Privacy Policy
Effective 2026-07-07 · Version 2 · LarsCo LLC · All legal documents
1. Scope
This Privacy Policy describes how LarsCo LLC handles personal information in connection with ROAMiQ Cloud (the "Service"), including cloud.roamiq.com, the ROAMiQ Connect Home Assistant add-on, the ROAMiQ companion mobile app, and supporting APIs.
2. Who we are
LarsCo LLC, a South Dakota limited liability company, is the controller of the personal information described in this policy. Contact us at [email protected].
3. What we collect
Account data. Email, full name, password hash (managed by Supabase Auth using Argon2id), optional TOTP secret and backup codes if you enable multi-factor authentication.
Billing data. Stripe customer ID, payment-method token (we never see PAN), billing address, invoice history, and any free-text cancellation reason / feedback you provide.
Device telemetry. From the ROAMiQ Connect add-on: an instance UUID, Home Assistant Core version, IP address as reported by HA, Cloudflare edge headers (cf-connecting-ip, cf-ipcountry — country-level geo), heartbeat status every 60 seconds, and tunnel-connected boolean.
Backup data. Full Home Assistant partial backups encrypted client-side with AES-256-GCM before upload. Each backup is accompanied by a manifest listing entity IDs, integration domains, automation / script / scene IDs and hashes, a hash of the user secrets file, and add-on slugs and versions. The manifest itself is not encrypted by design — it is the only way support can help you restore selectively.
Security and audit events. Event type, severity, source IP, instance and customer IDs, geo, IP-change deltas, and structured details.
AI usage metadata. When you use the AI features (ROAMiQ AI), we log usage metadata only: request counts, input/output token counts, the model used, the feature level (Assistant or Builder), the associated instance and customer IDs, and timestamps. We do not store the content of your AI prompts or the generated responses. Your requests are relayed to third-party model providers to generate a response; we retain only the usage metadata described here to operate, secure, bill, support, and improve the Service and to apply fair-use limits and usage caps (see Terms § 9).
Cookies and local storage. Supabase SSR session cookies, MFA challenge cookies, and the legal_acceptance_* records. No third-party trackers on cloud.roamiq.com.
Communications. Transactional email via Microsoft 365 / Graph from [email protected]. Marketing email via Klaviyo only when you have opted in.
4. How we use it
You grant LarsCo a limited, worldwide, royalty-free license to host, transmit, secure, analyze, and process Customer Content solely to provide, maintain, protect, improve, and develop the Service.
LarsCo may create and use aggregated, de-identified, or anonymized data for analytics, benchmarking, diagnostics, product development, and AI/ML model training, provided LarsCo does not attempt to re-identify it and contractually requires sub-processors to observe the same restriction. LarsCo will not use identifiable Customer Content to train AI/ML models without separate opt-in consent.
We also use personal information to:
- Operate, secure, bill, and support the Service.
- Comply with law, prevent fraud, and respond to lawful requests.
- Communicate with you about your account (transactional, always).
- Send marketing email if you opted in (you may unsubscribe any time).
5. California CPRA categories
For California residents, we collect the following CPRA-defined categories of personal information:
- Identifiers (email, full name, account UUID).
- Internet or other electronic network activity (IP address, country, request logs).
- Commercial information (Subscription, invoices).
- Sensitive personal information — account log-in credentials and MFA secret. Used solely to provide and secure the Service; no further uses requiring opt-out under Civ. Code § 1798.121(a).
We do not sell personal information or share it for cross-context behavioral advertising. We have a 30-day right-to-cure period under Civ. Code § 1798.150(b) for non-personal-injury claims.
6. Legal basis
Where applicable law requires it, our legal bases are: performance of a contract (operating the Service for you); legitimate interest (security, fraud prevention, product development); legal obligation (tax records, lawful requests); and consent (marketing email, identifiable AI training, optional features). You may withdraw consent at any time.
7. Sub-processors
We share personal information with sub-processors in the following categories to operate the Service:
- Hosting and edge-compute providers (application hosting, edge functions).
- Database, authentication, and object-storage providers.
- DNS, edge-proxy, and tunnel-transport providers.
- Payment processors and billing-address services.
- Transactional-email providers.
- Marketing-email and email-engagement platforms (only when you have opted in).
The current named set of sub-processors is published on our sub-processor list and changes are announced via /subprocessors.rss. We update that list as the set changes; this Privacy Policy is not re-versioned each time.
