Privacy Policy

Effective date: May 12, 2026  ·  Last updated: May 12, 2026 (v1.1)

Xyloclime Pro LLC ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect when you use Xyloclime Pro ("Service"), how we use it, who we share it with, and your rights. This policy is incorporated into our Terms of Service.

1. Information We Collect

Account Information

When you create an account or start a free trial, we collect:

• Email address (used for login, account verification, and password reset)
• Password (stored as a cryptographic hash by Firebase Authentication — we cannot read it)
• Subscription status and plan (stored in our database to control access)
• Account creation date and last sign-in timestamp

Project Data

When you run an analysis, we store the inputs and results in your account so you can access them later:

• Project location (address or coordinates you enter)
• Project start and end dates
• Construction trade and template selections
• Analysis results (workable day counts, risk scores, phase schedules, contingency estimates)
• Any project name or notes you provide

You own this data. We use it only to provide and improve the Service. See Section 5 for retention details.

Payment Information

Payments are processed by Stripe, Inc. We do not collect, store, or have access to your credit card number, CVV, or full billing address. Stripe provides us with a payment token and your subscription status. Stripe's privacy policy governs payment processing: stripe.com/privacy.

Usage and Analytics Data

We use Google Analytics 4 (GA4) to understand how users navigate the Service. This is collected only with your consent (via the cookie banner on the app) and includes:

• Pages visited, features used, and session duration
• General geographic region (country/state — not precise location)
• Device type, browser, and operating system
• Referring website

We implement Google's Consent Mode v2, which withholds analytics until you accept cookies. You can withdraw consent at any time by clearing your browser cookies. Google's privacy policy: policies.google.com/privacy.

Technical and Log Data

Our hosting infrastructure (Vercel) and Firebase automatically collect certain technical data, including IP address (used for rate limiting, fraud prevention, and security), request timestamps, error logs, and browser type. This data is used for security and debugging only and is not linked to your account for marketing purposes.

Local Storage

We store certain data in your browser's local storage to improve performance — including a cache of your subscription status and your terms acceptance record. This data stays on your device and is not transmitted to our servers except as part of normal Service operation.

2. How We Use Your Information

• Providing the Service: Running weather analyses, generating reports, and displaying results tied to your account.
• Account management: Authentication, password reset emails, and subscription verification.
• Billing: Communicating with Stripe to manage your subscription and payment status.
• Service communications: Transactional emails (account verification, password reset, billing notices). We do not send marketing emails without your explicit consent.
• Security and fraud prevention: Detecting and preventing unauthorized access, abuse, and fraud.
• Service improvement: Aggregate, anonymized usage analytics to understand which features are used and where users encounter issues.
• Legal compliance: Responding to lawful requests and complying with applicable law.

We do not use your project data, location inputs, or analysis results for any purpose other than providing and improving the Service to you. We do not sell your personal information to any third party.

3. Third-Party Service Providers

We share information with the following service providers strictly to operate the Service:

We may disclose your information if required by law, court order, or to protect the rights, property, or safety of Xyloclime Pro LLC, our users, or the public. If we are acquired or merged, your information may transfer as part of that transaction, with notice provided to you beforehand.

4. Cookies

We use the following types of cookies and browser storage:

• Essential cookies: Firebase Authentication uses a session cookie to keep you logged in. These are required for the Service to function and cannot be disabled without breaking login.
• Analytics cookies: Google Analytics 4 sets cookies to track usage patterns. These are only placed after you consent via the cookie banner in the app.
• Local storage: Used to cache subscription status and terms acceptance on your device. Does not leave your browser except as part of normal app operation.

You can manage or delete cookies through your browser settings at any time. Disabling analytics cookies will not affect Service functionality.

5. Data Retention

• Account data: Retained for as long as your account is active. You may request deletion at any time (see Section 6).
• Project data: Retained until you delete it or close your account. We may delete data from accounts inactive for 24 consecutive months.
• Payment records: Stripe retains payment records per their legal obligations. We retain basic subscription history (plan, dates, status) for up to 7 years for accounting and legal compliance.
• Analytics data: Retained per Google Analytics' standard settings (14 months for user-level data by default).
• Log and security data: Technical logs are retained for up to 90 days.

6. Your Rights and Choices

• Access: You may request a copy of the personal data we hold about you.
• Correction: You may update your email address through your account settings or by contacting us.
• Deletion: You may request deletion of your account and associated data by emailing support@xyloclime.com. We will process the request within 30 days, subject to legal retention obligations in Section 5.
• Analytics opt-out: Withdraw consent at any time by clearing cookies in your browser.
• Portability: You may request an export of your project data in a standard format.

To exercise any of these rights, email support@xyloclime.com. We will respond within 30 days.

California residents (CCPA): You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise CCPA rights, contact us at the address below.

7. Data Security

We use industry-standard security practices including HTTPS/TLS encryption for all data in transit, Firebase Security Rules enforcing per-user data access, cryptographic password hashing, PCI-DSS compliant payment processing via Stripe, and API keys stored as server-side environment variables never exposed to the client.

No security measure is 100% guaranteed. If you believe your account has been compromised, contact us immediately at support@xyloclime.com.

8. Children's Privacy

The Service is not directed to children under 13 (or under 16 where applicable). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it promptly.

9. International Users

The Service is designed and operated for use in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We do not specifically target users in the European Union and make no representation of GDPR compliance. EU users use the Service at their own risk and should consult applicable law before doing so.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email at least 14 days before they take effect. Continued use of the Service after the effective date constitutes your acceptance. The "Last updated" date at the top of this page reflects the most recent version.

11. Contact