Privacy Policy

Controller: KByte IT Services Ltd

Effective Date: 2025-12-28 Last Updated: 2025-12-28

This policy covers our website, APIs, and IoT devices that connect to outasense.com.

Quick Summary

  • We collect device telemetry (e.g., temperature, Wi-Fi signal, and technical data such as public IP address) to operate and secure the service.
  • During registration/checkout, you may provide your full name, email address, and an optional mobile phone number for alerts or account communications.
  • Periodic telemetry does not include direct identifiers (such as your name, email address, or phone number), but it may include technical identifiers such as the device’s public IP address.
  • We process payments via Stripe; card details are sent directly to Stripe and are not stored on our servers.
  • We do not sell or rent your data to anyone. We only share it with service providers needed to run the service, or when required by law (e.g., valid requests from law enforcement/courts/regulators such as the police).

1) Information We Collect

1.1 From IoT Devices

TypeDescriptionPurpose
Unique Device ID (UID)Hardware-derived identifier (non-personal)Link telemetry to your device
Device NameUser-provided label (e.g., “Garage Monitor”)Display & management
Email AddressProvided during setupAccount linking & notifications
Phone Number (optional)International format (e.g., +447700900123)SMS alerts, voice calls (if enabled)
TemperatureInternal or attached sensor valueMonitoring features
Wi-Fi RSSISignal strengthDiagnostics & connection quality
Client IPPublic IP of the device’s networkSecurity & diagnostics

Registration vs. Telemetry: Initial registration may include Device Name, Email Address, and (optionally) Phone Number. Periodic telemetry includes device metrics (e.g., Temperature, Wi-Fi RSSI) and technical data such as the device’s public IP address for security and diagnostics. We do not include your name, email address, or phone number in periodic telemetry payloads.

Note: A public IP address may be considered personal data in some circumstances. We use it for security, fraud/abuse prevention, and diagnostics. Public IP may be discovered by the device via an external IP-lookup service.

1.2 From the Website

  • Contact details you submit (e.g., support or account forms).
  • Technical data (IP address, browser/OS, pages viewed).
  • Cookie & analytics data (see “Cookies & Third Parties”).

1.2A Account, Orders & Support Details

TypeDescriptionPurpose
Full Name Name you provide when creating an account, placing an order, or requesting support. Account management, invoicing, and customer support.
Email Address Used for account access, confirmations, and service communications. Authentication, notifications, receipts, and support.
Mobile Phone Number Provided during registration/checkout or for alerts (optional where stated). SMS alerts, voice calls (if enabled), account security, and service communications.
Address Billing address and, where applicable, shipping/service address. Tax/VAT compliance, invoicing, and delivery/service fulfillment (if applicable).
Purchase Information Items purchased, subscription plan, pricing, invoice/receipt details, refunds, and support history. Provide services, maintain purchase history, handle refunds, and customer support.

1.3 Payments & Billing (Stripe)

If you make a purchase or subscription on our site, payments are processed by Stripe, our third-party payment provider.

TypeDescriptionPurpose
Billing Details Name, billing address, email, and (where required) VAT or tax details. Issue invoices, receipts, and comply with tax/accounting rules.
Payment Method Details Card type, expiry date, last 4 digits, and payment token/identifier handled by Stripe. Process payments, manage refunds, and detect/prevent fraud.
Transaction Metadata Transaction ID, amount, currency, date/time, and status. Maintain purchase history, provide support, and meet legal obligations.

Card data: Full card numbers and CVC codes are transmitted directly to Stripe and are not stored on our servers. Stripe acts as our payment processor and is independently responsible for securing card data under PCI-DSS requirements.

Order records we store: We store purchase records such as your name, email, address (billing/shipping where applicable), products/plan purchased, and transaction identifiers. We do not store full card numbers or CVC codes.

