Legal

Privacy Policy

How ThermoMapIQ collects, uses, and protects your personal information.

Effective Date: January 1, 2026

Last Updated: January 1, 2026

Controller: ThermoMapIQ, Inc., 101 California St, San Francisco, CA 94111, USA

1. Introduction

ThermoMapIQ, Inc. ("ThermoMapIQ," "we," "us," or "our") operates the interactive spatial asset and thermal intelligence platform available at thermomapiq.com and related subdomains (the "Platform"). This Privacy Policy explains what personal data we collect, how we use it, how long we retain it, and what rights you have with respect to that data. We are committed to protecting your privacy and ensuring transparent data practices in compliance with GDPR, CCPA, LGPD, and other applicable privacy frameworks.

By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please discontinue your use of the Platform and contact us at [email protected].

2. Information We Collect

We collect information in the following categories:

  • Account Information: Name, work email address, company name, job title, phone number, and billing address provided during registration, contact form submission, or contract execution.
  • Platform Usage Data: Interactions with the Platform interface, features accessed, floor plan files uploaded, asset configurations, API endpoints accessed, dashboard customizations, and alert threshold settings.
  • Network and Device Telemetry: IP addresses, device hostnames, MAC addresses, SNMP/WMI query results, BMC firmware versions, and hardware telemetry streamed from your infrastructure to the Platform per your configuration.
  • Environmental Sensor Data: Temperature readings, humidity levels, and other environmental parameters submitted via the environmental sensors REST and MQTT API endpoints.
  • Technical Data: Browser type, operating system, referring URLs, access timestamps, session identifiers, error logs, and performance metrics collected automatically via server logs and cookies.
  • Communications: Content of support tickets, emails, chat messages, and phone conversations with our sales and support teams.
  • Derived Data: Aggregated analytics, thermal predictions, correlation engine insights, and risk assessments generated by our AI models based on your data.

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the Platform and its features.
  • Process and fulfill subscription plans, including billing, invoicing, and license management.
  • Operate the AI thermal prediction and asset correlation engine on your behalf.
  • Send transactional communications such as account confirmations, password resets, platform alerts, and billing notifications.
  • Send product updates, feature announcements, and security advisories (opt-out available).
  • Detect, investigate, and prevent fraudulent, unauthorized, or malicious activity.
  • Comply with applicable legal obligations, court orders, and government requests.
  • Improve Platform security, performance, and reliability through anonymous aggregated analysis.

We do not sell your personal data to third parties. We do not use your infrastructure telemetry or sensor data to train machine learning models that benefit other customers without explicit, written consent. Your data remains segregated and encrypted at rest.

4. Data Sharing & Third Parties

We may share your data with the following categories of third parties only where contractually necessary and compliant with privacy law:

  • Service Providers: Cloud infrastructure providers (AWS), analytics services (Google Analytics), customer support tools (Intercom), payment processors (Stripe), and email delivery services (SendGrid).
  • Legal Compliance: Government agencies, law enforcement, and courts in response to valid legal process or where disclosure is required by law.
  • Business Transitions: In the event of merger, acquisition, bankruptcy, or sale of assets, customer data may be transferred as part of that transaction.

All third-party processors are contractually bound to GDPR, CCPA, and our privacy standards. We conduct due diligence on all vendors and maintain a vendor risk register.

5. Data Retention & Deletion

Account data is retained for the duration of your active subscription plus 90 days after cancellation, after which it is permanently deleted. Platform telemetry and sensor data is retained for the period specified in your plan: 30 days for Starter tier, 12 months for Thermal Pro tier, and configurable retention for Enterprise deployments. You may request earlier deletion at any time by contacting [email protected]. Deletion requests are processed within 30 days and result in complete removal from all backups within 90 days.

6. GDPR Rights & Data Subject Requests

Under GDPR, residents of the European Union and United Kingdom have the right to: access personal data held about them (subject access requests); correct inaccurate data; delete data (right to be forgotten); restrict processing; object to processing; request portability of data; and withdraw consent. To exercise any GDPR right, submit a written request to [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

7. CCPA & CPRA Rights (California Residents)

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the right to: know what personal information is collected; access collected data; request deletion; opt out of the sale of personal information; and receive notice of data collection practices. ThermoMapIQ does not sell personal data for monetary consideration. You can exercise these rights via your account dashboard, using the "Manage Privacy" section, or by emailing [email protected] with a subject line "CCPA Request." Verified requests will be honored within 45 days.

8. LGPD & International Rights

We comply with the Lei Geral de Proteção de Dados (LGPD) in Brazil. Brazilian residents can request access, correction, deletion, or portability of personal data. We comply with similar requirements under UK GDPR, the ePrivacy Directive (PECR), and other international frameworks. For international privacy inquiries, contact [email protected].

9. Security & Encryption

All data transmitted between your devices and ThermoMapIQ servers is encrypted using TLS 1.2+ (HTTPS). Data at rest is encrypted using AES-256. Access to customer data is restricted to authorized personnel with need-to-know, subject to role-based access controls (RBAC). We conduct quarterly security audits, maintain comprehensive audit logs, and comply with SOC 2 Type II standards. Despite our security measures, no transmission over the internet is 100% secure. We recommend using strong, unique passwords and enabling multi-factor authentication (MFA) on your account.

10. Children & Minors

The Platform is intended for business use by adults only. We do not knowingly collect personal data from children under 13 (or the applicable age of digital consent in your jurisdiction). If we become aware that a child has provided personal data, we will delete such data immediately and terminate the child's account. Parents or guardians who believe a child has submitted data may contact [email protected].

11. Policy Updates & Amendments

We may update this Privacy Policy to reflect changes in technology, law, or our practices. Material changes will be notified via email and posted prominently on the Platform at least 30 days before taking effect. Your continued use of the Platform after changes become effective constitutes acceptance of the revised Privacy Policy. We will maintain a change log documenting all material modifications.

12. Data Protection Officer & Contact

For privacy inquiries, data subject access requests, complaints, or to exercise your rights under applicable privacy law, contact:

We aim to respond to all inquiries within 10 business days.