Privacy Policy

SALVAGEDATA Recovery LLC ("SALVAGEDATA") is committed to safeguarding your privacy whenever and wherever you use any of our websites, services, or mobile applications. This Privacy Policy governs the manner in which SALVAGEDATA collects, uses, maintains, and discloses information collected from users of the salvagedata.com website and all products and services offered by SALVAGEDATA Recovery LLC. This policy does not apply to the websites of third-party service providers or any other third parties, even if their websites are linked to ours. We recommend you review the privacy statements of the other parties with which you interact.

Users may visit our site anonymously. We will collect personal information from users only if they voluntarily submit such information to us. Users can always refuse to supply personal information, except that it may prevent them from engaging in certain site-related activities or using certain services.

Collecting and Using Personal Information

SALVAGEDATA Recovery collects information for the purpose of providing and improving our services. This includes but is not limited to:

Contact and identity information

First and last name, email address, phone number, and mailing address submitted via our online evaluation form, customer portal, or by phone.

Case and service information

• Type of device submitted for recovery (hard drive, SSD, RAID, USB flash drive, phone, etc.)
• Storage capacity, manufacturer, and model where known
• Operating system and file system details
• Description of the data loss event (accidental deletion, physical damage, water or fire damage, ransomware, corruption, etc.)
• Observable signs or symptoms of failure
• Types of data to be recovered and their relative priority
• Any other details you provide to help us assess and perform the recovery

Payment information

Payment method details required to process invoices, which may include credit or debit card information, bank transfer details, check information, or other accepted payment methods, processed securely via our payment processor.

Application and job submissions

Photos, resumes, and contact information submitted for employment purposes.

Case communications

Messages, notes, and updates exchanged with your assigned recovery advisor through our customer portal or mobile app.

We use this information solely to contact you, create and manage your account, assess your recovery needs, perform data recovery services, and respond to your service requests. When you work with us, we keep your case information strictly confidential.

Information Disclosure Guidelines

We will share your personal information with third parties only as described in this policy. We do not sell, trade, or rent users' personal identification information to others.

SALVAGEDATA Recovery does not share personal or corporate information except to provide requested products and services. In the event we need to share personally identifiable information with equipment manufacturers or other third parties in the course of performing a recovery, we will request your permission prior to doing so.

We may share your information with third-party service providers acting on our behalf for:

• Fulfilling orders and shipping logistics
• Payment processing
• Providing customer service
• Sending service-related communications you have opted into
• Conducting research and analysis
• Providing cloud computing infrastructure

These third-party providers are authorized to use your personal information only as necessary to provide services to us and are not permitted to use it for their own purposes.

We may use aggregated, non-identifiable information for general business purposes including operational analysis, marketing, and business development. This information will not include phone numbers, addresses, payment details, or other personally identifiable data.

SALVAGEDATA Recovery may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, or in response to subpoenas or other legal processes.

If SALVAGEDATA Recovery is involved in a merger, acquisition, or sale of assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, along with any choices you may have.

Case Communications via SMS and Phone

As part of providing data recovery services, SALVAGEDATA may contact you by SMS text message or voicemail to provide updates on your case, request additional information, confirm receipt of your device, deliver evaluation results, or coordinate return of your recovered data. These communications are operational and directly related to your active service request — they are not marketing messages.

By submitting a case or contacting us by phone, you consent to receiving case-related communications via SMS and voicemail to the phone number you provide. Standard message and data rates may apply. You may opt out of SMS notifications at any time by replying STOP to any message or by contacting support@salvagedata.com.

Phone numbers collected for SMS communications will not be shared with third parties or affiliates for marketing or promotional purposes. Text messaging originator opt-in data and consent will not be shared with any third parties under any circumstances.

The SalvageData Mobile Application

SALVAGEDATA operates a mobile application available on the Apple App Store and Google Play. The app allows customers to:

• Create and manage data recovery cases
• Track the status of an existing case in real time
• Message their assigned recovery advisor
• Find nearby SalvageData locations
• Search articles and informational content

Data collected through the app

SALVAGEDATA does not collect analytics data through the mobile application itself. As declared in our Apple App Store privacy nutrition label: the developer does not collect any data from this app.

Case information you enter through the app — including contact details, device information, and case communications — is transmitted to and stored in our secure case management system, which is governed by the same data protection standards as our website and web portal. This information is used solely to manage and communicate about your data recovery case.

