Introduction

At AquaMossnest ("we," "us," or "our"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (www.aquamossnest.com), use our mobile application, or engage with our services (collectively, the "Services").

This policy complies with applicable privacy laws including the General Data Protection Regulation (GDPR) for European Union residents, the California Consumer Privacy Act (CCPA) for California residents, and other relevant data protection regulations.

By accessing or using our Services, you agree to the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services. We may update this Privacy Policy from time to time, and we will notify you of any material changes by posting the new Privacy Policy on our website and updating the "Last Updated" date.

Information We Collect

We collect several types of information from and about users of our Services, including:

Personal Information

This is information that can be used to identify you personally, either directly or indirectly, including:

• Contact Information: Name, email address, phone number, mailing address
• Account Information: Username, password, account preferences
• Payment Information: Credit card numbers, billing addresses, and other payment details (processed through secure third-party payment processors)
• Property Information: Details about your property, garden size, plant types, and irrigation needs
• Service History: Records of services provided, maintenance schedules, and system performance data
• Communication Data: Records of your communications with us via email, phone, or chat

Non-Personal Information

This is information that does not identify you personally, including:

• Usage Data: Information about how you interact with our website and services, including pages visited, time spent, and features used
• Technical Data: IP address, browser type, operating system, device information, and other technical identifiers
• Aggregated Data: Statistical or demographic data that cannot be used to identify you
• Irrigation System Data: Performance metrics, water usage patterns, and sensor readings from installed systems (anonymized where possible)

Special Categories of Data

We do not intentionally collect sensitive personal data (such as racial or ethnic origin, political opinions, religious beliefs, health data, or sexual orientation) unless required to provide our services. If such data is collected inadvertently, we will handle it with appropriate safeguards.

How We Collect Information

We use various methods to collect information from and about you, including:

Direct Collection

• Forms: When you fill out forms on our website (contact forms, service requests, account registration)
• Purchases: When you purchase products or services from us
• Communications: When you contact us via email, phone, or live chat
• Surveys: When you participate in customer satisfaction surveys or market research
• Service Visits: When our technicians visit your property for installations or maintenance

Automated Collection

• Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to collect information about your browsing behavior (see our Cookie Policy for details)
• Analytics Tools: We use Google Analytics and other tools to analyze website traffic and usage patterns
• System Monitoring: Our smart irrigation systems may collect operational data to optimize performance

Third-Party Sources

• Business Partners: Information from landscape architects, contractors, or other partners who refer your business to us
• Public Databases: Property records or other publicly available information to verify service eligibility
• Social Media: Information from social media platforms when you interact with our profiles or content

How We Use Your Information

We use the information we collect for various business purposes, including:

Service Delivery

• To provide, operate, and maintain our irrigation services
• To process transactions and send order confirmations
• To schedule and perform installations, maintenance, and repairs
• To optimize your irrigation system based on property characteristics and usage patterns
• To provide customer support and respond to inquiries

Business Operations

• To improve our products, services, and website functionality
• To conduct research and analysis to enhance our offerings
• To prevent fraud and ensure the security of our systems
• To comply with legal obligations and enforce our terms of service
• To manage our business operations and internal record keeping

Communication

• To send service-related communications (appointment reminders, maintenance alerts)
• To provide newsletters, marketing materials, and promotional offers (with your consent where required)
• To notify you about changes to our services or policies
• To gather feedback about your experience with our services

Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), our legal basis for collecting and using personal information depends on the context in which we collect it:

• Contractual Necessity: When we need the information to fulfill our contract with you (e.g., providing irrigation services)
• Legitimate Interest: When processing is necessary for our legitimate business interests (e.g., improving services, preventing fraud)
• Consent: When you have given us permission to process your data (e.g., for marketing communications)
• Legal Obligation: When we need to comply with legal requirements (e.g., tax laws, regulatory compliance)

How We Share Your Information

We may share your information in the following circumstances:

Service Providers

We may share information with third-party vendors who perform services on our behalf, including:

• Payment processors for transaction handling
• Installation contractors for system deployment
• Cloud service providers for data storage and processing
• Marketing platforms for email campaigns and analytics
• Customer support tools for service management

These service providers are contractually obligated to protect your information and only use it for the purposes we specify.

Business Partners

We may share limited information with:

• Landscape architects or designers collaborating on your project
• Manufacturers for warranty purposes or product recalls
• Water conservation organizations for rebate programs (with your consent)

Legal Requirements

We may disclose your information if required to:

• Comply with laws, regulations, or legal processes
• Respond to valid government requests or court orders
• Protect our rights, property, or safety, or that of others
• Investigate potential violations of our terms or policies

Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or similar event, your information may be transferred as part of the transaction. We will notify you if such a transfer affects your privacy rights.

Aggregated or Anonymized Data

We may share aggregated, anonymized, or de-identified data with researchers, partners, or the public to demonstrate water savings, analyze trends, or improve irrigation technologies.

