Inputiv

Privacy Policy

We take privacy seriously. This policy explains what data Inputiv collects, how we use it, and the rights you have over your information. We will never sell your data.

Effective Date:

1 January 2025

Last Updated:

1 October 2025

Entity:

Inputiv LLP

Summary:

Inputiv collects only what it needs to deliver its services. We do not sell your data to third parties. We store data securely and give you control over it. If you have any questions, email us at privacy@inputiv.com

Who We Are

Inputiv LLP is a technology services company providing helpdesk support, project delivery, and the TBR (Technology Business Review) platform to Managed Service Providers (MSPs) across the United States and Australia.

For the purposes of data protection law, Inputiv LLP is the data controller of personal data collected through our website (inputiv.com), our TBR application (app.inputiv.com), and in the course of providing our services.

When we act as a support partner to an MSP and process data on behalf of that MSP's clients, we do so as a data processor under the instructions of the MSP (who is the data controller in that context). This is governed by our Data Processing Agreement, available on request.

Our Contact Details

Company name:

Inputiv LLP

Email:

privacy@inputiv.com

Website:

inputiv.com

Service platform:

app.inputiv.com

What Data We Collect

We collect different types of data depending on how you interact with us.

2.1 Data You Provide Directly

Contact information:

Name, email address, company name, and phone number when you fill in our contact form or email us.

Account information:

Email address, password (hashed), and company details when you register for the TBR platform.

Business information:

MSP name, client organisation names, domains, and operational details shared during onboarding or in the course of our services.

Communications:

Records of emails, messages, or other correspondence you send to us.

2.2 Data Collected Automatically

Usage data:

Pages visited, features used, time spent, and clicks within the TBR platform.

Technical data:

IP address, browser type, operating system, and device information.

Log data:

Access logs for security monitoring and platform reliability purposes.

Cookies:

See Section 9 for our cookie policy.

2.3 Data From Microsoft 365 Integration

When you connect a client's Microsoft 365 tenant to the TBR platform, we access and process the following data on your behalf:

Data Type

Purpose

How Long We Store It

Secure Score

Display security posture in dashboard and reports

90 days rolling

MFA Status

Show MFA coverage per user

90 days rolling

License Data

License utilisation reporting

90 days rolling

User Directory

User management and reporting

Duration of M365 connection

Complia
-nce
Checks

Security compliance reporting

90 days rolling

We access only what is necessary for the TBR platform to function. We do not read email content, documents, or personal files.

2.4 Data From Third-Party Integrations

If you connect third-party tools (Autotask PSA, NinjaOne, ConnectSecure, Bitdefender, N-able Cove, SentinelOne, NodeWare), we receive only the data those platforms share via their APIs for the purpose of populating your TBR reports. We process this data solely on your instructions.

How We Use Your Data

Purpose

Data Used

Legal Basis

Delivering helpdesk & project services

Business information, communi
-cations, client environment data

Contract perfor
-mance

Operating
the TBR platform

Account data, M365 data, integration data

Contract perfor
-mance

Responding to enquiries

Contact information, communi
-cations

Legitimate interests

Sending
service communi
-cations

Email address, account data

Contract performance

Improving our products

Usage data, log data (anonymised)

Legitimate interests

Security & fraud prevention

Technical data, log data

Legitimate interests

Legal compliance

Any relevant data

Legal obligation

Marketing (where consented)

Email address, name

We will never use your data for automated decision-making that produces legal or significant effects without your knowledge and, where required, your consent.

Legal Basis for Processing

Depending on the jurisdiction and context, we rely on one or more of the following legal bases:

Contract performance:

Processing is necessary to perform our contract with you or to take steps before entering into a contract.

Legitimate interests:

Processing is necessary for our legitimate business interests, such as improving our services, ensuring security, and responding to enquiries, where those interests are not overridden by your rights.

Legal obligation:

Processing is necessary to comply with applicable laws and regulations.

