Privacy Policy

We collect the following information to provide and improve our services:

Device Data: Readings from your AquaWatch device, including water level (in cm), Total Dissolved Solids (TDS in ppm), pH levels, valve/pump status, and system diagnostics (e.g., battery level, connectivity status).

Usage Data: Details about how you interact with the AquaWatch app and device, such as alert preferences, device settings, and manual valve controls.

Account Information: Your name, email address, phone number (optional), and other details provided during account creation, device setup, or when contacting support.

Technical Data: IP addresses, device identifiers (e.g., ESP32 MAC address), app version, and logs to ensure system functionality and troubleshoot issues.

Location Data: Approximate location (derived from IP address or Wi-Fi network) to provide region-specific features, only with your consent.

We use your information to deliver and enhance the AquaWatch experience:

Service Delivery: Monitor water levels and quality in real-time, automate valve/pump operations based on thresholds (e.g., TDS > 500 ppm), and send alerts via the app.

System Optimization: Analyze device performance to improve sensor accuracy, connectivity, and reliability (e.g., firmware updates).

Customer Support: Respond to inquiries, troubleshoot device issues, and provide calibration guidance for TDS/pH sensors.

Analytics: Use anonymized data to understand usage patterns, enhance app features, and develop new functionalities.

Security: Detect and prevent unauthorized access, ensure secure Bluetooth (BLE) pairing, and maintain system integrity.

Compliance: Fulfill legal obligations under Indian laws (e.g., Information Technology Act, 2000) and other applicable regulations.

We are committed to safeguarding your information:

Encryption: Data is encrypted in transit (HTTPS, TLS 1.2+) and at rest using Supabase's AES-256 encryption. Bluetooth setup uses secure BLE pairing with a one-time PIN.

Access Controls: Only authorized Hertzsoft personnel can access your data, under strict role-based permissions.

Row Level Security (RLS): Supabase ensures users only access their own device data.

Regular Audits: We conduct quarterly security audits and penetration testing to identify vulnerabilities.

Data Minimization: We collect only what's necessary for functionality and retain data for 30 days (historical data) unless otherwise requested.

Secure Storage: API keys and Wi-Fi credentials are stored encrypted on the device's flash memory.

We handle your data responsibly:

No Sale of Data: We do not sell or rent your personal information to third parties.

Service Providers: We share limited data with trusted partners (e.g., Supabase for hosting, Firebase for push notifications) under strict confidentiality agreements.

Legal Requirements: We may disclose data if required by law (e.g., court orders under Indian IT Act, 2000) or to protect our rights, safety, or property.

Business Transfers: In case of a merger, acquisition, or asset sale, your data may be transferred, with prior notice and safeguards.

You have control over your data:

Access: Request a copy of your personal and device data.

Correction: Update inaccurate or incomplete information (e.g., email, device name).

Deletion: Request deletion of your account and data, subject to legal retention requirements.

Portability: Receive your data in a structured, machine-readable format (e.g., CSV).

Opt-out: Unsubscribe from non-essential notifications (e.g., marketing emails) via app settings.

Grievance Redressal: Contact our Data Protection Officer for complaints, as per Indian regulations.

To exercise these rights, email contact@hertzsoft.com. We respond within 30 days.

We retain your data only as long as necessary:

Sensor Data: Water level, TDS, and pH readings are stored for 30 days for historical analysis, then anonymized or deleted.

Account Data: Retained while your account is active. Upon deletion request, we remove personal information within 30 days, subject to legal obligations.

Technical Logs: Kept for 90 days for diagnostics, then deleted.

As AquaWatch uses Supabase (hosted in global data centers), your data may be transferred outside India. We ensure compliance with Indian data protection laws and use Standard Contractual Clauses (SCCs) to safeguard cross-border transfers.

AquaWatch is not intended for users under 18. We do not knowingly collect data from children. If we discover such data, we will delete it immediately.

We may update this Privacy Policy to reflect changes in our services or legal requirements. Updates will be posted on this page, with the "Last updated" date revised. Significant changes will be notified via email or app alerts.