Data Security

We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction, including:

• Encryption: Using SSL/TLS encryption for data transmission and AES-256 encryption for sensitive data at rest
• Access Controls: Limiting access to personal data to authorized personnel on a need-to-know basis
• Network Security: Implementing firewalls, intrusion detection systems, and regular security audits
• Physical Security: Securing our facilities and equipment that process personal data
• Employee Training: Conducting regular privacy and security training for all staff
• Incident Response: Maintaining procedures to respond to potential data breaches

Despite these measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but will promptly notify you and relevant authorities if a breach occurs that affects your personal data.

Your Role in Security

You can help protect your information by:

• Choosing strong, unique passwords for your accounts
• Not sharing login credentials with others
• Keeping your devices and browsers updated with security patches
• Being cautious of phishing attempts or suspicious communications

Data Retention

We retain personal information only as long as necessary for the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Our retention periods are based on:

• The duration of our business relationship with you
• Legal obligations (e.g., tax records, warranty periods)
• Industry standards and best practices
• The nature of the information and its sensitivity

Typical retention periods include:

• Customer Account Data: 7 years after last activity
• Financial Records: 7 years for tax compliance
• Service Contracts: 10 years for warranty purposes
• Marketing Preferences: Until consent is withdrawn or account is closed
• Website Analytics: 26 months from last visit

When we no longer need personal data, we securely delete or anonymize it. Some data may be retained in backup systems for limited periods before permanent deletion.

Your Privacy Rights

Depending on your location and applicable laws, you may have certain rights regarding your personal information:

Access and Portability

You may request access to the personal information we hold about you and receive a copy in a structured, commonly used format.

Correction

You may request correction of inaccurate or incomplete personal data we maintain about you.

Deletion

You may request deletion of your personal data when it is no longer necessary for our business purposes or when you withdraw consent (subject to legal exceptions).

Restriction and Objection

You may request restriction of processing or object to certain uses of your data, such as direct marketing.

Consent Withdrawal

Where we rely on consent for processing, you may withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.

Opt-Out of Marketing

You may opt out of receiving marketing communications from us at any time by using the unsubscribe link in our emails or contacting us directly.

Non-Discrimination

We will not discriminate against you for exercising your privacy rights (e.g., by denying services or charging different prices).

Exercising Your Rights

To exercise any of these rights, please contact us using the information in the "Contact Us" section below. We may need to verify your identity before processing your request. In some cases, we may have legitimate reasons to refuse certain requests as permitted by law.

Appeals

If we deny your request, we will provide an explanation and information about how to appeal the decision if applicable under local laws.

International Data Transfers

AquaMossnest is based in the United States, and your information may be transferred to, stored, and processed in the U.S. or other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.

When we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries not deemed adequate by relevant authorities, we implement appropriate safeguards such as:

• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules for intra-company transfers
• Other legally recognized mechanisms for international data transfers

By using our Services, you consent to the transfer of your information to countries outside your country of residence, including the United States.

Children's Privacy

Our Services are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently received personal information from a child under 16, we will delete such information from our records.

Parents or guardians who believe their child has provided us with personal information may contact us to have the information removed.

Third-Party Links

Our website may contain links to third-party websites, plug-ins, or applications. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. We encourage you to review the privacy policy of every website you visit.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, and other factors. When we make changes, we will revise the "Last Updated" date at the top of this policy and, in some cases, provide more prominent notice (such as adding a statement to our homepage or sending you a notification).

We encourage you to review this Privacy Policy regularly to stay informed about our information practices. Your continued use of our Services after any changes constitutes your acceptance of the revised Privacy Policy.

Material Changes

If we make material changes to how we treat users' personal information, we will notify you through a notice on our website or by email (if you have provided one). The notice will specify the effective date of the changes and your rights under the new policy.

State-Specific Disclosures

California Residents

Under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), California residents have additional rights regarding their personal information:

• Right to Know: Request details about the categories and specific pieces of personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of personal information we have collected (with exceptions)
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information (as defined under CCPA)
• Right to Limit: Limit use and disclosure of sensitive personal information
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising privacy rights

In the past 12 months, we have collected the categories of personal information described in the "Information We Collect" section above. We disclose this information to service providers for business purposes but do not "sell" personal information as defined under CCPA.

To exercise your California privacy rights, please contact us using the information below. You may designate an authorized agent to make requests on your behalf by providing written permission and verifying your identity.

Nevada Residents

Nevada residents may opt out of the sale of certain personal information under Nevada Revised Statutes Chapter 603A. We do not currently sell personal information as defined under Nevada law, but you may submit an opt-out request to be honored if our practices change.

Virginia, Colorado, Connecticut, and Utah Residents

Residents of these states have rights under their respective consumer privacy laws similar to those described above for California residents, with some variations in scope and applicability. Contact us for more information about exercising your rights under these laws.