5.1 Service Providers

We engage trusted third-party providers who process data on our behalf under strict contractual obligations. These include:

Cloud infrastructure:

Hosting, storage, and database providers

Email delivery:

Transactional email services for platform notifications

Analytics:

Anonymised usage analytics to improve platform performance

Security monitoring:

Threat detection and incident response tooling

5.2 Professional Advisors

5.3 Legal Requirements

We may disclose data if required to do so by applicable law, court order, or governmental authority, or where we reasonably believe disclosure is necessary to protect the rights, property, or safety of Inputiv, our clients, or the public.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of all or substantially all of our business assets, personal data may be transferred to the acquirer. We will notify you before any such transfer and will ensure appropriate protections are in place.

International Transfers

Inputiv serves clients in the United States and Australia. Our primary infrastructure is hosted in the United States. When data is transferred across borders, we ensure appropriate safeguards are in place, including:

- Standard Contractual Clauses (SCCs) approved by relevant data protection authorities

- Transfers to countries with an adequacy decision where applicable

- Data Processing Agreements with all third-party processors

For Australian clients:

We comply with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). If you are based in Australia and have concerns about cross-border transfers, please contact us at privacy@inputiv.com.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention periods are:

Data Category

Retention Period

Reason

Account data

Duration of account + 2 yrs

Contract obligations and dispute resolution

M365 & integration data

90 days rolling
‍

Report generation and trend analysis
‍

Service communi
-cations

3 years
‍

Record-keeping and legal compliance
‍

Contact enquiries

2 years

Legitimate interest in responding to follow-ups

Security logs

12 months

Security monitoring and incident investigation

Marketing consents

Until withdrawal + 1 year
‍

Financial records

7 years

Legal and tax obligations

When data is no longer required, we securely delete or anonymise it. Where deletion is not immediately possible (e.g., due to backup systems), we isolate the data from further processing until deletion is possible.

Your Rights

Depending on your location, you may have the following rights over your personal data:

Right to access:

Request a copy of the personal data we hold about you.

Right to rectification:

Request that we correct inaccurate or incomplete data.

Right to erasure:

Request deletion of your personal data, subject to legal obligations that require us to retain it.

Right to restrict processing:

Request that we pause processing your data in certain circumstances.

Right to data portability:

Request your data in a structured, machine-readable format.

Right to object:

Object to processing based on legitimate interests or for direct marketing.

Right to lodge a complaint:

Lodge a complaint with your relevant data protection authority.

How to exercise your rights:

Email us at privacy@inputiv.com with the subject line "Privacy Rights Request". We will respond within 30 days. We may need to verify your identity before processing your request.

California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is sold or disclosed and to opt out of any sale. We do not sell personal information. To exercise your CCPA rights, contact privacy@inputiv.com.

Australian Residents

Australian residents may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au

if you are not satisfied with our response to a privacy concern.

Our website and platform use cookies and similar technologies. We use:

Purpose

Duration

Strictly Necessary

Session management, authentication, security tokens

Session

Functional

Remember your preferences (language, layout)

12 months

Analytics

Understand how visitors use our site (anonymised)

12 months

Marketing

12 months

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our platform. We do not use cookies to identify you personally without your consent.

Security

We implement appropriate technical and organisational measures to protect your data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Our security measures include:

Encryption of data in transit (TLS 1.2+) and at rest (AES-256)

Multi-factor authentication for all internal systems and the TBR platform

Role-based access controls — engineers access only what is necessary for their role

Regular security monitoring, alerting, and incident response procedures

Quarterly access reviews across all internal and client-facing systems

SOC 2 Type 2 certification (see our SOC 2 page for details)

Data Breach Notification:

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and relevant supervisory authorities in accordance with applicable law, without undue delay.

Children's Privacy

Our services are not directed at, and we do not knowingly collect personal data from, individuals under the age of 18. If you believe a child has provided us with personal data, please contact us immediately at privacy@inputiv.com and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the "Last Updated" date at the top of this page

Notify registered TBR platform users by email

We encourage you to review this Policy periodically. Continued use of our services after any changes constitutes acceptance of the updated Policy.

If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please get in touch:

Legal or contractual questions?

legal@inputiv.com

— we respond within 2 business days.

Email us →