Skip to content
352-789-6043 Let's Talk
Privacy

Privacy Policy

How Think Technologies Group collects, uses, shares, and protects personal information across thinkIT, ThinkAI, and ThinkVoIP.

Legal document

The short version: we collect the information you give us on our forms (so we can answer you), basic technical information your browser sends (so we can run the website), and analytics data (so we know what's working). We don't sell your personal information for money. We use a small set of well-known vendors — Vercel, Cloudflare, Google, and Resend — and we keep the list short. You have rights over your data; the fastest way to use them is to email privacy@think-team.com.

1. Who this policy covers

This policy applies to Think Technologies Group, LLC ("TTG," "we," "us," "our") and to the websites, sub-brands, and marketing programs we operate, including thinkIT (managed IT services), ThinkAI (managed AI advisory and transformation), and ThinkVoIP (cloud phone services). It governs information collected through https://thinktechnologiesgroup.com and any related landing pages, forms, and email programs.

This policy does not apply to information we process on behalf of a customer under a Master Services Agreement, Statement of Work, Business Associate Agreement, or similar contract. That information is governed by the contract, not by this notice. If you're a customer trying to understand how we handle data inside the systems we manage for you, look at your services agreement first.

2. Information we collect

We collect the categories of personal information listed below. Where California's privacy law assigns a category number under Cal. Civ. Code § 1798.140, we use the same labels so the mapping is clear.

Category Examples we collect Where it comes from
Identifiers (Cat. A) Name, business email, business phone, IP address, browser identifiers, device information. You (forms), automatic (web logs).
Commercial information (Cat. D) Services you ask about, downloads you request, events you sign up for, referrals you make. You (forms).
Internet or network activity (Cat. F) Pages visited, time on page, referring URL, anonymous interaction data, search terms used on the site. Automatic (analytics, server logs).
Geolocation (Cat. G) Approximate location derived from IP address (city/region level). We do not collect precise GPS location. Automatic.
Professional information (Cat. I) Company name, job title, role, company size, industry — when you choose to provide it. You (forms).
Inferences (Cat. K) Topical interests inferred from the pages you read or resources you download, used to send relevant follow-up. Derived.

Sensitive personal information. We do not intentionally collect sensitive personal information as defined under California law (for example: government IDs, precise geolocation, racial or ethnic origin, religious beliefs, genetic or biometric data, health information, citizenship or immigration status, or neural data). Please do not include sensitive information in free-text fields like a contact-form message. If you do, we will treat it the same as any other information you submit.

3. How we collect it

Directly from you

  • Forms. We currently operate the following forms across our brands: contact, ThinkAI inquiry, security assessment, construction technology assessment, framework download, event signup, referral, and newsletter. Each form lists the fields it collects at the point of submission.
  • Email and phone. When you reply to our emails or call our team.
  • In person. Business cards, conference scans, and site-visit conversations during sales engagements.

Automatically, from your browser

  • Standard web logs (IP address, user agent, request path, timestamps).
  • Theme preference, stored in your browser's local storage as theme. This stays on your device and is not sent to us.
  • Anonymous traffic analytics through Vercel Analytics and (where configured) Google Analytics 4 via Google Tag Manager.

From third parties

  • Public business information (LinkedIn profiles, company websites) when we research a prospect or referral.
  • Customer-relationship referrals from existing TTG clients.

4. A note on referrals

Our referral form asks for the name and contact information of someone other than you. If you submit a referral, please make sure you have that person's permission to share their information with us. We will use the referral information only to introduce ourselves and explain that you sent us. If the referee asks us to delete their information or to stop contacting them, we will.

5. How we use your information

We use personal information for these business purposes:

  • Respond to inquiries, schedule meetings, and send the quote, assessment, framework, or event details you asked for.
  • Send transactional emails (confirmation receipts, framework delivery, event reminders).
  • Send marketing emails to subscribers who have opted in (The Think Newsletter, The Think Blog, Careers list). You can unsubscribe at any time using the link in the footer of any marketing email.
  • Operate, secure, and improve the website — measure traffic, identify bugs, and prevent abuse.
  • Detect and stop spam and automated abuse using Cloudflare Turnstile and a hidden honeypot field on every form.
  • Meet our legal, tax, accounting, and regulatory obligations.
  • Defend our rights, our customers' rights, and the rights of others (for example, in connection with a dispute or a lawful request from authorities).
  • Evaluate, negotiate, or complete a corporate transaction (for example, a merger, acquisition, or financing). If that happens, the receiving party must honor this policy or give you notice and a chance to opt out before changing it.