Data collected when accessing our website via mobile browser

If you access salvagedata.com or the customer portal (case.salvagedata.com) through a mobile web browser rather than the app, standard web analytics apply as described in the Cookie and Tracking Technology section below. This includes GA4 analytics data such as pages visited, session duration, device type, and referral source.

Push notifications

The SalvageData app may send push notifications to update you on your case status, such as when an evaluation is complete or when your recovered data is ready for review. These notifications are operational and directly related to your active service request, not marketing.

You can turn off push notifications at any time through your device's notification settings. Disabling notifications will not affect your ability to use the app or check your case status manually.

User Access and Choice

Upon request, SALVAGEDATA Recovery will provide you with information about whether we hold or process any of your personal information. To request this information, email us at legal@salvagedata.com.

If your personal information changes or you no longer desire our services, you may correct, update, delete, or deactivate it by emailing support@salvagedata.com or by contacting us by telephone or postal mail. We will respond to your request within 30 days.

We will retain your information for as long as your account is active or as needed to provide services, comply with legal obligations, resolve disputes, and enforce our agreements.

To opt out of specific data uses such as marketing communications, contact us at privacy@salvagedata.com. You may also adjust your email preferences or unsubscribe from our communications at any time using the "Unsubscribe" link found in any email we send you.

Data Retention

The retention period for data we process varies based on the nature of the information and applicable obligations. In general:

• Case and service data is retained for as long as necessary to deliver the requested service and for a reasonable period thereafter for dispute resolution and legal compliance
• Account information is retained for the duration of your relationship with us and for seven years following account closure
• Payment information is retained for seven years as required by tax and financial regulations
• Security incident data is retained for seven years from incident closure
• Job application data is retained for a reasonable period and then securely deleted unless an employment relationship results

When retention is no longer required, data is securely deleted or anonymized.

EU–U.S. Data Privacy Framework

SALVAGEDATA complies with the EU–U.S. Data Privacy Framework (EU–U.S. DPF), the UK Extension to the EU–U.S. DPF, and the Swiss–U.S. Data Privacy Framework (Swiss–U.S. DPF) as set forth by the U.S. Department of Commerce. SALVAGEDATA has certified its adherence to the EU–U.S. DPF Principles, the UK Extension, and the Swiss–U.S. DPF Principles with respect to the processing of personal data received from the European Union, the United Kingdom, and Switzerland. This certification covers Non-HR Data only. If there is any conflict between the terms in this policy and the DPF Principles, the Principles shall govern.

To verify our active certification status, visit the DPF participant list and search for "SALVAGEDATA RECOVERY." To learn more about the Data Privacy Framework program, visit dataprivacyframework.gov.

For unresolved privacy concerns that we have not addressed satisfactorily, please contact our U.S.-based dispute resolution provider JAMS (free of charge) at jamsadr.com/DPF-Dispute-Resolution.

SALVAGEDATA complies with the jurisdiction of the U.S. Federal Trade Commission (FTC) regarding data protection practices. Under the Data Privacy Framework, individuals may under certain conditions invoke binding arbitration for complaints not resolved by other redress mechanisms. See Annex I of the DPF Principles for details.

SALVAGEDATA offers individuals choices and means for limiting the use and disclosure of their personal data. For more information, visit the DPF Choice Principle page.

California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) regarding your personal information.

Your rights as a California resident

• Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the purposes for which it is used, and whether it is shared.
• Right to delete: Request that we delete personal information we have collected from you, subject to certain legal exceptions.
• Right to correct: Request that we correct inaccurate personal information we maintain about you.
• Right to opt out of sale or sharing: Direct us not to sell or share your personal information for cross-context behavioral advertising. See "How to Opt Out" below.
• Right to non-discrimination: We will not discriminate against you for exercising any of your rights under the CCPA/CPRA.

What we share and with whom

SALVAGEDATA does not sell your personal information for monetary consideration. However, our use of advertising cookies through Google Ads may constitute "sharing" of personal information for cross-context behavioral advertising under the CPRA. This includes cookie identifiers, IP addresses, and browsing activity on our site that may be passed to Google for advertising purposes. Where you have submitted an evaluation form, we may also transmit a hashed version of your contact information to Google Ads for conversion measurement purposes, as described in the Enhanced Conversions section below.

