Privacy Policy

Effective Date: 09/30/2025
Last Updated: 06/15/2026

1. Introduction

Whitaker Networks, Inc. ("Whitaker," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website whitakernetworks.com (the "Site") and when you use our managed IT services.

By accessing or using our Site or services, you agree to this Privacy Policy. If you do not agree with this Privacy Policy, please do not access the Site or use our services.

Scope. This Privacy Policy applies to Whitaker Networks, Inc. and the whitakernetworks.com Site only. AirPBX is a separate company operating under its own privacy practices; please refer to AirPBX's privacy policy for information about how AirPBX collects and processes personal information. Whitaker provides certain support services to AirPBX as a vendor, but the two companies are operationally and legally distinct.

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you voluntarily provide to us, including:

  • Contact Information: Name, email address, phone number, business address, and job title

  • Account Information: Username, password, and account preferences

  • Business Information: Company name, industry, number of employees, and IT infrastructure details

  • Communication Data: Information contained in inquiries, support tickets, and correspondence with us

  • Payment Information: Billing address and payment method details (credit card information is processed by third-party payment processors and is not stored on our servers)

  • Service Request Information: Details about IT issues, support requests, and service needs

2.2 Information Collected Automatically

When you access our Site, we automatically collect certain information, including:

  • Device Information: IP address, browser type, operating system, device identifiers

  • Usage Information: Pages visited, time spent on pages, links clicked, and other usage statistics

  • Location Information: General geographic location based on IP address

  • Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar tracking technologies (see Section 12 for details)

2.3 Information from Service Delivery

When providing managed IT services to clients, we may collect:

  • Network and System Information: Hardware and software inventories, system configurations, network topology, and performance data

  • Monitoring Data: System health metrics, security alerts, backup status, and performance logs

  • Remote Access Logs: Connection logs and session information from remote support activities

  • Security Data: Threat detection data, vulnerability scan results, and security incident information

  • Administrative Credentials: Passwords, security keys, and access credentials necessary to manage client systems, stored in audit-tested IT documentation and secrets-management systems with encryption, multi-factor authentication, role-based access control, and audit logging

  • Protected Health Information (PHI): For clients who are HIPAA Covered Entities or Business Associates, Whitaker may process PHI as a Business Associate under signed Business Associate Agreements. Such processing is described further in Section 15.

2.4 Information from Third Parties

We may receive information about you from third parties, including:

  • Business partners and referral sources

  • Vendors and service providers who assist in our operations

  • Publicly available sources

  • Credit reporting agencies for business credit checks

3. Categories of Personal Information Collected (Notice at Collection)

For purposes of the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and similar state privacy laws, we have collected the following categories of personal information about consumers within the past twelve (12) months:

  • Identifiers (name, email address, phone number, IP address, account identifiers)

  • Customer records (business address, billing information, payment method details)

  • Commercial information (services purchased, transaction history, service preferences)

  • Internet or network activity (browsing history on our Site, interactions with our Site)

  • Geolocation data (general geographic location based on IP address)

  • Professional or employment information (company name, job title, industry)

  • Inferences drawn from the above to create a profile reflecting preferences and characteristics

We may also process sensitive personal information in limited circumstances when providing services to clients, including Protected Health Information for Business Associate engagements and authentication credentials necessary to manage client systems. Such processing is governed by signed agreements with the relevant client or Covered Entity and is conducted only as necessary to deliver the contracted services.

Sources of the personal information are described in Section 2.

Business and commercial purposes for collecting are described in Section 4.

Categories of third parties with whom information is shared are described in Section 5.

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising as those terms are defined under California law. We do not use personal information for automated decision-making that produces legal or similarly significant effects.

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 Service Delivery

  • Provide, maintain, and improve our managed IT services

  • Monitor and manage client IT infrastructure

  • Respond to support requests and troubleshoot issues

  • Perform system updates, patches, and maintenance

  • Conduct security monitoring and threat detection

  • Perform backup and disaster recovery services

  • Provide remote and on-site technical support

4.2 Business Operations

  • Process payments and manage billing

  • Communicate with you about our services

  • Send service-related notifications and updates

  • Maintain documentation and records

  • Conduct internal research and analytics

  • Improve our website and service offerings

4.3 Legal and Compliance

  • Comply with legal obligations and regulations

  • Enforce our Terms of Service and other agreements

  • Protect our rights, property, and safety

  • Respond to legal requests and prevent fraud

  • Maintain SOC 2 compliance and security standards

4.4 Marketing and Communications

  • Send newsletters and promotional materials (with your consent where required)

  • Provide information about new services or features

  • Conduct customer satisfaction surveys

  • Invite you to events or webinars

You may opt out of marketing communications at any time by following the unsubscribe instructions in our emails or contacting us directly.

