.avif)
This Privacy Policy explains how Sterling Technology Solutions (“Sterling,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information when you visit sterling-technology.com or otherwise interact with us, including by phone or email.
When we provide managed IT services to our clients, we may process data on their behalf. In those cases, we act as a “service provider” / “processor” to that client, and we follow our contract with that client. This Privacy Policy mainly describes how we handle information from our own website, sales activity, and direct communications with you.
By using our website or communicating with us, you agree to the terms of this Privacy Policy.
We may collect the following categories of personal information (“Personal Information” or “PI”) about you:
A. Contact / Account Information
Name, business email, phone number, company name, job title, and anything else you submit when you reach out to us.
B. Support / Ticket Information
Information you provide when you request support or services from us (for example, what issue you’re having, device information, screenshots, or configuration details).
C. Transaction / Billing Information
Business billing details, invoices, payment status, and related records. Card payments are handled by our PCI-compliant payment processor. We do not store full card numbers.
D. Usage and Technical Information
IP address, browser type, device type, operating system, pages you visit, time spent on pages, clicks, error logs, and crash/diagnostic data. We use cookies and similar technologies to gather some of this information.
E. Security, Fraud, and Abuse Prevention Data
Information needed to detect, investigate, and prevent fraud, malicious activity, abuse of our systems, or security incidents.
F. Sensitive Personal Information (“SPI”)
We do not intentionally collect Sensitive Personal Information through the public website. Sensitive Personal Information generally includes things like precise geolocation, government ID numbers, financial account credentials, racial or ethnic origin, health data, and similar categories defined by law.
We also create or receive aggregated or de-identified information (for example, traffic statistics). We do not attempt to re-identify de-identified data.
We use the information we collect for the following purposes:
1. To provide and support our services
Answer questions, deliver proposals, provide IT services, and fulfill requests.
2. To maintain and improve our website and offerings
Monitor performance, troubleshoot, enhance security, and develop new features.
3. To communicate with you
Respond to inquiries, send updates about features or services you’ve asked about, and provide notices related to your relationship with us.
4. To handle billing and collections
Send invoices, process payments through our payment partners, maintain financial records.
5. To maintain security and prevent fraud
Detect, investigate, and prevent unauthorized activity or violations of law.
6. To comply with law
Meet legal, tax, audit, and regulatory obligations, respond to lawful requests.
7. Marketing and business development (within the law)
Contact you about services that may be relevant to you or your organization. You can tell us at any time to stop marketing communications.
We may also use Personal Information for any purpose you specifically allow us to use it for at the time you provide it.
We do not sell Personal Information and we do not share Personal Information for cross-context behavioral advertising / targeted advertising.
We use cookies and similar technologies to:
• Keep the site functional and secure,
• Understand how visitors use the site (analytics),
• Improve performance and troubleshoot.
Some cookies are essential for the site to work. Others (like analytics cookies) are not essential. You can control non-essential cookies through your browser settings (for example, blocking third-party cookies or clearing cookies). Blocking cookies may affect some site functionality.
We also honor Global Privacy Control (GPC) signals in jurisdictions where that is required. A GPC signal is a browser-level opt-out preference. If your browser sends a recognized GPC signal, we will treat it as a request to opt out of any activity that is considered “selling” or “sharing” under applicable law. We already do not sell or share Personal Information for targeted advertising, but we will continue to respect valid signals.
We may share Personal Information in the following situations:
A. Service Providers / Contractors / Subprocessors
We work with trusted third parties who help us run our business. These can include:
• Hosting and infrastructure providers,
• Security and monitoring tools,
• Email and communication platforms,
• Ticketing / PSA systems (for example, tools we use to manage client service requests),
• Analytics tools,
• Payment processors.
We require these providers to use Personal Information only to provide services to us and not for their own unrelated purposes.
B. Business Transactions
If we are involved in a merger, acquisition, financing, sale, or similar transaction, Personal Information may be transferred as part of that process, consistent with this Policy.
C. Legal / Safety / Compliance
We may disclose Personal Information if we believe it is necessary to:
• Comply with law or a valid legal request,
• Protect our rights, safety, systems, or property,
• Protect the rights, safety, or property of our clients, partners, or others.
We do not post public directories of users and we do not operate public forums, message boards, or public user profiles on our website.
We do not sell Personal Information.
We do not share Personal Information for cross-context behavioral advertising / targeted advertising.
