EzLife HVAC Service — Privacy Policy

Last updated: April 13, 2026
Version: 1.0 (Closed Beta)

1. Introduction

EzLife HVAC Service ("EzLife," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, store, share, and protect information when you use the EzLife HVAC mobile and desktop application ("App") and related services (collectively, the "Service").

This Policy applies to all users of the Service, including Company Owners, Managers, and Workers. By creating an account or using the Service, you consent to the practices described in this Policy. If you do not agree, do not use the Service.

2. Data Controller

The data controller for information processed through the Service is EzLife HVAC Service. For inquiries, contact us at privacy@ezlifesystems.com.

When a Company Owner registers a tenant and invites employees, both EzLife (as the platform provider) and the Company (as the employer) may act as independent or joint data controllers for employee data, depending on applicable law. Company Owners are responsible for their own compliance with employment and data protection laws regarding their employees' data.

3. Information We Collect

3.1 Information You Provide Directly

Account Registration

Data Field	Owner Registration	Employee Registration
Full name	Yes	Yes
Email address	Yes	Yes
Phone number	Yes	Yes
Password	Yes	Yes
Company name	Yes	No
Invitation code	No	Yes

Company Profile (Owner/Manager)

Legal company name
VAT / tax identification number
Company email and phone
Company address (including geocoded coordinates via Google Places)
Company website URL
Company logo (uploaded image)

Customer Records

Customer name and legal name
Email, phone, address
VAT / tax identification number
Website URL
Notes (free-text)

Service Site Records

Site name and address
Geocoded coordinates (latitude/longitude) and Google Place ID
Notes (free-text)
Associated customer reference

Task and Work Data

Task titles, descriptions, scheduling dates
Checkpoint titles and hierarchies
Work session dates, start/end times, break durations
Work session report text (free-text authored by workers)
Session rejection reasons (free-text authored by managers)
Approved work durations
Task urgency flags and status transitions

Media and Documents

Photos captured via device camera or selected from gallery
Documents uploaded via file picker
Company logos and profile avatars
All media includes metadata: file name, size, MIME type, file extension, author identity

Checkpoint Activity

Comments (free-text, attributed to author)
Attached images and documents

Invitation Data

Invitation role assignment
Invitation token (hashed for storage; plaintext retained for resend functionality)
Usage and expiration timestamps

3.2 Information Collected Automatically

Device and Installation Data

Data Point	Purpose
Installation ID (random UUID)	Distinguish devices per user account
Platform (iOS/Android/macOS/etc.)	Compatibility, diagnostics
Device model	Diagnostics, support
Operating system version	Compatibility, diagnostics
App version name and build number	Version management, update prompts

This data is sent as part of device heartbeats to track active installations and deliver version-update notifications.

Synchronization Metadata

Sync cursor timestamps (last successful synchronization per entity type)
Sync status flags (pending, synced, local)
Optimistic concurrency version numbers
Record creation and modification timestamps
Author identifiers on record changes (created_by, updated_by)

Error and Diagnostic Data (Sentry)

Crash reports and stack traces
Breadcrumbs (sequence of UI/system events before an error)
Application state at time of error
User ID (profile UUID — not name or email) and tenant ID as scope tags
User role tag (owner/manager/worker)

We apply PII scrubbing to all telemetry data. Business content such as customer names, task details, report text, and employee personal information is not transmitted to Sentry.

Local Preferences

UI theme selection (light/dark/system)
Planner zoom level
Cached release policy data (operational flags, not personal data)

3.3 Information from Third Parties

Google Maps Platform

When you use address autocomplete or map features, Google may process:

Search queries you type into address fields
Selected place details (address, coordinates, Place ID)

Google's processing of this data is subject to the Google Privacy Policy.

Supabase Authentication

Our authentication service (powered by Supabase/GoTrue) processes:

Email/password credentials
Email verification OTP codes
JWT session tokens and refresh tokens
Authentication event logs

4. How We Use Your Information

Purpose	Legal Basis (GDPR)	Data Categories
Provide the Service — account creation, authentication, data sync, offline operation	Performance of contract	All registration data, user content, sync metadata
Maintain tenant isolation — enforce multi-tenant security boundaries	Legitimate interest (security)	Tenant ID, user roles, RLS metadata
Enable role-based access control — enforce permissions per user role	Performance of contract	User role, tenant membership, capability matrix
Device management — track active installations, deliver update prompts	Legitimate interest (service reliability)	Device/installation data, heartbeat records
Error monitoring and diagnostics — detect, investigate, and fix bugs	Legitimate interest (service improvement)	Crash data, sanitized diagnostic telemetry
Security — detect unauthorized access, prevent abuse	Legitimate interest (security)	Authentication logs, audit logs, access patterns
Audit trail — tamper-evident record of data changes	Legitimate interest + legal compliance	Audit log entries
Media processing — compress, store, and serve uploads	Performance of contract	Uploaded files, file metadata
Communications — support requests, service notices	Performance of contract / legitimate interest	Email address, in-app notifications
Legal compliance — respond to lawful requests	Legal obligation	Any data as legally required

We do not:

Sell your personal information to third parties.
Use your data for targeted advertising.
Profile users for marketing purposes.
Process data for purposes unrelated to providing the Service.

5. Data Storage and Security

5.1 Local Storage (On Your Device)

Storage	Data	Encryption Status
Isar database	All synced entities, registration drafts, sync cursors	Not encrypted at rest (engine limitation). Key material provisioned for future activation.
Pending media files	Photos/documents awaiting upload	Unencrypted (device file system)
Flutter Secure Storage	Encryption key material (32-byte random key)	Platform keychain/keystore encrypted
SharedPreferences	Installation ID, UI preferences, cached release policy	Platform default (generally unencrypted)

Your responsibility: We recommend enabling device-level encryption (full-disk encryption) on all devices used to access the Service.

