Third Octet Inc. ("Third Octet", "we", "us") operates Workplace OS — a multi-tenant operational portal for our managed-IT customers. This summary covers the data we hold, why we hold it, and how to reach us. The full policy is available on request.
What we collect
The portal mirrors data already held in your source systems — your ConnectWise PSA tickets, Microsoft 365 user + device inventories, network device telemetry, agreements, and quotes. Authentication is delegated to Microsoft Entra ID; we don't store your password. We log sign-ins, in-app activity, and AI invocations for security and audit.
Why we hold it
To deliver visibility on the service we already provide, to power the AI assistance and reporting features you've opted in to, and to maintain the security + audit trail required by our SOC2 controls and CIS IG1 program.
Third-party processors
Sub-processors include Microsoft (Entra, M365 Graph, Azure hosting), ConnectWise (PSA + RMM), Anthropic and Azure OpenAI (for AI summaries when enabled), and Sentry (error monitoring). AI providers receive only the synced operational data needed to answer the specific request; tenant data is wrapped + sanitised before egress.
Retention
Operational data (tickets, devices, configurations) is retained as long as the agreement is active. Activity logs are retained for 180 days. AI-interaction logs are pruned at 180 days. Backups roll on a 30-day cycle. You can request earlier deletion at any time.
Your rights
You can request access to, correction of, or deletion of personal data held in the portal. We respond within 30 days. Canadian customers are covered by PIPEDA; EU/UK customers covered by GDPR.
Contact
Privacy questions: privacy@thirdoctet.com. General support: servicedesk@thirdoctet.com.