We keep Personal Information only as long as needed for the purposes described in this Policy or as required by law. After that, we will either delete it or de-identify it so it can no longer reasonably be linked to a person.
Typical retention periods are:
• Contact / Account Information (name, business email, company, role):
Up to 24 months after our last meaningful interaction with you so we can respond to follow-ups. We may keep records longer if legally necessary (for example, to handle a dispute or enforce an agreement).
• Support / Ticket Information:
Up to 7 years. We keep historical ticket data to support you, honor service obligations, and maintain an operational record of work performed.
• Billing / Transaction Records (invoices, payment status):
Up to 7 years to meet tax, accounting, and audit requirements.
• Website Analytics / Logs (IP address, browser info, page views, performance/error data):
Typically up to 14 months so we can understand usage and security trends.
• Security / Fraud / Abuse Prevention Logs:
Generally 12–24 months so we can investigate issues, respond to security incidents, and protect our systems.
These periods may be extended if required by law, a regulator, an investigation, or litigation hold. If you submit a valid deletion request and no exception applies, we will delete or de-identify your Personal Information sooner.
Depending on where you live, you may have some or all of the rights below under state privacy laws (for example, in California, Colorado, Virginia, and other U.S. states with similar laws):
• Right to Know / Access
You can ask us what categories and specific pieces of Personal Information we have collected about you.
• Right to Delete
You can ask us to delete Personal Information we collected from you, with certain exceptions (for example, we may need to keep some records for tax, billing, security, or legal compliance).
• Right to Correct
You can ask us to correct inaccurate Personal Information we hold about you.
• Right to Portability
You can ask for a copy of certain information in a portable and, to the extent technically feasible, usable format.
• Right to Opt Out of “Sale,” “Sharing,” or Targeted Advertising
We do not sell Personal Information and we do not share Personal Information for cross-context behavioral advertising / targeted advertising. Because we do not engage in those activities, there is no separate opt-out link to click.
• Right to Limit Use of Sensitive Personal Information
We do not use Sensitive Personal Information for advertising or profiling, and we do not intentionally collect Sensitive Personal Information through the public website. Because of that, there is no separate “Limit the Use of My Sensitive Personal Information” control.
• Right to Non-Discrimination
You have the right not to be discriminated against for exercising any of these rights.
• Right to Appeal
In states that require it: if we decline to take action on a request, you can appeal. We will tell you how to appeal and we will review and respond within the required timeframe.
How to exercise your rights:
Email: inquiries@sterling-technology.com
Phone: 704-271-5001
We will verify your identity before fulfilling a request. If you submit an appeal, state “I would like to appeal” in your reply to our decision, and we will review it.
We honor valid browser-based Global Privacy Control (GPC) signals where required by law.
Our website and services are intended for business users. We do not knowingly collect Personal Information from children under 13. If you believe a child has provided Personal Information to us, please contact us at inquiries@sterling-technology.com or call 704-271-5001 so we can delete it.
We use administrative, technical, and physical safeguards designed to protect Personal Information, including (for example) encryption in transit, access controls, logging/monitoring, and employee confidentiality obligations.
No security practice is perfect, and no method of storage or transmission is 100% secure. We monitor and improve our safeguards over time.
If we transfer Personal Information across borders (for example, between hosting regions or to certain service providers), we apply appropriate safeguards designed to comply with applicable law. These safeguards may include contractual protections such as Standard Contractual Clauses or other recognized transfer mechanisms. We will apply additional measures if required.
When we provide managed IT / MSP services, we often act as a service provider (also called a “processor”) to our client. In that role:
• We only process client data based on that client’s instructions and our agreement.
• We maintain security measures such as access controls, encryption in transit, monitoring, and incident response.
• We may engage subprocessors (for example, hosting providers, ticketing/PSA systems, email/security tools) to help us provide services. Those subprocessors are contractually required to protect data and use it only for the permitted purpose.
• When our services to the client end, we follow the data return/deletion terms in the client agreement.
If you are an end user of one of our clients and you have a request about your data, please contact that organization directly. We will assist them with their request as required by our contract.
We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last Updated” date at the top of this page and, when appropriate, provide additional notice (for example, by displaying a notice on our website or notifying you directly if we have an ongoing relationship).
The revised Privacy Policy is effective when posted unless we state otherwise.
If you have questions about this Privacy Policy, want to exercise your privacy rights, or want to appeal a prior response:
