Every document that governs how we work, what we promise, and how we protect both parties. Read them here or open the full version.
Your Local Tech Guy is a tech services business based in Oranjestad, Aruba. Contact: (297) 563-9903 · localtechguy.aua@gmail.com
We collect only what is needed to book and complete a service:
We do not collect payment card numbers, passwords, client business data, or your customers' data.
Your data is used exclusively to confirm appointments, communicate about your repair, and send invoices. We do not use it for marketing, profiling, or any other purpose. We will never sell or share it.
Booking and contact details are kept for the duration of the service and for up to 12 months afterward for invoice and warranty purposes. You may request deletion at any time — we will action it within 14 days.
For web and automation clients, we may temporarily access your accounts or platforms during active work. This access is temporary, purpose-limited, and non-retentive — we do not keep copies of your business data after the session ends.
We do not use analytics platforms or place our own tracking cookies on this website.
Email localtechguy.aua@gmail.com to exercise any of these rights. We respond within 14 days.
Your Local Tech Guy is a tech services business based in Oranjestad, Aruba. We provide custom web design, automation setup, and ongoing managed website services to businesses and individuals in Aruba and the Dutch Caribbean.
Custom websites built from scratch — no templates, no builders. Includes front-end code, responsive design, SEO structure, and deployment.
We design, build, and configure automation systems connecting your existing tools. Built to your specification, tested thoroughly, and handed over fully operational. We do not store, manage, or retain your business or customer data.
For retainer clients — ongoing monitoring, security management, and maintenance. Full scope defined in the SLA.
All projects are custom scoped and custom priced. No fixed tiers — pricing is determined by complexity and timeline, agreed in writing before work begins. Payment plans including monthly and quarterly billing are available. Accepted methods: cash and direct bank transfer only.
Every project ends with a formal handoff including a walkthrough, transfer of all credentials and assets, and a signed Project Completion & Handoff Certificate.
Retainer clients are onboarded from the start of the project. Either party may cancel with 30 days written notice.
We operate in alignment with GDPR principles. Temporary system access during setup is limited in duration, purpose, and scope — no copies are retained. You are the data controller. If our access is ever connected to a breach, we notify you within 24 hours.
Upon full payment, all custom code, designs, and assets become your property. Third-party libraries remain subject to their own terms.
Our total liability is limited to the total amount paid in the three months preceding the claim. We are not liable for lost revenue, data loss, third-party outages, or issues caused by your own changes post-handoff.
These terms are governed by the laws of Aruba. Disputes are referred to the competent courts of Aruba.
Business hours: Monday – Friday, 9:00 AM – 5:00 PM AST. Response time = initial acknowledgement and triage, not full resolution.
| Priority | Response | Definition | Hours |
|---|---|---|---|
| CRITICAL | 4 hours | Site completely down or returning errors | 7 days/week |
| CRITICAL | 4 hours | Active malware or confirmed breach | 7 days/week |
| HIGH | 24 hours | Key functionality broken (booking, forms, checkout) | Business hours |
| STANDARD | 48 hours | Minor bugs, content updates, general questions | Business hours |
Internal diagnosis. We determine whether the issue originated from our systems or an external source.
All affected clients are contacted directly by phone or email with a status update.
A formal incident acknowledgement statement is issued confirming we are aware and actively working.
Updates continue until full resolution is confirmed. A final notification is sent when the issue is closed.
This certificate is signed at the completion of every project where the client does not have an ongoing maintenance retainer. It formally records what was built, confirms acceptance, and establishes the transfer of operational responsibility.
The full printable version is available as a Word document from your project manager.
This certificate is used when the client has an active maintenance retainer. It records project completion and confirms the transition into ongoing managed services.
The full printable version is available as a Word document from your project manager.
Effective Date: June 2026 · Document Version 1.0
Your Local Tech Guy ("YLTG") is committed to supporting educational institutions in Aruba by providing professional web design, development, and managed technology services at reduced rates. This policy governs how educational pricing is applied, assessed, and formalized.
This policy applies to:
All qualifying educational institutions are entitled to the following pricing structure, subject to the terms outlined in this document.
| Service | Standard Rate | School Rate | Saving |
|---|---|---|---|
| Full Maintenance Package (all services included) | ƒ 1,369 /mo | ƒ 900 /mo | ƒ 469 /mo |
| Website / Project Implementation | Standard pricing | Min. 10% reduction | Assessed per school |
| Minimum Retainer Period | Flexible | 24 months | — |
The school maintenance rate of ƒ 900/mo is a fixed flat rate inclusive of all services included in the standard ƒ 1,369/mo maintenance package. No services are removed or downgraded — schools receive the same level of care, responsiveness, and deliverables as any standard business client.
In addition to the standard educational rate, YLTG reserves the right to authorize a discount exceeding the standard reduction on a case-by-case basis. This applies to both the maintenance package and any project or website implementation fees.
