Privacy Policy
Last Updated: December 19, 2025
This Privacy Policy describes how Pipsqueak Network Scanner ("Pipsqueak," "we," "us," or "our"), a product operated by Business Technology Solutions Group (BTSG), collects, uses, discloses, and protects information when you access or use our software, websites, applications, and related services (collectively, the "Services").
This Privacy Policy is intended to comply with applicable privacy laws in the United States and Canada, including but not limited to:
U.S. state privacy laws such as the California Consumer Privacy Act (CCPA/CPRA), Virginia CDPA, Colorado CPA, and similar statutes
Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
By using the Services, you agree to the collection and use of information in accordance with this Privacy Policy.
1. Scope of This Policy
This Privacy Policy applies to:
Visitors to our websites
Users of the Pipsqueak Network Scanner software (Community, Trial, and Paid editions)
Customers, prospects, and business contacts
This policy does not apply to information collected by customers about their own end users or networks using Pipsqueak. In those cases, the customer acts as the data controller.
2. Information We Collect
2.1 Information You Provide Directly
We may collect the following information when you voluntarily provide it:
Name, email address, phone number, company name, and job title
Account credentials and authentication details
Billing and payment information (processed via third-party payment processors)
Support requests, feedback, and communications
Marketing preferences
2.2 Information Collected Automatically
When you access or use the cloud components of the Services, we may automatically collect:
IP address, device identifiers, operating system, and browser type
Usage data such as feature usage, session duration, and interaction logs
Diagnostic and performance data related to the cloud platform
Log files and error reports
2.3 Network and Scan Data (Hybrid On-Premises + Cloud Model)
Pipsqueak operates using a hybrid deployment model, which may include:
A locally executed scanner or agent running within the customer’s environment (on-premises or customer-controlled infrastructure)
Optional cloud-based services used for account management, reporting, licensing, analytics, and updates
By default:
Raw scan data is collected and processed locally within the customer-controlled environment
Customers control whether scan results, summaries, or metadata are uploaded to the Pipsqueak cloud platform
Depending on customer configuration and permissions, Pipsqueak may process technical metadata such as:
Device names, IP addresses, MAC addresses, and device types
Operating system and patch posture indicators
High-level security posture indicators and risk signals
Aggregated, summarized, or anonymized findings used for reporting
Pipsqueak is intentionally designed to minimize data collection and does not intentionally collect:
End-user credentials
Passwords, authentication secrets, or keystrokes
Contents of personal files
Email contents or private communications
3. How We Use Information
We use collected information for the following purposes:
To provide, operate, and maintain the Services
To create reports, insights, and visualizations requested by users
To improve product performance, usability, and security
To process transactions and manage subscriptions
To communicate with users about updates, support, and service notices
To comply with legal obligations
To detect, prevent, and respond to fraud, abuse, or security incidents
4. Legal Bases for Processing (Canada & Certain U.S. States)
Where required by law, we rely on one or more of the following legal bases:
Your consent
Performance of a contract
Compliance with legal obligations
Legitimate business interests, such as improving and securing our Services
5. How We Share Information
We do not sell personal information.
We may share information only in the following circumstances:
5.1 Service Providers
With trusted third-party vendors who assist with:
Cloud hosting and infrastructure
Payment processing
Analytics and monitoring
Customer support tools
These providers are contractually obligated to protect information and use it only for authorized purposes.
5.2 Managed Service Providers (MSPs)
When Pipsqueak is used by Managed Service Providers to scan or assess third-party environments:
The MSP acts as the data controller for customer network data
Pipsqueak acts as a data processor solely on the MSP’s documented instructions
Scan data and reports are accessible only to the MSP and parties they explicitly authorize.
5.3 Legal and Regulatory Requirements
We may disclose information if required to do so by law, court order, or governmental request, or to protect our legal rights.
5.4 Business Transfers
In the event of a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction.
6. Data Retention
We retain personal information only for as long as necessary to:
Fulfill the purposes described in this Policy
Comply with legal, accounting, or reporting obligations
Customers may request deletion of account data, subject to contractual and legal limitations.
