Official Document

Privacy Policy

MACROMIND was built on one non-negotiable principle: our customers' data belongs exclusively to them. We do not see it, do not access it, and do not share it.

Last updated: April 2026 Version 1.0 English (US) US & International Law
🔒

Your privacy is our #1 priority

MACROMIND provides infrastructure — we do not monitor, analyze, or have access to any content that flows through or resides on our customers' servers. Your internal data, systems, applications, databases, and communications are completely invisible to us. Full stop.

Table of Contents

1 Data Controller 2 Our Principles 3 What We Collect 4 What We Do NOT Access 5 Purpose of Use 6 Data Sharing 7 Data Retention 8 Security 9 Your Rights 10 Cookies & Tracking 11 Changes to This Policy 12 Contact & Privacy Officer
This Privacy Policy describes how MACROMIND handles information collected in connection with providing network infrastructure and hosting services. This document is governed by applicable US Federal & State Law, including the California Consumer Privacy Act (CCPA), the Children's Online Privacy Protection Act (COPPA), the Computer Fraud and Abuse Act (CFAA), and other applicable privacy regulations. For questions, contact our Privacy Officer at privacy@macromind.net.

1. Data Controller

Who is responsible for handling your information

The data controller for personal information collected in this relationship is MACROMIND, a network infrastructure services provider, with a US address at 9300 Conroy Windermere Rd #1404, Orlando, FL.

MACROMIND acts as a data controller solely for the registration and operational data that Subscribers directly provide at the time of service signup. MACROMIND does not act as a controller, processor, or sub-processor of any data that the Subscriber processes, stores, or transmits within the contracted infrastructure.

2. Our Principles

The values that guide our relationship with your data

Total Invisibility

We have zero access to the content of your servers, applications, databases, or communications.

Data Minimization

We collect only what is strictly necessary to operate and bill for the contracted services.

Security by Default

Registration data is protected with access controls, encryption, and continuous monitoring.

No Data Sales

We never sell, rent, or monetize your information for commercial purposes — ever.

Transparency

This policy is clear and straightforward. There is no fine print concealing harmful practices.

You Are in Control

You can exercise your privacy rights at any time, including deletion and data portability.

3. What We Collect

Only the minimum necessary to provide our services

MACROMIND collects only the data necessary for contracting, operating, billing, and supporting the Services:

Account Registration Data
  • Full name or company name of the account holder;
  • Tax identification number (EIN/SSN) for invoicing purposes where required;
  • Email address for operational communications and support;
  • Phone number, when voluntarily provided;
  • Physical address for billing purposes.
Operational and Network Data
  • IP addresses and network prefixes associated with contracted services;
  • Aggregate traffic records (total bandwidth consumed), without content inspection;
  • Control panel authentication logs (login, source IP, timestamp);
  • Support tickets and records opened by the Subscriber.
Payment Data
  • Payment information is processed by PCI-DSS certified third-party gateways;
  • MACROMIND does not store full credit card numbers, CVV codes, or complete banking data in its systems.
Legal Basis for Collection
Data collection is based on: (1) contractual necessity — for data required to deliver the Services; (2) legitimate interest — for operational and network security records; and (3) legal obligation — for billing, tax, and regulatory compliance data. California residents, see Section 9 for CCPA-specific rights.

4. What We Do NOT Access

Our absolute commitment to non-interference with your infrastructure

Non-Negotiable Privacy Commitment
MACROMIND does not access, monitor, inspect, or store any data that resides or flows within the infrastructure contracted by the Subscriber. This includes, without limitation, any data belonging to the Subscriber's customers, end users, or internal systems.

Explicitly and irrevocably, MACROMIND declares that it never accesses:

  • The contents of Subscriber servers, virtual machines (VMs), or containers;
  • Databases, files, emails, messages, or any information stored within contracted services;
  • Personal data of the Subscriber's customers, end users, or employees;
  • Source code, internal configurations, or business secrets of the Subscriber;
  • Subscriber network traffic via deep packet inspection (DPI) for content monitoring purposes;
  • Credentials, passwords, API keys, or certificates stored on Subscriber servers;
  • Application logs, end-user access records, or analytical data from Subscriber systems;
  • Internal communications, chats, video calls, or any private transmissions.
Exception: Formal Legal Process
The only circumstance in which MACROMIND may be compelled to take action affecting Subscriber infrastructure is through a valid court order, subpoena, or other lawful legal process issued by a competent US or international authority, consistent with the Electronic Communications Privacy Act (ECPA) and applicable law. Any such action will be strictly limited to what the legal instrument requires, and the Subscriber will be notified to the extent legally permitted.

