Privacy Policy

Last updated: 27 February 2026

1. Introduction

HerbAir Pro (Pty) Ltd ("we", "us") is committed to protecting the privacy of users of HerbAir Pro devices and the fleet management platform at herbairpro.com. This policy describes what data we collect, how we use it, and your rights under the Protection of Personal Information Act (POPIA) and applicable data protection laws.

2. Data We Collect

2.1 Device Telemetry

When connected to cloud services, your HerbAir Pro device transmits operational telemetry including:

  • Current and target temperature readings
  • Fan speed percentage
  • Heater state (on/off)
  • Device state (idle, heating, session, cooldown)
  • Safety sensor status (tilt, thermal fuse)
  • Device uptime and firmware version
  • Device identifier

Telemetry is transmitted every 5 seconds during operation.

2.2 Configuration Data

Device configuration settings (target temperature, fan speed, PID tuning parameters) stored in the cloud fleet management system.

2.3 Web Dashboard Usage

Standard web server logs including IP address, browser type, and pages visited. See our Cookie Policy for details on browser storage.

3. How We Use Your Data

  • Device operation: Telemetry data enables real-time monitoring, remote configuration, and safety alerting through the fleet dashboard.
  • Safety & compliance: Safety event data (over-temperature, tilt, fuse events) is logged to maintain device safety records.
  • Product improvement: Aggregated, anonymized telemetry may be used to improve firmware, PID tuning, and thermal performance.
  • Support: Telemetry history may be reviewed to diagnose device issues when you contact support.

4. Data Storage & Security

Telemetry data is stored on Cloudflare's global edge network using D1 (SQLite) and Workers KV. Data is encrypted in transit (TLS 1.3) and at rest. Device metadata is stored in key-value storage with device-level access controls.

API access requires bearer token authentication. We do not store passwords — device authentication uses API tokens.

5. Data Retention

Telemetry logs are retained for 90 days, after which they are automatically purged. Device metadata and configuration are retained for as long as the device is registered. You may request deletion at any time.

6. Data Sharing

We do not sell, rent, or share your personal or device data with third parties, except:

  • Infrastructure providers: Cloudflare processes data as our infrastructure provider under a data processing agreement.
  • Legal requirements: When required by law, regulation, or legal process.
  • Safety: If device telemetry indicates a safety hazard, we may share relevant data with safety authorities.

7. Your Rights

Under POPIA and applicable data protection laws, you have the right to:

  • Access the personal and device data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to processing of your data
  • Request data portability (export your telemetry data)

To exercise these rights, contact privacy@herbairpro.com.

8. Offline Operation

HerbAir Pro devices function fully without cloud connectivity. The device operates via local MQTT when not connected to the internet. Cloud telemetry is optional and can be disabled in device configuration.

9. Children

HerbAir Pro devices and services are not intended for use by persons under the age of 18. We do not knowingly collect data from minors.

10. Changes to This Policy

We may update this policy periodically. Changes will be posted on this page with an updated revision date. Material changes will be communicated via the Service dashboard.

11. Contact

Information Officer: privacy@herbairpro.com

POPIA Regulator: Information Regulator (South Africa)