitimate interest; legal obligation
Comply with law and respond to lawful requestsLegal obligation
Notify you of material changes to the ServicesLegitimate interest
Send marketing about ManagedWay services to existing customers (opt-out at any time)Legitimate interest / consent (jurisdiction-dependent)
Improve the Services and our security postureLegitimate interest

We do not sell personal information for monetary consideration. We do not engage in cross-context behavioral advertising. We do not “share” personal information for targeted advertising as those terms are defined under the California CCPA/CPRA.

5. Who we share information with

We share information only with the following categories of recipients:

  • Sub-processors (vendors operating on our behalf, under written DPA where required):
    • Anthropic — AI inference for our customer-facing AI assistants.
    • Google — Workspace email and OAuth identity verification.
    • Authorize.net — payment authorization and settlement.
    • Operational monitoring, error-tracking, and analytics vendors — used for site reliability and security telemetry. A current list is available on request.
  • Affiliates and sister brands under common ownership, for unified customer servicing.
  • Professional advisors (auditors, accountants, attorneys) under confidentiality.
  • Law enforcement and government authorities when legally required (Section 9).
  • Successors in a merger, acquisition, or asset sale, under equivalent privacy commitments.

A current list of sub-processors is available on request from privacy@managedway.com.

6. Cookies and tracking

We use cookies in three categories:

  • Strictly necessary — authentication, security, load balancing. Cannot be disabled.
  • Functional — remembering your preferences (e.g., “Keep me signed in” on the login page).
  • Analytics — measuring traffic on our public-facing sites in aggregate. Not used on the customer portal.

We do not use cookies for cross-site advertising.

Global Privacy Control (GPC): we honor browser-level GPC signals as a valid opt-out of “sale” or “sharing” of personal information for residents of jurisdictions that require it (California, Colorado, Connecticut, and others).

You can manage cookies through your browser. Disabling strictly-necessary cookies will prevent you from signing in.

7. How long we keep your information

  • Account records: for the life of your account plus seven (7) years for tax and recordkeeping obligations.
  • Billing records: seven (7) years.
  • Support tickets: three (3) years after closure.
  • Server logs (web/auth): ninety (90) days in hot storage, then aggregated or deleted.
  • AI chat transcripts: ninety (90) days.
  • Marketing opt-out records: retained indefinitely so we can honor your opt-out.

After these periods we delete or de-identify the data, subject to legal-hold obligations.

8. Security

We operate ManagedWay infrastructure under a SOC 2 Type II information-security program audited annually. Specific controls include:

  • TLS 1.2+ in transit; encryption at rest where applicable.
  • bcrypt for password storage; never plaintext.
  • Role-based access controls with quarterly reviews.
  • Multi-factor authentication on internal admin accounts.
  • 24/7 security monitoring and a documented incident-response runbook.
  • Annual penetration testing and vulnerability scanning.

In the event of a breach involving personal information, we will notify affected individuals and regulators as required by applicable law — typically within 72 hours of confirming a notifiable incident.

Our SOC 2 Type II report is available to current and prospective customers under NDA. Our PCI DSS and HIPAA posture is described separately for customers whose use of the Services brings those frameworks into scope.

9. Disclosure to authorities

We disclose personal information to government or law-enforcement authorities only when we, acting in good faith, believe it is required by law, subpoena, court order, or to protect our rights, property, or the safety of ManagedWay, our customers, or the public. Where legally permitted, we will notify the affected individual before disclosing.

10. Your rights

Your specific rights depend on where you live. Where any jurisdiction grants you a stronger right than is listed below, the stronger right applies.

10.1 Universal — all visitors and customers

  • Access — request a copy of the personal information we hold about you.
  • Correct — ask us to fix inaccurate information.
  • Delete — ask us to delete information we hold about you, subject to legal-retention overrides.
  • Opt-out of marketing — at any time, via the unsubscribe link or by emailing privacy@managedway.com.
  • Withdraw consent — where processing is based on consent.

To exercise these rights, email privacy@managedway.com or call (888) 745-6948. We will respond within thirty (30) days. We may need to verify your identity before fulfilling a request.

10.2 California residents (CCPA / CPRA)

You have the right to:

  • Know what personal information we collect about you, the sources, the purposes, and the categories of recipients with whom we share it (this Policy provides that disclosure).
  • Delete personal information we hold about you, subject to statutory exceptions.
  • Correct inaccurate personal information.
  • Opt-out of sale or sharing — we do not sell or share personal information as those terms are defined under CCPA/CPRA.
  • Limit use of sensitive personal information — we do not use sensitive PI for purposes beyond those permitted by default under §7027.
  • Non-discrimination — we will not deny service, charge different prices, or provide a different level of service in retaliation for exercising your rights.
  • Authorized agents may submit requests on your behalf; we will verify both your identity and the agent’s authorization.

10.3 EU / UK / EEA residents (GDPR / UK GDPR)

In addition to the universal rights above:

  • Restriction of processing.
  • Portability — receive your data in a machine-readable format.
  • Object to processing based on legitimate interest or for direct marketing.
  • Lodge a complaint with your local supervisory authority (the Information Commissioner’s Office in the UK; your national data-protection authority in the EEA).

10.4 Other US states (Colorado, Connecticut, Virginia, Utah, Texas, Oregon, and others as enacted)

You have substantially the same rights as California residents. Submit requests via the contact above.

11. Children’s privacy

The Services are not directed to children under thirteen (13) and we do not knowingly collect personal information from children under thirteen. If you believe we have, contact privacy@managedway.com and we will delete it.

12. International data transfers

ManagedWay’s infrastructure is located in Michigan, United States. If you access the Services from outside the United States, your information will be transferred to and processed in the United States. Where required by GDPR/UK GDPR, transfers are made under the European Commission’s Standard Contractual Clauses or another approved transfer mechanism.

13. AI features

We operate AI assistants on our public sites — including Olivia, our customer-operations assistant — and may introduce additional AI personalities over time. When you interact with these assistants:

  • Your messages may be sent to our AI inference partners (Anthropic) and/or processed by ManagedWay’s private large-language-model environment.
  • We retain transcripts per Section 7.
  • We do not use your conversation contents to train third-party AI models.
  • Each assistant will identify itself as AI when asked.

14. Third-party links

Our sites may link to third-party sites we do not operate. We are not responsible for the privacy practices of those sites. Read their policies before providing them with information.

15. Changes to this Policy

We will post any changes to this Policy on this page and update the “Effective” date. For material changes, we will provide at least thirty (30) days’ advance notice by email to the address on your account, where one is on file.

16. Contact us

Privacy questions and rights requests:
privacy@managedway.com
(888) 745-6948
ManagedWay Company
ATTN: Privacy
600 Executive Drive
Troy, MI 48083

Effective: May 15, 2026
Version: 2026-05-15 — supersedes the policy in effect prior to this date
Operator: ManagedWay Company, a Michigan corporation, 600 Executive Drive, Troy, MI 48083
Privacy contact: privacy@managedway.com · (888) 745-6948