Our use of Google Analytics 4 (GA4) for internal site analytics does not constitute a sale or sharing under the CPRA, as this data is used exclusively for internal measurement and is not disclosed to third parties for advertising purposes. This includes our use of the GA4 user_id feature, which assigns a pseudonymous internal identifier to help us understand multi-session behavior without identifying you personally.

How to opt out

You can opt out of the sharing of your personal information for advertising purposes at any time through any of the following methods:

• Click "Do Not Sell or Share My Personal Information" in the footer of any page on our website
• Enable the Global Privacy Control (GPC) signal in your browser — we automatically honor this signal and will disable advertising cookies without requiring any further action on your part
• Email us at privacy@salvagedata.com with the subject line "California Opt-Out Request"

We will process your request within 15 business days and confirm via email. Your opt-out applies to the browser or device you use to submit it. If you use multiple browsers or devices, you will need to opt out on each.

To submit a verifiable consumer request for any of the rights described above, contact us at privacy@salvagedata.com or by mail at 43 Alpha Park, Cleveland, OH 44143.

Privacy Rights for Residents of Other States

Residents of the following states have rights similar to those described above, including the right to opt out of the processing of personal data for targeted advertising, the right to access, correct, and delete their personal information, and in some states the right to data portability:

• Colorado (Colorado Privacy Act — CPA)
• Connecticut (Connecticut Data Privacy Act — CTDPA)
• Virginia (Virginia Consumer Data Protection Act — VCDPA)
• Texas (Texas Data Privacy and Security Act — TDPSA)
• Oregon (Oregon Consumer Privacy Act — OCPA)
• Montana (Montana Consumer Data Privacy Act — MCDPA)
• Nevada (Senate Bill 220)

Residents of California, Colorado, Connecticut, and Oregon may also exercise their rights via the Global Privacy Control (GPC) browser signal. We honor GPC automatically.

To exercise any of these rights, contact us at privacy@salvagedata.com.

Rights of EEA, UK, and Swiss Residents

SALVAGEDATA complies with the EU–U.S. Data Privacy Framework and processes personal data received from the EEA, United Kingdom, and Switzerland in accordance with DPF Principles.

If you are located in the EEA, United Kingdom, or Switzerland, you have the following rights:

• Access — Request a copy of the personal data we hold about you.
• Rectification — Request correction of inaccurate personal data.
• Erasure — Request deletion of your personal data where there is no legitimate basis for continued processing.
• Restriction — Request that we restrict processing of your data in certain circumstances.
• Portability — Request transfer of your data to another controller in a structured, machine-readable format.
• Objection — Object to processing based on legitimate interests or for direct marketing purposes.
• Withdrawal of consent — Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact legal@salvagedata.com. We will respond within 30 days. If you believe we have not addressed your concern satisfactorily, you may contact JAMS at no cost at jamsadr.com/DPF-Dispute-Resolution. EU individuals may also contact their local Data Protection Authority at ec.europa.eu/info/law/law-topic/data-protection. Swiss individuals may refer to the Federal Data Protection and Information Commissioner.

Security

SALVAGEDATA Recovery employs industry-leading security measures to protect your personal information at every stage of our operations. All sensitive data exchanged between the site and its users is transmitted over SSL-encrypted, digitally signed communication channels. Our facilities and systems are certified under multiple rigorous security frameworks, including SSAE 16 SOC 3, ISO 9001:2015, FIPS 140-2 and 140-3 federal standards, HIPAA compliance protocols, and PCI Security Standards. These certifications reflect the ongoing audits, controls, and protocols that govern how we collect, store, access, and transmit your data every day.

Access to customer information is strictly limited to personnel who require it to fulfill your service request, governed by a chain-of-command protocol and non-disclosure agreement that all employees and vendors are required to maintain. Where clients request additional confidentiality agreements, the terms of those agreements reinforce this policy and apply alongside it.

Cookie and Tracking Technology Collection

salvagedata.com uses cookies and similar tracking technologies to improve your browsing experience, analyze site traffic, and serve relevant advertising.

Analytics

We use Google Tag Manager (GTM) and Google Analytics 4 (GA4) to collect anonymized data about how visitors interact with our website. This includes pages visited, session duration, referral source, and device type. This data is used solely for internal analytics and service improvement and is not considered a sale or sharing of personal information under applicable U.S. privacy laws.

