home & small business IT support

Privacy Policy

Effective date: May 6, 2025

Last updated: April 4, 2026

1. Who I am and what this page covers

I'm Joe Skelley. I run Joe's Tech Support, an independent tech consulting practice in St. Paul, Minnesota. I help small-business owners, solo practitioners, and independent creatives with their computers, networks, and software. My clients include communicators, marketing and public relations professionals, writers and editors, designers, and people working in print, publishing, and other creative fields, along with attorneys, therapists, and other professionals. Communicators are the single largest group I work with.

This page covers two kinds of people: visitors to joestechsupport.com, and clients who hire me for support work. The two audiences produce different kinds of information, so the sections below are split that way.

Contact: moc.troppushcetseojobfsctd-5ecbd4@eoj · 651.274.0996 · St. Paul, MN

2. The short version

Here is the whole policy in five sentences. Detailed sections follow if you want them.

  • I collect only what I need to help you with the work you hire me for, plus normal website analytics when you visit this site.
  • I store your information on encrypted devices and in Notion, which is my primary work system. A complete list of the other services I use is in section 5.
  • I do not sell your data and I do not share it for marketing.
  • You can ask me at any time for a copy of what I have about you, ask me to delete it, or ask me to return any passwords I am holding for you.
  • If I believe any of your information has been exposed, I will tell you directly, usually within a few days of finding out.

3. When you visit this website

When you visit joestechsupport.com, the site collects some basic information automatically. Most of it is standard for any WordPress site.

If you leave a comment, the site stores the comment, your name, your email address if you provided one, and your IP address. An anonymized version of your email address may be sent to Gravatar to check whether you have a Gravatar profile picture — Gravatar's privacy policy is at automattic.com/privacy.

If you upload an image to the site, other visitors can download it and extract any location data (EXIF GPS) embedded in the file.

The site uses cookies for normal WordPress purposes: remembering comment information if you want it remembered, handling login sessions if you have an account, and keeping the editor working if you edit articles.

Articles on the site may embed content from other websites (YouTube videos, for example). Those other sites will see that you visited the embedded content and may set their own cookies.

4. When I work with you as a client

This is the section that matters most if you are a client.

What I collect during the work we do together

I collect your name, business name, address, phone number, and email so I can bill you and communicate with you. I keep notes on the work I do — what you asked me to fix, what I found, what I changed. If I work on your computers, phones, or network equipment, I collect basic information about those devices: make, model, serial number, operating system, and the name of the Wi-Fi network the device is connected to. Some of this gets captured in a system report, which I describe below.

Client portal sign-ins

I run a client portal at joestechsupport.com/get-support where you can schedule work and see your account. You can sign in two ways: with an email address and a password you create, or through Facebook, Apple, or Google.

If you use email and password, I store your email address and a hashed version of your password — I never see the password itself.

If you sign in with Facebook, Apple, or Google, the provider sends me your name and an email address, plus a confirmation that you signed in successfully. That is all I receive. I do not see your friends list, your photos, your contacts, your calendar, or any activity on those accounts. I do not post anything to those accounts on your behalf, and I could not even if I wanted to — the portal only has permission to verify who you are.

If you ever want your portal account removed, email me and I will delete it, including the link to whichever provider you used to sign in.

Credentials you ask me to hold

A number of my clients ask me to keep their passwords and account information on hand, usually because they have lost access in the past and want me to have it if it happens again. Here is the honest current state: those credentials live in notes and files on my primary Mac, which is protected by full-disk encryption (FileVault) and a screen lock. The drive is unreadable without my login password. Some of the notes I have shared with you in the past contain password information.

That is not where I want them to live long-term. I am in the process of moving all stored client credentials into 1Password, which is a dedicated password manager, and connecting that to my Notion workspace so I can share a password with you privately when you need it back. Until that migration is complete, the encrypted-files approach is what you should know about. You can ask me at any time to delete stored credentials, return them to you, or redact them from any note I have shared with you.

Devices I work on

When you drop off a device, when I log in over a remote-support session, or when I come to your location, I work on what you asked me to work on. I do not browse your personal files. If I need to open something that is not obviously related to the issue, I will ask first. If I find something you should know about — a serious problem, a security concern, anything that does not feel like it is mine to look at — I will tell you and let you decide what happens next.

System reports (Tech Inventory)

When I do an inventory or a health check on a Mac or Windows computer, I generate a system report. On Macs, the report is a file created by Apple's built-in System Profiler tool, with a .spx extension. It includes hardware information — serial number, processor, memory, storage devices, installed operating system — and the name of the Wi-Fi network the computer is currently connected to. It does not include your documents, your browser history, or your passwords. I keep these reports in my Notion workspace so I can track what you have, what warranties are about to expire, and what may need upgrading next.

