Privacy Policy
Last updated: [DATE]
1. Who We Are
Pool Health is operated by Paimons Codex LLC, a Florida limited liability company with its principal place of business in West Palm Beach, Florida (“Pool Health,” “we,” “us,” or “our”). Pool Health provides a business-management platform for pool service companies (our “Customers”).
This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use poolhealth.ai and our related mobile application (collectively, the “Service”). It also describes our role with respect to personal data that our Customers upload about their own clients (homeowners and property owners whose pools are serviced).
If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.
2. Data Controller vs. Data Processor
Pool Health operates in two distinct capacities, and it is important to understand the distinction:
- Data Controller — For personal data we collect directly from our Customers (business owners and their invited technicians) in connection with account registration, billing, and product use, Pool Health is the data controller. We determine the purposes and means of processing that data.
- Data Processor — When our Customers upload personal data about their own clients (names, addresses, contact information, pool service records, etc.), Pool Health acts as a data processor on behalf of the Customer, who is the data controller for that end-client data. Our processing of end-client data is governed by our agreements with Customers and applicable law. Individuals whose data is uploaded by a pool service company should direct privacy inquiries to that company first.
3. Information We Collect
3.1 Account & Business Information (Controller)
When you create an account or invite a team member, we collect:
- Full name and email address of the account owner and technicians
- Organization (business) name
- Service area (city names or ZIP codes)
- Password (stored as a one-way hash; we never store plaintext passwords)
- Billing information — handled directly by Stripe; we receive only a Stripe customer ID and subscription status, not raw card numbers
3.2 Customer & Pool Data (Processor)
Our Customers upload data about the pools and homeowners they service. This may include:
- Homeowner names, physical addresses, and phone numbers
- Pool specifications (dimensions, surface type, sanitizer system, equipment make and model)
- Service history: chemical readings, checklist completions, technician notes, and timestamps
- Photographs taken during service visits (uploaded to cloud storage)
- Quote and invoice records
- Recurring service schedule data
We process this data solely on behalf of the Customer and do not use it for our own commercial purposes beyond providing the Service.
3.3 Usage & Technical Data
We automatically collect limited technical information when you use the Service, including:
- IP address and general geolocation (country/region)
- Browser or mobile app version
- Pages or screens visited and feature interactions
- Error logs and crash reports
This data is used to maintain, secure, and improve the Service. It is not sold or shared with advertising networks.
3.4 Artificial Intelligence Processing
When you use our AI-powered service instruction feature, we transmit certain pool and service data (pool specifications, equipment details, chemical readings, and recent service history) to the Anthropic Claude API to generate service guidance. Anthropic’s use of data transmitted via the API is governed by Anthropic’s privacy policy and API usage policies. We do not transmit personal identifiers (names, addresses) to Anthropic’s API — only technical pool data. You may disable AI features by not using them; they are never triggered without an explicit user action.
4. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Process account registration, authentication, and subscription billing
- Send transactional communications (account confirmations, password resets, billing receipts, technician invitations) — we do not send marketing email without opt-in consent
- Generate AI-powered service instructions (where enabled)
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations and enforce our Terms of Service
- Improve our product using aggregated, anonymized usage data — we derive statistical insights (e.g., which features are used most) from data that cannot be linked back to any individual or organization
5. Legal Bases for Processing (GDPR)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases:
- Contract performance — processing necessary to provide the Service you have signed up for (Art. 6(1)(b) GDPR)
- Legitimate interests — security monitoring, fraud prevention, product analytics, and aggregate product improvement, where those interests are not overridden by your fundamental rights (Art. 6(1)(f) GDPR)
- Legal obligation — compliance with applicable law (Art. 6(1)(c) GDPR)
- Consent — where we obtain your explicit consent (e.g., marketing communications); you may withdraw consent at any time
For Customer-uploaded end-client data processed on behalf of our Customers, we act as processor under Art. 28 GDPR and process data only on documented Customer instructions.
6. Third-Party Service Providers
We share personal data with third-party service providers for purposes including hosting, authentication, payment processing, and AI features. All providers are contractually bound to protect data consistent with this policy and applicable law. A list of our current subprocessors is available to Customers on request at privacy@poolhealth.ai.
We do not sell personal data to third parties. We do not share personal data with advertising networks or data brokers.
7. International Data Transfers
Our subprocessors operate primarily in the United States. If you are located in the EEA, UK, or Switzerland, your personal data may be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms, to lawfully transfer personal data outside the EEA where required.
8. Data Retention
We retain personal data for as long as your account is active and as long as necessary to provide the Service. When you close your account, we will delete or anonymize your personal data unless we are required by law to retain it longer (for example, for tax or legal compliance purposes).
To request deletion of your data or your organization’s data, contact us at privacy@poolhealth.ai. We will respond within thirty (30) days.
9. Security
We implement technical and organizational safeguards including:
- Encryption in transit (TLS 1.2+) for all data communications
- Encryption at rest for database storage
- Row-level security (RLS) in the database ensures each pool service company can only access its own data — cross-tenant data leakage is prevented at the database layer
- Secure password hashing; we never store plaintext passwords
- Access controls limiting employee access to production data
No security measure is 100% effective. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and, where required, the appropriate supervisory authority within the timeframe required by applicable law.
10. Your Privacy Rights
10.1 Rights for EEA / UK / Swiss Residents (GDPR / UK GDPR)
You have the right to: access the personal data we hold about you; rectify inaccurate data; erase your data (“right to be forgotten”) where no overriding legal basis for retention applies; restrict processing; receive your data in a portable format; object to processing based on legitimate interests; and lodge a complaint with your local supervisory authority.
10.2 Rights for California Residents (CCPA / CPRA)
California residents have the right to: know what personal information we collect, use, disclose, and sell (we do not sell personal information); delete personal information we hold about you, subject to certain exceptions; correct inaccurate personal information; opt out of the sale or sharing of personal information (not applicable — we do not sell or share personal information); and non-discrimination for exercising your privacy rights.
We do not sell personal information as defined under the CCPA/CPRA, nor do we share it for cross-context behavioral advertising.
10.3 How to Exercise Your Rights
To exercise any of the above rights, please contact us at privacy@poolhealth.ai. We will respond within thirty (30) days (or forty-five (45) days where permitted by law with notice). We may require verification of your identity before fulfilling a request.
If your personal data was uploaded by a pool service company that uses Pool Health (i.e., you are a homeowner whose pool is serviced by one of our Customers), please direct your privacy request to that company. We will assist our Customer in responding to your request as required by applicable law.
11. Cookies and Tracking Technologies
We use strictly necessary cookies and session tokens required for authentication and secure operation of the Service. We do not use third-party advertising cookies or cross-site tracking pixels. Our server infrastructure may set functional cookies to maintain session state.
You may disable cookies through your browser settings. Disabling cookies will prevent you from logging in to the Service.
12. Children’s Privacy
The Service is intended for use by businesses and their adult employees. We do not knowingly collect personal data from anyone under the age of eighteen (18). If you believe we have inadvertently collected such data, please contact us at privacy@poolhealth.ai and we will promptly delete it.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. For material changes, we will provide at least thirty (30) days advance notice by email to the address associated with your account. Your continued use of the Service after the effective date constitutes your acceptance of the revised policy.
14. Contact Us
For privacy-related questions, requests, or complaints, please contact:
Paimons Codex LLC — PrivacyWest Palm Beach, Florida, USA
Email: privacy@poolhealth.ai
EEA/UK residents who are not satisfied with our response may lodge a complaint with the supervisory authority in their country of residence.