Rondthaler.dev

Security & Trust

Rondthaler.dev · IT CloudLink LLC

Your clients trust you with their most sensitive information. You need a technology partner who treats that responsibility the same way you do.

Rondthaler.dev is the R&D and design surface of IT CloudLink LLC — where new technologies are tested, validated, and refined before they reach clients. Implementation, operations, and client engagements are handled by IT CloudLink LLC. Same practice, different functions.

The security commitments below apply to IT CloudLink, the managed services and private AI practice operated by John (Chris) Rondthaler. IT CloudLink is where client engagements are executed, contracts are held, and data is handled.

We Sign a BAA. Before We Touch Anything.

If you're a covered entity under HIPAA — a medical practice, behavioral health provider, or healthcare-adjacent business — IT CloudLink signs a Business Associate Agreement before any engagement begins. This is a legal requirement, and it's non-negotiable. If a vendor won't sign a BAA, walk away.

Your Data Stays on Your Systems

IT CloudLink's private AI and managed IT services are built on one principle: your client data never leaves your environment. When we deploy private AI tools or LLM-based workflows, the models run on hardware you control — in your office or your private cloud. Nothing is sent to a third-party AI provider. Nothing traverses IT CloudLink LLC or Rondthaler.dev infrastructure. Your patient records, case files, and client communications stay where they belong.

This isn't a feature. It's a design requirement.

Compliance Is Built In, Not Bolted On

IT CloudLink LLC has been working with healthcare, legal, and other professional service clients — including entertainment and automotive — for years. Our security practices are built to satisfy the requirements of the HIPAA Security Rule (45 CFR §164), NIST cybersecurity frameworks, and applicable industry standards from the ground up:

Administrative safeguards · Technical safeguards · Physical safeguards

Network Security Is Our Day Job

IT CloudLink operates enterprise-grade network infrastructure: VLAN segmentation, Layer 3 firewall policy enforcement, encrypted remote access, and continuous network monitoring. Remote access to client systems is always authenticated, always encrypted, and always logged. We don't use consumer-grade remote tools for client work.

Private AI That Regulated Industries Can Actually Use

The major AI platforms — ChatGPT, Gemini, Copilot — are not appropriate for workflows involving protected health information, privileged legal matter, or sensitive business data. Their terms of service don't support it, and their architecture doesn't either.

IT CloudLink LLC deploys private, local LLM infrastructure — designed and validated through Rondthaler.dev —: no data sent to external servers, no training on your content, no cloud dependency after deployment, full audit trail of system access.

What IT CloudLink Maintains

  • Client-specific compliance agreements (BAAs for healthcare; applicable agreements for legal, entertainment, automotive, and other professional services), signed by IT CloudLink LLC
  • Security practices aligned with HIPAA, NIST, and applicable industry frameworks
  • Formal risk assessments
  • Documented incident response procedures
  • Organizational security policies
  • Encrypted backup and recovery

Questions

If you want to see IT CloudLink LLC's compliance documentation, security policies, or discuss the specifics of a deployment before engaging — that's a reasonable request and we'll accommodate it.