2) How We Use Data

  • Register and authenticate devices; display device status.
  • Provide telemetry charts, alerts, and diagnostics.
  • Process payments, manage subscriptions, and handle refunds via Stripe.
  • Fulfill orders and provide related services (including delivery where applicable), and maintain purchase history.
  • Improve reliability, security, and performance.
  • Communicate important updates and service messages.
  • Comply with legal obligations and enforce terms.

4) Data Retention

  • Telemetry: retained as needed for service, troubleshooting, security, and analytics.
  • PII (email/phone/name/address): retained only as needed to provide related features (e.g., account access, alerts, purchases, support) and to meet legal obligations.
  • Billing & transaction data: retained for as long as required by tax, accounting, and financial regulations.
  • We periodically review and minimize stored data. You may request deletion/anonymization where we are not legally required to retain it.

5) Sharing & Disclosure

We do not sell or rent your data to anyone. We share data only as described below:

  • Service providers (hosting, analytics, support, payment processing, email/SMS) under data processing agreements.
  • Stripe, as our payment processor, for the purpose of taking payments, managing subscriptions, and preventing fraud.
  • Law enforcement / legal requests: We may disclose information if required by applicable law, court order, or other valid legal process (including requests from police or regulators), or where necessary to protect safety, rights, and property.
  • In aggregated or anonymized form for research and product improvement.

6) Cookies & Similar Technologies

We use cookies to operate the site, remember preferences, and measure performance.

TypeExamplesPurpose
EssentialSession, CSRFCore functionality and security
FunctionalPreferencesRemember settings (e.g., theme, language)
PerformanceAnalytics cookiesUnderstand site usage to improve UX
AdvertisingFacebook/Meta, other ad networksMeasure & optimize ad relevance (if enabled)
Payment ProviderStripe cookies or similar technologiesEnable secure payment sessions, fraud detection, and remember limited payment-related preferences.

You can control cookies via your browser and our consent banner (where shown). Disabling some cookies may impact functionality, including payment processing.

7) Third-Party Services

7.1 Google Analytics

Used to measure traffic and usage patterns (IP address, device/browser metadata). Opt-out: Google Analytics Opt-out.

7.2 Google reCAPTCHA

Protects forms from abuse and spam; may analyze interactions (IP, mouse/typing). See Google’s Privacy Policy and Terms.

7.3 Facebook/Meta Pixel

Used (if enabled) for ad measurement and optimization. See Meta Privacy Policy.

7.4 Stripe Payments

We use Stripe to process online payments. When you make a payment, your payment information is handled directly by Stripe in accordance with their own privacy and security practices. For more information, see Stripe’s Privacy Policy.

7.5 Other Providers

We may use additional processors (e.g., hosting, email, SMS) under contracts to protect your data.

8) Security

  • HTTPS/TLS for website and APIs; strict access controls.
  • Regular log and infrastructure reviews.
  • Data minimization for telemetry where practical.
  • Use of reputable payment providers (such as Stripe) to process card data securely.

Firmware note: Some device builds may use HTTPS without certificate pinning; future releases aim for full TLS verification.

9) Your Rights

Depending on your location (e.g., GDPR/EEA, UK GDPR, CCPA/CPRA), you may have rights to:

  • Access, correct, or delete your personal data.
  • Object to or restrict processing; withdraw consent.
  • Port your data (data portability).
  • Not be discriminated against for exercising rights (CCPA/CPRA).

Contact info@outasense.com to exercise any rights. Verification may be required.

10) International Transfers

Data may be processed outside your country. We use safeguards such as Standard Contractual Clauses to protect transfers.

11) Children’s Privacy

Our services are not directed to children under 13 (or your jurisdiction’s minimum age). We do not knowingly collect their data.

12) “Do Not Track”

We don’t currently respond to DNT signals. Manage analytics/cookies in your browser or consent tools.

13) Changes to This Policy

We may update this policy periodically. Updates appear here with revised “Last Updated” date; major ones may be emailed.

14) Contact Us

KByte IT Services Ltd
Attn: Data Protection Officer
71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
Email: info@outasense.com
Website: https://outasense.com