Privacy Policy

2.1 Information You Provide to Us

We collect information that you voluntarily provide to us when you:

• Create an Account: Full name, email address, phone number, password, and organization affiliation
• Make a Purchase: Billing and shipping address, company name, phone number, email address, and payment information (processed securely through Stripe)
• Request a Demo or Contact Us: Name, work email, company website, job title, number of machines to optimize, timeline for implementation, product interests, and any additional information you choose to provide
• Use Our Platform: IoT device data, sensor readings, production data, machine health metrics, configuration settings, alert preferences, and custom dashboard configurations
• Communicate with Support: Messages, support tickets, feedback, feature requests, and any information you provide in correspondence with our customer support team
• Participate in Surveys or Promotions: Responses to surveys, questionnaires, contest entries, and promotional activities

2.2 Information Collected Automatically

When you access and use our Services, we automatically collect certain information about your device, browsing actions, and usage patterns, including:

• Device Information: IP address, browser type and version, operating system, device type, unique device identifiers, mobile network information
• Usage Data: Pages visited, features used, time spent on pages, links clicked, search queries, access times and dates, referring website addresses
• Location Information: General location (city, state, country) derived from your IP address
• Cookies and Tracking Technologies: Information collected through cookies, web beacons, pixels, and similar technologies (see our Cookie Policy for details)
• Analytics Data: Data collected through Google Analytics (analytics and performance metrics) and Facebook Pixel (advertising and conversion tracking)

2.3 IoT Device and Sensor Data

Our Services are designed to collect, process, and analyze data from IoT devices and industrial sensors. This may include:

• Sensor Readings: Vibration data, acoustic measurements, temperature readings, laser distance measurements, production counts
• Machine Health Metrics: Equipment status, utilization rates, downtime events, maintenance predictions, anomaly detections
• Device Metadata: Device serial numbers, firmware versions, connectivity status, location assignments, configuration parameters
• Production Data: Production cycles, output quantities, efficiency metrics, quality measurements

2.4 Information from Third Parties

We may receive information about you from third-party sources, including:

• Payment Processors: Transaction confirmation and payment status from Stripe
• Authentication Services: Account information from AWS Cognito when you create or access your account
• Advertising Partners: Campaign performance data and conversion tracking from Facebook and Google
• Email Verification Services: Email validation results to prevent spam and ensure data quality
• Scheduling Services: Appointment booking information from Calendly when you schedule a demo

4.1 Service Providers: We share information with third-party service providers who perform services on our behalf, including:

• Stripe: Payment processing and subscription management (card data is processed directly by Stripe and not stored on our servers)
• Amazon Web Services (AWS): Cloud hosting, authentication (AWS Cognito), and file storage (AWS S3)
• Google: Analytics (Google Analytics) for website performance and user behavior analysis
• Facebook: Advertising and conversion tracking (Facebook Pixel)
• Calendly: Demo appointment scheduling and calendar management
• Email Service Providers: Transactional and marketing email delivery
• Google reCAPTCHA: Spam and abuse prevention

These service providers have access to your information only to perform specific tasks on our behalf and are obligated to protect your information and not use it for other purposes.

4.2 Within Your Organization: If you are part of an Organization account, your information and device data may be accessible to Organization Owners and team members with appropriate permissions within your organization.

4.3 Business Transfers: If IoTFlows is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Site of any change in ownership or use of your personal information.

4.4 Legal Requirements: We may disclose your information when required by law, regulation, legal process, or governmental request, including to:

• Comply with subpoenas, court orders, or legal obligations
• Respond to lawful requests from law enforcement or government authorities
• Protect our rights, property, or safety, or that of our users or the public
• Detect, prevent, or investigate fraud, security incidents, or illegal activity
• Enforce our Terms and Conditions or other agreements

4.5 With Your Consent: We may share your information for any other purpose with your explicit consent or at your direction. This includes featuring your organization in customer case studies, success stories, or marketing materials (we will seek your approval before publishing detailed case studies).

4.6 Aggregated or Anonymized Data: We may share aggregated or anonymized data that does not identify you personally with third parties for research, marketing, analytics, and other business purposes.

8.1 GDPR Rights (European Union Users)

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

• Right to Access (Art. 15 GDPR): Request confirmation of whether we process your personal data and obtain a copy of your data
• Right to Rectification (Art. 16 GDPR): Request correction of inaccurate or incomplete personal data
• Right to Erasure / "Right to Be Forgotten" (Art. 17 GDPR): Request deletion of your personal data under certain circumstances
• Right to Restriction of Processing (Art. 18 GDPR): Request limitation of how we use your personal data
• Right to Data Portability (Art. 20 GDPR): Request a copy of your data in a structured, commonly used, machine-readable format, and have it transmitted to another controller
• Right to Object (Art. 21 GDPR): Object to our processing of your personal data, particularly for direct marketing purposes
• Right to Withdraw Consent: Withdraw your consent at any time where we rely on consent to process your data
• Right to Lodge a Complaint: File a complaint with your local data protection authority (Art. 77 GDPR)

8.2 CCPA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources from which we collected it, our business purposes for collecting it, and the categories of third parties with whom we share it
• Right to Delete: Request deletion of your personal information, subject to certain exceptions
• Right to Opt-Out of Sale: Opt out of the sale of your personal information (note: we do not sell personal information)
• Right to Non-Discrimination: Exercise your privacy rights without receiving discriminatory treatment
• Right to Correct: Request correction of inaccurate personal information

California "Shine the Light" Law: California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, contact us at support@iotflows.com with "Shine the Light" in the subject line.

8.3 How to Exercise Your Rights

To exercise any of the above rights, please contact us at:

• Email: support@iotflows.com or legal@iotflows.com
• Phone: 404-390-2110
• Mail: IoTFlows Inc., 1 Concourse Pkwy Suite 800, Atlanta, GA 30328

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request to protect your privacy and security. You may designate an authorized agent to make requests on your behalf, in which case we will require proof of authorization.