Skip to content

Products

OVERVIEW

Manage and secure your Windows and macOS devices from anywhere

OTHER PDQ PRODUCTS

Configure new devices, discover and manage endpoints, deploy software, and secure your fleets

Use cases

INDUSTRIES

Scalable solutions for every sector

WHY PDQ

Actual proof, results, and comparisons

Resources

LEARN

Insights to get the most out of PDQ

ENGAGE

Connect with other sysadmins like you

Partners

VALUE ADDED RESELLERS

Empower your customers and grow your margins

MANAGED SERVICE PROVIDERS

Streamline client management and cut IT busywork

Pricing

OVERVIEW

Manage and secure your Windows and macOS devices from anywhere

OTHER PDQ PRODUCTS

Configure new devices, discover and manage endpoints, deploy software, and secure your fleets

Nav1 Connect

See PDQ Connect in action

No sign-up or strings attached

INDUSTRIES

Scalable solutions for every sector

WHY PDQ

Actual proof, results, and comparisons

How MSPs manage tenants in Connect white

Are you an MSP?

Explore the tools and features built exclusively with MSPs in mind

LEARN

Insights to get the most out of PDQ

ENGAGE

Connect with other sysadmins like you

Illustration of report

State of Sysadmin report

Read our 2026 State of Sysadmin Administration report

VALUE ADDED RESELLERS

Empower your customers and grow your margins

MANAGED SERVICE PROVIDERS

Streamline client management and cut IT busywork

Partners

Join our partner program

Discover why partners love working with PDQ — and how easy it is to join

Privacy Policy

Introduction

PDQ.com Corporation (“PDQ”, “we”, or “us”) is committed to protecting your privacy.
This Privacy Policy explains how we collect, use, disclose, and protect personal data in connection with your use of our products and services (the “Services”), your visits to our websites, and your interactions with us through any of our communication or community channels - including support and sales communications, online forums,
social media platforms and live-streamed events.

PDQ is a company established in the United States with its principal place of business
at:

2200 S Main St STE 200
South Salt Lake, Utah 84115
privacy@pdq.com
801-657-4657

For certain processing activities described in this Privacy Policy, such as service provisioning, account management, support, and marketing, we act as a controller of personal data.

For data that we process on behalf of our customers within the Services, we act as a processor. Where PDQ acts as a processor, the processing of personal data is governed exclusively by the applicable Data Processing Agreement between PDQ and the relevant customer, to the extent permitted by applicable law. In the event of any conflict between this Privacy Policy and a Data Processing Agreement, the Data Processing Agreement shall prevail with respect to processor activities. Customers are responsible for ensuring that their own processing activities comply with applicable data protection laws.


Information We Collect and How We Use It

During your interaction with us, we may collect the following information:

When you visit our website

PDQ processes certain personal data as necessary to operate, secure, and maintain our
websites, prevent abuse, and provide access to our services. This processing is based
on our legitimate interests in ensuring the proper functioning and security of our
websites.

PDQ uses cookies and similar technologies to enable core website functionality,
understand website usage, and, where required by applicable law, support marketing
activities. Essential cookies are used based on our legitimate interests. Non-essential
cookies are used only with your consent, which you may withdraw at any time through
your browser settings or our Privacy Preference Center accessible via the button in the
bottom left corner of our website at pdq.com, powered by OneTrust.

We may process the following categories of personal data: IP address, approximate
location derived from IP address, language and time zone settings, device and browser
information, website usage and interaction data, log data related to security and error
handling, and cookie and similar technology

When you Contact Sales or Support

When you contact our Sales or Support teams through our website, we process the personal data you provide, which may include your name, email address, company or tenant name, telephone number, and any other information you include in your communication.

The lawful basis for this processing is our legitimate interests in communicating with prospective and existing customers and, where applicable, taking steps at your request prior to entering or performing a contract.

When you Use our Products

Through our products, we and third parties may collect information from your computer
or other device by automated means such as usage tracking and cookies. This data is
used for helping PDQ identify how our products are used and how we can improve them
in the future. Information input into our products is stored in our cloud databases.

The lawful basis for such processing is performance of a contract where the data is necessary to provide and operate the Services. We may also process certain usage and security-related data based on our legitimate interests in maintaining the security, reliability, and improvement of our Services.


Information We Share

PDQ does not and will not sell your Personal Information neither will we disclose any Personal Information unnecessarily. Beyond our employees who develop, maintain and improve our websites, services and products, we may disclose your Personal Information to the third parties listed below.

