Privacy Policy
Last Updated: March 2026
This Privacy Policy explains how GTS Distributions ("Company," "we," "us") collects, uses, stores, and protects personal information when you visit our website, submit a project inquiry, or engage our professional services. We are committed to protecting your privacy and handling your data with the same care and professionalism we apply to our development work.
1. Who We Are
GTS Distributions is a professional software development and IT consulting firm. For the purposes of applicable data protection laws (including the GDPR), GTS Distributions is the Data Controller, the entity that determines the purposes and means of processing your personal data.
- Business Name: GTS Distributions
- Website: gtsdistributions.com
- Privacy Contact: jdugdale@gtsdistributions.com
2. Information We Collect
We collect different categories of information depending on how you interact with us: whether you're browsing our website, submitting a contact form, or working with us as a client on an active project.
2.1 Information You Provide Directly
| Data Type | When & Why Collected | Legal Basis (GDPR) |
|---|---|---|
| Full Name | Contact form submission; project proposals; invoicing | Legitimate Interest / Contract |
| Email Address | Contact form; project communications; invoice delivery | Legitimate Interest / Contract |
| Phone Number | Contact form; transactional SMS updates (with consent) | Explicit Consent |
| Business / Company Name | Project scoping; proposals; invoicing | Contract |
| Project Description & Requirements | Contact form; discovery calls; project briefs | Contract |
| Billing & Payment Information | Invoicing and payment processing (handled via third-party processors; we do not store card numbers) | Contract / Legal Obligation |
2.2 Information Collected During Client Engagements
When you engage GTS Distributions for a development project, we may temporarily access or process additional data as necessary to perform our work:
- System Credentials & Access Tokens: Login credentials for hosting platforms, CMS systems, databases, APIs, or other services you grant us access to in order to complete your project. We use these only for the purpose stated in the SOW and return or revoke access upon project completion.
- Client-Provided Content & Assets: Text copy, images, logos, brand guidelines, design files, and other materials you provide for use in your project.
- Existing Application Data: If we're working on an existing application, we may access databases, codebases, or logs as necessary for development, debugging, or migration purposes.
- Communication Records: Emails, messages, and meeting notes exchanged during the project are retained as part of the project record.
2.3 Information Collected Automatically
| Data Type | How Collected | Legal Basis (GDPR) |
|---|---|---|
| IP Address | Automatically logged by Netlify (our hosting provider) | Legitimate Interest |
| Browser Type & Version | HTTP headers collected by Netlify | Legitimate Interest |
| Device Type & Operating System | HTTP headers collected by Netlify | Legitimate Interest |
| Pages Visited & Referral Source | Server access logs (Netlify) | Legitimate Interest |
We do not use Google Analytics, Facebook Pixel, or any third-party tracking or advertising scripts on this website.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Respond to inquiries: When you submit our contact form, we use your information to evaluate your project needs and respond to you.
- Deliver services: To scope, develop, test, deploy, and support the software and applications we build for you under an active engagement.
- Project communications: To send project updates, milestone notifications, review requests, and meeting coordination via email, phone, or SMS.
- Invoicing & payments: To generate invoices, process payments, and maintain financial records as required by law.
- Legal compliance: To maintain records required by tax, business, and telecommunications regulations.
- Website security: To monitor for suspicious activity, prevent abuse, and maintain the security of our website and infrastructure.
- Improve our services: To understand how visitors use our website and identify areas for improvement (using server logs only, no tracking scripts).
We will never sell your personal data. We will never use your information for unsolicited marketing. We will never share your information with third parties for their own marketing purposes.
4. Client Project Data & Confidentiality
During the course of a development engagement, GTS Distributions may have access to sensitive client systems, proprietary data, and business information. We take this responsibility seriously:
- Access is limited to scope: We only access systems, databases, and services explicitly required by the agreed Statement of Work.
- Credentials are handled securely: We use password managers and encrypted communication channels for credential exchange. We never store credentials in plaintext or in code repositories.
- Access is revoked upon completion: At the end of each engagement, we revoke our access to all client systems, remove local copies of sensitive data, and confirm access termination with the client.
- Client data is never used for other purposes: Data accessed during your project is used exclusively for that project. We do not repurpose, aggregate, or analyze client data for any other reason.
- NDA available: If your project involves particularly sensitive data, we are happy to execute a formal Non-Disclosure Agreement (NDA) before the engagement begins.
5. SMS Communications Policy (A2P 10DLC Compliance)
If you provide your phone number and consent via our contact form, we may send you transactional SMS messages. This section contains required compliance language for U.S. telecommunications regulations:
Mobile information will not be shared, sold, or conveyed to third parties for marketing or promotional purposes.
Your phone number is collected solely to send transactional SMS communications directly related to your project, inquiry, or invoice.
We collect your phone number only to send transactional communications related to your project or inquiry.
- You may opt out of receiving SMS messages at any time by replying STOP to any message we send.
- For help with SMS communications, reply HELP or email jdugdale@gtsdistributions.com.
- Message and data rates may apply. Message frequency varies based on project activity.
6. Third-Party Service Providers & Data Processors
We use a limited number of third-party services to operate our website and deliver our services. Each provider has been selected for their security standards and compliance posture. We do not authorize any processor to use your personal data for their own purposes.
