Skip to main content

Privacy Policy

Privacy Policy

Last Updated: January 22, 2025

1. Introduction

Think Big Technology LLC ("Company," "we," "us," or "our") operates SprinkAI, an AI-powered chatbot platform for fire sprinkler system professionals. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

We are committed to protecting your privacy and complying with applicable data protection laws, including:

  • General Data Protection Regulation (GDPR) - EU
  • California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) - California, USA
  • Other applicable privacy regulations worldwide

By using SprinkAI, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

  • Email address
  • Full name (optional)
  • Password (encrypted and never stored in plain text)
  • Profile information

Payment Information:

  • Payment card details (processed and stored by Stripe, not by us)
  • Billing address
  • Transaction history

Content You Create:

  • Chat messages and conversations
  • Files you upload (documents, images)
  • Feedback and support requests

2.2 Information Collected Automatically

Usage Data:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and features used
  • Time and date of visits
  • Time spent on pages
  • Referring website addresses

Technical Data:

  • Session information
  • Cookies and similar tracking technologies
  • API request logs
  • Error and performance logs

Analytics Data:

  • User interaction patterns
  • Feature usage statistics
  • Service performance metrics

2.3 Information from Third Parties

Google OAuth (if you choose to use it):

  • Google account email address
  • Google account name
  • Profile picture (optional)

Payment Processor (Stripe):

  • Payment status
  • Subscription status
  • Transaction records

2.4 Categories of Sensitive Personal Information (CPRA)

We collect the following categories of sensitive personal information:

  • Account credentials (username and password)
  • Precise geolocation (only if you grant permission)

We do NOT collect:

  • Social Security numbers
  • Driver's license numbers
  • Passport numbers
  • Biometric data
  • Genetic data
  • Health information
  • Information about sexual orientation or sex life

3. How We Use Your Information

3.1 Primary Purposes

We use your information to:

Provide the Service:

  • Create and manage your account
  • Process and respond to your chat messages
  • Store and retrieve your conversation history
  • Upload, process, and analyze your files
  • Provide AI-generated responses and guidance

Process Payments:

  • Process subscription payments
  • Manage billing and invoicing
  • Detect and prevent fraud

Communicate with You:

  • Send service-related notifications
  • Respond to support requests
  • Send account and billing updates
  • Notify you of changes to our Terms or Privacy Policy

Improve the Service:

  • Analyze usage patterns and trends
  • Debug and fix technical issues
  • Develop new features and functionality
  • Conduct research and analytics

Legal Compliance:

  • Comply with legal obligations
  • Enforce our Terms of Service
  • Protect our rights and property
  • Prevent fraud and abuse

3.2 AI Model Training

We may use anonymized and aggregated conversation data to improve our AI models. You can opt out of AI training by:

  • Accessing Settings → Privacy → AI Training
  • Toggling "Allow AI Training" to OFF

Once opted out, your conversations will not be used for model training.

3.3 Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contractual Necessity: To provide the Service you've requested
  • Legitimate Interests: To improve our Service, prevent fraud, and ensure security
  • Consent: When you explicitly agree (e.g., for AI training, marketing emails)
  • Legal Obligation: To comply with applicable laws and regulations

4. Data Retention

4.1 Retention Periods

We retain your data for the following periods:

Account Data:

  • Active accounts: Duration of account plus 30 days after deletion
  • Inactive accounts (no login for 24 months): Deleted automatically

Chat History:

  • Stored indefinitely while your account is active
  • Deleted 30 days after account deletion
  • You can delete individual conversations at any time

Uploaded Files:

  • Stored in Supabase Storage while your account is active
  • Deleted 30 days after account deletion
  • You can delete files individually at any time

Payment Records:

  • Retained for 7 years for tax and accounting purposes
  • Required by law for financial record-keeping

Usage Logs:

  • Retained for 90 days for security and debugging purposes
  • Aggregated analytics retained indefinitely (anonymized)

Support Tickets:

  • Retained for 3 years after ticket closure

4.2 Data Deletion

You can request deletion of your data at any time by:

  • Deleting your account through Settings → Account → Delete Account
  • Contacting us at connect@thinkbigtechnology.com
  • Exercising your right to erasure under GDPR or CCPA (see Section 7)

5. How We Share Your Information

5.1 Third-Party Service Providers

We share your information with trusted service providers who help us operate the Service:

OpenAI (AI Provider)

  • Purpose: Generate AI responses
  • Data Shared: Chat messages, uploaded files (when relevant)
  • Location: United States
  • Privacy Policy: https://openai.com/privacy