PDQ is committed to selecting only trusted and reputable service providers solely for legitimate business purposes. Technical and Organizational measures as well as additional safeguards which govern data protection and data sharing (including international data transfer) are listed in chapters “International Data Transfer” and
“Technical and Organizational Measures”

Based on the purpose of processing we may disclose to the following parties:

Service and Product Provisioning

We use Google Cloud Computing and Azure services as the underlying architecture on which our products run. In addition, we utilize external service providers such as Expel and Cloudflare to provide functionality and security as part of delivering our Services.

We use Stripe to process payments and to verify customer identity in connection with account access and service provisioning. Payment and verification information, including your name, email address, billing address, and payment card details, is submitted directly to Stripe through an integration at PDQ’s website. PDQ does not store or have access to your full payment details; only Stripe handles and retains that data in accordance with their own privacy policy and PCI-DSS compliance obligations.

We use Tray.io, a workflow automation platform, to connect and synchronize data across our internal business systems. Tray.io may process personal data such as name, email address, company, and account information as part of automated workflows supporting CRM, billing, and customer account management.

The processing of personal data in connection with service and product provisioning is based on performance of a contract, as such processing is necessary to provide and operate the Services requested by our customers.

Offering support

When supporting our customers, potential customers, or website visitors, we use
Zendesk as our primary tool. In addition, we utilize Slack and Discord. When resolving technical issues that require us to connect to a client, we use ISL Light. Where support is provided to existing customers, the processing of personal data is based on performance of a contract. Where support is provided to prospective customers or website visitors, the processing is based on our legitimate interests in responding to inquiries and maintaining effective business communications, provided such interests are not overridden by the rights and freedoms of individuals.

Communication and Marketing

When engaging with our customers and users, we use SendGrid, Discord, Salesforce, and HubSpot to communicate product updates, newsletters, and promotional materials. PDQ also maintains a community channel on Discord, where users' names and profile information are visible to other community members. Any outreach for marketing or support purposes via Discord is subject to applicable consent requirements and user notification settings within the platform. Users may adjust their Discord settings or contact us at privacy@pdq.com to opt out of marketing communications.

The legal basis for this processing is consent where required by applicable law. In certain cases, we may rely on our legitimate interests to communicate with existing customers about similar products or services, where such communications are permitted by law and do not override the rights and freedoms of individuals.

You may opt out of marketing communications or withdraw your consent at any time.

Analytics and Product Development

We analyse the usage patterns of our websites and products to better understand our customers and their needs and to improve our products and customer experience. For this purpose, we engage service providers such as Mixpanel and Mouseflow and use cookies and similar technologies. Whenever possible, we use aggregated or deidentified data.

The legal basis for analyzing usage data is our legitimate interests in improving and developing our Services, provided such interests are not overridden by the rights and freedoms of individuals. Where cookies or similar technologies require consent under applicable law, the legal basis is consent.

Business Strategy and Market Analysis

PDQ uses Snowflake as its centralized data warehouse to consolidate and analyze data from internal systems, including product usage, account, sales, support, marketing, and financial data. This processing enables us to assess business performance, inform product development, improve services, and guide company strategy and market positioning.

Where possible, we rely on aggregated or de-identified data. Access to identifiable personal data is limited to authorized personnel and subject to appropriate technical and organizational measures.

This processing is based on our legitimate interests in operating, developing, and improving our business and services. Where the processing is necessary to deliver contracted services or manage customer accounts, the legal basis is performance of a contract (Article 6(1)(b) GDPR).

Automated Decision-Making

PDQ does not engage in automated decision-making, including profiling, that produces legal ehects or similarly significant ehects concerning individuals.

Legal Compliance and Security

We process personal data as necessary to comply with applicable laws and regulations, respond to lawful requests or legal process, and protect the rights, safety, and property of PDQ, our customers, and others. This includes processing for fraud prevention, network and information security, and the enforcement of our terms of service and acceptable use policies. Such processing is based on our legal obligations and our legitimate interests in maintaining a secure and lawful business.

We will not process personal data for purposes incompatible with those described above without providing notice and, where required by applicable law, obtaining your consent.

Where personal data is transferred from the European Economic Area, the United Kingdom, or Switzerland to the United States or other countries, PDQ relies on appropriate transfer safeguards, such as the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, the Swiss-U.S. Data Privacy Framework, or other legally recognized transfer mechanisms.

Operating our business

While operating our business, PDQ may disclose or make available personal data to its ahiliates and business partners, including subsidiaries, parent companies, and authorized resellers or channel partners, where necessary to support our business operations, provide our services, or engage in sales and customer support activities. Such processing is based on performance of a contract where necessary to provide our Services, compliance with legal obligations where applicable, and our legitimate interests in operating and administering our business, provided such interests are not overridden by the rights and freedoms of individuals.

