PRIVACY POLICY

Effective Date: January 1,  |  Last Updated: January 1,

1. Introduction

Cowboy MSP ("we," "our," or "us") operates the website cowboymsp.com. This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our website and services.

2. Information We Collect

We may collect the following categories of personal information:

  • Contact Information: Name, email address, phone number, company name, and physical address when you submit forms on our website.
  • Usage Data: Information about how you interact with our website, including IP address, browser type, pages visited, time spent on pages, and referring URLs. This data is collected automatically via Google Analytics.
  • Communications: Records of correspondence if you contact us via email, phone, or our contact form.
  • Business Information: Number of users, current IT environment details, and other information you voluntarily provide when requesting a quote or assessment.

3. How We Use Your Information

We use the information we collect to:

  • Respond to your inquiries and provide requested services
  • Send you quotes, proposals, and service agreements
  • Communicate about our services, updates, and promotions (with your consent)
  • Improve our website and service offerings
  • Comply with applicable laws and regulations
  • Protect against fraud and unauthorized access

4. Information Sharing

We do not sell, rent, or trade your personal information to third parties. We may share your information with:

  • Service Providers: Trusted third parties who assist us in operating our website and delivering services (e.g., email platforms, CRM software), bound by confidentiality agreements.
  • Legal Compliance: When required by law, court order, or government authority.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notice.

5. Cookies, Tracking & Google Analytics

Our website uses cookies and similar tracking technologies, including Google Analytics, a web analytics service provided by Google LLC ("Google"). Google Analytics uses cookies to help us analyze how visitors use our site. The information generated by the cookie about your use of our website (including your IP address) will be transmitted to and stored by Google on servers in the United States.

Google Analytics collects the following information on our behalf:

  • Pages visited and time spent on each page
  • Referring website or search engine
  • General geographic location (city/region level)
  • Browser type, operating system, and device type
  • Anonymized IP address

We use this information solely to improve our website and understand how visitors engage with our content. We do not use Google Analytics to collect personally identifiable information.

Google's use of data collected through our site is governed by Google's Privacy Policy. You can review how Google uses data when you use our site.

6. Opting Out of Analytics Tracking

You have several options to opt out of Google Analytics tracking:

  • Browser Add-on: Install the Google Analytics Opt-out Browser Add-on to prevent your data from being used by Google Analytics.
  • Browser Settings: You can disable or delete cookies through your browser settings. Note that disabling cookies may affect the functionality of some websites.
  • Do Not Track: Some browsers offer a "Do Not Track" setting. While we respect this preference, not all tracking technologies respond to it.

7. Data Security

We implement industry-standard security measures to protect your personal information, including SSL encryption, access controls, and regular security assessments. However, no method of transmission over the Internet is 100% secure.

8. Your California Privacy Rights (CCPA)

California residents have the right to: request disclosure of personal information collected, request deletion of personal information, and opt-out of the sale of personal information. To exercise these rights, contact us at [email protected].

9. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.

11. Children's Privacy

Our services are not directed to individuals under 13 years of age. We do not knowingly collect personal information from children under 13.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the date at the top of this page.

13. Contact Us

For privacy-related questions or requests, contact us at:
Email: [email protected]
Website: cowboymsp.com

14. Credential Vault for Confluence — Atlassian Marketplace App

The following disclosures apply specifically to the Credential Vault for Confluence application ("App"), available on the Atlassian Marketplace, published by CowboyMSP.

15. Data Stored by the App

All credential data entered into the App — including usernames, passwords, TOTP secrets, URLs, and notes — is encrypted in the user's browser using AES-GCM-256 before it is written to Atlassian Forge KV Storage. CowboyMSP never receives, stores, or has access to plaintext credential data. The encryption key is derived from a user-chosen PIN that is never transmitted off-device.

The only personal data stored in association with the App is:

  • Atlassian account identifiers (user IDs) used to scope per-user vault access — encrypted at rest within the Forge KV namespace.
  • Audit log entries (timestamp, action type, and truncated user identifier) retained for up to 100 events per vault, stored in Forge KV.

16. Data Egress

The App sends data outside of Atlassian infrastructure in only one scenario: when a user voluntarily triggers the optional password breach check. In this case, only the first 5 hexadecimal characters of a SHA-1 hash of the password are transmitted to the Have I Been Pwned k-anonymity API. No password, credential entry, or personally identifiable information is transmitted. CowboyMSP does not receive this request.

17. Data Residency

All App data is stored in Atlassian Forge KV Storage. Data residency (geographic region) is determined by the customer's Atlassian Cloud site configuration. CowboyMSP inherits Atlassian's data residency settings and does not independently control where data is stored. For information on Atlassian's data residency options, see atlassian.com/trust/data-residency.

18. GDPR Rights for App Users

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with equivalent data protection laws, you have the following rights with respect to data processed by the App:

  • Right of Access: You may request a copy of personal data associated with your account within the App.
  • Right to Erasure: You may delete your vault at any time from within the App. This permanently removes your encrypted data from Forge KV. Residual audit log entries are automatically purged when the vault is deleted.
  • Right to Portability: You may export your decrypted credential data from within the App interface at any time.
  • Right to Rectification: You may update any stored credential entry at any time.
  • Right to Object / Restrict Processing: Because the App performs no profiling or automated decision-making and transmits no data to CowboyMSP servers, there is no CowboyMSP-side processing to object to beyond what is governed by your agreement with Atlassian.

To exercise any of these rights or for App-related privacy inquiries, contact us at [email protected].

19. App Security

The App implements zero-knowledge, client-side encryption. CowboyMSP cannot access your credentials under any circumstances, including in response to legal requests — we simply do not hold the keys. Users are solely responsible for maintaining and backing up their chosen PIN. Loss of the PIN makes stored credentials unrecoverable.

20. End User License Agreement

Use of Credential Vault for Confluence is also subject to the CowboyMSP End User License Agreement.