Last updated: May 1, 2026 ยท Effective: May 1, 2026
This Privacy Policy explains how LaunchMyHVAC ("LaunchMyHVAC", "we", "us", or "our"), operated by Cheek Heating and Cooling LLC, collects, uses, and protects information when you use the Service.
Account information you provide: name, email, company name, phone number, business address, password (stored hashed, never in plaintext).
Customer Data you create in the Service: your customers' names, addresses, phone numbers, email addresses, equipment information, jobs, estimates, invoices, photos, notes, and payment history.
Payment information: handled by Stripe. We never see or store your full credit card number; we only retain the last 4 digits, brand, and expiration for display.
Usage information: IP address, browser type, pages visited, timestamps, device information, error logs. Used for security, debugging, and product improvement.
Communications: support emails and messages you send us.
We do not use Customer Data for advertising. We do not sell or rent personal information to third parties.
We share information only in these limited cases:
| Sub-processor | Purpose | Data they may process |
|---|---|---|
| Stripe, Inc. | Payment processing, subscription billing | Name, email, billing address, payment card (handled by Stripe directly), subscription status |
| Resend | Transactional email delivery | Recipient email, subject, body |
| Twilio | SMS messaging | Recipient phone, message body |
| Anthropic (Claude) | AI chat & diagnostics features | Prompt content (which may include device or job context you submit). Anthropic does not train on API content per their policy. |
| OpenAI | AI chat & diagnostics features (fallback / specific routes) | Prompt content. OpenAI API content is not used for training per their policy. |
| Google (Gemini API) | AI estimate drafting and assistant responses | Prompt content and contextual snippets required to generate responses |
| HVAC IQ Pro | Optional linked device context | Linked equipment telemetry and diagnostics metadata when enabled by account owner |
| DigitalOcean | Server hosting (US region) | All Service data at rest (encrypted) |
| Cloudflare | DNS, DDoS protection, edge caching | IP address, request metadata |
We use a small number of strictly-necessary cookies and similar technologies for authentication (keeping you logged in) and security (CSRF protection). We do not use third-party advertising cookies or cross-site trackers.
If you enable SMS or email features, you (the account owner) are the sender of record under TCPA and CAN-SPAM. You are responsible for obtaining your customers' consent before sending marketing or automated messages, honoring STOP/UNSUBSCRIBE requests, and complying with all applicable laws. We provide tools (opt-in tracking, unsubscribe links, STOP keyword handling) to help you comply, but the obligation is yours.
When you use AI-powered features (chat, diagnostics, photo analysis), the relevant prompt content is sent to our AI sub-processors (Anthropic and/or OpenAI). Per their published API policies, your content is not used to train their models. We do not retain raw prompts beyond what is necessary to display history within your account.
AI output is informational only. It is not a substitute for licensed-professional judgment. You are responsible for reviewing AI output before relying on it.
Account owners may request AI feature opt-out for future processing by contacting support. Opt-out may disable estimate-drafting or assistant features that require model processing.
We retain Customer Data for as long as your account is active. After account closure or cancellation, we retain operational records for up to seven (7) years unless a shorter or longer period is required by law. You may request export at any time during this retention window. Backup copies may persist for up to 30 days after deletion.
We use industry-standard safeguards: TLS encryption in transit, encryption at rest for backups, hashed passwords (PBKDF2), JWT authentication, CSRF protection, rate limiting, role-based access control, and access logging. No system is 100% secure. If we become aware of a security breach affecting your account, we will notify you without undue delay as required by law.
Depending on where you live, you may have rights to access, correct, export, or delete personal information we hold about you. To exercise these rights, email support@launchmyhvac.com. We will respond within 30 days. We will not discriminate against you for exercising these rights.
Supported rights request workflows include data export (CSV/JSON where available), deletion requests, and correction requests for account profile and customer data.
California residents (CCPA/CPRA): in the past 12 months we have collected the categories described in § 2. We have not sold or shared personal information for cross-context behavioral advertising.
The Service is not intended for use by anyone under 18. We do not knowingly collect information from children. If you believe a child has provided us with information, contact us and we will delete it.
The Service is hosted in the United States. If you access the Service from outside the U.S., you understand your information will be transferred to and processed in the U.S.
We may update this Privacy Policy from time to time. Material changes will be communicated by email and/or a notice in the Service. The "Last updated" date at the top of this page reflects the most recent change.
Questions about this Privacy Policy or our data practices? Email support@launchmyhvac.com.
Cheek Heating and Cooling LLC
Muncie, Indiana, USA