6. Cookies, analytics, and tracking

We use a small number of well-known tools. As of the effective date of this policy:

Tool What it does Category
Vercel Analytics Privacy-friendly traffic analytics. Anonymized, no cross-site tracking. Analytics
Google Tag Manager Loads the other tags listed in this section. GTM by itself does not collect personal information. Functional
Google Analytics 4 (_ga, _ga_*) Aggregate site analytics. We retain GA4 user/event data for 14 months. Analytics
Cloudflare Turnstile Detects automated form submissions. May read browser signals to verify you're human. Strictly necessary
Cloudflare bot management (__cf_bm, cf_clearance) Edge security and bot mitigation set by our hosting provider. Strictly necessary

Advertising tags. As of the effective date of this policy, we do not run cross-context behavioral advertising or retargeting tags (such as Google Ads remarketing, Meta Pixel, or LinkedIn Insight). If we add tags of this kind in the future, we will update this section, list them by name, treat the resulting disclosures as "sharing" under California law, and offer an opt-out mechanism.

How to control cookies. Most browsers let you block or delete cookies through their settings. If you block strictly necessary cookies, parts of the site (especially form submission and bot mitigation) may stop working.

7. Who we share it with

We share personal information only with the categories of recipients listed below. We do not sell personal information for money.

Recipient Why
Vercel (hosting and analytics) Site hosting, edge delivery, server logs, traffic analytics.
Cloudflare (security, Turnstile) DNS, edge security, bot detection on forms.
Google (Tag Manager, Analytics 4) Tag management and aggregate site analytics.
Resend Sends transactional and marketing email and stores newsletter contact lists. Mail leaves our domains think-team.com and think-team.ai.
Google Workspace Hosts the inbox at info@think-team.com where form submissions arrive.
Professional advisors Lawyers, accountants, insurers, auditors, when needed and bound by confidentiality.
Authorities Law enforcement, courts, or regulators in response to a valid legal request.
A successor An acquirer, investor, or successor in connection with a corporate transaction.

Each vendor above is contractually obligated to use your information only to provide services to us. We choose vendors with reasonable security and privacy practices, and we maintain this list in plain English so you can audit it yourself.

8. How long we keep it

Type of record Retention
Contact, quote, and assessment form submissions 24 months from your last interaction, then archived or deleted.
Framework / lead-magnet downloads 24 months from download, unless the contact converts into an active sales conversation.
Newsletter subscribers Until you unsubscribe, plus 30 days. Your email may remain on a suppression list indefinitely so we don't accidentally re-add you.
Active prospect or customer records The duration of the relationship plus seven years (consistent with general business and tax records).
Server and edge logs (Vercel, Cloudflare) 30–90 days, per the vendor's default.
Email delivery logs (Resend) 12 months.
Backups Routine backup rotation, typically 30–90 days. Deletion requests are honored on the live system immediately; backup copies age out on the rotation cycle.

Where retention isn't fixed, we keep information for as long as we need it to fulfill the purpose described above, comply with law, resolve disputes, and enforce our agreements.

9. How we protect it

We rely on TLS for data in transit, vendor-grade encryption at rest, and SOC 2-aligned vendors for hosting and email. We limit access to personal information to people who need it to do their jobs, and we use Cloudflare Turnstile and a honeypot field on every public form to deter abuse. No method of transmission or storage is 100% secure, and we don't promise it is.

10. Your privacy choices

These rights are granted to all U.S. residents who use our site. Some states (notably California) provide additional rights, and we note those inline.

