How we handle your data.

We collect as little data as we can get away with. We don't sell anything. We don't use advertising cookies. The only "tracking" on this site is anonymous page-view counts that don't follow you anywhere.

When you submit a form (contact, careers, the live demo), we keep what you wrote so we can answer you. When you stop being a prospect, customer, or applicant, we delete it on request.

Pittwater is a Connecticut-based AV systems integration firm. Our office of record is 487 Federal Rd, Brookfield CT 06804. You can reach our team at hello@pittwater.co.

This policy covers the website at pittwater.co (and our project demo subdomain at pitth2o.com). It does not cover anything we do under contract for our clients — those engagements have their own NDAs and data-handling terms.

When you browse the site: Anonymous page-view counts and Core Web Vitals (loading speed, layout stability) via Vercel Analytics. No cookies are set. Your IP address is processed by our hosting provider (Vercel) to serve you the page, but is not stored or shared.

When you submit a form (Contact, Careers, "Send a note"): the fields you typed — typically your name, email, optional company/location, and the message body. We use this to reply to you.

When you use the live-control demo on the homepage: a randomly-generated session ID (so we know whose clicks are whose), a one-way SHA-256 hash of your IP address (so two browser tabs from the same network don't grab two queue slots), and your approximate city/country if your browser shares it. All of this is deleted automatically about an hour after you leave the page.

When you view the /monitoring page: nothing about you, the visitor, is collected. The numbers shown on that page (device counts, incident feed, fleet uptime) are pulled by our server from XYTE — our third-party monitoring backend — and rendered with every customer and device identifier replaced by a one-way hash so no real client is named on the page. While the tab is open, your browser polls our own endpoint /api/monitoring/pulse about once a minute for fresh counters; polling stops automatically when the tab is hidden. No cookies, no fingerprinting, no analytics specific to /monitoring.

We do not collect: payment information, precise location, anything from your social media accounts, or browsing data from outside this website. We never run advertising trackers.

Form submissions: we read them and reply. Nothing else.

Demo session data: routes your clicks to the right Q-SYS processor in our office and enforces the one-visitor-at-a-time queue.

Analytics: lets us see which pages people read so we can decide where to invest writing time. No individual-level data is exposed to us — Vercel Analytics is page-view counts in aggregate.

We do not use any of this to build a profile of you, sell your data, train an AI model, or send you marketing email you didn't ask for.

We use a small set of trusted processors to actually run the website. Each one only sees the data it needs to do its job:

Vercel (hosting + analytics) — vercel.com/legal/privacy-policy Sanity (CMS, for the content you read on the public site) — sanity.io/legal/privacy Upstash Redis (live demo session/queue state) — upstash.com/trust/privacy.pdf Cloudflare Stream (the live demo camera feed) — cloudflare.com/privacypolicy Cloudflare Tunnel (the encrypted tunnel between our cloud and the Brookfield office bridge) — cloudflare.com/privacypolicy XYTE (the third-party AV monitoring backend feeding the /monitoring page; we send no visitor data to XYTE — only our own server pulls fleet stats from it) — xyte.io/privacy-policy Resend (the email delivery service used when you submit a form) — resend.com/legal/privacy-policy Slack (where form submissions land internally for our team to read) — slack.com/trust/privacy/privacy-policy Google Maps (embedded on the Contact page) — policies.google.com/privacy

We do not sell your information. We do not share it with advertisers, data brokers, or anyone outside this list.

We don't set any cookies on this site. Vercel Analytics is cookieless by design. We don't run Google Analytics, advertising pixels, or any tracker that follows you between websites.

The only exception is our CMS administration interface at /studio, which uses Sanity's authentication cookies — but that area is for our team only, not for site visitors.

See our Cookie Policy for the full breakdown.

Form submissions stay in our email and Slack indefinitely so we can find them when we need to. You can ask us to delete yours at any time and we will.

Live-demo session data has a one-hour time-to-live in Redis and is purged automatically.

Analytics data is retained per Vercel's policy — typically rolling, no per-user history because no per-user identification exists.

Careers applications are kept for up to two years in case a fit opens up later. Tell us to delete sooner and we will.

Regardless of where you live, you can email hello@pittwater.co and ask us to:

- Tell you what we have on file about you - Correct anything that's wrong - Delete it entirely - Send you a copy in a portable format

We'll respond within 30 days. We don't charge a fee.

If you're in the EU, UK, Switzerland, or similar jurisdictions: the legal basis for processing your form submission is consent (you chose to submit it) or legitimate interest (we need to answer you). For analytics, the basis is legitimate interest (running the website). You can object to processing at any time by emailing us — we may keep your contact details if we have a legal obligation, but we'll stop using them otherwise.

If you're in California, Connecticut, Virginia, Colorado, or any other state with a consumer privacy law: you have the same set of rights — access, correction, deletion, portability, and the right to opt out of sale. We do not sell or share personal information for cross-context behavioral advertising, full stop.

This website is not directed at children under 16. We don't knowingly collect data from anyone under 16. If you believe a child has submitted information to us, email hello@pittwater.co and we'll delete it.

Our processors are primarily US-based. If you're in the EU/UK and submit a form, your data will be transferred to and stored in the United States. We rely on the EU-US Data Privacy Framework and standard contractual clauses (where applicable) as the legal mechanism for that transfer. The processors above each publish their own SCC/DPF posture; we use only providers that have one.

All data in transit uses TLS. Form submissions never touch a third party outside the processors listed above. Our internal Slack workspace requires 2FA, our email account requires 2FA, our hosting account requires 2FA, and our CMS uses SSO with 2FA. We don't store passwords or payment information on our infrastructure.

If you believe you've found a security issue with this website, please email security@pittwater.co with details. We respond to good-faith reports within 72 hours.

When we materially change this policy, we update the Last updated date at the top and, where required by law, give visitors at least 30 days' notice via a banner on the site. Cosmetic edits (typo fixes, layout) don't trigger a notice.

Questions about this policy or about how we handle your data:

Email: hello@pittwater.co Mail: Pittwater, 487 Federal Rd, Brookfield CT 06804, USA