Any such disclosures are subject to appropriate contractual safeguards, including obligations to process personal data only on PDQ’s instructions, implement appropriate technical and organizational security measures, and comply with applicable data protection and privacy laws.


International Data Transfer

PDQ is headquartered in the United States but we serve customers around the world. This means personal information we collect may be transferred to or accessed in the United States or other countries outside of your home jurisdiction. Those countries may have data protection laws that are diherent and potentially less protective than the laws of your country. However, when we transfer personal information internationally, we take steps to ensure appropriate safeguards are in place to protect your data. Our practices regarding international data transfers include:

  • Data Privacy Framework: PDQ complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the SwissU.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce with respect to the collection, use, and retention of personal data transferred from the European Union, the United Kingdom, and Switzerland to the United States. PDQ has self-certified to the U.S. Department of Commerce that it adheres to the EU–U.S. DPF Principles, including the UK Extension to the EU–U.S. DPF and the Swiss–U.S. DPF Principles for personal data transferred from the United Kingdom and Switzerland, respectively. PDQ’s certification may be verified by searching for “PDQ” at www.dataprivacyframework.gov. In accordance with the DPF Principles, PDQ commits to provide notice, choice, accountability for onward transfers, security, data integrity and purpose limitation, access, and recourse for covered personal data. In the event of any conflict between this Privacy Policy and the DPF Principles, the DPF Principles shall prevail.

  • Standard Contractual Clauses: For data transfers from the European Economic Area (EEA), United Kingdom, or Switzerland that are not covered by the DPF (for example, if a customer requires it for certain types of data), we are prepared to use the European Commission’s Standard Contractual Clauses (SCCs) or UK International Data Transfer Addendum, as appropriate, to ensure an adequate level of protection.

  • Other Jurisdictions: Where we transfer personal information from other countries (such as Canada, Australia, etc.) to the U.S. or another country, we will do so in compliance with the requirements of applicable data protection law.

Personal data transferred under the DPF may be disclosed in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.


Technical and Organizational Measures

Additionally, we have implemented appropriate technical and organizational measures as described in this section to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures are designed with reference to our SOC 2 Type II report and reflect reasonable and appropriate security practices.

Our measures include, but are not limited to:

Organizational Measures:

  • A formal information security program governed by documented policies and
    procedures.

  • Role-based access controls and the principle of least privilege for personnel.

  • Mandatory security awareness and privacy training for employees and
    contractors.

  • Vendor risk management and due diligence processes for third-party service
    providers.

  • Incident response and breach management procedures, including escalation
    and notification protocols.

  • Periodic risk assessments and internal audits to evaluate the effectiveness of
    security controls.

Technical Measures

  • Logical access controls, including authentication mechanisms and access
    logging.

  • Encryption of Personal Data in transit using reasonable and appropriate
    cryptographic protocols and, where appropriate, encryption at rest.

  • Network security controls such as firewalls, intrusion detection and prevention
    mechanisms, and network segmentation.

  • Secure development practices, including code review, testing, and change
    management.

  • Monitoring and alerting systems to detect anomalous or unauthorized activity.

  • Regular vulnerability scanning and remediation processes.

Physical Measures

  • Controls designed to prevent unauthorized physical access to systems and infrastructure, including reliance on secure, SOC-compliant data center providers.

  • Physical access restrictions and environmental protections appropriate to the nature of the processing activities.

These measures are reviewed and updated periodically to account for technological developments, evolving security risks, and changes in our processing activities. While no method of transmission or storage is completely secure, we take reasonable and appropriate steps to protect Personal Data in accordance with applicable data protection laws.

Data Brach Notification

In the event of a personal data breach, PDQ will notify the relevant supervisory authority and ahected individuals where required to do so under applicable law. Such notifications will be made within the timeframes prescribed by applicable law. PDQ maintains internal incident response procedures to assess, contain, and respond to personal data breaches in a timely manner.


Data Privacy Framework (DPF) Commitments

In adherence to the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the SwissU.S. DPF, PDQ commits to the following additional protections for personal data transferred from the EU, UK, or Switzerland to the United States:

  • Accountability for Onward Transfer: When we transfer personal data from the EU/UK/Switzerland to third-party service providers or agents, we will do so only for limited and specified purposes consistent with the consent you have provided or the Services we are delivering, as described in this Privacy Policy or the applicable service agreement. We require third parties to contractually agree to provide at least the same level of privacy protection for that data as required by DPF Principles. PDQ remains liable under the DPF Principles if any third-party agent processes EU, UK, or Swiss personal data we transfer to them in a manner inconsistent with those Principles, unless we prove that we are not responsible for the event giving rise to the damage, subject to the limitations of liability set forth in our applicable terms of service, except where such liability cannot be limited under applicable law or the DPF Principles. In other words, we continue to protect your data even when it’s processed by a partner or sub-processor on our behalf, and we will take reasonable steps to address unauthorized processing or misuse by any such third party.

