Privacy Policy

Effective Date: March 21, 2026

At Pro Nova Technologies Inc. ("we," "us," or "our"), we respect your privacy and are committed to protecting the personal information you share with us. This Privacy Policy describes how we collect, use, and share your information when you visit our website, https://pronovatech.com (the "Site"), and when you use our software products, including the PNT Remote Monitoring & Management Services ("PNT-RMMS") desktop client (collectively, the "Services").

1

Information We Collect

1.1 Website Information

  • Account Information: Email address, password (securely hashed), and profile details you provide when creating an account.
  • Transaction Data: Purchase history, subscription details, and billing information processed through Stripe (we do not store full credit card numbers).
  • Support Communications: Support ticket content, email correspondence, and any translations generated for multi-language support.
  • Analytics Data: Pages visited, session duration, browser type, and device type. We use our own privacy-preserving analytics — visitor identification uses daily-rotated salted hashes (not persistent tracking IDs). Raw analytics data is automatically purged after 90 days.

1.2 PNT-RMMS Desktop Client Data

When you install and use the PNT-RMMS software, the following data is collected and transmitted to our servers:

  • Device Information: Computer hostname, domain membership, operating system type and version, CPU specifications, memory (RAM) capacity and usage, disk storage capacity and usage, and network adapter details.
  • Network Data: Local and public IP addresses (public IPs are stored as salted hashes, not in plaintext), connection status, and availability metrics.
  • Agent Metadata: PNT-RMMS software version, device identification tokens, and license validation data.
  • Diagnostic Logs: Warning-level and above application logs are automatically submitted to our server for centralized troubleshooting. Logs are deduplicated and batched (maximum 50 entries per submission). Personal data is not included in diagnostic logs.

1.3 Remote Access Session Data

When a remote support session is initiated, the following data may be collected:

  • Session Metadata: Session start/end times, duration, administrator identity, connection type (relay or peer-to-peer), and session status.
  • Screen Content: During active remote viewing sessions, screen frames are transmitted in real-time to the authorized administrator. Frames are encrypted in transit (TLS) and may be end-to-end encrypted (AES-256-GCM with ECDH key exchange).
  • Session Recordings: If session recording is enabled, screen frames and metadata may be stored for compliance and training purposes.
  • Audit Logs: All remote actions (commands executed, files transferred, services modified, processes managed) are logged for security and compliance purposes.

1.4 Peer-to-Peer Connection Data

PNT-RMMS supports direct peer-to-peer (P2P) connections using WebRTC technology:

  • ICE/STUN Data: Your device's network address information is exchanged through our STUN server (stun.pronovatech.com) and a public Google STUN server as fallback to establish direct connections.
  • TURN Relay: When direct P2P connections cannot be established, session data is relayed through our TURN server (turn.pronovatech.com). Relay data is encrypted and not stored.

1.5 RMMS End-User Portal Data

If you use the RMMS self-service portal to manage your company and devices:

  • Company name, contact information, and organizational structure.
  • Team member invitations, roles, and device permission levels.
  • Support agreement consent records (text version, timestamp, IP address).
2

How We Use Your Information

  • To operate, maintain, and improve our Site and Services.
  • To process transactions, manage subscriptions, and enforce device licenses.
  • To provide remote monitoring, management, and technical support through PNT-RMMS.
  • To authenticate users and devices, and validate software licenses.
  • To communicate with you, respond to support tickets, and provide customer service.
  • To detect and prevent fraud, abuse, and security threats.
  • To analyze website and service usage patterns and improve performance (using privacy-preserving analytics).
  • To send transactional communications (order confirmations, license notifications, MFA codes).
  • To maintain audit trails for compliance and security purposes.
  • To deliver automatic software updates for PNT-RMMS.
3

Sharing Your Information

We do not sell your personal information. We may share information with:

  • Payment Processor (Stripe): For secure payment processing. We do not store full credit card numbers.
  • Authorized Administrators: PNT-RMMS remote access sessions allow authorized administrators to view and interact with devices. Access is controlled by permissions, support agreements, and audit logging.
  • Company Members: If you belong to an RMMS company, other authorized members may see device names, online status, and permission levels.
  • Infrastructure Providers: Hosting and CDN providers who assist in delivering our Services, subject to confidentiality agreements.
  • Legal Requirements: When required by law, regulation, legal process, or government request.
4

Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

  • TLS encryption for all data in transit between your browser/device and our servers.
  • AES-256-GCM end-to-end encryption for remote viewing sessions with ECDH key exchange.
  • AES-256 encryption at rest for sensitive settings (SMTP credentials, API keys) stored in our database.
  • SHA-512 cryptographic hashing for passwords, analytics identifiers, and integrity verification.
  • TPM-based device attestation when hardware security modules are available.
  • HMAC signature validation for API request integrity.
  • Rate limiting and account lockout protections against brute-force attacks.
  • Email-based multi-factor authentication (MFA) for administrator and RMMS subscriber accounts.

However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

5

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, or as required by law:

  • Account Data: Retained until you delete your account.
  • Transaction Records: 7 years (legal/tax requirement).
  • Support Tickets: 3 years after resolution.
  • Website Analytics (Raw): 90 days, then automatically purged. Aggregated daily summaries are retained longer.
  • RMMS Device Data: Retained while your subscription and device registration are active.
  • Remote Session Audit Logs: 90 days on the client, retained on the server per your subscription terms.
  • Session Recordings: Retained per your organization's recording retention settings.
  • Diagnostic Logs: 90 days on the server.
  • Webhook/API Logs: 90 days, then automatically purged.
6

Your Data Rights

Depending on your location (e.g., GDPR, CCPA), you may have the following rights:

  • Access: Request access to the personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request that we delete your personal data.
  • Opt-Out: Opt-out of marketing communications or the sale/sharing of data.

To exercise these rights, please contact us at support@pronovatech.com.

7

Children's Privacy

Our Services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we learn we have collected information from a child under 16, we will promptly delete it.

8

PNT-RMMS Specific Disclosures

The PNT-RMMS desktop client operates with the following specific privacy considerations:

  • Background Operation: PNT-RMMS may run as a Windows Service, starting automatically at boot and operating in the background. It periodically syncs device information with our servers.
  • Remote Access: Authorized administrators can view your screen, control keyboard/mouse input, transfer files, execute diagnostic commands, and manage system processes/services. All actions are logged.
  • User Consent Modes: PNT-RMMS can be configured for "User Controlled" mode (requires explicit approval for each remote session) or "Automatic" mode (allows authorized connections without per-session approval).
  • Two-Factor Authentication: Remote access sessions may require a 6-digit 2FA code displayed on the user's screen for additional security.
  • Auto-Updates: The software periodically checks for and may download updates. Downloaded installers are verified using SHA-512 hash verification before installation.
  • IP Address Handling: Public IP addresses from RMMS devices are stored as salted hashes for admin lookup, with an obfuscated display version. Full IPs are only visible to administrators.
9

Updates to This Policy

We may update this Privacy Policy from time to time. The "Effective Date" at the top of this page will be updated to reflect any changes.

10

Contact Us

If you have questions about this Privacy Policy, please contact us:

Pro Nova Technologies Inc.
support@pronovatech.com