Privacy Policy

Last Updated: October 21, 2025

1. Introduction

Welcome to CleanAirWhere ("we," "our," or "us"). We are committed to protecting your privacy and handling your personal data transparently. This Privacy Policy explains how we collect, use, store, and share information when you use our air quality monitoring platform and services.

CleanAirWhere is an interactive map and business dashboard platform that helps the public discover places with clean air and allows businesses to showcase their air quality data.

2. Information We Collect

2.1 Account Information

When you register for a business account, we collect:

  • Email address (used for authentication and communications)
  • Password (encrypted and securely stored via Supabase Auth)
  • Account creation and last login timestamps

2.2 Business Profile Information

When you create a business profile, we collect:

  • Business name
  • Business description
  • Physical address and geographic coordinates (latitude, longitude)
  • Contact information (email, phone number, website URL)
  • Venue category (cafe, restaurant, gym, etc.)
  • Facility information (outdoor space availability, amenities)
  • Business photos (up to 3 images stored in Supabase Storage)
  • Approval status and subscription tier

2.3 Sensor and Air Quality Data

When you pair air quality sensors with your business account, we collect:

  • Device identifiers (MAC address, device ID, product ID)
  • Pairing codes and pairing timestamps
  • Air quality measurements:
    • Carbon dioxide (CO2) levels in parts per million (ppm)
    • Particulate matter (PM2.5 and PM10) in micrograms per cubic meter
    • Temperature readings in Celsius
    • Humidity percentage
    • Additional metrics (battery status, noise levels, TVOC index, atmospheric pressure)
  • Measurement timestamps and synchronization times
  • Complete raw sensor data in JSON format from QingPing API

2.4 Payment Information

When you subscribe to a paid tier (planned feature), payment processing is handled by Stripe. We store only:

  • Stripe customer ID
  • Stripe subscription ID
  • Subscription tier and status

We do not store your credit card numbers or other sensitive payment information. All payment data is processed and stored securely by Stripe according to their privacy policy.

2.5 Usage and Technical Data

We automatically collect:

  • IP addresses and device information
  • Browser type and version
  • Pages visited and features used
  • Access times and referring URLs
  • Map interactions (zoom, pan, business clicks)

2.6 Administrative Data

We maintain a list of admin user email addresses for platform administration and business approval workflows.

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Provision

  • Create and manage your user account
  • Process business registrations and approval workflows
  • Pair and manage air quality sensors
  • Collect, process, and display air quality data
  • Generate air quality trends and analytics
  • Display approved businesses on the public map

3.2 Communication

  • Send account verification emails
  • Notify you about account status changes (approval, subscription)
  • Send service-related announcements and updates
  • Respond to your inquiries and support requests

3.3 Platform Improvement

  • Analyze usage patterns to improve features
  • Monitor system performance and troubleshoot issues
  • Develop new features and services

3.4 Legal and Safety

  • Comply with legal obligations
  • Enforce our Terms of Service
  • Protect against fraud and abuse
  • Resolve disputes

4. Public Display of Information

Important: The following information is publicly visible on our map:

  • Business name and description
  • Business location (address and map coordinates)
  • Contact information (website, email, phone if provided)
  • Business photos
  • Venue category and facilities
  • Current and historical air quality readings from your sensors
  • Calculated overall air quality scores

By creating a business profile and receiving approval, you explicitly consent to this public display. Only approved businesses appear on the public map. Businesses with "pending" or "inactive" status are not publicly visible.

5. Data Sharing and Third Parties

5.1 Third-Party Services

We use the following third-party services:

  • Supabase - Database hosting, authentication, and file storage. Data is stored on Supabase's infrastructure according to their privacy policy.
  • QingPing API - Air quality sensor data integration. We receive sensor readings via webhooks from QingPing's platform.
  • Stripe - Payment processing (planned feature). Payment information is processed according to Stripe's privacy policy.
  • Vercel - Application hosting and content delivery.
  • OpenStreetMap (Nominatim) - Address geocoding for converting addresses to coordinates.

5.2 Legal Requirements

We may disclose your information if required by law, legal process, court order, or government request, or to protect our rights, property, or safety.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5.4 No Sale of Personal Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

6. Data Security

We implement industry-standard security measures to protect your data:

  • Passwords are encrypted using bcrypt hashing via Supabase Auth
  • Data transmission is encrypted using SSL/TLS
  • Row Level Security (RLS) policies enforce access controls in the database
  • API authentication using JWT tokens
  • Webhook signature verification using HMAC-SHA256
  • Service role keys are stored securely in environment variables
  • Regular security updates and monitoring

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your data as follows:

  • Account data: Retained until you delete your account
  • Business profiles: Retained while your account is active or as needed to provide services
  • Air quality readings: Retained indefinitely for historical trend analysis and public health research purposes
  • Sensor data: Retained while sensors are paired to accounts
  • Logs and technical data: Typically retained for 90 days for troubleshooting purposes

When you delete your account, we will remove your personal information within 30 days, except where we are required to retain it for legal, tax, or regulatory purposes.

8. Your Rights and Choices

Depending on your location, you may have the following rights:

8.1 Access and Portability

You can access your account data and business profile through the dashboard. You may request a copy of your data in a portable format.

8.2 Correction

You can update your business profile information directly through the dashboard at any time.

8.3 Deletion

You can delete your account and business profile. Note that historical air quality readings may be retained for research purposes but will be disassociated from your account.

8.4 Restriction and Objection

You may request to restrict processing or object to certain uses of your data by contacting us.

8.5 Withdrawal of Consent

Where we process your data based on consent, you may withdraw consent at any time. This will not affect the lawfulness of processing before withdrawal.

To exercise these rights, please contact us at the email address provided in Section 13.

9. Cookies and Tracking

We use essential cookies and local storage to maintain your authentication session. We may use analytics tools to understand how users interact with our platform. You can control cookies through your browser settings, but disabling cookies may limit functionality.

10. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe we have collected information about a child, please contact us immediately.

11. International Data Transfers

Your data may be stored and processed in servers located in different countries where our service providers operate. By using our service, you consent to the transfer of your data to these locations, which may have different data protection laws than your country of residence.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website or sending you an email. The "Last Updated" date at the top of this policy indicates when it was last revised. Your continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: cleanairwhere@gmail.com

Data Protection Officer: cleanairwhere@gmail.com

14. Additional Rights for EU/UK Users (GDPR)

If you are located in the European Economic Area or United Kingdom, you have additional rights under GDPR including the right to lodge a complaint with your local data protection authority.

15. California Privacy Rights (CCPA)

California residents have specific rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to refuse the sale of personal information
  • Right to delete personal information
  • Right to non-discrimination for exercising CCPA rights

To exercise these rights, please contact us using the information in Section 13.

This Privacy Policy was last updated on October 21, 2025. By using CleanAirWhere, you acknowledge that you have read and understood this Privacy Policy.