5. Purpose of Use

How we use the registration information we collect

Registration and operational data is used exclusively to:

  • Create and manage the Subscriber's account on the control panel;
  • Provision, operate, and monitor contracted infrastructure resources;
  • Issue invoices and process payments;
  • Send essential service communications (maintenance, incidents, renewals);
  • Provide technical support when requested by the Subscriber;
  • Comply with applicable legal, tax, and regulatory obligations;
  • Prevent fraud and maintain the security of the network and other Subscribers.
What We Never Do with Your Data
Sell, rent, or transfer it to third parties for commercial purposes  •  Use it for targeted advertising  •  Build behavioral profiles  •  Share it with partners without your explicit consent  •  Use it for any purpose not described in this policy.

6. Data Sharing

When and with whom your data may be shared

MACROMIND does not sell or share personal data with third parties for commercial purposes. Sharing, when it occurs, is strictly limited to:

  • Payment processors: billing data shared with PCI-DSS certified payment gateways solely to process transactions;
  • Infrastructure partners: IP transit providers, data centers, and connectivity suppliers receive only the minimum technical data necessary (e.g., network prefixes) for service operation;
  • Legal obligation: when required by law, court order, subpoena, or competent authority under applicable US or international law;
  • Rights protection: in situations involving fraud prevention or violations threatening network security and other Subscribers.

In all sharing scenarios, contractual clauses are in place that require third parties to maintain the same level of data protection applied by MACROMIND.

7. Data Retention

How long we keep your information

  • Active account data: retained throughout the term of the service agreement;
  • After account closure: data is retained for up to 7 years to meet US federal and state tax and accounting obligations, then permanently and securely deleted;
  • Authentication and control panel access logs: retained for up to 12 months for security and compliance purposes;
  • Aggregate traffic records: retained for up to 6 months for capacity analysis and billing;
  • Support tickets: retained for up to 3 years for historical reference and dispute resolution.
Early Deletion Requests
Data subjects may request early deletion of their data at any time, provided there is no legal obligation requiring retention. Requests should be sent to privacy@macromind.net. We will respond within 30 days, as required under the CCPA and applicable US law.

8. Security

Technical and organizational measures protecting your data

MACROMIND implements appropriate technical and organizational measures to protect registration data against unauthorized access, accidental loss, destruction, or improper disclosure:

  • Encryption in transit (TLS 1.2+) for all communications with the control panel and APIs;
  • Encryption at rest for databases containing registration information;
  • Role-based access control (RBAC) with multi-factor authentication (MFA) for internal access;
  • Separation of production and development environments;
  • Continuous security monitoring and vulnerability management;
  • Least-privilege access policy — no employee has access to customer data without a justified operational need;
  • Incident response plan with mandatory notification to affected Subscribers in case of a data breach, consistent with applicable US state breach notification laws.

9. Your Privacy Rights

Rights under US federal, state, and international law

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Right to Know / Access

Request disclosure of what personal data we have collected, used, disclosed, and sold about you (CCPA § 1798.110).

Right to Deletion

Request that we delete your personal data, subject to certain legal exceptions (CCPA § 1798.105).

Right to Correction

Request correction of inaccurate personal information we hold about you (CPRA amendment to CCPA).

Right to Portability

Receive your data in a portable, machine-readable format to transfer to another provider.

Right to Opt-Out of Sale

We do not sell personal data. If this ever changes, you will have the right to opt out under CCPA § 1798.120.

Non-Discrimination

You will not receive discriminatory treatment for exercising any of your privacy rights (CCPA § 1798.125).

How to Exercise Your Rights
Submit your request to privacy@macromind.net identifying yourself as the data subject. We will respond within 30 days as required by the CCPA. Complex requests may be extended by an additional 60 days with prior notice and justification.

10. Cookies & Tracking

How we use tracking technologies on our website

The macromind.net website and control panel use a minimal number of strictly necessary cookies:

  • Session cookies: used to keep the Subscriber authenticated in the control panel during use. Deleted when the browser is closed;
  • Security cookies (CSRF): protect against cross-site request forgery attacks;
  • Interface preferences: store language and theme settings selected by the user.
What We Do NOT Use
MACROMIND does not use advertising tracking cookies, third-party pixels, behavioral analytics tools (such as individually identified Google Analytics), social media SDKs, or any device fingerprinting technology.

11. Changes to This Policy

How we communicate updates to this document

MACROMIND reserves the right to update this Privacy Policy at any time. Material changes will be communicated by email to the registered address and published on this page with the updated date. Continued use of the Services after notification constitutes acceptance of the changes. We recommend reviewing this document periodically.

12. Contact & Privacy Officer

Direct channel to our privacy point of contact

MACROMIND has designated a Privacy Officer responsible for receiving requests, complaints, and communications from data subjects and regulatory authorities.

Privacy Channel — MACROMIND Privacy Officer

privacy@macromind.net
  • Exercising data subject rights (access, correction, deletion, portability);
  • Questions about this Privacy Policy;
  • Reporting security incidents or data breaches;
  • Complaints related to personal data handling.
Response Commitment
We commit to responding to all requests within 30 days as required by the CCPA and applicable US law. For urgent requests, please indicate the urgency in the email subject line.