  • Transparency and Choice: We will honor the DPF Principle of choice by ohering individuals the opportunity to opt out if we intend to disclose their personal data to a third party (other than our agents) or use it for a materially different purpose than originally collected or later authorized. PDQ does not currently collect sensitive personal data as defined under the DPF Principles. In the event we were to do so in the future, we would obtain ahirmative consent before sharing or using it in any way that requires such consent under the DPF Principles. If we process sensitive personal data, we will do so only where permitted by applicable law and, where required, with explicit consent.

  • Security: We maintain reasonable and appropriate security measures to protect personal data in our possession. See the Technical and Organizational Measures above in this document.

  • Data Integrity and Purpose Limitation: We limit our collection and use of personal data to that which is relevant for the purposes of processing noted in this Policy (or as subsequently authorized by you). We take reasonable steps to ensure that personal data is reliable, accurate, and complete for its intended use, and we do not retain it longer than necessary for those purposes, consistent with applicable law.

  • Access and Correction: If we hold your personal information that was transferred under the DPF, you have the right to access that data and to request correction, amendment, or deletion of the data if it is inaccurate or processed in violation of the DPF Principles. You may contact us as described in Section “Contact Information” to exercise these rights. We will respond to legitimate requests within a reasonable timeframe, and in any case within the period required by law. Please note that we may need to verify your identity before fulfilling certain requests, and there are some circumstances (for example, if the data includes information about other individuals or if we are legally required to retain certain data) where we may limit or deny your request, but we will explain the basis for such decisions.

  • Regulatory Oversight: PDQ is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC) with respect to our adherence to the DPF. This means the FTC may investigate and take enforcement action if we fail to comply with the DPF Principles.


Dispute Resolution and Complaints

In compliance with the DPF, PDQ commits to resolve complaints about your privacy and our collection or use of your personal data. EU, UK, or Swiss individuals with inquiries or complaints regarding this Privacy Policy or our data handling practices should first contact us at privacy@pdq.com. We will acknowledge and respond to any question or complaint within 45 days of receipt.

If a complaint cannot be resolved directly with PDQ, PDQ has committed to cooperate with JAMS, an independent dispute resolution provider based in the United States, to resolve complaints at no cost to the individual. To submit a complaint to JAMS, visit www.jamsadr.com/dpf-dispute-resolution.

If your complaint remains unresolved after exhausting the above channels, EU, UK, or Swiss individuals may invoke binding arbitration under DPF Annex I as a last resort for residual claims. This right is available only after first raising the matter with PDQ and pursuing the JAMS process above. Details are available at https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.

Your Rights and Choices

Opt-Out of Marketing: If you receive marketing or promotional emails from us, you may opt out at any time by clicking the “unsubscribe” link in those emails or by contacting us at privacy@pdq.com with your request. Note that you will continue to receive transactional or account-related communications (e.g., service notifications, billing reminders) even if you opt out of marketing messages, as those are necessary for us to provide our Services.

Access, Correction, Deletion: Individuals in certain jurisdictions (e.g., EU, UK, Switzerland, as well as some U.S. states) have legal rights to access personal information we hold about them and to request correction or deletion of that information. You may send such requests to privacy@pdq.com. We will honor valid requests in accordance with applicable law. If we cannot comply with a request, we will provide an explanation subject to legal restrictions.

Do Not Track: Our website currently does not respond to "Do Not Track" signals. You may manage your cookie and tracking preferences at any time through our Privacy Preference Center, accessible via the button in the bottom left corner of our website at pdq.com, powered by OneTrust.


California privacy rights

If you are a California resident, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 ("CCPA/CPRA"), grants you specific rights regarding your personal information. This section describes those rights and how to exercise them.

Personal Information We Collect and Disclose

In the preceding 12 months, we have collected the following categories of personal information: identifiers (name, email address, IP address, account username); commercial information (billing address, payment records, and service subscriptions); internet and network activity (website usage data, product interaction data, log data, and cookie data); approximate geolocation derived from IP address; and professional or employment-related information (company name and job title where provided). We do not collect sensitive personal information as defined under CCPA/CPRA.

We disclose these categories to third-party service providers such as Google Cloud, Azure, Stripe, Zendesk, Salesforce, HubSpot, Mixpanel, Mouseflow, ISL Light, Snowflake, Tray.io, and Cloudflare solely for legitimate business purposes as described in the "Information We Share" section of this Privacy Policy. All such disclosures are governed by written contracts requiring service providers to process personal information only for the specified purpose and in compliance with applicable law.

No Sale or Sharing of Personal Information

PDQ does not currently sell your personal information for monetary consideration, nor do we currently share it with third parties for cross-context behavioral advertising, as those terms are defined under CCPA/CPRA. We therefore do not currently oher a "Do Not Sell or Share My Personal Information" opt-out.

Your Rights

California residents have the following rights with respect to their personal information:

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources and purposes of collection, and the categories of third parties with whom it has been shared.

  • Right to Delete: You may request that we delete personal information we hold about you, subject to certain exceptions where retention is required by law or necessary to complete a transaction or provide a service.

  • Right to Correct: You may request that we correct inaccurate personal information we maintain about you.

  • Right to Non-Discrimination: We will not deny, charge differently for, or provide a lesser quality of services as a result of you exercising any of your CCPA/CPRA rights.

The rights to opt out of sale/sharing and to limit use of sensitive personal information are not applicable, as we do not sell, share for advertising purposes, or collect sensitive personal information.

How to Exercise Your Rights

To submit a verifiable consumer request, contact us at privacy@pdq.com or by mail at PDQ.com Corporation, 2200 S Main St STE 200, South Salt Lake, Utah 84115. Your request must provide sufficient information for us to reasonably verify your identity. We will acknowledge receipt within 10 business days and respond within 45 calendar days. If additional time is needed, we will notify you of the reason and the extended deadline, up to a maximum of 45 additional days.

You may designate an authorized agent to submit a request on your behalf, provided the agent supplies written proof of authorization. We may require you to verify your identity directly with us before fulfilling any request submitted by an agent.


Retention

PDQ retains personal data only for as long as necessary to fulfill the purposes for which it was collected, including to provide our Services, comply with legal obligations, resolve disputes, enforce our agreements, and maintain appropriate business and financial records.

Retention periods are determined based on:

  • The nature and sensitivity of the personal data

  • The purpose of processing

  • Applicable contractual obligations

  • Statutory or regulatory retention requirements

  • Legitimate business needs, such as security, fraud prevention, and service improvement

For example, account data is retained for the duration of the customer relationship and a reasonable period thereafter; technical log data is retained for a limited period for security and diagnostic purposes or as otherwise required for legal, financial, or dispute resolution purposes. When personal data is no longer required for these purposes, we will delete, anonymize, or securely dispose of it in accordance with our data retention and deletion policies.

Individuals may request deletion of their personal data at any time by contacting us at privacy@pdq.com. We will honor valid deletion requests in accordance with applicable law. In certain cases, we may retain limited information where required to comply with legal obligations, resolve disputes, prevent fraud, or enforce our agreements.

Personal data transferred under the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, or the Swiss-U.S. Data Privacy Framework will not be retained longer than necessary for the purposes for which it was collected and processed, consistent with the DPF Principles.


Contact Information

If you have any questions about this Privacy Policy or our data processing practices, you may contact us at:

PDQ.com Corporation

2200 S Main St STE 200

South Salt Lake, Utah 84115

United States

Email: privacy@pdq.com

EU Contact

For individuals in the European Union, PDQ's local presence is maintained through ISL Remote d.o.o., a PDQ company, which serves as PDQ's designated EU Representative under Article 27 of the GDPR. You may contact ISL Remote d.o.o. directly for any questions or concerns relating to the processing of your personal data:

ISL Remote d.o.o.

Pot za Brdom 100 Ljubljana, Slovenia

Email: privacy@islonline.com

The EU Representative may be contacted on matters related to GDPR compliance.


Changes to our privacy statement

We keep this privacy statement under regular review and will place any updates on our website. Paper copies of the privacy statement may also be obtained by contacting us at privacy@pdq.com and requesting a paper copy.

If we decide to change our privacy policy in whole or in part, we will inform you by posting a notice on our web site. Those changes will go into effect on the effective date posted in the notice and at the end of the revised Privacy Policy. The new policy will apply to all current and past users of our web site and will replace any prior policies that are inconsistent. Your continued use of our web site or services constitutes your consent to be bound by the revised Privacy Policy. We may provide notice to you relating to the Policy by sending an e-mail to your last known e-mail address, which you agree to provide to us automatically when it changes from the one you used to first access the Site, and any such notice shall be deemed given and received on the day it is sent.  

This privacy statement was last updated on 04/09/26.