Privacy Policy
Short version: We collect only what we need to run the service. We never read or store the content of your MQTT messages. Your device data belongs to you. We retain connection logs for 6 months. Contact us at legal@ourconnectedsystems.com for any privacy request.
1. Who We Are
Our Connected Systems ("we", "us", "our") operates the IoT connectivity platform available at ourconnectedsystems.com, including the MQTT broker service, device management dashboard, and related infrastructure (collectively, the "Service").
For privacy matters, contact us at: legal@ourconnectedsystems.com
2. Data We Collect
2.1 Account and Contact Data
When you register or fill out a contact form, we collect:
- Full name and company name
- Work email address
- Phone number (optional)
- Project type and description (from contact forms)
2.2 Device and Connection Data
To provide the MQTT broker service, we collect and process:
- Device identifiers (client IDs, certificate fingerprints)
- Connection metadata: timestamps, IP addresses, connection duration, disconnection reason
- MQTT topic names and message delivery status (not message content)
- Certificate issuance and revocation events
- Error and diagnostic logs
We do not store, read, or analyze the payload (content) of your MQTT messages. Messages are routed in real time and are not persisted on our infrastructure.
2.3 Usage and Technical Data
- Browser type, operating system, and IP address (website visits)
- Pages visited and time spent on the site
- API request logs (endpoint, timestamp, status code)
2.4 Payment Data
We do not currently store payment card data. When a payment processor is integrated, payment processing will be handled by a certified PCI-DSS provider and we will update this policy accordingly.
3. How We Use Your Data
| Purpose | Data used | Legal basis |
|---|---|---|
| Providing and operating the Service | Account data, device data, connection logs | Contract performance |
| Security: detecting abuse, fraud, and unauthorized access | Connection metadata, IP addresses, logs | Legitimate interest |
| Billing and invoicing | Account data, device count metrics | Contract performance |
| Customer support | Account data, diagnostic logs | Contract performance |
| Sending service notifications | Email address | Contract performance |
| Improving the Service | Aggregated, anonymized usage data | Legitimate interest |
| Responding to contact form inquiries | Contact form data | Consent |
4. Data Retention
- Connection and device logs: 6 months from the date of the event, then permanently deleted.
- Account data: Retained for the duration of the contract plus 3 years for legal and tax purposes.
- Contact form submissions: 12 months, or until the matter is resolved.
- Certificate records: Retained for the duration of the subscription plus 1 year.
5. Data Sharing and Sub-processors
We do not sell your data. We may share data with trusted sub-processors who assist in operating the Service, under appropriate data processing agreements. Current categories of sub-processors include:
- Cloud infrastructure and hosting providers
- Monitoring and alerting services
- Email delivery services (for transactional emails)
We will publish a full list of named sub-processors upon request.
6. International Transfers
Our Connected Systems is based in Argentina. Argentina has been recognized by the European Commission as providing an adequate level of personal data protection. If your data is transferred outside Argentina, we ensure appropriate safeguards are in place in accordance with applicable law.
7. Your Rights
Under Argentine Law 25,326 (Ley de Protección de Datos Personales) and, where applicable, the GDPR, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — request correction of inaccurate or incomplete data.
- Deletion — request deletion of your personal data, subject to legal retention obligations.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interest.
- Withdraw consent — where processing is based on consent, withdraw it at any time.
To exercise any of these rights, contact us at legal@ourconnectedsystems.com. We will respond within 30 days. You also have the right to lodge a complaint with the Agencia de Acceso a la Información Pública (AAIP) at www.argentina.gob.ar/aaip.
8. Cookies
Our website uses only technically necessary cookies required for the site to function (session management, security). We do not use tracking cookies, analytics cookies, or advertising cookies.
9. Data Security
We implement industry-standard security measures including:
- TLS 1.3 encryption for all data in transit
- X.509 mutual authentication for device connections
- Encryption at rest for stored data
- Access controls and audit logging for internal systems
- Regular security reviews
No method of transmission or storage is 100% secure. In the event of a data breach affecting your rights, we will notify you as required by applicable law.
10. Changes to This Policy
We may update this Privacy Policy periodically. We will notify registered users of material changes by email. The updated policy will take effect 30 days after notification, unless you object before that date.
11. Contact
For any privacy-related questions, requests, or complaints:
- Email: legal@ourconnectedsystems.com
- Website: ourconnectedsystems.com