Privacy Policy

1. Introduction

AltosIQ ("AltosIQ," "we," "us," or "our") is a prescriptive infrastructure intelligence platform that provides real-time predictive maintenance monitoring, sustainability reporting, and carbon compliance services for commercial and industrial facilities. This Privacy Policy describes how we collect, use, store, and protect information when you use our platform, visit our website at altosiq.io, or interact with our services.

This policy is designed to comply with Ecuador's Ley Orgánica de Protección de Datos Personales (LOPDP), the European Union's General Data Protection Regulation (GDPR) as a standard of international best practice, and applicable data privacy principles under United States law including the California Consumer Privacy Act (CCPA) where relevant.

By using our services, you acknowledge that you have read and understood this policy. If you do not agree with its terms, please discontinue use of our platform and services.

2. Data Controller

AltosIQ acts as the data controller for personal information collected through our website and request access forms. For information processed on behalf of enterprise clients in connection with their facility operations, AltosIQ acts as a data processor under the instructions of the client, who retains the role of data controller for their employees' and facilities' data.

For privacy-related inquiries, you may contact us at: privacy@altosiq.io

3. Information We Collect

3.1 Infrastructure and Sensor Data

Our platform ingests real-time telemetry from IoT sensors installed on client assets, including but not limited to vibration measurements (mm/s), temperature readings (°C), electrical current consumption (amperes), and humidity levels. This data is associated with physical assets — not individuals — and is collected for the purpose of predictive maintenance analysis, equipment health scoring, and carbon emissions calculation.

Sensor data is transmitted over LoRaWAN or equivalent protocols and stored in encrypted form in our cloud infrastructure. It is retained for the duration of the client engagement and for up to 36 months thereafter to support historical analysis, trend reporting, and carbon credit verification audits.

3.2 Account and Authentication Data

When accessing the AltosIQ client portal, we collect usernames and session authentication tokens. We do not store plain-text passwords. Session tokens are stored in browser session storage and expire upon session termination. We do not use persistent login cookies without explicit user consent.

3.3 Contact and Lead Information

When you submit a request for access through our website, we collect your full name, organization name, geographic location, number of facilities under management, current maintenance approach, and any additional message you choose to provide. This information is used solely to evaluate your inquiry and initiate a business conversation. It is not sold, shared with third-party marketers, or used for any purpose other than responding to your request.

3.4 Usage and Analytics Data

We may collect non-personal technical information about how users interact with our platform, including page views, session duration, browser type, operating system, and referring URL. This information is used in aggregate to improve platform performance and user experience. It is not linked to individual identities without your consent.

4. Legal Basis for Processing

We process personal data only where a lawful basis exists under applicable law. Our legal bases include:

• —Contractual necessity: Processing required to deliver the services agreed to in our client contracts, including sensor data analysis and maintenance reporting.
• —Consent: Processing of contact information submitted through our request access form, where you have voluntarily provided your details.
• —Legitimate interests: Processing usage analytics to improve platform security and performance, where such interests are not overridden by your rights.
• —Legal obligation: Processing required to comply with applicable law, including carbon credit verification requirements and regulatory reporting obligations.

5. How We Use Your Information

We use the information we collect to:

• —Deliver real-time predictive maintenance intelligence and asset health monitoring services
• —Generate sustainability reports and carbon emissions calculations for ESG compliance
• —Support carbon credit verification and digital MRV (Measurement, Reporting, and Verification) processes
• —Respond to access requests and onboard new clients
• —Send service notifications, maintenance alerts, and briefing summaries to authorized platform users
• —Improve the accuracy of our AI-assisted diagnostic models using anonymized and aggregated asset data
• —Comply with legal and regulatory obligations in the United States and applicable international jurisdictions
• —Protect against fraud, unauthorized access, and security threats

We do not sell personal data to third parties. We do not use personal data for targeted advertising. We do not use personal data for any purpose materially different from those listed above without first obtaining your explicit consent.

6. Third-Party Service Providers

To operate our platform, we engage trusted third-party service providers who process data on our behalf under strict contractual data processing agreements. These include:

• —Supabase: Cloud database and backend infrastructure provider. Sensor data, account information, and lead records are stored in Supabase-hosted databases with encryption at rest and in transit.
• —Vercel: Platform hosting and edge deployment provider. Our web application and API routes are hosted on Vercel's infrastructure.
• —Resend: Transactional email delivery provider used to send lead notifications and service communications.
• —Anthropic: AI model provider whose API powers our diagnostic narrative and asset health assessment features. Data submitted to Anthropic's API is governed by Anthropic's data use policies. We submit anonymized asset telemetry only — no personally identifiable information is included in AI model inputs.

All third-party providers are contractually prohibited from using data shared with them for any purpose other than providing services to AltosIQ.

7. Data Retention

We retain data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law:

• —Sensor and asset data: Retained for the duration of the client contract plus 36 months to support historical analysis and carbon credit audit trails.
• —Account credentials: Retained for the duration of the active account. Deleted within 30 days of contract termination upon client request.
• —Lead and contact data: Retained for up to 24 months from submission, or until you request deletion.
• —Usage analytics: Retained in aggregate form for up to 24 months.

8. Your Rights

Depending on your location and applicable law, you may have the following rights with respect to your personal data:

• —Right of access: Request a copy of the personal data we hold about you.
• —Right of rectification: Request correction of inaccurate or incomplete data.
• —Right of erasure: Request deletion of your personal data, subject to legal retention obligations.
• —Right to restrict processing: Request that we limit how we use your data in certain circumstances.
• —Right to data portability: Request your data in a structured, machine-readable format.
• —Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
• —Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@altosiq.io. We will respond within 30 days. We may need to verify your identity before processing your request.

9. Data Security

AltosIQ is built on a SOC 2 Type II-compliant architecture. We implement appropriate technical and organizational measures to protect personal data against unauthorized access, accidental loss, destruction, or disclosure. These measures include TLS encryption for data in transit, encryption at rest for stored data, access controls limiting data access to authorized personnel, session-based authentication with automatic expiry, and regular review of our security practices.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data using commercially acceptable means, we cannot guarantee absolute security. In the event of a data breach that poses a risk to your rights, we will notify affected parties and relevant authorities as required by applicable law.

10. International Data Transfers

AltosIQ operates internationally and may transfer data to service providers located in the United States and European Union. Where data is transferred across borders, we ensure that appropriate safeguards are in place consistent with applicable data protection requirements across the jurisdictions in which we operate, including contractual protections with receiving parties that require equivalent levels of data protection.

11. Children's Privacy

Our platform and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has submitted information to us, please contact us at privacy@altosiq.io and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform capabilities. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify active clients by email. Your continued use of our services after any update constitutes acceptance of the revised policy.

13. Contact Us

For any questions, concerns, or requests related to this Privacy Policy or the handling of your personal data, please contact:

This privacy policy was drafted for informational purposes and reflects AltosIQ's current data practices. We recommend periodic review by qualified legal counsel to ensure continued compliance with evolving data protection regulations in all jurisdictions where AltosIQ operates.