// legal

Privacy Policy

Effective March 5, 2026

1. Introduction

This Privacy Policy describes how Isaac Olson, doing business as SixtyOps ("we", "us", "our"), collects, uses, and protects information when you use the SixtyOps website (sixtyops.net), the SixtyOps appliance software, and related services (collectively, the "Service").

SixtyOps is a self-hosted network management appliance. The vast majority of your data never leaves your infrastructure. This policy explains the limited circumstances in which data is transmitted externally.

2. Information We Collect

2.1 Account Data

When you set up SixtyOps, the appliance stores an administrator username and a bcrypt-hashed password locally on your appliance. If you enable SSO via an OIDC provider, your email address and group memberships are processed during authentication. This data is stored only on your appliance.

2.2 Device & Network Data

SixtyOps manages your Tachyon wireless devices. The appliance stores device IP addresses, MAC addresses, firmware versions, configuration snapshots, signal metrics, and geographic coordinates locally in an SQLite database on your appliance. This data is never transmitted to us.

2.3 Telemetry (Opt-Out)

By default, SixtyOps sends anonymized, aggregate job statistics after firmware update jobs complete. This includes:

  • An anonymous install ID (SHA-256 hash, not personally identifiable)
  • Device counts and models (e.g., "TNA-301: 12")
  • Success, failure, and skip counts
  • Error categories (timeout, connection, auth, etc.)
  • Job duration and scheduling method

Telemetry never includes IP addresses, MAC addresses, serial numbers, hostnames, credentials, locations, or any personally identifiable information.

You can disable telemetry entirely by setting the environment variable DISABLE_TELEMETRY=1 on your appliance.

2.4 Website Data

When you visit sixtyops.net, our hosting provider may collect standard web server logs (IP address, browser type, pages visited). We do not use third-party analytics or advertising trackers on our website.

3. Data Ownership

You own all device data, network configurations, and operational data stored on your SixtyOps appliance. We do not have access to your appliance or the data on it. Your data stays on your infrastructure at all times.

4. How We Use Information

  • Telemetry data: to improve product reliability, identify common failure modes, and prioritize device compatibility
  • Website logs: to maintain site security and availability

We do not sell, rent, or share your data with third parties for advertising or marketing purposes.

5. Third-Party Services

SixtyOps integrates with the following third-party services at your discretion:

  • Slack (optional): If you configure a Slack webhook, job completion summaries are sent to your Slack workspace. No device credentials or IP addresses are included.
  • OIDC Provider (optional): If you enable SSO, authentication is handled by your chosen identity provider.
  • GitHub: The appliance checks GitHub Releases for available software updates. No customer data is sent.

Each third-party service is governed by its own privacy policy.

6. Cookies & Sessions

The SixtyOps appliance uses a single session cookie:

  • Name: session_id
  • Purpose: Authenticate your admin session
  • Flags: HttpOnly, Secure, SameSite=Lax
  • Duration: 24 hours

The sixtyops.net website does not set any cookies.

7. Data Retention

Data stored on your appliance follows these default retention periods:

  • Job history: 90 days
  • Schedule logs: 90 days
  • Device update history: 180 days
  • Configuration snapshots: most recent snapshots per device
  • Sessions: 24 hours

These are automatic cleanup intervals within the appliance. Since the data resides on your infrastructure, you have full control over it at all times.

8. Security

We take reasonable measures to protect the limited data we receive:

  • Admin passwords are bcrypt-hashed and never stored in plaintext
  • Device credentials are encrypted at rest on your appliance
  • All external communications (telemetry) use HTTPS/TLS
  • Login attempts are rate-limited to prevent brute-force attacks

No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we strive to use commercially reasonable protections.

9. Your Rights

Since your device and network data is stored entirely on your own appliance, you have direct access to, and control over, all of it.

For data we process externally (telemetry, license validation), you may:

  • Request access to your telemetry records
  • Request deletion of your telemetry data
  • Opt out of telemetry at any time

Contact us at support@sixtyops.net for any privacy-related requests.

10. Children's Privacy

SixtyOps is a business-to-business service designed for ISP network administrators. We do not knowingly collect information from anyone under the age of 16. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

12. Contact

If you have questions about this Privacy Policy, contact us at:

support@sixtyops.net