🔒 PatchVow achieves FedRAMP authorization — Learn more →
Legal

Privacy Policy

Last updated: March 1, 2026

Your privacy matters. This policy explains how PatchVow collects, uses, and protects your information.

Summary: We collect only what's needed to provide our service. We never sell your data. You can export or delete your data at any time.

1. Information We Collect

We collect information you provide directly, such as account registration details (name, email, company), billing information, and support communications. We also collect usage data including endpoint metadata, patch deployment logs, and platform interaction analytics.

2. How We Use Your Information

We use collected information to provide and improve our patch management services, process transactions, send service communications, ensure platform security, and comply with legal obligations. We do not sell your personal data to third parties.

3. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Patch deployment logs are retained for 90 days by default (configurable up to 7 years for compliance). You may request deletion of your data at any time.

4. Data Security

We implement industry-standard security measures including AES-256 encryption at rest, TLS 1.3 in transit, and SOC 2 Type II certified controls. See our Security page for details.

5. Your Rights

You have the right to access, correct, delete, or export your personal data. You may also opt out of marketing communications at any time. To exercise these rights, contact privacy@patchvow.com.

6. Cookies

We use essential cookies for authentication and session management. Analytics cookies are used with your consent to improve our services. You can manage cookie preferences in your browser settings.

7. Contact

For privacy-related inquiries, contact our Data Protection Officer at privacy@patchvow.com or write to PatchVow, Inc., 548 Market St, Suite 92100, San Francisco, CA 94104.

8. International Transfers

PatchVow processes data in the United States and European Union. We use Standard Contractual Clauses (SCCs) for transfers outside the EEA. Data residency options are available for Enterprise customers.

9. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via email and in-app notification at least 30 days before taking effect. Continued use of PatchVow after changes constitutes acceptance.

10. Third-Party Services

PatchVow integrates with third-party services (cloud providers, SIEM tools, notification platforms) at your direction. These services have their own privacy policies. We only share the minimum data necessary for the integration to function.

11. Children's Privacy

PatchVow is a business-to-business service not directed at individuals under 16. We do not knowingly collect personal information from children.

12. California Privacy Rights

California residents have additional rights under the CCPA, including the right to know what personal information is collected, the right to delete, and the right to opt out of the sale of personal information. PatchVow does not sell personal information. To exercise your rights, email privacy@patchvow.com.

13. Data Sub-Processors

PatchVow uses sub-processors to deliver our services, including AWS (infrastructure), Stripe (payments), and SendGrid (email). A complete list of sub-processors is available upon request. We notify customers 30 days before adding new sub-processors.