The Blue Vault Contact
Legal·Privacy

Privacy policy.

What we collect, why, how long we keep it, and how to exercise your rights.

Effective May 13, 2026 · Version 4.1

The Blue Vault, LLC ("The Blue Vault," "we," "us") respects your privacy. We collect the minimum personal information needed to deliver our services and answer your questions. This page explains what we collect, why, how long we keep it, and how to exercise your rights under Florida and applicable U.S. state law.

1. Information we collect

1.1 Information you give us

  • Identity and contact data — name, email, phone, company — provided when you contact us through the website, by email, or by phone.
  • Engagement context — anything you tell us about your environment, your problems, or your project.

1.2 Information we collect through site use

  • Aggregate analytics — page views, referrers, device type. We do not deploy third-party advertising pixels or cross-site tracking.
  • Server logs — IP address, request timestamp, user agent — retained 30 days for security purposes.

1.3 Information from managed environments

For clients under written contract, we collect technical telemetry from their managed environments — endpoint health, network flows, security event logs, identity events, backup state. This data is governed by the Master Services Agreement and is owned by the client.

2. How we use it

  • To deliver contracted services and respond to inquiries.
  • To detect threats inside managed environments.
  • To maintain audit evidence for SOC 2, HIPAA, and FINRA obligations on behalf of regulated clients.
  • To improve our practice, in aggregate (we do not profile individuals).

3. Sharing

We do not sell personal information. We do not share it with marketers or advertising networks. We share it only with:

  • Subprocessors under written DPA — listed below — who need access to deliver our services.
  • Legal authorities under valid legal process. We notify the subject unless prohibited.
  • Successors in a corporate transaction, under equivalent privacy commitments.

3.1 Subprocessors (current list)

  • Microsoft (M365 / Azure) — productivity, mail, identity
  • SentinelOne · Huntress — endpoint detection & response
  • Cloudflare — DNS, edge security
  • Atlassian — internal ticketing
  • Datto — backup orchestration

4. Retention

  • Marketing inquiries — purged after 24 months of inactivity.
  • Operational logs — 365 days.
  • Books-and-records data for regulated clients — per their contractual requirement, typically 6 or 7 years.
  • Server access logs — 30 days.

5. Your rights

Under FL Stat. §501.171 and other applicable state laws, you may request:

  • Access to personal information we hold about you.
  • Correction of inaccurate information.
  • Deletion of personal information, subject to retention obligations above.
  • An export of your information in a portable format.
  • Opt-out of any future use we make of your information for purposes other than delivering contracted services.

Write to privacy@thebluevault.com. We respond within 30 days, usually faster.

6. Security

We protect personal information with the same controls we deploy for our managed clients — encryption at rest and in transit, MFA on all administrative accounts, EDR on every endpoint, immutable backups, and 24/7 monitoring. Our security posture is described in detail on /security.

7. Children

This site is not directed at children. We do not knowingly collect information from anyone under 13.

8. Changes

If we materially change this policy, we update the effective date at the top and notify clients in advance. Historical versions are available on request.

9. Contact

The Blue Vault, LLC
660 Glades Rd
Boca Raton, FL 33431
USA

Privacy: privacy@thebluevault.com
Security: security@thebluevault.com