Privacy Policy

Last Updated: December 2, 2025

Nettemp ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our sensor monitoring platform ("Service").

---

1. Information We Collect

1.1 Information You Provide

Account Information:

• Username
• Email address
• Password (hashed and never stored in plain text)

Profile Information (Optional):

• Notification email address
• Preferences (time format, date format, temperature units)
• Chart and display preferences

Sensor Data:

• Device identifiers
• Sensor identifiers and types
• Sensor readings (values, timestamps)
• Device metadata (friendly names, locations)
• Alarm configurations and thresholds

Notification Configuration:

• Notification channel settings (Discord, Telegram, email, SMS, etc.)
• Third-party service credentials (encrypted)
• Notification templates

1.2 Information Collected Automatically

Usage Data:

• API requests and responses
• Login times and IP addresses
• Browser type and version
• Device information
• Pages visited and features used

Technical Data:

• API tokens (hashed)
• Session information
• Error logs and diagnostics
• Performance metrics

1.3 Information from Third Parties

Authentication Providers (if applicable):

• OAuth provider information (email, profile)

Payment Processors:

• Transaction information (we do not store credit card details)
• Billing address and payment status

---

2. How We Use Your Information

2.1 To Provide the Service

• Create and manage your account
• Store and process sensor data
• Display charts and visualizations
• Send alarm notifications
• Provide API access
• Process payments for paid tiers

2.2 To Improve the Service

• Analyze usage patterns and trends
• Fix bugs and improve performance
• Develop new features
• Conduct testing and quality assurance

2.3 To Communicate with You

• Send service-related emails (verification, password reset)
• Send alarm notifications (when configured)
• Respond to support requests
• Send important service updates
• Notify you of Terms or Policy changes

2.4 For Security and Compliance

• Detect and prevent fraud or abuse
• Monitor for security threats
• Enforce our Terms of Service
• Comply with legal obligations
• Protect our rights and property

2.5 For Marketing (with consent)

• Send promotional emails about new features (opt-out available)
• Newsletter subscriptions (opt-in only)

---

3. How We Share Your Information

3.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information or sensor data to third parties.

3.2 Service Providers

We share data with trusted third-party service providers who assist us:

Infrastructure Providers:

• Cloudflare (hosting, CDN, DDoS protection)
• Cloud storage providers (data storage)

Notification Services:

• Email providers (SendGrid, Mailgun, Resend)
• SMS providers (SMSAPI)
• Push notification services (Pushover)
• Messaging platforms (Discord, Telegram, Ntfy)

Payment Processors:

• Stripe, PayPal, or other payment gateways
• We do not store credit card information

Analytics (if used):

• Anonymous usage statistics only
• No personal data shared

3.3 User-Configured Webhooks

• If you configure webhook notifications, alarm data is sent to your specified URL
• You are responsible for the security of your webhook endpoints

3.4 Legal Requirements

We may disclose information if required by law:

• Court orders or subpoenas
• Legal process or government requests
• Protection of our rights or safety
• Investigation of fraud or security issues

3.5 Business Transfers

If Nettemp is acquired or merged, your information may be transferred to the new entity. You will be notified of any such change.

---

4. Data Retention

4.1 Active Accounts

Sensor Data:

• Free tier: 30 days of detailed data
• Premium tier: 90 days (30 days detailed + 60 days thinned)
• Pro tier: 365 days (30 days detailed + progressive thinning)

Account Data:

• Retained while your account is active
• Alarm configurations retained indefinitely
• Notification history retained for 90 days

4.2 Inactive Accounts

• Accounts with no login for 365 days may be deactivated
• 30 days notice sent before data deletion
• You may reactivate within notice period

4.3 Deleted Accounts

• When you delete your account, data is retained for 30 days
• After 30 days, all data is permanently deleted
• Some data may remain in backups for up to 90 days

4.4 Legal Retention

We may retain data longer if required by law or ongoing investigations.

---

5. Data Security

5.1 Security Measures

Encryption:

• All data transmitted via HTTPS/TLS encryption
• API tokens and passwords hashed (SHA-256, PBKDF2)
• Notification credentials encrypted at rest

Access Controls:

• Role-based access control
• API token authentication
• Session management with secure cookies
• CSRF protection

Infrastructure Security:

• Cloudflare DDoS protection
• Regular security updates
• Monitoring and intrusion detection
• Secure backup procedures

5.2 Your Responsibilities

• Keep your password secure
• Do not share your API tokens
• Use strong, unique passwords
• Enable two-factor authentication (if available)
• Report security concerns immediately

5.3 Data Breach Notification

In the event of a data breach:

• We will notify affected users within 72 hours
• Notification via email to registered address
• Details of breach and recommended actions provided

---

6. Your Rights and Choices

6.1 Access and Portability

• View Your Data: Access all your data via dashboard and API
• Export Your Data: Download sensor data in JSON format
• API Access: Programmatic access to all your data

6.2 Correction and Update

• Update your profile information in account settings
• Correct sensor configurations and device names
• Modify notification preferences

6.3 Deletion

• Delete Sensor Data: Delete individual sensors or devices
• Delete Account: Permanently delete your account via settings
• Right to be Forgotten: Request complete data deletion

6.4 Opt-Out of Communications

• Transactional Emails: Cannot opt-out (required for service)
• Alarm Notifications: Disable in alarm settings
• Marketing Emails: Unsubscribe link in all promotional emails
• Newsletter: Opt-out via preferences

6.5 Data Processing Objection

You may object to automated processing or profiling (if applicable).