4.5 SMS and Text Communications

If you provide your mobile phone number and consent to text communications, we may send you SMS messages related to service notifications, support ticket updates, account security alerts, or marketing communications you have specifically opted into. Message and data rates may apply. Message frequency varies. You may opt out at any time by replying "STOP" to any text message you receive from us, or by contacting [email protected]. For help, reply "HELP" or contact us. Opt-out from marketing texts will not affect operational or service-related communications you have authorized as part of your service relationship.

5. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information in the following circumstances:

5.1 Service Providers and Sub-Processors

We share information with third-party service providers and sub-processors who perform services on our behalf, including:

  • Cloud hosting and infrastructure providers

  • Payment processors and billing services

  • Remote monitoring and management (RMM) software vendors

  • Cybersecurity and managed detection and response platforms

  • Backup and disaster recovery service providers

  • Customer relationship management (CRM) systems

  • Communication and email services

  • Artificial intelligence and machine learning platforms used in service delivery, support routing, and document drafting

These service providers and sub-processors are contractually obligated to protect your information and use it only for the purposes we specify. Whitaker maintains a current sub-processor list as part of its SOC 2 program; this list is available upon request to qualified clients and prospects under appropriate confidentiality protections, and is incorporated into our Data Processing Addendum where applicable.

5.2 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify affected users via email or prominent notice on our Site if your information becomes subject to a materially different privacy policy as a result of such transaction.

5.3 Legal Requirements

We may disclose your information when required by law or in response to:

  • Court orders, subpoenas, or other legal processes

  • Requests from government authorities or law enforcement

  • Legal claims or disputes

  • Situations involving potential threats to safety or security

5.4 Consent

We may share your information with your consent or at your direction.

5.5 Aggregate and De-identified Information

We may share aggregated or de-identified information that cannot reasonably be used to identify you.

6. Use of Artificial Intelligence

6.1 AI in Service Delivery and Operations

We use artificial intelligence and machine learning tools as part of normal business operations. These uses include security monitoring and threat detection, help desk support and ticket triage, document drafting and review, internal research, and software development. AI is one tool among many; output produced with AI assistance is reviewed by Whitaker personnel before being used in client-facing work or published on our Site.

6.2 AI Processing of Personal Information

Personal information you provide may be processed using AI tools to route inquiries, summarize support tickets, draft responses, or assist with documentation. We do not use information you submit to train AI models, and our AI vendors operate under data protection terms that prohibit training on our inputs. Information submitted is handled in accordance with this Privacy Policy and any applicable Data Processing Addendum.

6.3 No Automated Decision-Making

We do not use AI or other automated processing to make decisions that produce legal effects concerning you or that significantly affect you in similar ways (such as eligibility for services, pricing decisions, or contract terms). All such decisions involve human review.

6.4 AI Sub-Processors

Where AI tools are provided by third parties, those vendors are sub-processors as described in Section 5.1 and are contractually bound to handle personal information consistent with applicable privacy laws and to operate in non-training configurations.

7. Data Security

7.1 Security Measures

We implement appropriate technical and organizational security measures designed to protect your information, including:

  • Encryption of data in transit and at rest, implemented in accordance with NIST SP 800-57 and current industry best practices, including AES-256 for data at rest

  • Multi-factor authentication for administrative access

  • Regular security assessments and penetration testing

  • Network segmentation and firewall protection

  • Intrusion detection and prevention systems

  • Monthly security awareness training for employees

  • Incident response and disaster recovery procedures

  • Audit-tested security controls

7.2 Access Controls

Access to personal information is restricted to authorized personnel who need the information to perform their job functions, in accordance with the principle of least privilege. All employees and contractors are bound by confidentiality obligations.