7. Security Measures
We implement reasonable administrative, technical, and physical safeguards designed to protect information, including:
Encryption in transit and at rest where appropriate
Access controls and least-privilege principles
Logging and monitoring
Secure development and operational practices
No system can be guaranteed 100% secure. Users are responsible for maintaining the confidentiality of their credentials.
8. Your Privacy Rights
8.1 United States Privacy Rights
Depending on your state of residence, you may have the right to:
Know what personal information we collect and how it is used
Request access to or deletion of personal information
Correct inaccurate personal information
Opt out of certain data processing activities
Not be discriminated against for exercising privacy rights
8.2 Canada Privacy Rights (PIPEDA)
Canadian residents have the right to:
Access personal information we hold about them
Request corrections to inaccurate information
Withdraw consent, subject to legal or contractual restrictions
File a complaint with the Office of the Privacy Commissioner of Canada
To exercise privacy rights, contact us using the information below.
9. Cookies and Tracking Technologies
We may use cookies and similar technologies to:
Maintain user sessions
Understand usage patterns
Improve website functionality
You may control cookies through your browser settings. Disabling cookies may affect functionality.
10. Children’s Privacy
The Services are not intended for children under the age of 13, and we do not knowingly collect personal information from children.
11. International Data Transfers
Information may be processed and stored in the United States or Canada. When transferring data across borders, we implement safeguards consistent with applicable laws.
12. Third-Party Links
The Services may contain links to third-party websites or services. We are not responsible for their privacy practices.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Updates will be posted with a revised "Last Updated" date. Continued use of the Services constitutes acceptance of the updated Policy.
14. Data Processing Addendum (DPA) for Managed Service Providers
This Data Processing Addendum ("DPA") applies when Pipsqueak Network Scanner processes personal data on behalf of Managed Service Providers ("MSPs") in the course of providing the Services.
14.1 Roles of the Parties
MSP Customer: Data Controller
Pipsqueak / BTSG: Data Processor
Pipsqueak processes personal data only on documented instructions from the MSP, including with regard to transfers of personal data.
14.2 Scope of Processing
Processing activities may include:
Collection, storage, analysis, and reporting of technical network metadata
Generation of security posture, compliance, and risk assessment reports
Limited cloud-based processing where enabled by the MSP
14.3 Data Types and Categories
Data processed may include:
Device identifiers (e.g., hostnames, IP addresses, MAC addresses)
System configuration and posture indicators
Limited personal data incidentally contained within technical metadata
Categories of data subjects may include:
MSP client employees or contractors
Network users whose devices are scanned by the MSP
14.4 Confidentiality
Pipsqueak ensures that personnel authorized to process personal data are bound by confidentiality obligations.
14.5 Security Measures
Pipsqueak implements appropriate technical and organizational measures, including:
Encryption of data in transit and at rest where applicable
Logical separation of customer data
Access controls based on least privilege
Secure development and deployment practices
14.6 Subprocessors
Pipsqueak may engage subprocessors (such as cloud hosting providers). A current list of subprocessors will be made available upon request. Pipsqueak remains responsible for subprocessors’ compliance with this DPA.
14.7 Data Retention and Deletion
Upon termination of services or upon MSP request, Pipsqueak will delete or return personal data, subject to legal and contractual obligations.
14.8 Audits and Compliance
Upon reasonable request, Pipsqueak will provide information necessary to demonstrate compliance with this DPA.
14.9 Cross-Border Transfers
Where personal data is transferred across borders, Pipsqueak implements safeguards consistent with applicable U.S. and Canadian privacy laws.
15. Contact Information
If you have questions or requests regarding this Privacy Policy or DPA, please contact:
Business Technology Solutions Group (BTSG)
Product: Pipsqueak Network Scanner
Email: [email protected]
Comprehensive IT infrastructure scanning for security teams and enterprises.
Product
Resources
Company
Legal
© 2025 Pipsqueak. All rights reserved.