---

7. Cookies and Tracking

7.1 Essential Cookies

We use essential cookies to:

• Maintain your logged-in session
• Remember your preferences
• Provide CSRF protection
• Enable core functionality

These cookies are required for the Service to function.

7.2 Analytics Cookies (if used)

• Anonymous usage statistics
• No personal identification
• Opt-out available via browser settings

7.3 Third-Party Cookies

• Cloudflare may set cookies for security
• Payment processors may set cookies
• You can block third-party cookies in browser

7.4 Do Not Track

We respect browser "Do Not Track" signals (if applicable).

---

8. International Data Transfers

8.1 Data Location

• Primary data storage: Europe (Cloudflare Workers)
• Edge locations: Global CDN
• Backups: Geographic redundancy

8.2 GDPR Compliance (for EU users)

We comply with GDPR requirements:

• Data processed on legal basis (contract, consent, legitimate interest)
• Standard Contractual Clauses with service providers
• EU user rights fully supported

8.3 Other Jurisdictions

• We comply with applicable data protection laws
• Data may be processed in countries with different privacy laws
• We ensure adequate safeguards are in place

---

9. Children's Privacy

9.1 Age Restriction

• Nettemp is not intended for children under 13
• We do not knowingly collect data from children under 13
• Users under 18 must have parental consent

9.2 Parental Rights

If you believe a child has provided information:

• Contact us at privacy@nettemp.pl
• We will delete the information immediately
• Account will be terminated

---

10. California Privacy Rights (CCPA)

10.1 California Residents

If you are a California resident, you have additional rights:

Right to Know:

• What personal information we collect
• Sources of collection
• Business purpose for collection
• Third parties with whom we share data

Right to Delete:

• Request deletion of your personal information
• Exceptions: Legal obligations, security, fraud prevention

Right to Opt-Out:

• We do not sell personal information
• No opt-out required as we don't sell data

Non-Discrimination:

• We will not discriminate for exercising your rights

10.2 Submitting Requests

• Email: privacy@nettemp.pl
• We will verify your identity before processing
• Response within 45 days

10.3 Authorized Agents

You may designate an authorized agent to submit requests on your behalf.

---

11. European Privacy Rights (GDPR)

11.1 Legal Basis for Processing

We process your data based on:

• Contract: To provide the Service you requested
• Consent: For marketing communications (opt-in)
• Legitimate Interest: Service improvement, security, support

11.2 Your GDPR Rights

• Right to Access: Request copy of your personal data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Delete your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive data in machine-readable format
• Right to Object: Object to processing based on legitimate interest
• Right to Withdraw Consent: Withdraw consent at any time

11.3 Submitting Requests

• Email: privacy@nettemp.pl
• Response within 30 days (may extend to 90 days for complex requests)

11.4 Supervisory Authority

You have the right to lodge a complaint with your local data protection authority.

---

12. Changes to This Privacy Policy

12.1 Updates

• We may update this Privacy Policy from time to time
• Material changes will be notified via email or in-app notification
• Notice provided at least 30 days before changes take effect
• Continued use after changes constitutes acceptance

12.2 Review

• Last updated date shown at top of this policy
• Review periodically for changes
• Previous versions available upon request

---

13. Third-Party Links

13.1 External Websites

• Our Service may contain links to third-party websites
• We are not responsible for third-party privacy practices
• Review privacy policies of linked sites

13.2 Integration Services

When you connect third-party services (Discord, Telegram, etc.):

• Those services have their own privacy policies
• We only store minimum required credentials (encrypted)
• You control what data is sent to third parties

---

14. Contact Us

14.1 Privacy Questions

For questions about this Privacy Policy or data practices:

• Email: privacy@nettemp.pl
• Discord: discord.gg/S4egxNvQHM

14.2 Data Protection Officer (if required)

For GDPR-related inquiries:

• Email: dpo@nettemp.pl

14.3 Mailing Address

Nettemp
[Your Company Address]
[City, Postal Code]
Poland

---

15. Consent

By using Nettemp, you consent to this Privacy Policy and our collection and use of information as described.

For EU users, you provide explicit consent by:

• Checking the box during registration
• Accepting these terms before using the Service

You may withdraw consent at any time by:

• Deleting your account
• Contacting us at privacy@nettemp.pl

---

Last reviewed: December 2, 2025

We are committed to protecting your privacy and being transparent about our data practices. If you have any concerns, please contact us.