H3 MarkH3ight

H3Kit Privacy Policy

Last Updated: December 25, 2025

H3ight LLC (“H3ight,” “we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use the H3Kit mobile application (the “App”) for iOS and Android.

By using H3Kit, you agree to the collection and use of information as described in this Privacy Policy.

1. Information We Collect

1.1 Account Information

When you create an H3Kit account, we collect:

  • Email address (required for account creation and login)
  • Name (first and last name)
  • Password (stored securely using industry-standard encryption)
  • Account creation date

1.2 Gear Data

You voluntarily provide information about your rope access equipment:

  • Gear descriptions (harnesses, ropes, carabiners, etc.)
  • Serial numbers and model information
  • Purchase dates and retirement dates
  • Inspection records (dates, status, notes)
  • Photos of equipment (stored in cloud storage)
  • Usage logs and tracking data

1.3 Job Data

You may track work-related information:

  • Job hours (start/end times, total hours)
  • Job locations (site names, addresses if provided)
  • Pay rates (hourly rates, total compensation)
  • Client/project names (if entered)
  • Job notes and descriptions

1.4 Technical Information

We automatically collect certain technical data:

  • Device information (device type, operating system, OS version)
  • App usage data (features used, session duration)
  • Crash reports and error logs
  • IP address (for security and analytics)
  • Unique device identifiers (for app functionality)

1.5 Location Information

  • Precise location: We do NOT collect real-time GPS location tracking
  • Job locations: Only collected when you manually enter job location data
  • The App does not run location services in the background

1.6 Information We Do NOT Collect

  • Social Security Numbers or government IDs
  • Payment card information (not applicable during beta)
  • Biometric data
  • Health information
  • Real-time location tracking

2. How We Use Your Information

2.1 Primary Uses

We use your data to:

  • Provide App functionality (gear tracking, inspections, job logging)
  • Maintain your account (authentication, account management)
  • Store and sync your data across devices
  • Send important notifications (inspection reminders, account updates)
  • Provide customer support when you contact us
  • Improve the App (bug fixes, feature development)

2.2 Analytics and Improvement

  • We analyze anonymized, aggregated usage data to improve H3Kit
  • We identify bugs, crashes, and performance issues
  • We understand which features are most valuable to users
  • Individual user data is never shared in analytics reports

2.3 Communications

We may send you:

  • Transactional emails (account verification, password resets)
  • App updates and new features (opt-out available)
  • Inspection reminders (based on your settings)
  • Important security or policy updates (cannot opt-out)

You can manage email preferences in your account settings.

3. How We Store and Protect Your Data

3.1 Data Storage Infrastructure

  • Backend server and database: Your account and gear data are stored on Render (cloud hosting platform with PostgreSQL database)
  • Photo storage: Equipment photos are stored in Cloudflare R2 (S3-compatible object storage) with encrypted transmission
  • Data encryption: All data is encrypted in transit (TLS/SSL) and at rest
  • Backup systems: Regular automated backups ensure data recovery capabilities

3.2 Data Location

  • Data is stored on servers located in the United States
  • Cloud storage providers may have data centers in multiple regions
  • Data may be transferred across borders for storage and processing

3.3 Security Measures

We implement industry-standard security practices:

  • Encrypted data transmission (HTTPS/TLS)
  • Secure password hashing (PBKDF2 with SHA256—Django's industry-standard password hasher)
  • Access controls (role-based permissions, authentication)
  • Regular security audits and vulnerability assessments
  • Secure cloud infrastructure (Render and Cloudflare R2)

3.4 Data Retention

  • Active accounts: Data is retained while your account is active
  • Deleted accounts: Data is deleted within 30 days of account deletion
  • Backups: Data may persist in backups for up to 90 days after deletion
  • Legal obligations: Some data may be retained longer if required by law

3.5 Data Breach Notification

In the event of a data breach that affects your personal information, we are committed to transparency and prompt notification:

  • Notification Timeline: We will notify affected users without undue delay and, where feasible, within 72 hours of becoming aware of the breach, as required by applicable data protection laws.
  • Notification Method: We will notify you via email to the address associated with your account and/or through an in-app notification.
  • Information Provided: Our notification will include the nature of the breach, likely consequences, measures taken, and contact information.
  • Authority Notification: We will also notify relevant supervisory authorities as required by applicable law.
  • Documentation: We maintain internal records of all data breaches to demonstrate compliance with our obligations.

