Privacy Policy

At RebootTwice LLC (“we,” “us,” or “our”), we value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://reboottwice.com and when you interact with us through other digital means, including SMS communications.

1. Information We Collect

Personal Information

We may collect personal information including:

• Full name
• Email address
• Phone number
• Billing and shipping information
• Usage data, such as browsing history or interaction with our digital content

Website Data

When visitors leave comments on the site, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

2. Cookies

If you leave a comment on our site, you may opt in to saving your name, email address, and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

3. How We Use Your Information

Your information may be used to:

• Provide and manage services
• Send order and service notifications
• Improve user experience
• Send promotional or informational emails or messages
• Comply with legal requirements

4. Email Communications

Types of Email Communications

By opting in, users may receive:

• Product updates and new feature announcements
• Industry news and insights
• Special offers and promotions
• Newsletter communications
• Service updates and maintenance notifications

5. SMS Communications

Types of SMS Messages You May Receive

• Product updates and new feature announcements
• Industry news and insights
• Special offers and promotions
• Newsletter communications
• Service updates and maintenance notifications

Message Frequency and Rates

Message frequency varies or up to 4 messages per month.

Message and data rates may apply. Please check with your mobile carrier for applicable charges.

SMS Terms and Conditions

How to Opt Out of SMS

You can opt out of receiving SMS messages at any time:

• Reply STOP to any SMS message
• Reply UNSUBSCRIBE
• Contact us at privacy@reboottwice.com

How to Get SMS Help

Reply HELP to any SMS message or email us at privacy@reboottwice.com

Automated Response Information

When you text HELP: “RebootTwice LLC SMS Help: You’re receiving up to 4 messages/month. Message and data rates may apply. For support, call (949) 831-8821 or email privacy@reboottwice.com. Text STOP to cancel.”

When you text STOP: “You have been unsubscribed from RebootTwice LLC SMS messages. You will not receive any more texts from us. For questions, contact (949) 831-8821.”

Recognized keywords: STOP, UNSUBSCRIBE, CANCEL, END, QUIT (for opt-out) and HELP, INFO (for help)

6. Data Sharing

We do not transfer, share, or disclose consumer data to any external organizations for any purpose, including with user consent, except as required by law.

Mobile opt-in and consent are never shared with anyone for any purpose. Any information sharing that may be mentioned elsewhere in this policy excludes mobile opt-in data.

This protection applies to all user data, not just mobile opt-in data.

Embedded Content from Other Websites

Articles on this site may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor had visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

7. Data Retention

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users who register on our website (if any), we also store the personal information they provide in their user profiles. All users can see, edit, or delete their personal information at any time (except that they cannot change their username). Website administrators can also see and edit that information.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct or delete your personal information
• Withdraw consent at any time
• Opt out of marketing communications

What Rights Do You Have Over Your Data?

If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

User Preference Management

Users can modify their communication preferences at any time by:

• Visiting their account settings at https://www.reboottwice.com/account/preferences
• Clicking the “Update Preferences” link in any email
• Texting HELP for SMS preference assistance
• Contacting our support team at (949) 831-8821

9. Data Security and Unauthorized Sharing Prevention

We implement comprehensive technical, administrative, and physical safeguards to protect your information from unauthorized access, disclosure, alteration, and destruction.

9.1 Internal Access Controls

Technical Safeguards

• Role-Based Access Control (RBAC): Data access is restricted based on job function and necessity, with minimum required permissions
• Multi-Factor Authentication (MFA): Required for all system access containing personal data
• Encrypted Data Storage: All personal data is encrypted both at rest and in transit using AES-256 encryption
• Access Logging: All data access is logged with timestamps, user identification, and purpose documentation
• Network Segmentation: Customer data systems are isolated from general corporate networks
• Automated Access Reviews: Monthly automated reviews of user permissions with immediate alerts for unauthorized access attempts

Administrative Controls

• Data Access Authorization: Written approval required from the data protection officer before granting access to personal data
• Need-to-Know Basis: Access limited to personnel who require data for specific job functions
• Regular Access Audits: Quarterly review of all user access permissions with immediate revocation of unnecessary access
• Background Checks: All employees with data access undergo background verification
• Confidentiality Agreements: All staff sign comprehensive data protection and non-disclosure agreements
• Incident Response Team: A Dedicated team trained to handle data security incidents within 2 hours of detection

