Privacy Policy

Effective Date: April 28, 2026

At Pro Nova Technologies Inc. ("we," "us," or "our"), we respect your privacy and are committed to protecting the personal information you share with us. This Privacy Policy describes how we collect, use, and share your information when you visit our website, https://rmms.pronovatech.com (the "Site"), and when you use our software products, including the PNT Remote Monitoring & Management Services ("PNT-RMMS") desktop client (collectively, the "Services").

1

Information We Collect

1.1 Website & Account Information

  • Account Information: Email address, password (hashed with PBKDF2-SHA512, 600,000 iterations per OWASP guidance), first and last name, and any profile details you provide when creating an account.
  • Two-Factor Authentication: If you enable 2FA, the TOTP secret is stored alongside your account so the portal can verify codes from your authenticator app.
  • Transaction Data: Purchase history, subscription status, and a Stripe customer/subscription identifier. Card numbers and full billing details are held by Stripe — we never see or store them.
  • Support Communications: Support ticket content, attachments, and any email correspondence you send us.
  • Server Access Logs: Standard HTTP access logs (IP, user-agent, request path, timestamp) generated by the web server for security and abuse prevention.

1.2 PNT-RMMS Desktop Client Data

When you install and use the PNT-RMMS Agent, the following data is reported to our servers:

  • Hardware Inventory: Computer hostname, system manufacturer, model, serial number, CPU name and core count, total RAM, and per-drive storage details.
  • OS & Runtime State: Windows edition / build / architecture, last boot time, time-zone, domain-join status, current CPU and memory utilization, free disk space, and the agent's version number.
  • Network Data: Primary network adapter MAC address (used as a hardware fingerprint for license deduplication) and the public IP address the device most recently reported from. Local IPs and other interface addresses are not reported.
  • Agent Metadata: Encrypted device token (DPAPI-protected on disk under a per-machine key) and license-validation state.
  • Diagnostic Logs: Warning-level and above logs from the Agent are forwarded to the portal for centralized troubleshooting. Personal data is not included in diagnostic logs.
  • Remote Session Summaries (v1.4.17+): At the end of each remote-control session the Agent posts a summary containing start/end timestamps, the connection path that won (LAN-direct, direct over WAN, or relay), bytes transmitted on each path, and the public IP of the operator. No screen content or input is stored — only the path and byte totals.

1.3 Remote Access Session Data

When a remote-control session is initiated, the following is captured:

  • Session Metadata: Start/end timestamps, the operator's identity, the path that connected the session (LAN-direct, direct over WAN, or relay), and per-session bytes transmitted.
  • Screen Content: Screen frames are transmitted in real time to the connected operator's browser. All transit is encrypted — direct WebRTC connections use DTLS-SRTP, and relayed connections use TLS over WSS. Screen content is not stored on our servers; only the byte counts and connection path are persisted.
  • Audit Logs: Authentication events (account login, MFA enrollment, role changes), subscription changes, and device activations are logged on the portal for security and compliance review.

1.4 Peer-to-Peer Connection Data

PNT-RMMS prefers direct connections over WebRTC and only falls back to relay when direct fails:

  • STUN candidate gathering: Your device contacts our self-hosted STUN server (stun:rmms.pronovatech.com:3478), with Cloudflare and Google STUN as fallbacks if our server is unreachable. STUN reveals the device's public IP and port to itself; no session content flows over STUN.
  • mDNS resolution (v1.4.17+): When the operator's browser is on the same local network as the device, the Agent resolves browser-emitted .local hostnames via standard multicast DNS (UDP 5353) so the connection can stay on the LAN. mDNS queries never leave the local broadcast domain.
  • Relay fallback: When direct cannot be established, sessions traverse our PNT-operated relay servers over TLS-encrypted WebSockets. We do not operate or use third-party TURN servers. Relayed traffic is forwarded in flight and is not recorded.

1.5 RMMS Portal Data

If you use the portal to manage your company and devices, we also store:

  • Company name, address (if provided), and organizational structure (locations, device groups).
  • Team-member invitations, role assignments (Owner / Member / Viewer), and join history.
  • Per-device assignment metadata (which user activated which device, when).
2

How We Use Your Information

  • To operate, maintain, and improve our Site and Services.
  • To process transactions, manage subscriptions, and enforce device licenses.
  • To provide remote monitoring, management, and technical support through PNT-RMMS.
  • To authenticate users and devices, and validate software licenses.
  • To communicate with you, respond to support tickets, and provide customer service.
  • To detect and prevent fraud, abuse, and security threats.
  • To analyze website and service usage patterns and improve performance (using privacy-preserving analytics).
  • To send transactional communications (order confirmations, license notifications, MFA codes).
  • To maintain audit trails for compliance and security purposes.
  • To deliver automatic software updates for PNT-RMMS.
3

Sharing Your Information

We do not sell your personal information. We may share information with:

  • Payment Processor (Stripe): For secure payment processing. We do not store full credit card numbers.
  • Authorized Administrators: PNT-RMMS remote access sessions allow authorized administrators to view and interact with devices. Access is controlled by permissions, support agreements, and audit logging.
  • Company Members: If you belong to an RMMS company, other authorized members may see device names, online status, and permission levels.
  • Infrastructure Providers: Hosting and CDN providers who assist in delivering our Services, subject to confidentiality agreements.
  • Legal Requirements: When required by law, regulation, legal process, or government request.
4

Data Security

We implement reasonable technical and organizational security measures, including:

  • TLS in transit. All portal HTTP traffic, all relay WebSocket traffic, and all device-to-portal heartbeats use HTTPS / WSS with TLS.
  • WebRTC DTLS-SRTP for direct sessions. When a session establishes a direct peer-to-peer connection, the data channel is protected by DTLS-SRTP — separate from our relay's TLS.
  • Code-signed installers. All shipped installers and binaries are Authenticode-signed by Pro Nova Technologies Inc. via a hardware-token-protected key (DigiCert).
  • DPAPI-encrypted local secrets. The device token cached on a managed device is encrypted with Windows DPAPI under a per-machine key, with file ACLs restricting read access to SYSTEM and Administrators.
  • AES-256-GCM at rest for portal secrets. Sensitive portal-side configuration values (such as SMTP credentials and integration API keys) stored in the SecureSettings table are encrypted with AES-256-GCM before being written to the database.
  • Strong password hashing. Customer account passwords are hashed with PBKDF2-SHA512 at 600,000 iterations (per current OWASP guidance).
  • Two-factor authentication. Optional TOTP-based 2FA (compatible with Google Authenticator, Authy, 1Password, etc.) is available for any portal account, with one-time recovery codes.
  • Authenticated heartbeats. Every device-to-portal request carries an X-Device-Token the device received at activation; tokens are tied to the device's identity and its company's subscription state.
  • Rate limiting and lockout. Brute-force and abuse-prevention protections are applied to authentication endpoints.

No system on the public internet is perfectly secure. We work to keep your data safe but cannot promise absolute security.

5

Data Retention

We retain personal information only as long as needed to operate the service or as required by law:

  • Account Data: Retained until you delete your account.
  • Transaction Records: 7 years (legal/tax requirement).
  • Support Tickets: 3 years after resolution.
  • RMMS Device Inventory: Retained while the device is registered to an active subscription. If your subscription lapses, device tokens are preserved for 90 days so renewal automatically restores the fleet; manually-deactivated devices retain their tokens for 180 days. After those windows, tokens are wiped and the device must be re-activated to be used again.
  • Remote Session Summaries: 12 months on the portal, then automatically pruned. Each summary contains only path, byte counts, and timestamps — no screen content.
  • Audit Logs: 12 months by default.
  • Diagnostic Logs (forwarded from agents): 90 days on the portal.
  • Stripe Webhook Records: 90 days, then automatically purged.
6

Your Data Rights

Depending on your location (e.g., GDPR, CCPA), you may have the following rights:

  • Access: Request access to the personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request that we delete your personal data.
  • Opt-Out: Opt-out of marketing communications or the sale/sharing of data.

To exercise these rights, please contact us at support@pronovatech.com.

7

Children's Privacy

Our Services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we learn we have collected information from a child under 16, we will promptly delete it.

8

PNT-RMMS Specific Disclosures

The PNT-RMMS Agent operates with the following specific behaviors you should be aware of:

  • Background operation. The Agent installs a Windows Service that starts at boot and runs continuously. The companion tray app launches in active user sessions to surface activation, status, and consent prompts.
  • What an operator can do during a session. View the screen, send mouse and keyboard input, transfer files in either direction, share the clipboard, redirect print jobs to the operator's local printer, and chat. The Agent does not execute arbitrary commands, edit Windows services, modify the registry remotely, or record sessions.
  • Cross-session input. The Service can forward input to the Windows login screen, locked workstations, and UAC consent prompts so an operator can recover a frozen sign-in or approve elevation. This capability requires two installer-time toggles (UAC consent prompts and Skip Ctrl+Alt+Del at sign-in) and is off by default.
  • Connection-mode setting. Each device can be set to Automatic (operators with permission can connect without on-device approval) or User-Approved (a prompt appears on the device and a local user must accept before the operator gets in). The setting is stored on the portal and applied by the Agent on every session.
  • Auto-updates. The Agent periodically checks the portal for new releases and can install them automatically. Downloaded installers are verified by hash against the portal's release manifest before they run, and only Authenticode-signed installers from Pro Nova Technologies Inc. will execute.
  • Public IP handling. The most-recently-reported public IP for a device is stored on the portal in plain form so operators can see roughly where a device is and confirm path selection. It is visible only to authenticated members of that company and to PNT support staff.
  • What is NOT collected. Microphone audio, webcam video, keystroke logging, files outside an explicit transfer, browser history, or any telemetry from non-PNT applications. Screen content during a session is forwarded live and is never stored.
9

Updates to This Policy

We may update this Privacy Policy from time to time. The "Effective Date" at the top of this page will be updated to reflect any changes.

10

Contact Us

If you have questions about this Privacy Policy, please contact us:

Pro Nova Technologies Inc.
support@pronovatech.com
An unhandled error has occurred. Reload X