If you believe your account has been compromised, please contact us immediately at privacy@h3ight.com.

4. Data Sharing and Third Parties

4.1 No Third-Party Sharing

We do NOT sell, rent, or share your personal data with third parties for their marketing purposes.

4.2 Service Providers

We share limited data with trusted service providers who help us operate H3Kit:

  • Render (backend hosting and PostgreSQL database)—Stores account and gear data
  • Cloudflare R2 (S3-compatible object storage)—Stores equipment photos
  • SendGrid (transactional emails)—Sends account notifications

All service providers are contractually obligated to protect your data and use it only for providing services to H3Kit.

4.3 Legal Requirements

We may disclose your information if required to:

  • Comply with valid legal processes (subpoenas, court orders)
  • Enforce our Terms of Service
  • Protect the rights, property, or safety of H3ight, our users, or the public
  • Investigate fraud or security issues

4.4 Business Transfers

If H3ight is acquired or merged with another company, your data may be transferred to the new owner. You will be notified of any such change and your data will remain subject to privacy protections.

5. Your Rights and Choices

5.1 Access and Control

You have the right to:

  • Access your data: View all data stored in your account through the App
  • Export your data: Download a copy of your information at any time
  • Correct your data: Update or correct inaccurate information
  • Delete your data: Request account and data deletion

5.2 Account Deletion

You can delete your account at any time:

  1. Open the App and go to Settings > Account
  2. Select Delete Account
  3. Confirm deletion
  4. Your data will be removed within 30 days

Alternatively, contact us at privacy@h3ight.com to request deletion.

5.3 Communication Preferences

  • Marketing emails: Opt out via unsubscribe links in emails
  • Push notifications: Manage in device settings or App settings
  • Inspection reminders: Configure or disable in the App

5.4 Data Portability

You can export your data in common formats (CSV, JSON, PDF) through the App's export features.

6. Privacy Rights by Region

6.1 GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), UK, or Switzerland, you have additional rights under GDPR:

  • Right to access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate data
  • Right to erasure: Request deletion of your data (“right to be forgotten”)
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Receive your data in a machine-readable format
  • Right to object: Object to data processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent at any time
  • Right to lodge a complaint: Contact your local data protection authority

Legal Basis for Processing:

  • Contract performance: Processing necessary to provide the App
  • Consent: You consent to data processing when creating an account
  • Legitimate interests: Improving the App and preventing fraud

Data Protection Officer: Contact privacy@h3ight.com for GDPR inquiries.

Filing Complaints: If you are located in the EEA, UK, or Switzerland and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority:

6.2 CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to know: What personal information we collect and how it's used
  • Right to delete: Request deletion of your personal information
  • Right to opt-out: Opt out of “sale” of personal information (Note: We do NOT sell data)
  • Right to non-discrimination: Equal service regardless of exercising privacy rights

To exercise your CCPA rights, contact privacy@h3ight.com or use the in-app support feature.

6.2.1 Nevada Privacy Rights

If you are a Nevada resident, you have the right under Nevada Senate Bill 220 (SB 220) to opt out of the sale of certain covered information. H3ight does not sell your personal information for monetary consideration. If our data practices change in the future, Nevada residents may submit a verified opt-out request to privacy@h3ight.com.

6.2.2 Other US State Privacy Rights

Residents of Virginia, Colorado, Connecticut, and Utah have privacy rights under their respective state laws (VCDPA, CPA, CTDPA, and UCPA). These laws provide similar rights including access, deletion, correction, and opt-out rights.

To exercise these rights, contact privacy@h3ight.com or use the in-app support feature. We will respond in accordance with applicable state law, typically within 45 days.

6.3 Other Regions

Users in other jurisdictions may have similar rights under local privacy laws. Contact us to exercise your rights or ask questions about data protection in your region.

6.4 Automated Decision-Making and Profiling

H3Kit does not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. All decisions regarding your account, data, and use of our services involve human review and oversight.

7. Children's Privacy

H3Kit is intended exclusively for professional rope access technicians aged 18 and older. We do not knowingly collect personal information from individuals under 18 years of age.

