1. Information We Collect
Account Information
When you create an account, we collect your name, email address, and organization name. If you subscribe to a paid tier, we collect billing information through our payment processors (Stripe and RevenueCat). We do not store full credit card numbers on our servers.
Service Data
As you use the Service, we collect data you create including client facility profiles, equipment records, diagnostic logs, checklist completions, maintenance log entries, and associated notes. This data is stored locally on your device and synced to our cloud servers when connectivity is available.
Photos
When you capture or attach photos to diagnostic logs, checklist items, or maintenance entries, the images are compressed on-device, stored locally, and uploaded to AWS S3 cloud storage during sync. Photos are associated with your account and the specific client record.
Usage Data
We collect analytics data about how you use the Service, including features accessed, screens viewed, diagnostic systems searched, and session duration. This data is collected through Mixpanel and Firebase Analytics and is used to improve the Service.
Crash Reports and Diagnostics
We use Sentry to collect crash reports, error logs, and performance diagnostics. This data includes device type, operating system version, app version, and stack trace information. It does not include your personal data or client records.
Device Information
We collect device type, operating system, unique device identifiers, and connection information to provide and optimize the Service.
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service, including offline data sync and cloud backup
- Process subscriptions and manage your account
- Improve the Service based on usage patterns and feature adoption
- Provide technical support and respond to your inquiries
- Send important notices about the Service, including security alerts, subscription changes, and feature updates
- Monitor the Service for errors, performance issues, and security threats
- Ensure safety-critical features (such as the Emergency Ammonia Reference) remain accurate and accessible
- Comply with legal obligations
3. Information Sharing
We do not sell, rent, or trade your personal information to third parties. We share data only with the following service providers who process it on our behalf:
- Firebase (Google): Authentication, push notifications, and analytics
- RevenueCat: Subscription management and receipt validation
- Stripe: Payment processing
- AWS S3: Cloud storage for photos and documents
- Sentry: Error monitoring and crash reporting
- Mixpanel: Product analytics
Each service provider is contractually obligated to protect your data and use it only for the purposes of providing their services to us. We may also disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
4. Data Storage and Security
Your service data is stored locally on your device using an encrypted SQLite database (WatermelonDB) and synced to our cloud infrastructure hosted on AWS. We implement the following security measures:
- Encryption at rest for all cloud-stored data
- Encryption in transit using TLS 1.2 or higher for all API communications
- Certificate pinning to prevent man-in-the-middle attacks
- Authentication tokens stored in the device secure keychain (iOS Keychain / Android Keystore), never in plain-text storage
- Client data isolation enforced at the database query layer to prevent cross-account data access
- Regular security audits and penetration testing
While we implement commercially reasonable security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.
5. Your Rights
Depending on your location, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete personal information
- Deletion: Request deletion of your personal information, subject to certain legal exceptions
- Data Export: Request a machine-readable copy of your data for portability purposes
- Opt-Out: Opt out of non-essential analytics data collection through the app settings
- Withdraw Consent: Withdraw consent for data processing where consent is the legal basis
These rights apply under the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), and other applicable privacy laws. To exercise any of these rights, contact us at privacy@refritechpro.com. We will respond to verified requests within 30 days.
6. Children's Privacy
RefriTech Pro is not directed at children under the age of 13 and is designed for use by industrial refrigeration professionals. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a child under 13, please contact us at privacy@refritechpro.com.
7. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you through the app or by email at least 30 days before the changes take effect. Your continued use of the Service after the effective date of the updated policy constitutes your acceptance of the changes. We encourage you to review this policy periodically.
8. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
Email: privacy@refritechpro.com