5. Where your information lives and who I share it with

Your information lives on my encrypted Mac mini and in a set of online services I use to run my business. I do not sell your data and I do not share it for marketing. I share only what each service needs to do its job.

Services I use that may process your information:

  • Notion (Notion Labs, Inc.) — my primary workspace. Client notes, system reports, project records, and CRM information live here.
  • Google (Workspace and Gmail) — email, calendar, and documents. Client email threads live here.
  • FreshBooks — invoicing and billing. FreshBooks' integrated payment tool, PayPanel, handles card payments for invoices.
  • Venmo and similar direct-transfer services — if you pay me that way. I see the name on the account and the amount.
  • Elementor — my website, joestechsupport.com, is hosted on Elementor's WordPress hosting.
  • AI assistants I use in my work — I use several AI tools to research problems, draft communications, and stay organized. These are Anthropic (Claude), OpenAI (ChatGPT), Perplexity, Google (Gemini, through my Workspace accounts), and Microsoft (Copilot, through my Microsoft 365 business account). Information I share with these tools during my work may be processed by the vendor under its own privacy terms.

If you would rather I not use an AI tool on work related to your files specifically, tell me and I will set that aside for your account.

6. How long I keep things

Different kinds of information have different lifespans.

  • Active client records (name, contact info, service history) — I keep as long as you are a client and for several years after, so I can answer "what did you do last time?" questions.
  • Billing and invoice records — I keep for seven years, which matches general tax and accounting guidance in Minnesota.
  • System reports — I keep as long as you are a client, so I can compare the past state of your equipment to the current state.
  • Credentials — I keep only as long as you want me to. Ask me to delete them and I will.
  • Email threads — I keep indefinitely unless you ask me to delete them, because searchable history is often how I answer follow-up questions months later.
  • Website analytics and comments — whatever WordPress and Elementor keep by default.

You can ask me to delete any of the above earlier than these timelines. The one exception is billing records I am required to keep for tax reasons.

7. How I protect your information

Here is the honest current state of my security controls.

  • My primary workstation is a Mac mini with FileVault full-disk encryption turned on and a screen lock. The drive is unreadable without my login password.
  • My laptop is also FileVault-encrypted. My iPad and both of my iPhones are encrypted at rest using Apple's built-in device encryption, with a passcode and biometric unlock.
  • All of my accounts have two-factor authentication turned on. Most of them use passkeys and Face ID or Touch ID for sign-in.
  • My website host, Elementor, handles the site's server-side security.
  • I am the only person with access to my work systems. I do not have employees or subcontractors who see client data.
  • I am migrating client credential storage to 1Password, as described in section 4.

I do not claim enterprise-grade security. I am a solo practitioner running encrypted consumer-grade tools carefully. If your work requires specific security controls — a HIPAA business associate agreement, a SOC 2-audited vendor, a signed data processing agreement — tell me up front and I will let you know whether I can meet that requirement.

8. Your rights

You can ask me for any of the following, and I will turn it around within five business days whenever possible.

  • A copy of the information I have about you.
  • Deletion of any of your information, with the exception of billing records I am required to keep for tax reasons.
  • Return of any passwords or credentials I am holding for you.
  • Correction of anything I have wrong.
  • Redaction of credentials from any note I have previously shared with you.

To make any of these requests, email me at moc.troppushcetseojobfsctd-3f9c09@eoj with "Privacy request" in the subject line.

9. If something goes wrong

If I reasonably believe any of your information has been exposed — a lost device, a compromised account, anything of that kind — I will contact you directly and tell you what I know, usually within a few days of finding out. If the situation is urgent I will tell you the same day.

Minnesota law does not require me to notify you of every kind of incident, but my practice is to tell you anyway. You should know when something happens that might affect you.

10. Minors

I do not provide services directed at children and I do not knowingly collect information about anyone under 13.

11. Clients who are subject to privacy law themselves

Some of my clients are non-profits, healthcare-adjacent organizations, or businesses subject to privacy laws like the Minnesota Consumer Data Privacy Act, HIPAA, or GDPR. When I work on your systems, I may be acting as your "processor" under those laws — meaning I am handling information about your own clients, patients, or customers on your behalf.

If you need me to sign a data processing agreement, a business associate agreement, or a similar document that describes what I will do with information about your people, ask me. I will review it with you and sign what I can honestly commit to.

12. Changes to this policy

I update this page when my practices change. The "Last updated" date at the top tells you when the current version took effect. For material changes — anything that affects what I collect, how I use it, or who I share it with — I'll note what changed near the top of the page so you can see it the next time you're here.

13. Contact

If you have questions about this policy, email me. If you want to talk it through, we can set up a call.