Hosting & Infrastructure
- Netlify: Website hosting and CDN. Automatically collects server logs (IP addresses, request data). GDPR compliant. Privacy Policy
Form Handling
- Formspree: Processes and stores contact form submissions. GDPR compliant. Data stored on secure cloud servers. Privacy Policy
Typography
- Google Fonts: Web fonts loaded from Google's CDN. Your IP address may be sent to Google's servers during font loading. Privacy Policy
Invoicing & Payments
- Payments are processed through third-party invoicing platforms (e.g., Stripe, PayPal, or similar). GTS Distributions does not directly store credit card numbers, bank account details, or other payment card data. Payment processors are PCI-DSS compliant.
Project Collaboration Tools
- During active engagements, we may use tools such as GitHub, GitLab, Slack, Notion, or email services to collaborate on your project. These tools are governed by their respective privacy policies and are accessed using secured accounts.
7. Cookies & Tracking Technologies
- This website does not use tracking cookies, advertising cookies, or retargeting pixels.
- We do not use Google Analytics, Facebook Pixel, Hotjar, or any behavioral analytics tool.
- Google Fonts may set a functional cookie; see Google's cookie policy for details.
- No personally identifiable information is stored in cookies on this website.
8. Data Retention
We retain personal information only as long as necessary to fulfill the purposes described in this policy, or as required by law:
- Website contact form submissions: Retained for 12 months, then deleted from Formspree.
- Client project files & communications: Retained for the duration of the engagement plus 3 years (for warranty, legal, and reference purposes). After this period, project data is securely deleted or anonymized.
- Invoicing & financial records: Retained for 7 years as required by U.S. tax regulations.
- SMS consent records: Retained for 4 years as required by U.S. telecom regulations.
- System credentials provided by clients: Deleted or access revoked within 7 days of project completion, unless an active maintenance agreement is in place.
You may request early deletion of your data at any time (subject to any legal retention requirements) by emailing jdugdale@gtsdistributions.com.
9. Data Security
We implement appropriate technical and organizational measures to protect your information:
- Encryption in transit: All data transmitted to and from our website is protected by TLS/HTTPS encryption, provisioned automatically by Netlify.
- Secure credential handling: Client credentials are exchanged via encrypted channels and stored in password managers, never in code, emails, or documents.
- Access control: Only authorized GTS Distributions personnel access client data and form submissions. We do not employ offshore contractors or share access with third parties without client consent.
- Code repository security: Client project codebases are hosted in private repositories with branch protection, access logging, and two-factor authentication enabled.
- No payment card storage: We never store credit card numbers, CVVs, or bank account information. All payments are handled by PCI-DSS compliant third-party processors.
- Incident response: In the unlikely event of a data breach affecting your personal information, we will notify affected individuals within 72 hours as required by GDPR and applicable U.S. state laws.
10. Your Privacy Rights
10.1 All Users
Regardless of your location, you have the right to:
- Request a copy of the personal data we hold about you
- Request correction of inaccurate information
- Request deletion of your personal data (subject to legal retention requirements)
- Opt out of SMS communications at any time by replying STOP
- Withdraw consent for any processing based on consent
10.2 California Residents (CCPA/CPRA)
Under the California Consumer Privacy Act and California Privacy Rights Act, you have the additional right to:
- Know what categories of personal data we have collected and the purposes for which it is used
- Request deletion of your personal data
- Opt out of the "sale" or "sharing" of your personal data. Note: GTS Distributions does not sell or share personal data.
- Limit the use of sensitive personal information
- Non-discrimination for exercising your privacy rights
10.3 EU & UK Residents (GDPR / UK GDPR)
Under the General Data Protection Regulation, you have the right to:
- Access: Obtain a copy of the personal data we process about you
- Rectification: Correct any inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Request that we limit how we process your data
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to processing based on legitimate interest
- Withdraw consent: At any time, without affecting the lawfulness of processing that occurred before withdrawal
- Lodge a complaint: With your local Data Protection Authority if you believe your rights have been violated
To exercise any of these rights, email jdugdale@gtsdistributions.com. We will acknowledge your request within 5 business days and respond substantively within 30 days.
11. International Data Transfers
GTS Distributions is based in the United States. If you are accessing our website or engaging our services from outside the United States (including the EU, UK, or Canada), please be aware that your information will be transferred to, stored, and processed in the United States.
By submitting your information through our contact form or engaging our services, you consent to this transfer. We ensure that all data is handled in accordance with this Privacy Policy and applicable data protection laws, regardless of where it is processed.
12. Children's Privacy
Our services are designed for business clients. We do not knowingly collect personal information from children under 13 (or under 16 in the EU/UK). If you believe we have inadvertently collected data from a minor, please contact us immediately at jdugdale@gtsdistributions.com and we will delete it promptly.
13. Do Not Track (DNT) Signals
Our website does not track users across third-party websites and does not respond to Do Not Track (DNT) browser signals, as we do not engage in cross-site tracking of any kind.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or business practices. When we make material changes, we will update the "Last Updated" date at the top of this page. Active clients will be notified of significant changes via email.
Continued use of our website or services after changes are posted constitutes acceptance of the revised policy.
15. Contact Us
For any privacy-related questions, data requests, or concerns, contact us at:
- Email: jdugdale@gtsdistributions.com
- Website: gtsdistributions.com
We take every privacy inquiry seriously and will respond within 5 business days.