← Back to Home

Privacy Policy

Effective Date: March 18, 2026

1. Introduction

HVACHERO ("we," "us," or "our") operates the website hvacheroapp.com and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service. By accessing or using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect the following categories of information:

a. Account Information

When you create an account, we collect your name, email address, password, company name, and phone number.

b. Billing Information

Payment processing is handled by Stripe, Inc. We do not store your credit card numbers on our servers. Stripe may collect your payment card details, billing address, and related financial information in accordance with their privacy policy.

c. Lead Data

When homeowners submit information through a contractor's quote page, we collect their contact information (name, email address, phone number, and address), project details, and the estimates generated through the Service.

d. Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, calculations performed, and analytics events.

e. Device & Log Data

We collect technical information such as browser type, operating system, IP address (anonymized), and referrer URLs to maintain security and improve performance.

f. Cookies

We use essential cookies to manage authentication sessions and maintain the functionality of the Service. We may also use analytics cookies with your consent to understand usage patterns. We do not use third-party advertising cookies.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain the Service.
  • To process payments and manage your subscription.
  • To send transactional communications, including lead notifications, estimate confirmations, and account-related alerts.
  • To improve, personalize, and expand the Service.
  • To detect, prevent, and address fraud, abuse, and technical issues.
  • To comply with applicable legal obligations.

4. SMS Communications

We send SMS (text) messages via Twilio to facilitate communication between contractors and homeowners. This section describes our SMS practices in compliance with the Telephone Consumer Protection Act (TCPA) and carrier guidelines.

  • Contractor SMS: We send SMS notifications to contractors to alert them of new leads and service requests. Contractors consent to receive these notifications when they enable SMS on their Integrations page within the dashboard.
  • Homeowner SMS: We send SMS messages to homeowners, including estimate confirmations and follow-up reminders related to their HVAC service request. By providing a phone number through a contractor's quote page, homeowners consent to receive SMS messages related to their service request.
  • Message Frequency: Message frequency varies. Typically, you will receive 1–4 messages per service request.
  • Message & Data Rates: Standard message and data rates may apply depending on your mobile carrier plan.
  • Opt-Out: You may opt out of SMS messages at any time by replying STOP to any message you receive from us. You may also opt out by emailing support@hvacheroapp.com. We will process opt-out requests within 10 business days.
  • No Sharing for Marketing: Mobile phone numbers collected through the Service are NOT shared with or sold to third parties for marketing or promotional purposes.
  • Delivery: SMS delivery depends on carrier networks, and we cannot guarantee delivery of every message.

5. Email Communications

We send transactional emails via Resend to facilitate the operation of the Service. These emails include:

  • New lead notifications to contractors.
  • Estimate confirmations to homeowners.
  • Welcome emails upon account creation.
  • Feedback and satisfaction requests.
  • Payment failure and billing alerts.

These are service-related communications necessary for the operation of your account and are not marketing emails. You may not opt out of essential transactional emails while your account is active.

6. Third-Party Service Providers

We do not sell your personal information. We share data only as necessary with the following third-party service providers to operate and improve the Service:

  • Stripe — Payment processing. We share your name, email address, and billing information with Stripe to process subscription payments.
  • Supabase — Database hosting. All account and lead data is stored on Supabase infrastructure and encrypted at rest.
  • Vercel — Application hosting. Vercel processes request logs and IP addresses as part of hosting the Service.
  • Twilio — SMS delivery. We share phone numbers and message content with Twilio to send and receive text messages.
  • Resend — Email delivery. We share email addresses and message content with Resend to send transactional emails.
  • Jobber — CRM integration. When a contractor enables the Jobber integration, we share lead contact information, project details, and estimates with Jobber at the contractor's direction via OAuth authorization.

Each provider processes data in accordance with their own privacy policy and data processing agreements.

7. Third-Party Integrations (OAuth)

Contractors may choose to connect third-party services, such as Jobber, through OAuth authorization. When you authorize a third-party integration:

  • We share lead data (contact information, project details, and estimates) with that service at your direction.
  • You may revoke access to any connected integration at any time from the Integrations page in your dashboard.
  • We are not responsible for how third-party services handle your data after it has been transferred.
  • Each connected integration is governed by its own privacy policy and terms of service, which you should review before authorizing.

8. Data Retention

We retain your information for the following periods:

  • Account data: Retained for as long as your account is active. Data is deleted when you delete your account.
  • Lead data: Retained for 2 years from the date of submission, after which it is anonymized.
  • SMS logs: Retained for 1 year, then deleted.
  • Analytics data: Retained for 1 year, then deleted.
  • Billing records: Retained as required by applicable law, typically 7 years.

You may request deletion of your personal data at any time by contacting us at support@hvacheroapp.com.

9. Data Security

We take the security of your data seriously and implement industry-standard measures to protect it, including:

  • HTTPS encryption for all data in transit.
  • AES-256 encryption at rest (via Supabase).
  • Daily encrypted backups with 7-day retention.
  • Role-based access controls for internal systems.
  • Rate limiting and input validation to prevent abuse.
  • IP address anonymization for enhanced privacy.
  • Regular security reviews and vulnerability assessments.

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal data.
  • Deletion: Request deletion of your personal data.
  • Portability: Request your data in a portable, machine-readable format.
  • Opt-Out: Opt out of non-essential communications at any time.
  • Withdraw Consent: Withdraw your consent for SMS communications at any time.

To exercise any of these rights, please contact us at support@hvacheroapp.com. We will respond to your request within 30 days.

11. Children's Privacy

Our Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at support@hvacheroapp.com. If we become aware that we have collected personal data from a child under 13 without verification of parental consent, we will take steps to remove that information from our servers.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify registered users via email prior to the changes taking effect. Your continued use of the Service after any modifications to this Privacy Policy constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: support@hvacheroapp.com