5.2 Cloud Storage (Supabase)

Component	Data
PostgreSQL (with RLS)	All synced entity data, audit logs, sync metadata
Object Storage	Avatars, company logos, task/checkpoint/session media
Authentication	Credential hashes, session tokens, verification state

5.3 Security Measures

Row-Level Security (RLS): All database tables enforce tenant-scoped access policies at the database layer.
Role-based access control (CBAC): Granular permissions enforced at both application and database layers.
Password security: Passwords are hashed by Supabase Auth; plaintext passwords are never stored by EzLife.
Invitation token hashing: Invitation tokens are hashed using pgcrypto before database storage.
Optimistic concurrency control: Version-based conflict detection prevents unauthorized or stale overwrites.
Soft-delete cascades: Deletion of parent records propagates tombstones to all dependent data.
Audit logging: Material data changes are recorded in an append-only audit log (retained for 90 days).
Media cleanup: Deleted media is queued for asynchronous removal from object storage.
PII scrubbing: Telemetry data is sanitized before transmission to third-party error monitoring.
Transport encryption: All communication between the App and cloud services uses TLS/HTTPS.
Android hardening: Backup disabled, native library extraction disabled.

5.4 Known Limitations (Beta Transparency)

Local database files are not encrypted at rest on the device.
No certificate pinning is implemented (tracked for GA).
Entity-level last-writer-wins conflict resolution (not field-level); concurrent offline edits may lose granularity.
No push notifications; background sync only occurs while the app is in the foreground.

6. Data Sharing and Disclosure

6.1 Within Your Tenant

Data you create is visible to other users within your Company tenant according to role-based permissions:

Owners and Managers can view all tenant data.
Workers can view tasks they participate in, their own sessions, team profiles, and the company profile.

6.2 Third-Party Service Providers

Provider	Data Shared	Purpose
Supabase	All synced data, authentication credentials, uploaded media	Cloud infrastructure, database, storage, authentication
Sentry	Sanitized error reports (user ID as UUID, tenant ID, role; no business content)	Error monitoring and crash reporting
Google (Maps Platform)	Address search queries, selected place details	Address autocomplete, geocoding, map display

6.3 Legal Disclosure

We may disclose your information if we believe in good faith that disclosure is necessary to:

(a) Comply with applicable law, regulation, or legal process.

(b) Protect the rights, property, or safety of EzLife, our users, or the public.

(d) Enforce our Terms of Service.

6.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change.

6.5 No Sale of Data

We do not sell, rent, or trade your personal information to third parties for their marketing or commercial purposes.

7. Data Retention

Data Category	Retention Period
Active account data	Duration of active account + 30 days after termination
Audit logs	90 days (automated pruning)
Deleted media queue	14 days then permanently removed
Soft-deleted records	Retained as tombstones; purged with account deletion
Registration drafts (local)	1 hour TTL (auto-purged locally)
Device heartbeats	Duration of active account
Error telemetry (Sentry)	Per Sentry's retention policy (typically 90 days)
Backup copies	Purged per Supabase backup schedule after source data deletion

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

8.1 Right of Access

You may request a copy of the personal data we hold about you.

8.2 Right to Rectification

You may correct inaccurate personal data via the App or by contacting us.

8.3 Right to Erasure ("Right to be Forgotten")

You may request deletion of your personal data. Note:

During Beta, erasure requests are processed manually.
Deletion of a Company Owner account will trigger deletion of the entire tenant and all associated data.
Some data may be retained in audit logs for the applicable retention period.

8.4 Right to Data Portability

You may request your data in a structured, commonly used, machine-readable format. During Beta, data export is processed manually upon request.

8.5 Right to Restrict Processing

You may request restriction of processing in certain circumstances.

8.6 Right to Object

You may object to processing based on legitimate interest.

8.7 Right to Withdraw Consent

Where processing is based on consent, you may withdraw consent at any time.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority in your jurisdiction.

8.9 Exercising Your Rights

To exercise any of these rights, contact us at privacy@ezlifesystems.com. We will respond within 30 days.

9. International Data Transfers

Your data may be processed in countries other than your country of residence. Where such transfers occur, we ensure appropriate safeguards are in place as required by applicable law (e.g., Standard Contractual Clauses under GDPR).

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly. Contact us at privacy@ezlifesystems.com if you believe a child has provided us with personal information.

11. Employer Responsibilities

If you are a Company Owner or Manager using the Service to manage employees:

(a) You are responsible for informing your employees about how their work-related data is collected and processed through the Service.

(b) You must obtain any consents required by applicable labor and data protection laws before enrolling employees.

(c) You acknowledge that work session data constitutes employee monitoring data in some jurisdictions and may be subject to specific legal requirements.

(d) EzLife provides the platform; the Company determines the purposes and means of processing employee data within its tenant.

12. Cookies and Tracking Technologies

The App does not use cookies. We do not use web-based tracking technologies, advertising identifiers, or cross-app tracking. The only persistent local identifier is the randomly generated Installation ID (UUID) used solely for device-level service management.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via in-app notification or email at least fifteen (15) days before taking effect.

14. Contact Us

For privacy-related questions, requests, or concerns:

Email: privacy@ezlifesystems.com
Subject line: "Privacy Inquiry"
Response time: Within 30 days

For data protection officer inquiries (where applicable under GDPR): dpo@ezlifesystems.com