Privacy standards and operational policy for The Computer Cellar (v3.0)
– Updated January 12, 2025 –
Preamble:
The Computer Cellar (hereinafter “TCC”) prides itself on honest, trustworthy repair work. We trust our staff to perform quality repairs with the utmost respect for your privacy, safety, and security. Our company policy with regard to data handling and customer privacy is as follows.
Information requested during check-in:
During check-in, TCC will request your name, phone number, email address, home address (for in-home services) model number of your device(s), serial number of your device(s), and in many cases the login credentials for your device(s). This information is used exclusively for diagnostics and repair of your device(s) and for communication with you in the course of diagnostics and repair of your device(s). TCC does not sell your information, does not share your information with any other party (with the exception of third-party repair providers that your device may be repaired by, after your approval), and TCC does not send any marketing phone calls, text messages, or email to customers/former customers at this time. Customer contact information is stored in a secure database on a web server.
TCC does not store credit/debit card information except in the case of computer rentals. During the rental period, your credit/debit card information will be stored in a secure database on a web server, and you will be automatically charged on an agreed-upon basis until the rental device is returned.
Reasons TCC may request your password(s):
(1) For any repair efforts involving software, including but not limited to computer setup, data transfer, data recovery, virus removal, malware removal, spyware removal, general troubleshooting, new user setup, user migration, and other operations within the OS.
(2) For testing purposes after performing a hardware repair. Even in repairs that seem simple, our work may involve touching, moving, plugging/unplugging, connecting/disconnecting, screwing/unscrewing, modifying, replacing, or other manipulation of sensitive components, cables, and other parts within your computer. For this reason, after performing a repair or diagnostic process, we prefer to be able to boot into your operating environment and test to make sure that all involved components are functioning correctly.
For example, we may have replaced your display (screen), and therefore it would seem that we “only need to make sure the screen works”, but in most laptops, the camera and microphones are also within the display assembly, and we want to make sure that they are working properly as well. TCC does not exceed the scope of necessary testing while logged into your computer.
TCC policy regarding viewing customer data:
In general, our technicians are quite busy and preoccupied with making sure repairs are done efficiently and on-time. We have very little interest in your personal lives and the contents of your computer, and we do not have the time to go snooping in said contents. That said, in the course of a repair, it is likely that we will encounter some of your personal information, by the very nature of our work. For example, we may see icons and filenames for items that are openly saved on your desktop.
It is TCC policy that no customer data – including but not limited to text-based data (documents), databases, identification, photographs, videos, or audio recordings – shall be deliberately searched for, opened, viewed, scrutinized, copied, altered, photographed, deleted, or documented unless specifically requested by the customer or required within the scope of an approved repair job.
Situations where TCC may see your data:
(1) It is unavoidable for us to see file names, icons, and thumbnails on the OS desktop.
(2) Additionally we will likely see file names, icons, thumbnails, and metadata if we are within a file explorer/finder/etc. window for any reason (i.e., looking for malicious software or attempting to transfer or recover your data.)
(3) If we are asked to transfer or migrate data between devices, installations, or accounts, we are likely to see file names, icons, thumbnails, metadata, and in some cases full-size images (particularly if we are transferring between Mac devices and migrating a database into the Photos app).
(4) We may see contents of some documents if we are troubleshooting problems with word processing, spreadsheet, or publishing software.
(5) We may see senders, recipients, subjects, and contents of email messages if asked to troubleshoot an email or browser-related issue.
(6) We may see some of your bookmarks, internet history, and browser extensions if troubleshooting issues with internet connectivity, web browsing, malware, or software in general.
(7) We will see and may scrutinize file names, types, and metadata, and we will see some icons and thumbnails if the task involves identifying and/or removing “junk” data (i.e., data that is wasting space) or malware.
(8) We will also see your login/lock screen and its background, your desktop wallpaper, and any applications left open before bringing your computer to us for repair.
Situations where your data may be “copied”, and what this means:
If we are asked to transfer, recover, or migrate user data between two or more devices (including upgrading or replacing the storage device in your existing computer), your data will be copied between these devices directly, when possible. TCC does not make copies of your data to any additional devices except in situations described in the next section.
Situations where your data may be “copied to an external device”, and what this means:
(1) If we are asked to copy data to an external device (including, but not limited to external hard disks and USB flash drives), data will be copied as requested.
(2) In some situations such as transfers or recovery of data between two or more devices, an intermediary storage device may be used. This is common if we are pulling data from a device that is failing in some way, copying from a device that is excessively difficult to open and extract the storage media from, or during data recovery jobs. TCC maintains a small set of these intermediary storage devices that, when used, are labeled with customer ID and date. A separate device is used for each customer, and when no longer needed is later wiped in accordance with our retention policy (generally within 5-10 days). These devices are not permitted to leave our facility.
(3) During home visits, if we are asked to transfer data between devices or otherwise retain data for some purpose, we may use an encrypted, biometrically-secured storage device to do so. Your permission will be requested before this is done, and data will be subsequently erased according to terms agreed upon between the technician and customer.
Situations where your data may be “deleted” or “modified”, and what this means:
(1) If we are asked to free up disk space by identifying and/or removing “junk” data, or to commit a partial transfer, or if we identify malicious software or malicious software installers on your device, some data may be deleted, generally after discussion with you and explanation of what is being removed.
(2) If we are asked to rearrange data, especially in the course of a transfer, your directory structure may be altered. If we are copying, moving, or transferring data, some file metadata may be altered (such as the “last modified” timestamp). We do not alter the contents of any file for any reason, unless specifically requested by the customer.
Customer data retention policy:
Following a transfer, recovery, or other operation involving an intermediary storage device, that device may be retained in a secure location within our facility for up to ten days with your data still on it. This retention is usually done as a “just in case” something may have been missed in a transfer, or if we have some concern that a device may face additional issues and that this copy may be needed. After this time is up, these devices are wiped and reused. No copies of these devices are ever made for any reason, and these devices are not permitted to leave our facility. You may “opt out” of this retention by requesting this intermediary storage device, if used, to be wiped upon pickup of your device.
How your data is physically secured:
All customer data (i.e., devices that are currently housed in our facility that contain data belonging to a customer) is stored solely within our facility, except in rare circumstances where we may be picking up or delivering a device (TCC does not currently broadly offer transportation of devices, but it is the rare exception that may occur to this policy). For security reasons, we do not detail how each individual device is stored, but we keep everything as safe as can reasonably be expected, and each customer’s device is isolated from other customers’ devices.
Situations where your data may leave our control or be taken possession of by another party:
While TCC does not deliberately look at or examine your data, as stated it is likely that our technicians will see at least some of it, especially in the course of data transfers, migration, or recovery. If we encounter something that is believed to be illegal in nature, whether by state, federal, or international law, TCC is obligated by law to immediately report this to the appropriate authorities. Said authorities may seize your device(s), and TCC has no control over what happens to said device(s) once they leave our custody. TCC operates solely by the laws that govern our operation, and aside from such cases, your data and/or device(s) will not leave TCC custody without an appropriate court order, with the exception of third-party repair services as described in the following paragraph.
There are some devices that we do not service in-house, where we may work with a third party business to whom we provide your device(s). In many cases, your data leaves our possession (and remains with the device) while it is with the third party. While we trust our partners, TCC assumes no responsibility or liability for your data while it is out of our possession. You will be asked to sign a waiver or confirm your understanding of this prior to our release of your device(s) to a third party.
Video recordings and/or photographs made by staff:
Our technicians may sometimes video record and/or photograph elements of certain interesting, difficult, or otherwise unusual repairs made to hardware only. These recordings may be for the purposes of discussion among staff and management, creating tutorial videos for technicians and/or future technicians to view for training purposes, or to create a potentially useful or entertaining clip for social media. In the event that this is done, extreme care is taken to avoid recording or to preemptively obscure any identifying information, such as customer names, email addresses or phone numbers, and serial numbers.
Your login screen, which may show your wallpaper, username, and/or user profile image/avatar may be recorded in this process, but will be censored before anyone other than the technician working on your device may view said video footage. No other user information, i.e. filenames, file icons, thumbnails, or the contents of any data file shall be intentionally recorded. If such information is accidentally recorded, the file must be deleted and not used for any purpose (censoring the material is not a permissible compromise).
Confidentiality/non-disclosure:
Our technicians are not permitted to disclose identifying information about a customer to anyone other than Computer Cellar staff and management. This includes while telling “war stories” to other people or via social media. While we encourage our team to share stories of their successes and failures, customer names and details will not be disclosed under any circumstances.
The only exceptions to this rule are (1) if staff feels their safety may be at risk; in which case customer information may be disclosed to appropriate authorities; and (2) if staff has identified material that requires reporting to authorities, as described earlier in this document.
Certain service exclusions and additional rules:
We will not install, set up, connect to, or modify any remote monitoring, data logging, or remote access tools for any purpose, even at customer request. This includes the installation and/or setup of parental controls and/or monitoring services on a child’s computer at a parent’s request.
We will not modify or alter the electrical or software operation and/or behavior of any camera or the camera(s) on/within a device that contains them, nor any microphone or the microphone(s) on/within a device that contains them, even at customer request.
A photo ID is required for password reset or bypass attempts.
Our expectation of staff:
Our staff is made aware of TCC standards and policies upon hire, and are expected to adhere to these. Any employee caught violating the privacy of a customer is subject to immediate termination subsequent to an investigation. Law enforcement may be involved when appropriate. Actions taken in this regard are solely at the discretion of 9th St. Computer Cellar, LLC.
These terms are subject to change periodically and this page will be updated when any changes are made.