Any discount beyond the standard educational rate must be personally reviewed and approved by Caleb de Palm, Owner & Operator of Your Local Tech Guy. No other staff member, contractor, or representative of YLTG is authorized to approve or commit to a discount beyond the standard educational rate without written authorization from the above.
When evaluating whether an enhanced discount is appropriate, YLTG will assess the institution across the following criteria:
| Factor / Condition | Category | Typical Outcome |
|---|---|---|
| Public school | Type of Institution | Higher reduction likely |
| Private school | Type of Institution | Standard 10% baseline |
| SPO (Special Education) | School Type | Higher reduction likely |
| MAVO / HAVO | School Type | Standard assessment |
| VWO / University | School Type | Standard assessment |
| Under 300 students | Enrollment Size | Higher reduction likely |
| 300 – 800 students | Enrollment Size | Standard assessment |
| Over 800 students | Enrollment Size | Standard 10% baseline |
| Documented limited budget | Financial Situation | Higher reduction likely |
All educational institution engagements — whether a full project implementation, website-only build, or maintenance-only agreement — are subject to a minimum retainer period of 24 months (2 years). This minimum reflects the reduced pricing extended to educational institutions and ensures continuity of service for the institution.
Early termination prior to the 24-month period may result in a retroactive adjustment to standard pricing for services already rendered, at YLTG's discretion.
The educational maintenance package at ƒ 900/mo includes, without limitation, all of the following — at the same standard as the full-rate business package:
YLTG will not reduce, limit, or deprioritize services rendered to educational clients on account of the reduced rate.
YLTG reserves the right to modify this pricing policy at any time. Changes do not affect agreements already signed and in force. Institutions will be notified in writing no less than 60 days before any change takes effect on new or renewing agreements.
By signing below, both parties acknowledge that they have read, understood, and agree to the terms set out in this Educational Institution Pricing Policy, and confirm the pricing and retainer terms applicable to their engagement with Your Local Tech Guy.
The full printable version is available as a Word document from your project manager.
Version 1.0 · Effective June 2026
This Addendum forms part of and is subject to the Managed Services Agreement between Your Local Tech Guy ("YLTG") and the Client. In the event of conflict, this Addendum prevails with respect to the services described herein. This document should be read together with Addendum B (Data Processing Agreement — Honeypot & Threat Intelligence Data).
Subject to the Client's written authorization, YLTG is authorized to deploy, configure, and maintain Honeypot mechanisms on Client web infrastructure under YLTG's management, including:
YLTG will collect and process Threat Data generated by Honeypot activity on Client infrastructure. The Client acknowledges that:
By executing this Addendum, the Client consents to YLTG incorporating anonymized and aggregated Threat Data collected from Client infrastructure into the Threat Intelligence Network. IP addresses, domains, and email addresses identified as malicious on the Client's site may be added to shared blocklists and blacklists — including VerifyIQ's email blacklist — to protect all participating clients. Threat Data is contributed on an anonymized basis; the Client's identity as the source of a specific data point is never disclosed to other network participants.
Participation provides a mutual benefit: Threat Data collected on other participating client sites similarly enriches the protection applied to the Client's own infrastructure. The more sites participating in the Network, the more comprehensive the threat intelligence available to all participants.
The Client may opt out of contributing Threat Data to the shared Threat Intelligence Network at any time by written notice to YLTG. Opting out does not affect Honeypot deployment or the monthly Threat Intelligence Report. Threat Data already incorporated into the Network prior to opt-out cannot be retroactively removed.
The parties acknowledge that IP addresses may constitute personal data under applicable privacy legislation, including the Personal Data Protection Ordinance of Aruba (Landsverordening bescherming persoonsgegevens) and, where applicable, the GDPR. YLTG will handle all Threat Data in accordance with its Data Processing Agreement (Addendum B), which forms part of this agreement.
Threat Data is retained for a maximum of 24 months from the date of collection, after which it is permanently deleted — except where retention is required by law, or where the data has been incorporated into anonymized aggregate threat intelligence lists, in which case the individual record may be removed while the list entry persists.
The Client is responsible for ensuring their website's Privacy Policy discloses the use of security monitoring mechanisms, including passive Honeypot tools, in accordance with applicable law. YLTG will provide standard disclosure language on request. Maintaining an accurate Privacy Policy remains the Client's sole responsibility.
By executing this Addendum, the Client provides explicit written authorization to YLTG to deploy Honeypot mechanisms across all domains, subdomains, and web properties listed in the parent Managed Services Agreement.
YLTG's liability in connection with the services provided under this Addendum is limited to the total fees paid by the Client in the three (3) months preceding the event giving rise to the claim. YLTG is not liable for any indirect, consequential, or incidental damages arising from the operation of Honeypot mechanisms or the use of Threat Data.
