Privacy Policy

1. Introduction

IOThrifty LLC ("we," "our," or "us") operates the Dasberry Cloud platform at dasberry.ai and app.dasberry.ai. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our services, including our website, web application, APIs, and any related services (collectively, "the Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree with any part of this policy, please do not use the Service.

2. Information We Collect

We collect information in the following categories:

2.1 Account Information

When you create an account, we collect your name, email address, and password (stored in hashed form using industry-standard algorithms). If you are invited to join a team, we also collect your name and email address from the invitation.

2.2 Team and Organization Data

When you create or join a team, we collect the team name, timezone, and membership information. Team administrators may invite other users and manage roles within the team.

2.3 Device and Telemetry Data

We collect telemetry data transmitted by your connected IoT devices via MQTT, including sensor readings, timestamps, device identifiers, and metadata. This data is stored within your team's account, is logically isolated from other teams' data, and is not shared with other users or teams. Telemetry data may include any data points your devices are configured to transmit.

2.4 Mobile Phone Numbers and SMS Information

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All categories of personal information exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

We collect phone numbers only with your explicit, opt-in consent and only for the purpose of delivering SMS alerts you configure within the platform. Phone numbers may be provided in two places:

• During account registration: The phone number field is optional. If you provide one, you must affirmatively check a consent checkbox before your account can be created. The checkbox discloses message frequency variability, that message and data rates may apply, and links to these Terms and Privacy Policy.
• When configuring an alarm: You may add phone numbers of recipients (yours or others) who should receive SMS alerts when alarm conditions are met.

Phone numbers are never obtained from third-party sources and are never pre-populated by the system. The only third-party processor that receives a recipient's phone number is Twilio, our SMS delivery provider, and only for the technical transmission of the specific alert messages you configure. Twilio is not authorized to use phone numbers for any other purpose. We do not use your phone number for marketing, promotions, advertising, or any communication outside of the alarm notifications you set up.

Message frequency: SMS alerts are operational notifications, not recurring marketing messages. Frequency depends entirely on your alarm configuration and device behavior. Typical usage ranges from zero to a few messages per week, but may be higher during active alarm conditions.

Message and data rates may apply. Standard message and data rates may apply depending on your mobile carrier and plan. Dasberry Cloud does not charge for SMS messages, but your carrier may.

You are responsible for ensuring you have the appropriate consent from any third-party recipients before adding their contact information to alarm configurations.

2.5 Usage Data

We collect anonymous usage analytics to improve our service, including pages visited, features used, session duration, browser type, and device type. This data is collected through PostHog and is used in aggregate form.

2.6 Payment Information

If you subscribe to a paid plan, payment processing is handled by our third-party payment processor. We do not store credit card numbers, bank account details, or other sensitive financial information on our servers. We may retain transaction IDs, plan type, and billing dates for record-keeping.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain the Dasberry Cloud platform
• To store and display your device telemetry data on dashboards and reports
• To evaluate alarm conditions and send notifications via email or SMS when thresholds are met
• To send transactional emails, including account invitations, password resets, and scheduled reports
• To process subscription payments and manage your billing
• To improve our services, develop new features, and fix bugs
• To respond to your support requests and communicate with you about the Service
• To detect, prevent, and address technical issues or security threats
• To comply with legal obligations

4. SMS and Email Communications

4.1 SMS Consent

End-users consent to receive SMS messages through explicit, user-initiated actions within the Dasberry Cloud web application. Consent is obtained at the time the phone number is collected:

1. Account registration (optional): If a user enters a phone number on the signup form, they must affirmatively check a consent checkbox disclosing that message frequency varies, message and data rates may apply, and linking to these Terms and Privacy Policy. Without checking the box, the account cannot be created with a phone number.
2. Alarm configuration: When a user creates an alarm and selects SMS as the notification channel, they must enter the phone number to receive alerts on. This is an additional, deliberate user-initiated action that constitutes express consent for that alarm's notifications.

No SMS messages are sent without explicit consent. Users are never automatically enrolled in SMS communications, and phone numbers are never obtained from third-party sources or pre-populated by the system.