When you submit an evaluation form or contact us through the site, we may assign an internal pseudonymous identifier to your submission and pass it to GA4 using the user_id feature. This allows us to understand how visitors interact with our site across multiple sessions without re-identifying you. The identifier is an opaque internal reference maintained by SALVAGEDATA — it is not your name, email address, or any other directly identifying information.

Advertising cookies

We use advertising cookies through Google Ads to measure the effectiveness of our marketing campaigns. These cookies may track browsing activity on our site and, in some cases, across other websites. This activity may constitute "sharing" of personal information under the California CPRA. You can opt out at any time using the methods described in the California Privacy Rights section above.

Enhanced Conversions

When you submit an evaluation form or complete another conversion action on our site, we may transmit a hashed (one-way encrypted) version of your contact information — such as your email address — to Google Ads to improve the accuracy of our conversion measurement. This process, known as Enhanced Conversions, uses a hash that cannot be reversed to recover your original information. We may also upload hashed contact lists to Google Ads to create Customer Match audiences for advertising purposes; this data is used only for audience matching and is not used by Google for any other purpose. You may opt out of personalized advertising at any time at Google's My Ad Center.

Consent and your choices

When you first visit our site, you will see a cookie notice that allows you to manage your preferences. You can revisit your preferences at any time by clicking "Do Not Sell or Share My Personal Information" in the footer of any page.

If your browser has the Global Privacy Control (GPC) signal enabled, we will automatically honor it and disable advertising cookies. You can learn more about GPC at globalprivacycontrol.org.

You may also opt out of interest-based advertising through the Digital Advertising Alliance opt-out page or, if located in the European Union, through the European Interactive Digital Advertising Alliance. Please note this does not opt you out of being served ads; you will continue to receive generic ads.

Most browsers allow you to refuse or delete cookies through their settings. Note that disabling cookies may affect certain features of the site, including the ability to log in to the customer portal.

Log files and automatically collected data

As is common with most websites, we automatically gather certain information and store it in log files. This may include IP addresses, browser name and version, internet service provider (ISP), device type, operating system, referring and exit pages, date and time stamps, and clickstream data. We do not link this automatically collected data to personally identifiable information we collect about you.

Third-party technologies

Technologies such as cookies, beacons, tags, and scripts are used by us and our third-party partners, affiliates, analytics providers, and service providers to analyze trends, administer the site, track user movements, and gather demographic information about our user base in aggregate. We do not display third-party advertisements on our website.

Information Related to Data Collected for Our Clients

SALVAGEDATA Recovery collects information under the direction of its Clients and has no direct relationship with the individuals whose personal data it processes on behalf of Clients. If you are a customer of one of our Clients and would no longer like to be contacted by that Client, please contact the Client directly.

Individuals who seek access to, or wish to correct, amend, or delete inaccurate data should direct their query to SALVAGEDATA Recovery's Client (the data controller). If we are requested to access or remove data, we will respond within 30 days.

We will retain personal data we process on behalf of Clients for as long as needed to provide services and as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

Children's Online Privacy

Our website is a general audience site and is not directed to children under the age of 18. We do not knowingly collect personally identifiable information from anyone under 18. If you are a parent or guardian and believe that a child under 18 has provided us with personal information, please contact us at legal@salvagedata.com and we will take prompt steps to delete that information from our records.

Links to Third-Party Sites

Our site includes links to other websites whose privacy practices may differ from those of SALVAGEDATA Recovery. If you submit personal information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.

Testimonials

We display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, contact us at legal@salvagedata.com.

Social Media Widgets

Our website includes social media sharing buttons that allow you to share content from our site to your social media accounts. These features may collect your IP address, record which page you are visiting, and set a cookie to enable the feature to function properly. Your interactions with these features are governed by the privacy policy of the company providing them.

Changes to This Privacy Policy

SALVAGEDATA Recovery may apply changes or updates to this policy as needed. When we do, we will update the effective date at the top of this page. We will notify you of significant changes by placing a notice on our website or by sending you an email prior to the change becoming effective. We encourage you to review this page periodically to stay informed.

Questions and Suggestions

If you have any questions or suggestions regarding our privacy practices, please contact us:

• General and legal: legal@salvagedata.com
• Privacy requests and opt-outs: privacy@salvagedata.com
• Customer support: support@salvagedata.com
• Mailing address: 43 Alpha Park, Cleveland, OH 44143

© 2026 SALVAGEDATA Recovery LLC. All rights reserved.