Supabase (Database & Storage)

  • Purpose: Store account data, messages, and files
  • Data Shared: All account and content data
  • Location: United States
  • Privacy Policy: https://supabase.com/privacy

Stripe (Payment Processor)

  • Purpose: Process payments and manage subscriptions
  • Data Shared: Email, name, payment information
  • Location: United States
  • Privacy Policy: https://stripe.com/privacy

Google (OAuth Provider - Optional)

  • Purpose: Authenticate users via Google Sign-In
  • Data Shared: Email, name, profile picture
  • Location: United States
  • Privacy Policy: https://policies.google.com/privacy

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.2 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Service of any change in ownership or use of your personal information.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Subpoenas, court orders, or legal process
  • Government or law enforcement requests
  • Protection of our rights, property, or safety
  • Prevention of fraud, security threats, or illegal activity
  • Compliance with legal obligations

5.4 Aggregated and Anonymized Data

We may share aggregated or anonymized data that cannot identify you individually with:

  • Research partners
  • Analytics providers
  • Business partners
  • The public (e.g., usage statistics)

5.5 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. Under CCPA/CPRA definitions, we do not engage in "sale" or "sharing" of personal information.

6. Data Security

6.1 Security Measures

We implement industry-standard security measures to protect your data:

Technical Safeguards:

  • Encryption in transit (TLS/SSL)
  • Encryption at rest for sensitive data
  • Secure password hashing (bcrypt)
  • Regular security audits and penetration testing
  • Firewall protection and intrusion detection

Organizational Safeguards:

  • Access controls and authentication
  • Employee training on data protection
  • Regular security policy reviews
  • Incident response procedures
  • Data minimization practices

Infrastructure Security:

  • Secure cloud hosting (Supabase, Vercel)
  • Regular backups and disaster recovery
  • Database row-level security policies
  • API rate limiting and protection

6.2 Your Responsibilities

You are responsible for:

  • Maintaining the confidentiality of your password
  • Using strong, unique passwords
  • Enabling two-factor authentication when available
  • Logging out of shared devices
  • Reporting suspected security breaches

6.3 Limitations

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Your Privacy Rights

7.1 Rights Under GDPR (EU Residents)

If you are located in the European Union, you have the following rights:

Right to Access:

  • Request a copy of your personal data
  • Receive information about how we process your data

Right to Rectification:

  • Correct inaccurate or incomplete data

Right to Erasure ("Right to be Forgotten"):

  • Request deletion of your personal data
  • Exceptions apply for legal compliance and fraud prevention

Right to Restriction of Processing:

  • Limit how we use your data in certain circumstances

Right to Data Portability:

  • Receive your data in a machine-readable format
  • Transfer your data to another service provider

Right to Object:

  • Object to processing based on legitimate interests
  • Object to direct marketing at any time

Right to Withdraw Consent:

  • Withdraw consent for processing at any time
  • Does not affect lawfulness of processing before withdrawal

Right to Lodge a Complaint:

  • File a complaint with your local supervisory authority

7.2 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights:

Right to Know:

  • Request disclosure of personal information collected
  • Request categories of sources and purposes
  • Request information about third-party sharing

Right to Delete:

  • Request deletion of your personal information
  • Exceptions apply for legal compliance and security

Right to Correct:

  • Request correction of inaccurate personal information

Right to Opt-Out of Sale/Sharing:

  • We do not sell or share your personal information

Right to Limit Use of Sensitive Personal Information:

  • Limit our use of sensitive personal information
  • Contact us to exercise this right

Right to Non-Discrimination:

  • We will not discriminate against you for exercising your rights
  • No denial of service, different prices, or reduced quality

7.3 How to Exercise Your Rights

To exercise any of these rights, you can:

Email us: connect@thinkbigtechnology.com

Use our Data Rights Portal: https://sprinklerproai.com/privacy-rights (when available)

Account Settings: Settings → Privacy → Data Rights

Required Information:

  • Your full name
  • Email address associated with your account
  • Description of your request
  • Verification information (for security)

Response Time:

  • GDPR requests: Within 30 days (may extend to 60 days for complex requests)
  • CCPA/CPRA requests: Within 45 days (may extend to 90 days)

Verification: We may request additional information to verify your identity before processing certain requests, particularly deletion requests.

7.4 Authorized Agents

California residents may designate an authorized agent to make requests on your behalf. We require:

  • Written authorization from you
  • Verification of the agent's identity
  • Direct confirmation from you (in some cases)

8. Cookies and Tracking Technologies

8.1 What Are Cookies?

Cookies are small text files stored on your device that help us provide and improve the Service.