7.3 Data Retention

We retain your information in accordance with our internal Data Management Policy. Retention periods include:

  • Customer support tickets and case data: 60 months

  • Customer support phone conversations (where applicable): 6 months

  • Customer sales and opportunity data: 60 months

  • Customer documentation, passwords, and credentials: deleted within 30 days following contract termination

  • Customer accounts and data: deleted within 60 days of contract termination, except for records we are legally or contractually required to retain

  • Security event and log data: 24 months

  • Vulnerability scan data: 6 months

  • Marketing inquiries and contact form submissions: up to 24 months from last interaction unless deletion is requested sooner

  • Marketing email lists: retained until you unsubscribe or request deletion

  • Backup data: retained per the backup and retention schedule defined in the applicable service agreement

When we no longer need your information, we securely delete or anonymize it. Personally identifiable information shall be deleted in response to a verified request from a consumer or data subject where Whitaker does not have a legitimate business interest or other legal obligation to retain the data.

7.4 Limitations

Despite our security measures, no system is completely secure. We cannot guarantee the absolute security of your information. You are responsible for maintaining the confidentiality of your account credentials.

8. Your Rights and Choices

8.1 Access, Correction, and Portability

You have the right to access your personal information, request correction of inaccurate information, and request a copy of your information in a portable format.

8.2 Deletion

You may request deletion of your personal information. We will delete personal information in response to a verified request where we do not have a legitimate business interest or other legal or contractual obligation to retain the data.

8.3 Marketing Opt-Out

You may opt out of receiving marketing communications by:

  • Clicking the "unsubscribe" link in our emails

  • Replying "STOP" to marketing text messages

  • Adjusting your communication preferences in your account settings (if applicable)

  • Contacting us directly at [email protected]

8.4 Cookie Preferences

You can manage cookie preferences through your browser settings or, where available on our Site, through our cookie consent banner (see Section 12).

8.5 Do Not Track and Global Privacy Control

Our Site does not respond to "Do Not Track" browser signals because no consistent industry standard for these signals exists. We honor opt-out requests submitted through methods described in this Privacy Policy and through Global Privacy Control (GPC) signals where required by applicable law.

8.6 Verification of Requests

To protect your privacy and security, we may require verification of your identity before responding to a privacy rights request. If you submit a request through an authorized agent, we may also require written authorization from you and verification of the agent's identity. We will use the information provided for verification only for that purpose.

9. California Privacy Rights

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

9.1 Right to Know

You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collecting, the categories of third parties with whom we share information, and the categories of personal information disclosed in the past 12 months. The categories collected are listed in Section 3.

9.2 Right to Correct

You have the right to request correction of inaccurate personal information we maintain about you.

9.3 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions provided by law.

9.4 Right to Opt Out of Sale or Sharing

We do not sell personal information and do not share personal information for cross-context behavioral advertising as those terms are defined under California law. If our practices change, we will update this Privacy Policy and provide an opt-out mechanism.

9.5 Right to Limit Use of Sensitive Personal Information

We do not use sensitive personal information for purposes beyond providing services to our clients and operational necessity. Where we process sensitive personal information on behalf of clients (such as Protected Health Information for Business Associate engagements, or authentication credentials necessary to manage client systems), we do so only as a service provider under signed agreements that govern such use.

9.6 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA or CPRA rights.

9.7 Authorized Agent

You may designate an authorized agent to make requests on your behalf. We may require verification of your identity and the agent's authorization before responding (see Section 8.6).

To exercise your rights, contact us at [email protected] or (330) 850-1025.

10. Multi-State Privacy Rights

Residents of states with comprehensive privacy laws, including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Oregon (OCPA), Texas (TDPSA), Montana, and other states with similar laws, may have rights including:

  • The right to confirm whether we are processing your personal information

  • The right to access your personal information

  • The right to correct inaccuracies in your personal information

  • The right to delete your personal information

  • The right to obtain a portable copy of your personal information

  • The right to opt out of targeted advertising, sale, or profiling that produces legal or similarly significant effects

We do not engage in targeted advertising, sale of personal information, or profiling that produces legal or similarly significant effects.

To exercise your rights under any applicable state privacy law, contact us at [email protected] or (330) 850-1025. We will respond within the timeframes required by applicable law.

11. European Privacy Rights (GDPR and UK GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) or UK GDPR, including:

  • Right to access your personal data

  • Right to rectification of inaccurate data

  • Right to erasure ("right to be forgotten")

  • Right to restrict processing

  • Right to data portability

  • Right to object to processing

  • Right to withdraw consent

  • Right to lodge a complaint with your local supervisory authority (data protection authority)

11.1 Data Controller

For purposes of GDPR and UK GDPR, the data controller is Whitaker Networks, Inc., 41 Merz Blvd., Fairlawn, Ohio 44333, United States.