Age Restriction Enforcement: We rely on app store age ratings (18+) on both the Apple App Store and Google Play Store to restrict downloads to appropriate users.

Industry Requirement: Rope access certification requires individuals to be at least 18 years old, aligning with our target user base of certified professionals.

Inadvertent Collection: If we become aware that we have inadvertently collected personal information from someone under 18, we will take immediate steps to delete that information. If you believe a person under 18 has provided us with personal information, please contact us immediately at privacy@h3ight.com.

8. International Data Transfers

H3ight is based in the United States. If you access the App from outside the U.S., your data will be transferred to and processed in the United States. By using H3Kit, you consent to the transfer of your data to the U.S., which may have different data protection laws than your country.

For EEA users, we implement appropriate safeguards (such as Standard Contractual Clauses) to protect data transferred outside the EEA.

9. Mobile App-Specific Disclosures

9.1 iOS Disclosures (Apple App Store)

In compliance with Apple's App Store requirements:

Data Linked to You:

  • Account information (name, email)
  • User-generated content (gear data, photos, job records)
  • Usage data (features used, session times)

Data NOT Collected:

  • Precise location (GPS tracking)
  • Contacts, photos from device gallery (unless you explicitly select them)
  • Health data
  • Financial information

Tracking: We do NOT use data for tracking across apps/websites owned by other companies.

9.2 Android Disclosures (Google Play Store)

In compliance with Google Play's requirements:

Data Safety:

  • Data is encrypted in transit (TLS)
  • Data is encrypted at rest (server-side encryption)
  • You can request data deletion at any time
  • Data is NOT shared with third parties except service providers

Permissions:

  • Camera: To take photos of equipment (optional)
  • Storage: To save photos and export data (optional)
  • Internet: Required for data sync and account functions
  • Notifications: For inspection reminders (optional)

All permissions are requested with clear explanations when needed.

9.3 Push Notifications

  • We use push notifications for inspection reminders and important alerts
  • You can disable notifications in device settings or the App
  • Notification tokens are stored securely and not shared with third parties

10. Cookies and Tracking Technologies

10.1 App Usage

The H3Kit mobile app does NOT use traditional web cookies. However, we use similar technologies:

  • Local storage: To cache data and improve performance
  • Session tokens: To keep you logged in securely
  • Analytics SDKs: To collect anonymized usage data

10.2 Website (if applicable)

If you visit our website (not the mobile app), we may use:

  • Essential cookies: For website functionality
  • Analytics cookies: To understand website traffic (anonymized)

You can manage cookie preferences through your browser settings.

11. Third-Party Links

H3Kit may contain links to third-party websites or services (e.g., manufacturer websites, training resources). This Privacy Policy does NOT apply to those external sites. We are not responsible for the privacy practices of third parties. Please review their privacy policies before providing any information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in App features and functionality, legal requirements, or our data practices.

How We Notify You:

  • Material changes: Email notification and/or in-app alert
  • Minor changes: Updated “Last Updated” date at the top
  • Continued use: Using the App after changes indicates acceptance

You can always view the current Privacy Policy in the App (Settings > Privacy Policy) or by contacting us at privacy@h3ight.com.

13. Contact Us

If you have questions about this Privacy Policy or want to exercise your privacy rights, contact us:

Email: privacy@h3ight.com
Support: Use the “Contact Us” feature in the App
Mail:
H3ight LLC
PO Box 370922
Las Vegas, NV 89137

Response Time: We aim to respond to privacy requests within 30 days (or as required by applicable law).

14. Data Processing Summary

What We CollectWhy We Collect ItLegal BasisHow Long We Keep It
Email, nameAccount creation and loginContract, ConsentWhile account is active + 30 days
Gear data, photosCore app functionalityContract, ConsentWhile account is active + 30 days
Job dataUser-requested trackingContract, ConsentWhile account is active + 30 days
Device info, usage dataApp improvement, bug fixesLegitimate interestRetained for 90 days, then deleted
IP addressSecurity, fraud preventionLegitimate interest90 days

15. Acknowledgment

By using H3Kit, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and sharing of your information as described herein.

Company Information:
H3ight LLC
A Nevada Limited Liability Company
PO Box 370922
Las Vegas, NV 89137
privacy@h3ight.com

This Privacy Policy is effective as of the “Last Updated” date shown above.