Privacy Policy
Effective Date: March 2026 · ITSOG (IT Services Operations Group)
At ITSOG, we build cybersecurity solutions based on a fundamental principle: Data Minimization and Absolute Transparency. This Privacy Policy explains exactly how we handle data across our public website, our management dashboard, and the CloudTrex endpoint agent.
The Public Website
When you visit our public marketing pages, our goal is to understand how the site performs and how we can improve our messaging.
Standard web analytics, including masked IP addresses, browser types, and interaction data (clicks, scrolls).
We use Microsoft Clarity to analyze website traffic. We have configured Clarity with "Maximum Masking" enabled, meaning we do not record keystrokes or collect personally identifiable information (PII) during your browsing session.
We use minimal cookies strictly necessary for analytics. You can opt-out of these via our Cookie Banner.
The CloudTrex Tenant Dashboard
Once you log in to your secure CloudTrex environment, the rules change. We treat your management dashboard as a Zero-Telemetry Zone.
We strictly DO NOT use Microsoft Clarity, Google Analytics, or any other third-party behavior trackers inside the CloudTrex dashboard.
Only the data required to maintain your account and provide the service (e.g., Administrator email addresses, billing information, and encrypted authentication tokens).
ITSOG personnel have no default access to your dashboard or your fleet's security data. Access is only granted if you explicitly request technical support and authorize a temporary, audited access window.
The CloudTrex Endpoint Agent
The CloudTrex Agent is a deep-security tool. To protect your machine from network-level threats, it requires high-level system privileges (running as SYSTEM on Windows). We do not take this access lightly.
The agent strictly monitors network and DNS activity. This includes domain queries, IP addresses, connection timestamps, and the names of local processes (e.g., powershell.exe) making the requests.
The agent does not read your personal files, does not log your keystrokes, does not capture screen contents, and does not inspect the encrypted payload of your HTTPS traffic.
Telemetry is stored securely on our EU-based infrastructure to populate your dashboard. You have full control over the retention period of these logs within your organizational settings.
Legal Disclosures & Law Enforcement
We believe your data belongs to you. We will never sell your data to advertisers or third-party data brokers. However, as a company operating under European Union and Czech Republic law, we are obligated to comply with binding legal requests.
We will only disclose user data to law enforcement agencies if compelled by a legally binding warrant or court order originating from a recognized jurisdiction.
Because of our strict data minimization architecture, we can only provide what we actually store (network telemetry and billing details). We cannot provide data we do not collect.
Your Rights (GDPR Compliance)
Under the GDPR, you have the right to:
- check Access the personal data we hold about you.
- check Request the deletion of your account and all associated telemetry (Right to be Forgotten).
- check Export your data in a standard, machine-readable format.
To exercise any of these rights, or if you have questions about our privacy architecture, please contact our Data Protection team at: privacy@cloudtrex.com