Privacy and Security

Your facility data, handled like the asset it is.

RespiraTech screens legacy data center cooling for retrofit potential. That means you share real facility information with us, so here is exactly what we collect, how we use it, and how we protect it.

EffectiveJune 9, 2026

Security and trust

Safe to hand over your facility data

Before you enter a single number, here is how your inputs are protected. Plain commitments, the kind a fund or operator needs to see before sharing site detail.

Encrypted in transit and at rest

Your data is protected with HTTPS in transit and encryption at rest on managed cloud infrastructure.

Scoped to you, never sold

Records are access-scoped to your submission, and we never sell your data or share it for advertising.

Used only to screen your site

We use your facility data to run your screening and communicate with you about it, nothing more.

Your data lives on managed cloud infrastructure (database and file storage) operated by reputable providers, encrypted in transit and at rest, with access scoped by row-level security.

What we collect

Information you provide

Contact details when you request access or get in touch: name, work email, company, role, and phone (phone only if you give it).
The perspective you are screening from (for example investor, finance, construction, or owner), if you tell us.
The facility details you enter or upload: facility name, location, and technical characteristics such as electrical load, cooling type and capacity, UPS configuration, PUE, square footage, rack counts, and age.
Any files you upload (for example an Excel workbook or a DCIM export). We store the file and its contents to run your screening.

Information collected automatically

Technical and usage data: IP address, browser type and user agent, the page that referred you, and marketing attribution parameters (UTM tags) when present.
Lightweight, privacy-conscious first-party analytics events that help us understand how the tool is used. We do not use third-party advertising or cross-site tracking.
We use IP addresses for security and to rate-limit abuse.

Cookies and local storage

A single functional cookie that saves your in-progress intake form so you do not lose your work. It expires automatically.
A session identifier stored in your browser to group analytics events within a single visit, without identifying you.
No advertising or cross-site tracking cookies.

Derived data

We may convert a facility address into approximate map coordinates (geocoding) to support location-based analysis.

How we use it

To run your facility screening and produce your results and investment memo.
To respond to your requests and communicate with you about your screening and about RespiraTech (emails are sent through our email provider).
To operate, secure, and improve the product, including through aggregated or de-identified data.
AI field mapping: if you upload a DCIM or facility export for automated field mapping, the relevant content is processed by a third-party AI provider (currently Anthropic) solely to classify and map your data fields. It is not used to train that provider's models.
We do not use your data to make automated decisions that have legal or similarly significant effects on you.

How it is stored and secured

Your data is stored in managed cloud infrastructure (database and file storage) operated by reputable providers.
Encryption in transit (HTTPS/TLS) and at rest.
Our database and hosting providers maintain SOC 2 Type 2 and ISO 27001 compliance. (This describes our infrastructure providers; RespiraTech itself is not separately SOC 2 certified.)
Access controls: records are scoped with row-level security, and administrative access is limited to what is needed to run the service.
Rate-limiting and abuse protection on our endpoints.
No method of transmission or storage is perfectly secure. We work hard to protect your data, but we cannot guarantee absolute security.

Third-party subprocessors

We rely on a small set of service providers who process data on our behalf so we can run the product. They may change over time, and we will keep this list current.

Provider roleWhat it handles

Application hostingServes the site and processes server logs.

Database and file storageStores your contact data, facility data, and uploaded files.

Email deliverySends transactional and follow-up emails.

AI field mapping (Anthropic)Processes uploaded DCIM or facility data to classify fields, when you use that feature.

Address geocoding (US Census)Converts addresses into coordinates.

Retention and your rights

Retention: we keep your data only as long as needed for the purposes above. In-progress intake drafts expire automatically (about 30 days), and abandoned upload sessions are cleared on a short schedule. You can ask us to delete your data at any time.

Your rights: depending on where you live, you may have rights to access, correct, delete, or port your data, to object to or restrict certain processing, and to withdraw consent. For example, residents of the EU and UK (under GDPR) and California (under CCPA/CPRA) have specific rights. To exercise any of them, contact us at the address below and we will respond as required by applicable law.

Children's privacy

RespiraTech is a business tool not directed to children, and we do not knowingly collect data from anyone under 16.

Changes to this policy

We may update this policy and will post changes here with a new effective date.

Contact

RespiraTech is an early-stage company. For privacy questions or requests about your data, reach us through the form on our site and we will respond. (A dedicated privacy email address will be added as we grow.)

Privacy and data requestsUse the form on our site

Effective dateJune 9, 2026