9.2 Staff Training and Awareness

Mandatory Training Programs

• Initial Privacy Training: All new employees complete 4-hour data protection training within the first week
• Annual Refresher Training: Yearly updates on privacy regulations, company policies, and threat awareness
• Role-Specific Training: Additional specialized training for employees handling sensitive data categories
• Incident Response Training: Quarterly drills and simulations for data breach response procedures
• Phishing Awareness: Monthly simulated phishing tests with immediate remedial training for failures

Training Content Areas

• Data classification and handling procedures
• Proper email and SMS consent management
• Recognizing and reporting security threats
• Legal requirements (GDPR, CCPA, TCPA, CAN-SPAM)
• Customer data rights and request procedures
• Consequences of unauthorized data sharing

Training Effectiveness Monitoring

• Mandatory testing with a 90% pass rate requirement
• Tracking of training completion and certification status
• Regular assessment of training program effectiveness
• Updates to training materials based on emerging threats and regulations

9.3 Comprehensive Audit Program

Regular Audit Schedule

• Daily: Automated monitoring of system access logs and data export activities
• Weekly: Review of user permissions and data handling activities
• Monthly: Comprehensive access control review and vendor compliance assessment
• Quarterly: Full data protection impact assessment and policy compliance review
• Annually: Third-party security audit and penetration testing

Audit Scope and Procedures

• Data Access Audits: Review of who accessed what data, when, and for what purpose
• Export Monitoring: Tracking of all data exports with justification documentation
• System Configuration Review: Validation of security settings and access controls
• Vendor Compliance Verification: Assessment of third-party data handling practices
• Policy Adherence Testing: Verification that procedures match documented policies
• Incident Analysis: Review of all security events and response effectiveness

Audit Documentation and Reporting

• Detailed audit trails are maintained for a minimum of 7 years
• Monthly compliance reports to senior management
• Immediate escalation of critical findings
• Remediation tracking with defined timelines
• Annual compliance certification and reporting

9.4 Vendor and Third-Party Controls

Vendor Selection and Management

• Due Diligence Process: Comprehensive security assessment before vendor selection
• Data Processing Agreements: Legally binding contracts specifying data protection requirements
• Regular Vendor Audits: Annual assessment of vendor security practices and compliance
• Certification Requirements: Vendors must maintain relevant security certifications (SOC 2, ISO 27001)
• Breach Notification: Contractual requirement for immediate notification of security incidents

Third-Party Data Sharing Restrictions

• We do not transfer consumer data to any external organizations under any circumstances, including with user consent.

9.5 Physical Security Measures

• Secure Facilities: Restricted access to areas where personal data is processed
• Clean Desk Policy: No personal data left unattended on workstations
• Secure Disposal: Certified destruction of physical media containing personal data
• Visitor Controls: Escort requirements and access logging for all non-employees
• Equipment Security: Encrypted hard drives and remote wipe capabilities for mobile devices

9.6 Incident Response and Monitoring

Continuous Monitoring

• 24/7 security monitoring with automated threat detection
• Real-time alerts for unusual data access patterns
• Behavioral analytics to identify potential insider threats
• Regular vulnerability scanning and penetration testing

Incident Response Procedures

• Immediate Response: Incident detection and containment within 2 hours
• Investigation: Forensic analysis to determine scope and cause
• Notification: Customer and regulatory notification as required by law
• Remediation: Implementation of corrective measures and monitoring
• Post-Incident Review: Analysis and improvement of security procedures

9.7 Accountability and Enforcement

• Data Protection Officer: Designated officer responsible for privacy compliance oversight
• Clear Consequences: Defined disciplinary actions for policy violations up to and including termination
• Regular Reporting: Monthly privacy compliance reports to executive leadership
• Continuous Improvement: Regular updates to policies based on threat landscape and regulatory changes
• Legal Compliance: Regular legal review of data protection practices and procedures

10. Children’s Privacy

We do not knowingly collect or solicit information from children under 13 years of age. If you believe we have collected information from a child, please contact us immediately.

11. Where Your Data is Sent

Visitor comments may be checked through an automated spam detection service.

If you request a password reset, your IP address will be included in the reset email.

12. Updates to This Policy

We may update this policy periodically. All updates will be posted at https://reboottwice.com/privacy-policy with a revised effective date.

Policy changes will be communicated to you, and your continued use of our services implies your acceptance of the updated policy.

Last updated: June 5, 2025
© 2025 RebootTwice LLC. All rights reserved.