Privacy Policy

1. Information We Collect

Account Information

• Email address - For account creation and communication
• Password - Hashed and stored securely (we cannot see your password)
• Display name - Optional, for personalization

System Information

• Controller IP address - To connect to your Control4 system
• Control4 credentials - Encrypted at rest (see Security section)
• Device information - Names, types, IP addresses of discovered devices
• Room configurations - Room names and device assignments
• Binding information - Device connection mappings

Project Files

• .c4p backup files - Stored encrypted in our cloud storage
• Parsed project data - Extracted device and binding information

Usage Information

• Feature usage - Which features you use (anonymized)
• Error reports - Technical errors for debugging (via Sentry)
• Page views - Privacy-respecting analytics (via Plausible)

2. How We Use Your Information

We use your information to:

• Provide and maintain the Service
• Connect to your Control4 system on your behalf
• Store and restore your project backups
• Send important account notifications
• Process subscription payments
• Improve the Service based on usage patterns
• Respond to support requests

We do not:

• Sell your personal information
• Share your data with advertisers
• Access your Control4 system without your explicit action
• Use your data for purposes unrelated to providing the Service

3. How We Protect Your Information

Credential Security

Your Control4 credentials are encrypted using AES-256-GCM encryption before storage. Credentials are never logged, even in error messages. Our team cannot view your credentials in plaintext.

File Security

Your .c4p backup files are stored encrypted at rest in our cloud storage (Supabase Storage). Files are only accessible to your account through authenticated, signed URLs.

Database Security

All data is protected by Row Level Security (RLS) policies, ensuring you can only access your own data. Our database uses PostgreSQL with encryption at rest.

Network Security

All data transmission uses HTTPS/TLS encryption. Controller IP addresses are validated to be in private IP ranges to prevent accidental exposure.

4. Data Retention

• Account data - Retained while your account is active
• System/device data - Retained while associated system exists
• Backup files - Retained until you delete them or your account
• Activity logs - Retained for 90 days for debugging

When you delete your account, all associated data is permanently deleted within 30 days.

5. Third-Party Services

We use the following third-party services:

6. Your Rights

You have the right to:

• Access - Request a copy of your data
• Correction - Update inaccurate information
• Deletion - Delete your account and all associated data
• Export - Download your data in standard formats
• Restrict processing - Limit how we use your data

To exercise these rights, contact us at privacy@c4owner.com

7. Cookies

We use essential cookies for authentication and session management. We use Plausible for analytics, which does not use cookies and does not track individual users.

We do not use advertising cookies or share cookie data with third parties.

8. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately.

9. International Data Transfers

Your data may be processed in the United States or other countries where our service providers operate. By using the Service, you consent to such transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Your continued use after changes constitutes acceptance.

11. Contact Us

For questions about this Privacy Policy or our data practices, contact us at:

• Email: privacy@c4owner.com