8. Internal access
LarsCo employees with the admin or support role can view security events, IP addresses, country-level geo, and backup manifests (the entity-ID / integration list — by design unencrypted) when supporting an active customer ticket.
Backups are encrypted client-side with AES-256-GCM before upload. Support staff do not have access to the keys required to decrypt backup contents. Managed-mode backups can be decrypted by LarsCo operations personnel using the REWIND master key, held under restricted control, for purposes consistent with this Privacy Policy — restoring your data on request, security incident response, lawful requests, and the analytics and development uses described in Section 4 (which use aggregated or de-identified data unless you have opted in to identifiable use).
9. Retention by category
| Category | Default retention |
|---|---|
| Account & credentials | Life of account + 30 days post-deletion |
| Billing & invoice data | 7 years post-transaction (US tax retention) |
| Device telemetry / device_heartbeats | 30 days (hardcoded purge) |
| Encrypted backups — Connect | ~30 days (30 versions) |
| Encrypted backups — Protect | ~90 days (365 versions) + pre-update snapshots |
| Encrypted backups — Genius | 365 days + GFS |
| Security & audit events | 24 months (auto-purge) |
| AI usage metadata (tokens/model/timestamps) | Life of account (metadata only; no prompt/response content) |
| Deletion receipts | Indefinite (legal proof of RTBF) |
| Legal acceptances | Indefinite (legal proof of consent) |
| Cloudflare edge logs | Per current Cloudflare plan retention |
10. Your rights
- Access & portability — download a JSON dump of your data at /account/legal.
- Correction — update profile fields from /account.
- Deletion (RTBF) — /account/delete. We issue a signed deletion receipt.
- Restriction / objection — email [email protected].
- Withdraw consent — unsubscribe from marketing email; disable MFA; opt out of identifiable AI training (when the toggle ships).
- Complaint — to the FTC, your state Attorney General, or the appropriate data-protection authority.
11. Children
The Service is not directed to anyone under 16 and we do not knowingly collect personal information from a child under 13. If we learn that an account belongs to a child under 13, we will terminate the account and delete the data within 14 days as required by COPPA (16 C.F.R. Part 312). Parents or guardians may contact [email protected] to request immediate deletion.
12. International transfers
The Service is currently offered only to US residents. A country-level geo gate at the network edge returns HTTP 451 to requests originating outside the US during sign-up. Limited incidental anycast routing through Cloudflare's global network may briefly process packets outside the US; payload contents are not stored at those edges. If and when we expand internationally, standard contractual clauses (SCC Module 2 / 3) and a transfer-impact assessment will be put in place.
13. Security
We use TLS 1.3 in transit; AES-256-GCM client-side encryption for backups; Argon2id password hashing; signed session cookies; CSP; rate-limiting; security-event monitoring; and least-privilege access controls.
California SB 327 (Cal. Civ. Code § 1798.91.04). Connected devices manufactured or sold by LarsCo include unique pre-programmed credentials and require new credentials before first access; no default shared passwords; security features appropriate to the function and to the information collected.
Wiretap Act, 18 U.S.C. § 2511(2)(a)(i). Processing of communications by the Service occurs solely in the ordinary course of providing the Service; LarsCo does not intercept communication content except as required by law or expressly consented to by all parties.
PCI-DSS scope.LarsCo does not store, process, or transmit cardholder data; all payment processing is performed by Stripe via Stripe Elements (Payment Element and Address Element). LarsCo's environment is in PCI-DSS SAQ A-EP scope.
To report a vulnerability, see our Vulnerability Disclosure Policy or email [email protected]. We commit to acknowledging reports within 5 business days.
14. Health, medical, and life-safety exclusion
ROAMiQ Cloud is not a medical device under 21 U.S.C. § 321(h), is not HIPAA-covered (45 C.F.R. Parts 160 / 164), and is not certified for use as a fire, smoke, CO, intrusion, freeze, oxygen, refrigerated-medication, CPAP, BiPAP, or other life-safety alarm. You must not rely on the Service for such purposes. If you connect medical or safety-critical equipment to your Home Assistant, you do so at your own risk and must maintain independent UL-listed alarms and clinically-appropriate monitoring. See Terms § 11 for the full safety-critical disclaimer.
15. Changes to this Privacy Policy
For material changes, we will provide at least 30 days' advance notice by email and via an in-product banner, and we may require an in-product re-acceptance gate before the effective date. Non-material edits update the version table on this page.
16. Contact
LarsCo LLC · Sioux Falls, South Dakota · [email protected]