11.2 Legal Basis for Processing

We process your personal data based on:

  • Performance of a contract with you

  • Our legitimate business interests

  • Compliance with legal obligations

  • Your consent (where required by law)

11.3 International Data Transfers

We are based in the United States, and your personal data will be processed in the United States. Where required, we implement appropriate safeguards for international transfers, including European Commission-approved Standard Contractual Clauses or other lawful transfer mechanisms.

11.4 Retention

Retention periods are described in Section 7.3.

12. Cookies and Tracking Technologies

12.1 Types of Cookies We Use

  • Essential Cookies: Necessary for the Site to function properly, including authentication and security

  • Analytics Cookies: Help us understand how visitors use our Site, including Google Analytics

  • Functionality Cookies: Remember your preferences and settings

  • Marketing Cookies: Track activity to deliver relevant communications (where applicable)

12.2 Managing Cookies

You can control cookies through your browser settings, through our cookie consent banner where displayed, or through opt-out mechanisms provided by analytics and advertising vendors. Disabling cookies may limit your ability to use certain features of our Site.

12.3 Third-Party Analytics

We use Google Analytics to analyze Site usage. Google Analytics uses cookies to collect information about Site traffic. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

13. Incident Response

In the event of a security incident involving personal information, Whitaker follows its Incident Response Plan and notifies affected parties, customers, regulators, and other stakeholders in accordance with applicable laws, contractual commitments, and our internal procedures. For HIPAA-covered engagements, breach notification follows the procedures described in our HIPAA Breach Procedures, which align with the requirements of the HIPAA Breach Notification Rule.

14. Children's Privacy

Our Site and services are directed to businesses and are not intended for use by children. We do not knowingly collect personal information from children under 18 without verified parental consent where required by law. If you believe we have collected information from a child without appropriate consent, please contact us immediately at [email protected] so we can delete it.

15. Business Client Data

When providing managed IT services, we typically act as a data processor (or "service provider" under California law) on behalf of our clients. Our clients remain the data controllers (or "businesses") for any data processed through our services. Our data processing obligations are governed by our Managed Services Agreements and Data Processing Addendums.

We process client data only for the purpose of providing services and in accordance with client instructions. Clients are responsible for ensuring their own compliance with applicable privacy laws regarding data they provide to us or that we access in the course of service delivery.

HIPAA Business Associate Engagements. For clients who are HIPAA Covered Entities or Business Associates, Whitaker may act as a Business Associate under signed Business Associate Agreements (BAAs). Such engagements are governed by the BAA and applicable HIPAA regulations, in addition to this Privacy Policy. Whitaker maintains specific procedures for the handling, safeguarding, and breach notification of Protected Health Information, including a documented HIPAA Breach Procedure.

Customer data is classified, handled, and protected in accordance with Whitaker's internal Data Management Policy, which defines four sensitivity tiers (Restricted, Confidential, Internal, Public) and applicable security controls.

Data Deletion Following Termination. Upon termination of a service engagement, customer accounts and data are deleted within 60 days, except for records we are legally or contractually required to retain. Customer documentation, passwords, and credentials maintained in our IT documentation systems are deleted within 30 days of contract termination.

A current list of sub-processors used in service delivery is maintained as part of our SOC 2 program and is available upon request to qualified clients and prospects under appropriate confidentiality protections.

16. Third-Party Websites and Services

Our Site may contain links to third-party websites and services, including websites of our technology partners and vendors. This Privacy Policy does not apply to those third-party sites. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party sites you visit.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by:

  • Posting the updated Privacy Policy on this page with a new "Last Updated" date

  • Sending an email notification to registered users where appropriate

  • Displaying a prominent notice on our Site

Your continued use of the Site or services after the effective date of any changes constitutes acceptance of the updated Privacy Policy.

18. Compliance and Certifications

Whitaker Networks maintains a SOC 2 Type 2 attestation. Our Trust Center, available at trust.whitakernetworks.com, provides current information about our security program, certifications, and supporting documentation. SOC 2 reports and other security artifacts may be made available to qualified clients and prospects under appropriate confidentiality protections.

19. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Whitaker Networks, Inc.
Email: [email protected]
Phone: (330) 850-1025
Address: 41 Merz Blvd. Fairlawn, Ohio 44333