  • Right to know / access what personal information we have collected about you.
  • Right to delete the personal information we hold, subject to legal exceptions (we may need to keep records for tax, audit, or fraud-prevention reasons).
  • Right to correct personal information that is inaccurate.
  • Right to portability — receive a copy of your information in a usable format.
  • Right to opt out of marketing email at any time. Use the unsubscribe link in any email or contact us.
  • Right to non-discrimination. We will not deny you services, charge you more, or give you a worse experience for using these rights.
  • California residents additionally have the right to (a) opt out of "sale" or "sharing" of personal information for cross-context behavioral advertising — we currently do neither, but if that ever changes you'll see a "Your Privacy Choices" link in our footer; (b) limit the use of sensitive personal information — we do not collect sensitive personal information, so there is nothing to limit; and (c) designate an authorized agent to exercise rights on your behalf.
  • Authorized agents. California residents may designate an authorized agent to make a request. We will require written, signed authorization and may also ask you to verify your identity directly.
  • Right to appeal. If we deny a request to know, delete, correct, or opt out, you may appeal by replying to our denial email or writing to privacy@think-team.com. We will respond within 60 days.

How to make a request

Email privacy@think-team.com with the subject line "Privacy Request." Tell us which right you want to use and the email address you used to interact with us. We may ask a few questions to verify you are who you say you are — typically by confirming details we already have, such as the email or phone number on the original form. We don't charge a fee.

We respond within 45 days under California law and most other state laws. If we need more time, we'll tell you and explain why, and the response window can be extended once by another 45 days.

11. Global Privacy Control and Do Not Track

Global Privacy Control (GPC). If your browser sends a valid GPC signal, we treat it as a request to opt out of "sale" and "sharing" of your personal information for cross-context behavioral advertising in every state that recognizes GPC as a universal opt-out (currently California, Colorado, Connecticut, Delaware, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, and Texas). Because we currently do not engage in cross-context behavioral advertising, this opt-out has no immediate effect, but we honor and log the signal regardless so the protection is in place if our practices ever change.

Do Not Track (DNT). Browser DNT was never finalized as a standard and we do not respond to DNT headers. Use GPC instead, where available.

12. Children

Our services are directed to businesses, not children. We do not knowingly collect personal information from anyone under 16. If you believe a child has submitted personal information through our site, email us at privacy@think-team.com and we will delete it.

13. International visitors (EEA / UK)

Our services are intended for U.S. businesses. We are not established in the European Economic Area or the United Kingdom and we do not target our services to people in those regions. If you visit from the EEA or UK and provide us personal information, we process it on the basis of our legitimate interest in responding to you, performing a contract with you, or, where applicable, your consent. You may have rights of access, rectification, erasure, restriction, portability, and objection under the GDPR or UK GDPR. To exercise them, email privacy@think-team.com. You also have the right to lodge a complaint with your local supervisory authority. Our vendors (Vercel, Cloudflare, Google, Resend) may process data in the United States and other regions, and rely on their own transfer safeguards (such as the EU-U.S. Data Privacy Framework or Standard Contractual Clauses) for that processing.

14. AI and automated decisions

We do not use automated decision-making or profiling that produces legal or similarly significant effects about you. ThinkAI is a service we sell to other businesses; we do not feed your contact-form submissions or newsletter signups into AI training data, and we do not use AI to make decisions about whether to do business with you.

15. Marketing email and CAN-SPAM

Marketing emails we send always include the sender's identity, our physical mailing address, and a one-click unsubscribe link. We honor opt-outs within 10 business days, and we maintain a permanent suppression list so unsubscribed addresses are not re-added through new lists or integrations. Our sending domains are think-team.com (TTG, thinkIT, GTM notifications) and think-team.ai (ThinkAI and transactional confirmations from Resend). Other domains are not us — be cautious of emails claiming to be from TTG that come from somewhere else.

16. What this policy doesn't cover

  • HIPAA / Protected Health Information. If TTG handles PHI for a customer under a Business Associate Agreement, that PHI is governed by the BAA, not this policy.
  • Customer-managed systems. If we manage IT systems for your business under an MSA or SOW, the data inside those systems belongs to you and is governed by your contract with us.
  • Other websites. Our site may link to third-party sites we don't control. Their privacy practices are their own.

17. Changes to this policy

We may update this policy from time to time. When we do, we'll change the "Effective" date at the top of the page and, if the change is material, post a notice on the website or email subscribers before the change takes effect. Continued use of our site after the new effective date means you accept the updated policy.

18. How to contact us

For privacy questions, requests, or appeals: