How we handle the
data you hand us.

“42degrees” means the software studio operating at 42degrees.tech, based in Austin, Texas, USA. The legal entity name and full mailing address are available on request — email us if you need them for a vendor questionnaire.

Only what you hand us:

• Contact form / email. Your name, email address, phone number if you provide one, the company you're writing from, and whatever you write in the message.
• Phone calls. If you call 732.532.8114, your number ends up on our call log. That's how phones work.
• Standard server logs. When you load a page, our hosting provider records your IP address, user agent, and the URL — the same way every web server on the internet does. We don't look at these unless we're debugging or under attack.

What we don't collect: your precise location, your browsing history outside this site, any fingerprinting data, anything from anyone under 13, and any data tied to advertising IDs. We don't buy data lists. We don't enrich what you give us with third-party data.

We do not currently run any third-party analytics or advertising trackers — no Google Analytics, no Meta pixel, no Hotjar, no LinkedIn insight tag.

We may add Vercel Analytics in the future, which is privacy-respecting and does not use cookies. If we do, we'll update this page with the date.

Our hosting provider (Vercel) uses standard server-side request logs for security and reliability. These are not advertising cookies and are not shared with anyone.

For exactly four things:

1. To reply to you when you contact us.
2. To follow up about a specific project we discussed.
3. To deliver the work, if you become a client and we're shipping against a signed agreement.
4. To keep our books — invoices, contracts, and the records our accountant needs.

We do not use your data to train any AI model. We do not pipe it into a marketing automation funnel. We do not sell, lend, trade, or barter it. Period.

• Us.The small team at 42degrees who's actually responding to you.
• Vercel. Our hosting provider. They see standard server logs. We have a Data Processing Agreement with them.
• Your email provider and ours. If you email us, your email provider and ours both touched the message. That's how email works.
• Subprocessors for client work. If you become a client, we may process your data through additional tools (e.g., GitHub, Slack, an EHR vendor). We'll list them in the engagement agreement, not here.
• A court order.We'd push back on any subpoena that looked overbroad, but we comply with valid US legal process.

Contact submissions live in our email and CRM. Server logs are kept per Vercel's standard retention. We don't hoard.

If you ask us to delete what we have on you, we delete it within 30 days unless we're legally required to keep it (e.g., signed contracts and invoices have to live for tax purposes).

Security: we use TLS for everything in transit, sensible password hygiene, hardware-key MFA for any account that touches client data, and we keep a written incident-response plan. We've had zero reportable incidents to date.

We work with healthcare organizations, but no Protected Health Information (PHI) ever lives on this marketing site. The contact form is for sales conversations only — please don't paste patient data into it.

When we engage with a healthcare client and the work involves PHI, we sign a Business Associate Agreement (BAA) before any PHI touches our systems. PHI is then handled inside isolated, audit-logged environments specifically provisioned for that engagement — separate from the systems that run this website.

We're aligned with HIPAA, hold a SOC 2 Type II posture, map controls to HITRUST CSF, and follow ISO 27001 practices. Compliance details are here.

No matter where you live, you can:

• Ask what we have on you. Email us. We'll send back what we have within 30 days.
• Tell us to delete it. Same address. Same 30 days, minus what we're legally required to keep.
• Correct what's wrong. Tell us what to change.
• Object to a use. If we're using your data in a way you don't like, tell us. We'll usually stop.

If you're in the EU, UK, or California, you have additional statutory rights under GDPR, UK GDPR, and the CCPA / CPRA. We honor all of them. We don't sell or share personal information for cross-context behavioral advertising as those terms are defined in the CCPA.

Our servers are in the United States. If you're writing to us from outside the US, your data is transferred to and processed in the US. We use the standard contractual clauses where they apply.

We update the date at the top of this page when we change it. For material changes, we'll add a notice on the homepage for 30 days. We don't silently rewrite policies and pretend nothing happened.

• Email: info@42degrees.tech
• Phone: 732.532.8114
• Mail: available on request.

For data-rights requests, please put “Privacy Request” in the subject line so we route it correctly.