Privacy Policy

Effective Date: April 9, 2026

1. Introduction

This Privacy Policy explains how ITserv Technology FZE ("ITserv Technology," "ITOC360," "we," "us," or "our") collects, uses, stores, shares, and otherwise processes personal data in connection with the ITOC360 platform, related websites, and associated services (collectively, the "Services").

ITOC360 is a SaaS product developed and provided by ITserv Technology FZE, delivering an AI-First Incident Orchestration platform for modern IT operations teams. The platform may collect alerts and notifications from monitoring and observability tools, correlate them, reduce alert noise, and help transform operational signals into actionable incidents.

This Privacy Policy applies to personal data that we collect when you visit our website, request information, create an account, use the Services, communicate with us, or otherwise interact with ITOC360.

2. Data Controller and Contact Information

The data controller for personal data covered by this Privacy Policy is:

ITserv Technology FZE
DWTC The Offices One
Dubai, United Arab Emirates

Email: privacy@itoc360.com

3. Scope and Roles

In many cases, ITOC360 provides Services to business customers and processes certain personal data on their behalf as a service provider or processor. In those cases, the relevant customer remains responsible for determining the purposes and legal basis of processing and for responding to requests relating to personal data contained in Customer Data.

Where we collect personal data directly for our own business purposes such as for account administration, sales communications, support requests, website operation, security, billing, and legal compliance—we act as the controller of that personal data.

4. Information We Collect

We may collect the following categories of personal data and related information:

  • Account and Contact Information: such as name, business email address, company name, job title, phone number, mailing details, and account credentials.
  • Customer and Service Data: such as alerts, incident records, logs, escalation data, schedules, infrastructure metadata, integration settings, configuration data, and other information submitted to or generated through the Services.
  • Technical and Usage Information: such as IP address, browser type, device information, operating system, timestamps, access logs, crash data, diagnostics, and user activity data used to operate, secure, and improve the Services.
  • Support and Communications Data: such as the content of inquiries, tickets, chat messages, emails, call notes, and other communications with us.
  • Cookie and Similar Technology Data: such as session identifiers, authentication data, preference settings, and analytics information collected through cookies or similar technologies.

5. How We Use Personal Data

We may use personal data for the following purposes:

  • to provide, operate, administer, maintain, and secure the Services;
  • to create and manage accounts, user access, permissions, and authentication;
  • to monitor platform performance, reliability, availability, and service quality;
  • to detect, prevent, investigate, and respond to fraud, abuse, unauthorized access, security incidents, and other harmful activity;
  • to provide customer support, onboarding, implementation assistance, and service communications;
  • to analyze usage patterns, troubleshoot issues, and improve the functionality and usability of the Services;
  • to manage commercial relationships, billing, invoicing, renewals, and contract administration;
  • to send product, operational, legal, and administrative notices;
  • to comply with applicable laws, regulations, court orders, and lawful requests; and
  • to establish, exercise, or defend legal claims and protect our rights, systems, users, personnel, and business operations.

6. Legal Basis for Processing

Where required by applicable law, we process personal data on the basis of one or more lawful grounds, which may include performance of a contract, compliance with legal obligations, legitimate interests, and, where applicable, consent.

When we process personal data on behalf of customers, the customer is responsible for identifying the appropriate legal basis for such processing.

7. Cookies and Similar Technologies

We use cookies and similar technologies to support website and service functionality, maintain secure sessions, remember preferences, support authentication, measure performance, and understand usage patterns.

The types of cookies and similar technologies we may use include:

  • Essential technologies required for login, session management, and core platform functionality;
  • Performance and analytics technologies used to understand usage and improve performance; and
  • Security-related technologies used to protect accounts, detect suspicious activity, and maintain service integrity.

You can control certain cookie preferences through your browser or device settings. Disabling some technologies may affect the availability or functionality of parts of the Services.

8. How We Share Personal Data

We may share personal data only where necessary and appropriate, including with:

  • service providers, subprocessors, cloud infrastructure providers, and other vendors that support the operation, hosting, security, analytics, or maintenance of the Services;
  • professional advisors such as lawyers, auditors, insurers, and accountants;
  • payment processors and business partners involved in contractual or commercial administration;
  • competent authorities, regulators, courts, law enforcement agencies, or other third parties where required by law or necessary to protect rights, safety, and legal interests; and
  • a buyer, investor, successor, or affiliate in connection with a merger, acquisition, financing, reorganization, or sale of all or part of our business, subject to appropriate confidentiality protections.

We do not sell personal data in the ordinary course of our business, and we do not disclose personal data to unrelated third parties for their own independent marketing purposes.

9. International Data Transfers

Because ITOC360 operates as a cloud-based service, personal data may be processed in the United Arab Emirates and in other jurisdictions where we, our affiliates, or our service providers operate infrastructure or provide support.

Where personal data is transferred across borders, we take reasonable steps to implement appropriate safeguards as required by applicable law.

10. Data Retention

We retain personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain security, comply with legal and contractual obligations, resolve disputes, enforce agreements, and protect our legitimate business interests.

Retention periods may vary depending on the type of data, the nature of the relationship, applicable legal requirements, system backup cycles, and customer instructions where we process data on behalf of a customer.

11. Data Security

We maintain reasonable technical and organizational measures designed to protect personal data and Customer Data against unauthorized access, disclosure, alteration, loss, or destruction.

Security measures may include:

  • encryption of data in transit using secure transport protocols;
  • access controls and role-based permissions;
  • authentication safeguards and account protection measures;
  • logging, monitoring, and operational security controls;
  • vulnerability management, patching, and incident response procedures; and
  • reasonable safeguards designed to support the confidentiality, integrity, and availability of the Services.

No system can be guaranteed to be completely secure, and we cannot warrant absolute security of any information.

12. Third-Party Services

The Services may integrate with third-party monitoring tools, observability platforms, communication tools, ticketing systems, cloud providers, analytics services, or security solutions.

Those third parties operate under their own terms, privacy notices, and data handling practices. We are not responsible for the privacy or security practices of third-party services that we do not own or control.

13. Your Rights and Choices

Depending on the applicable law and the nature of the processing, individuals may have the right to request access to, correction of, deletion of, restriction of, objection to, or portability of certain personal data.

If you would like to exercise a privacy right or submit a privacy-related request, you may contact us at privacy@itoc360.com. Where we process personal data on behalf of a customer, we may refer the request to the relevant customer or ask you to contact that customer directly.

14. Children's Privacy

The Services are intended for business and professional use and are not directed to children. We do not knowingly collect personal data directly from children through the Services.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the Services, legal requirements, security practices, or business operations. The updated version will become effective when posted, unless otherwise stated. Where appropriate, we may also provide notice through the website, the platform, or other reasonable communication channels.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our processing of personal data, please contact:

ITserv Technology FZE
DWTC The Offices One
Dubai, United Arab Emirates

privacy@itoc360.com