What we collect, what we don't, and why.

The data the firm holds about a visitor or prospect falls into three places, and the handling of each is different. Naming them up front avoids the usual privacy-policy sleight of hand where the marketing site, the client engagement, and the live demos get described as one undifferentiated "service."

• The marketing site (mcintoshsystems.com). When you visit, the hosting provider records standard web-server access entries: IP address, requested path, user agent, response code, timestamp. These are retained for short-term operational and abuse-prevention purposes by the host, not surfaced to us as an analytics product. We run no third-party analytics, no behavioural tracking, and no advertising pixels on this site.
• Email you send to [email protected]. When you write to us, we receive your email — sender address, subject, body, any attachments. That's it. Section 04 covers what happens to it.
• Client engagement data. Anything we touch during a paid engagement is governed by the contract for that engagement, not by this page. Section 05 covers the defaults we work to.

The marketing site has been built to keep this section short, and to keep it true without footnotes:

• No Google Analytics, no Plausible, no Fathom, no Mixpanel, no PostHog, no behavioural analytics of any kind.
• No advertising or remarketing pixels (no Meta pixel, no LinkedIn Insight tag, no Google Ads tag). The site sets no advertising cookies and joins no audiences.
• No selling, renting, or sharing of contact data with third parties for their marketing.
• No newsletter list. If we start one, it will be opt-in only and documented here before it ships.
• No session replay, no heatmaps, no fingerprinting.

The site self-hosts its web fonts (Geist Sans and Geist Mono) from its own origin. No third-party font CDN, no Google Fonts request, no fonts.gstatic.com lookup.

Mail sent to [email protected] is delivered to a single mailbox operated by Shane McIntosh on behalf of the firm. We read it, we reply, and we keep the thread in the mailbox so context is preserved for follow-up. Substantive engagement correspondence may be archived into the engagement's own folder once work begins.

We do not add the sender to a marketing list. We do not enrich the email with third-party data providers. We do not feed inbound mail through external "AI sales assistant" tooling.

If you want a previous message and any reply thread deleted from the mailbox, section 07 explains how.

Under an engagement, the data we encounter — invoice records, vendor masters, spreadsheets, CRM exports, source code, anything in scope — is governed by the data-processing terms in that engagement's contract. The contract is the authoritative source on those terms.

Our default posture is bring-your-own-cloud. We deploy and operate inside the client's tenant (typically Azure, occasionally AWS or GCP). Production data sits in the client's storage. Production credentials live in the client's secret manager. We are granted access via the client's IAM. When the engagement ends, the client revokes our access. The data stays where it always was.

Retention, residency, audit, and sub-processor terms are written explicitly into each engagement. We do not maintain a generic "we may retain your data for legitimate business purposes" clause because it does not survive procurement review at the kind of buyer we work with.

For the marketing site and the firm's day-to-day operations, the third parties that may receive data on our behalf are:

• Web hosting — the static marketing site is served from a DigitalOcean VPS, proxied through Cloudflare (TLS termination, CDN, WAF).
• Email — mail to [email protected] is hosted on Microsoft 365 (Exchange Online).
• Web fonts — Geist Sans and Geist Mono are self-hosted (no third-party font CDN).
• Domain & DNS — the mcintoshsystems.com domain is registered with Cloudflare and uses Cloudflare DNS.

Sub-processors used inside a paid engagement (LLM providers, cloud regions, third-party APIs, partner specialists) are listed in that engagement's contract and disclosed before work starts.

If you want any email you have sent to [email protected] deleted, write to the same address with the subject line Delete my data. We will remove the message and any reply thread from the mailbox and confirm back to you in writing. Server-log entries from the host fall off on their own retention cycle and are not addressable per-visitor by us.

For data held inside an active client engagement, the same rights are routed through the engagement's data-processing agreement, which names the controller and the processor explicitly. The client controls the data.

Visitors based in jurisdictions with statutory data rights (UK / EU GDPR, CCPA, similar) can exercise those rights through the same email contact. We will respond inside the statutory window.

Privacy questions, deletion requests, and procurement reviews all route to the same address. There is no separate privacy team because there is no separate privacy function — the firm is small enough that the same person answers.