NYS SupportHub

Privacy Policy

Effective: January 1, 2025
New York State Information Technology Services (ITS) is committed to protecting your privacy. This policy describes how we collect, use, and safeguard information when you use NYS SupportHub. This policy applies to all users of the SupportHub portal and related services.

Information We Collect

When you use SupportHub, we may collect the following types of information:
  • Account information — employee ID, name, and email address used for authentication
  • Service request data — details submitted through password reset and Duo MFA enrollment forms
  • Usage data — pages visited, features used, and session timestamps to improve the platform
  • Technical data — browser type, operating system, and IP address collected automatically for security and diagnostics

How We Use Your Information

  • To authenticate your identity and provide access to services
  • To process and fulfill your IT service requests
  • To improve the performance, reliability, and usability of the portal
  • To detect and prevent unauthorized access or security threats
  • To comply with applicable laws, regulations, and government policies

Data Security

Security Measures

All data transmitted through SupportHub is encrypted using TLS 1.3. Data at rest is encrypted using AES-256. Access to personal information is restricted to authorized personnel on a need-to-know basis. Regular security audits and vulnerability assessments are conducted.

Information Sharing

We do not sell, trade, or rent your personal information. Information may be shared only in the following circumstances:
  • With authorized NYS agencies and service providers necessary to fulfill your requests
  • When required by law, regulation, or court order
  • To protect the security and integrity of NYS information systems

Data Retention

Personal information is retained only as long as necessary to fulfill the purposes for which it was collected, or as required by NYS records retention schedules. Service request records are retained for a minimum of 6 years in accordance with state policy.

Your Rights

  • Request access to your personal information held by ITS
  • Request correction of inaccurate personal information
  • Submit a Freedom of Information Law (FOIL) request for records related to your use of the portal

Questions about this policy?

Contact the ITS Privacy Office at privacy@its.ny.gov or write to: NYS ITS Privacy Office, Empire State Plaza, Albany, NY 12220.