This Addendum takes effect on the date of signing and remains in force for the duration of the parent Managed Services Agreement. Either party may terminate this Addendum with 30 days written notice without terminating the parent agreement. On termination, YLTG will cease Honeypot operations on Client infrastructure within 14 days and provide a final Threat Intelligence Report.
By signing below, both parties confirm they have read, understood, and agree to the terms of this Addendum.
The full printable version is available as a Word document from your project manager.
Version 1.0 · Effective June 2026
| Role | Description |
|---|---|
| Data Controller | Client — determines the purposes and means of processing personal data collected on their web infrastructure |
| Data Processor | Your Local Tech Guy, operated by Caleb de Palm, Oranjestad, Aruba — processes data on behalf of and under the instruction of the Controller |
| Subject Matter | Processing of Threat Data (including IP addresses and associated metadata) collected via Honeypot mechanisms deployed on Controller web infrastructure |
| Duration | For the term of MSA Addendum A, plus the retention period defined in Article 06 |
Terms defined in MSA Addendum A carry the same meaning in this Agreement. Additionally:
YLTG will process Personal Data only on documented instructions from the Client, as set out in this Agreement and MSA Addendum A, and will not process Personal Data for any other purpose without the Client's prior written consent.
| Aspect | Detail |
|---|---|
| Purpose | Detection and logging of malicious automated access attempts on Client web infrastructure; enrichment of shared threat intelligence lists |
| Type of Data | IP addresses, HTTP request metadata (headers, user agents, request paths, timestamps), submitted honeypot form values |
| Data Subjects | Automated systems, bots, and threat actors accessing Client web infrastructure (not legitimate human users) |
| Legal Basis | Legitimate interest (security monitoring of own infrastructure); Controller's authorization under Addendum A |
If YLTG considers that any instruction from the Client infringes Applicable Law, YLTG will immediately notify the Client and may suspend processing of the relevant instruction until a lawful alternative is provided.
YLTG ensures that persons authorized to process Personal Data under this Agreement are bound by appropriate confidentiality obligations. YLTG will not disclose Threat Data to any third party except:
YLTG will implement and maintain appropriate technical and organizational security measures to protect Personal Data against unauthorized access, disclosure, alteration, or destruction.
| Category | Retention |
|---|---|
| Standard retention | 24 months from date of collection |
| Aggregated / anonymized data | May be retained indefinitely as part of threat intelligence lists, as individual records are not recoverable from aggregated data |
| On termination | All identifiable Personal Data deleted within 30 days of Addendum A termination |
| Legal hold | Retention extended only where required by applicable law or binding legal process |
On expiry of the retention period or termination of Addendum A, YLTG will securely delete all identifiable Personal Data and provide written confirmation of deletion to the Client within 14 days.
The Client provides general written authorization for YLTG to engage sub-processors for the purpose of providing the services under Addendum A. YLTG maintains an up-to-date list of sub-processors and will make it available to the Client on request.
| Sub-processor | Function | Location |
|---|---|---|
| Cloudflare, Inc. | Infrastructure, CDN, DDoS protection | USA (EU SCCs / adequacy decision applies) |
| Hetzner Online GmbH | Server hosting (if applicable) | Germany (GDPR compliant) |
| Vercel, Inc. | Frontend hosting (if applicable) | USA (EU SCCs apply) |
YLTG will notify the Client of any intended addition or replacement of sub-processors at least 14 days in advance. The Client may object on reasonable grounds within 7 days; if unresolved, either party may terminate Addendum A with 30 days notice. YLTG imposes data protection obligations on all sub-processors equivalent to those in this Agreement, by written contract.
In the event of a security incident involving Personal Data processed under this Agreement, YLTG will notify the Client without undue delay and within 72 hours of becoming aware of the incident, including (to the extent known): the nature of the incident and categories of data affected, the approximate number of individuals and records affected, YLTG's incident point of contact, likely consequences, and measures taken or proposed to address it. YLTG will reasonably assist the Client in meeting any notification obligations to supervisory authorities or affected data subjects.
To the extent Threat Data constitutes Personal Data of identifiable individuals (noting that data subjects are primarily bots and automated systems, not typical data subjects), YLTG will promptly notify the Client of any data subject rights requests received, assist the Client in responding within applicable legal timeframes, and not respond to such requests directly without the Client's prior written authorization.
The Client may, on no less than 14 days written notice, request an audit of YLTG's data processing activities under this Agreement, either through document review or by appointing an independent auditor at the Client's expense. Audits may not unreasonably interfere with YLTG's operations and will be conducted no more than once per calendar year unless a security incident warrants otherwise.
This Agreement is governed by the laws of Aruba. Disputes arising under this Agreement are subject to the exclusive jurisdiction of the competent courts of Aruba. Where GDPR applies by virtue of the data subjects' location or the Client's operations, the parties agree to interpret this Agreement consistently with GDPR requirements.
By signing below, both parties confirm acceptance of this Data Processing Agreement as Addendum B to the Managed Services Agreement.
The full printable version is available as a Word document from your project manager.