Privacy Policy

Last updated: December 8, 2024

1. Introduction

IoT Armor ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our IoT security scanning platform at iot-armor.com (the "Service").

Please read this privacy policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name, company name, password (hashed)
  • Payment Information: Processed securely by LemonSqueezy; we do not store credit card numbers
  • Firmware Files: Files you upload for security scanning
  • Device Information: Device names, models, and metadata you provide
  • Communications: Support tickets, feedback, and correspondence

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, scan history
  • Device Data: Browser type, operating system, IP address
  • Cookies: Session cookies for authentication, analytics cookies (with consent)

3. How We Use Your Information

  • Provide and maintain the Service
  • Process your transactions
  • Send you technical notices and support messages
  • Respond to your comments and questions
  • Analyze usage to improve our Service
  • Detect, prevent, and address technical issues
  • Comply with legal obligations

4. Data Sharing

We do not sell your personal information. We may share data with:

  • Service Providers: LemonSqueezy (payments), Resend (email), PostHog (analytics), Crisp (chat)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger or acquisition

5. Data Retention

  • Account Data: Retained while your account is active, deleted within 30 days of account deletion
  • Scan Results: Retained for 90 days, then automatically deleted
  • Uploaded Firmware: Deleted within 24 hours of scan completion
  • Usage Logs: Retained for 90 days for security purposes

6. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a portable format
  • Objection: Object to certain processing of your data
  • Restriction: Request restricted processing

To exercise these rights, contact us at [email protected].

7. Security

We implement industry-standard security measures including:

  • TLS/SSL encryption for all data transmission
  • Argon2 password hashing
  • Regular security audits
  • Access controls and authentication
  • Encrypted database backups

8. Cookies

We use the following types of cookies:

  • Essential: Required for authentication and security
  • Analytics: PostHog for usage analytics (with consent)
  • Functional: Remember your preferences

You can control cookies through your browser settings.

9. International Transfers

Your data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place for such transfers.

10. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us: