Privacy Policy
 

Effective Date: April 17, 2026

Last Updated: April 17, 2026
 

This Privacy Policy describes how RightSize HVAC (“we,” “us,” or “our”) collects, uses, and protects your information when you use our mobile application and website (collectively, the “Service”).
 

By using the Service, you agree to the collection and use of information as described in this policy.
 

Contact: team@rightsizehvac.com
 

1. Information We Collect
 

Information You Provide
 

Account Information (required):

• Email address

• Password (encrypted, never stored in plain text)

• Full name

Profile Information (optional):

• Business name

• Phone number

• Contractor license number

• Business address

• Website URL

• Brand color preference

• Default location for climate data

Information Collected Automatically

Device Information:

• A unique device identifier generated by the app and stored securely on your device

• Device name (e.g., "John’s iPhone")

This information enables single-device login enforcement for account security.

Usage Information:

• We do not use third-party analytics services

• We do not track your behaviour within the app

Project Data
 

All HVAC project data—including floor plans, building specifications, and calculation results—is stored locally on your device only. This data is never uploaded to or stored on our servers.

Payment Information

When you purchase a subscription:

• App Store purchases: Apple processes all payment information. We receive only transaction identifiers and subscription status.

• Website purchases: Stripe processes all payment information. We receive only transaction confirmations and subscription status.

We do not collect, store, or have access to your credit card numbers or payment details.

2. How We Use Your Information

We use your information to:

• Provide the Service: Create and manage your account, authenticate logins, and manage subscriptions

• Communicate with you: Respond to support requests and send service-related notices

• Ensure security: Enforce single-device login and detect unauthorized access

• Improve the Service: Understand usage at an aggregate level to fix bugs and improve features

We do not:

• Sell your personal information

• Share your information with third parties for marketing purposes

• Use your information for advertising

3. Legal Basis for Processing (EEA/UK Users)

If you are in the European Economic Area or United Kingdom, we process your personal data under the following legal bases:

• Contract: Processing necessary to provide the Service you requested (account management, subscriptions)

• Legitimate Interest: Processing for security purposes (device tracking, fraud prevention) and service improvement

• Consent: Where you have provided optional profile information

You may withdraw consent at any time by deleting optional information from your profile or contacting us.

4. Third-Party Services

We use the following services to operate the Service:

Supabase — Authentication and database hosting

Your account and profile data are stored on Supabase infrastructure in the United States.

Privacy Policy: https://supabase.com/privacy

Apple — App Store and In-App Purchases

Processes subscriptions purchased through iOS. Apple handles all payment information.

Privacy Policy: https://www.apple.com/legal/privacy/

Stripe — Website payment processing

Processes subscriptions purchased through our website. Stripe handles all payment information.

Privacy Policy: https://stripe.com/privacy

We do not share your personal information with any other third parties.

5. Data Storage and Security

• Account and profile data are stored on secure servers provided by Supabase

• Project data remains on your device and is never transmitted to our servers

• Sensitive credentials are stored in your device’s secure keychain

• All data transmitted between your device and our servers is encrypted using TLS

While we implement industry-standard security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

• Active accounts: Data retained while your account remains active

• Deleted accounts: Profile data is permanently deleted 30 days after you request deletion

• Project data: Stored on your device under your control; not subject to our retention policies

• Subscription records: Retained as necessary for legal and accounting purposes

7. International Data Transfers

Our servers and service providers are located in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States.

For EEA/UK users: These transfers are conducted pursuant to Standard Contractual Clauses approved by the European Commission, or other valid transfer mechanisms.

By using the Service, you consent to these transfers.

8. Your Privacy Rights

All Users

You have the right to:

• Access your personal information within the app (Settings → Profile)

• Update your information at any time

• Export your project data as files

• Delete your account (Settings → Account → Delete Account)

European Economic Area and UK Users (GDPR)

You additionally have the right to:

• Rectification: Correct inaccurate personal data

• Erasure: Request deletion of your personal data

• Restriction: Request we limit processing of your data

• Portability: Receive your data in a structured, machine-readable format

• Object: Object to processing based on legitimate interest

• Withdraw consent: Where processing is based on consent

• Lodge a complaint: With your local data protection supervisory authority

California Users (CCPA)

You have the right to:

• Know what personal information we collect and how it is used

• Delete your personal information

• Non-discrimination: We will not discriminate against you for exercising your rights

Do Not Sell My Personal Information: We do not sell your personal information to third parties.

To exercise any of these rights, contact us at team@rightsizehvac.com.

9. Canadian Users — PIPEDA

RightSize HVAC is a Canadian business and complies with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s federal private sector privacy law.

Under PIPEDA, you have the right to:

• Know why we collect, use, or disclose your personal information

• Access your personal information and request corrections

• Withdraw consent at any time, subject to legal or contractual restrictions

• Challenge our compliance with PIPEDA by contacting us directly

• File a complaint with the Office of the Privacy Commissioner of Canada (OPC) at www.priv.gc.ca

We collect only the personal information necessary to provide the Service, with your knowledge and consent. We do not use or disclose your information for purposes other than those described in this policy.

To exercise your rights or raise a privacy concern, contact us at team@rightsizehvac.com.

10. Children’s Privacy

The Service is intended for use by HVAC professionals and is not directed at children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us immediately and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the “Last Updated” date at the top of this policy

• Notify you via email or prominent notice within the Service

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy. If you do not agree with changes, you may delete your account.

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your
privacy rights, or have concerns about our data practices, contact us at:

RightSize HVAC

Email: team@rightsizehvac.com

For EEA/UK users: RightSize HVAC acts as the data controller for your personal information.