4.2 Alarm Notifications

SMS and email alarm notifications are sent only when device data meets the alarm conditions configured by the user. These are not marketing messages — they are operational alerts for critical infrastructure monitoring (e.g., temperature exceeding a threshold, equipment going offline).

4.3 Opting Out of SMS

Users may revoke SMS consent and stop receiving text messages at any time by:

• Deleting or deactivating the alarm that triggers SMS notifications
• Removing their phone number from the alarm's contact list
• Replying STOP to any SMS message received from the platform
• Contacting us at the email address listed below

Opting out of SMS does not affect the user's account or their ability to use other features of the Service.

4.4 Message Frequency

The frequency of SMS alarm notifications depends entirely on the user's alarm configuration and the behavior of their connected devices. There is no fixed schedule; messages are sent only when alarm conditions are triggered or resolved. Typical usage ranges from zero to a few messages per week, but may be higher during active alarm conditions.

4.5 Message and Data Rates

Standard message and data rates may apply depending on your mobile carrier and plan. Dasberry Cloud does not charge for SMS messages, but your carrier may.

4.6 Transactional Emails

We send transactional emails related to account operations such as invitations, password resets, and scheduled report deliveries. These are essential to the operation of the Service and are sent as needed.

5. Third-Party Services

We use the following third-party services to operate our platform. Each service processes data only as necessary to perform its function:

• Resend — transactional email delivery (processes recipient email addresses and message content)
• Twilio — SMS alert delivery (processes recipient phone numbers and message content)
• PostHog — anonymous product analytics (processes anonymized usage data)
• DigitalOcean — cloud infrastructure and hosting (processes and stores all platform data)

These services maintain their own privacy policies, and we encourage you to review them. We select third-party providers that maintain appropriate security and privacy standards.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following circumstances:

• With your team: Data within the Service is shared among members of your team as determined by your team's access controls
• With service providers: As described in Section 5, to operate the Service
• For legal compliance: When required by law, legal process, or government request
• To protect rights: When necessary to enforce our Terms of Service, protect our rights, or ensure the safety of our users
• Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction

7. Data Retention

Your device telemetry data is retained according to your subscription plan's storage limits. When your plan's data cap is reached, the oldest data is automatically removed to make room for new data (circular storage).

Account information is retained for as long as your account is active. If you delete your account, we will delete your personal information and device data within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing agreements).

Alarm notification logs (records of sent SMS and email notifications) are retained for up to 90 days for troubleshooting and audit purposes.

8. Data Security

We implement industry-standard security measures to protect your data, including:

• Encrypted connections (TLS/SSL) for all data in transit
• Passwords stored using secure one-way hashing algorithms
• Role-based access controls within the application
• Regular database backups with encrypted storage
• Infrastructure hosted in secure, SOC 2-compliant data centers

While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk.

9. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

• Essential cookies: Required for authentication, session management, and core functionality of the Service
• Analytics cookies: Used by PostHog to collect anonymous usage data to help us improve the Service

We do not use advertising cookies or tracking pixels. You may configure your browser to refuse cookies, but some features of the Service may not function properly without them.

10. Your Rights

You have the following rights regarding your personal information:

• Access: You may request a copy of the personal information we hold about you
• Correction: You may update or correct inaccurate information through your account settings or by contacting us
• Deletion: You may request deletion of your account and associated personal data
• Data export: You may export your device telemetry data and reports through the platform's built-in export features
• Opt-out of notifications: You may stop alarm notifications by modifying or deleting alarm configurations

To exercise any of these rights, contact us at the email address listed below. We will respond to your request within 30 days.

11. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose about you
• Request deletion of your personal information
• Opt out of the sale of your personal information (we do not sell personal information)
• Not be discriminated against for exercising your privacy rights

To submit a request, contact us at the email address listed below.

12. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal information, please contact us.

13. International Data Transfers

Our servers and infrastructure are located in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We take reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy.

14. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users by email within 72 hours of becoming aware of the breach, or as otherwise required by applicable law. We will also take immediate steps to investigate, contain, and remediate the breach.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a prominent notice on the Service prior to the changes taking effect. Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes. We encourage you to review this policy periodically.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

IOThrifty LLC

Email: johnj@iothrifty.com