Privacy Policy

FogCert, Inc. (Company, "we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the FogCert platform (Service).

Please read this policy carefully. By using the Service, you consent to the practices described herein.

2.1 Information You Provide

• Account Information: Name, email address, phone number, company name, and password when you register
• Business Data: Customer records, grease trap specifications, service event details, compliance data, and invoicing information you enter into the Service
• Payment Information: Billing address and payment card details (processed securely by our payment processor, Stripe)
• Communications: Messages you send to us via email or through the Service

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, actions taken, and time spent on the Service
• Device Information: Browser type, operating system, device type, and screen resolution
• Log Data: IP address, access times, referring URLs, and error logs
• Cookies: Session cookies necessary for authentication and Service functionality

2.3 Information from Third Parties

We may receive information about you from third-party services you integrate with FogCert, such as payment processors and mapping services.

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process transactions and send related notices (invoices, Certificates of Service)
• Send compliance alerts, reminders, and notifications you have opted into
• Respond to your comments, questions, and support requests
• Monitor and analyze usage patterns and trends
• Detect, investigate, and prevent fraudulent or unauthorized activity
• Comply with legal obligations and enforce our Terms of Service
• Communicate product updates, newsletters, and marketing (with your consent)

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: With trusted third parties who perform services on our behalf (e.g., payment processing, email delivery, cloud hosting)
• Compliance Partners: When you generate Certificates of Service or pretreatment reports intended for submission to municipalities or regulatory bodies
• Restaurant Portal: Service event data, compliance status, and certificates are shared with restaurant portal users who have been invited by their service company
• Legal Requirements: When required by law, regulation, legal process, or governmental request
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: In other cases where you have given explicit consent

We retain your information for as long as your account is active or as needed to provide the Service. Upon account deletion:

• Personal account information is deleted within 30 days
• Service event records and certificates may be retained for up to 7 years to comply with regulatory requirements
• Aggregated, anonymized data may be retained indefinitely for analytics purposes
• Backup copies are purged within 90 days

We implement appropriate technical and organizational measures to protect your information, including:

• Encryption in transit (TLS/SSL) and at rest
• Secure password hashing using bcrypt
• Role-based access controls with multi-tenant data isolation
• Regular security audits and vulnerability assessments
• Automated monitoring and anomaly detection

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data, subject to retention obligations
• Export: Request a portable copy of your data
• Opt-Out: Opt out of marketing communications at any time
• Restrict Processing: Request restriction of certain data processing activities

To exercise these rights, contact us at privacy@fogcert.com.

We use essential cookies required for the Service to function properly:

• Session Cookies: To maintain your login session and security
• CSRF Tokens: To protect against cross-site request forgery

We do not use third-party tracking cookies or advertising cookies.

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will promptly delete it.

Your information may be processed in the United States. By using the Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Effective Date" above. Your continued use of the Service after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@fogcert.com
• Address: FogCert, Inc., Houston, TX