8.2 Types of Cookies We Use

Essential Cookies (Required):

  • Authentication and session management
  • Security and fraud prevention
  • Service functionality

Analytics Cookies (Optional):

  • Usage statistics and metrics
  • Performance monitoring
  • Feature usage tracking

Preference Cookies (Optional):

  • Theme preferences (dark mode)
  • Language preferences
  • UI customization

8.3 Cookie Duration

  • Session Cookies: Deleted when you close your browser
  • Persistent Cookies: Remain for a set period (max 12 months)

8.4 Managing Cookies

You can control cookies through:

  • Browser settings (block all cookies, third-party only, or allow all)
  • Our cookie consent banner (on first visit)
  • Privacy settings: Settings → Privacy → Cookie Preferences

Note: Blocking essential cookies may prevent you from using certain features.

8.5 Third-Party Cookies

We do not use third-party advertising cookies. Our third-party service providers may set their own cookies as described in their privacy policies.

9. Children's Privacy

9.1 Age Requirement

SprinkAI is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.

9.2 If We Learn of Child Data

If we become aware that we have collected personal information from a child under 18 without parental consent, we will:

  • Delete the information as quickly as possible
  • Terminate the account
  • Notify the email address associated with the account

9.3 Parental Notice

If you believe your child under 18 has provided us with personal information, please contact us at connect@thinkbigtechnology.com immediately.

10. International Data Transfers

10.1 Data Location

Our Service is operated in the United States. If you are located outside the United States, your information will be transferred to, stored, and processed in the United States.

10.2 EU-U.S. Data Transfers

For transfers of personal data from the European Union to the United States, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Your explicit consent when necessary

10.3 Additional Safeguards

We implement supplementary measures to ensure adequate protection:

  • Encryption in transit and at rest
  • Access controls and authentication
  • Regular security assessments
  • Contractual obligations with service providers

11. Changes to This Privacy Policy

11.1 Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

11.2 Notification

We will notify you of material changes by:

  • Posting a notice on the Service
  • Sending an email to your registered email address
  • Updating the "Last Updated" date at the top of this policy
  • Requiring acceptance for significant changes

11.3 Review

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

11.4 Continued Use

Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated Privacy Policy.

12. Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) feature that signals websites not to track you. Currently, there is no industry standard for recognizing DNT signals. We do not respond to DNT signals, but we respect your privacy choices through our privacy settings.

13. Contact Us

13.1 Privacy Questions

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Think Big Technology LLC

Email: connect@thinkbigtechnology.com

Mail: Think Big Technology LLC Privacy Officer 32 Heckel Street Belleville, NJ 07109 United States

GitHub: https://github.com/ibrahimalzubi

13.2 Data Protection Officer (GDPR)

For GDPR-related inquiries, you may contact our Data Protection Officer:

Email: connect@thinkbigtechnology.com

13.3 EU Representative (GDPR)

If you are located in the EU and we are required to appoint an EU representative, contact information will be provided here.

13.4 Response Time

We aim to respond to all privacy inquiries within 5 business days. For formal data rights requests, see Section 7.3 for response timeframes.

14. California-Specific Disclosures

14.1 California "Shine the Light" Law

California Civil Code Section 1798.83 permits California residents to request information about our disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

14.2 CCPA/CPRA Metrics (Annual Disclosure)

As required by CCPA/CPRA, we will publish annual metrics about consumer requests:

  • Number of requests received (by type)
  • Number of requests complied with
  • Median response time
  • Number of requests denied

These metrics will be available at: https://sprinklerproai.com/ccpa-metrics

15. Additional Information

15.1 Automated Decision-Making

We use automated decision-making in limited circumstances:

  • AI-generated chat responses
  • Fraud detection algorithms
  • Usage limit enforcement

You have the right to human review of automated decisions that significantly affect you.

15.2 Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify affected users within 72 hours (GDPR) or as required by law
  • Notify relevant supervisory authorities
  • Provide information about the breach and steps to protect yourself
  • Offer credit monitoring services if appropriate

15.3 Accessibility

We are committed to making this Privacy Policy accessible to all users. If you need this policy in an alternative format, please contact us at connect@thinkbigtechnology.com.

Copyright © 2025 Think Big Technology LLC. All rights reserved.

Created by Ibrahim Alzubi (@ibrahimalzubi)

This Privacy Policy was last reviewed and updated on January 22, 2025.