Privacy Policy

Introduction

Device Rescue LLC ("Device Rescue," "we," "us," or "our") is committed to safeguarding your privacy. This Privacy Policy describes how we collect, use, disclose, and protect personal information in connection with our Services. By accessing or using our Services, you agree to this Privacy Policy.

Scope

This Privacy Policy (“Policy”) governs the collection, use, disclosure, and safeguarding of information obtained through your access to or use of any services, software, tools, or infrastructure provided by Device Rescue LLC (“Device Rescue,” “we,” “us,” or “our”), including but not limited to our web application, retrieval kit platform, warehouse logistics systems, APIs, and all associated interfaces and communications (collectively, the “Services”).

The Services are developed and made available exclusively for use by business customers, institutional clients, and their authorized personnel. They are not intended for personal, family, or household use, and we do not knowingly collect or process personal information subject to consumer privacy laws when submitted outside the scope of a commercial or professional relationship.

By accessing or using the Services, you represent that you are acting on behalf of a business entity or organization and that any data you submit is within the scope of that professional relationship.

If you believe your personal information was submitted to us without proper authorization, please contact us using the information provided in the “Contact Information” section of our Terms of Service so we can review and address the concern appropriately.

Additional terms governing your access to and use of the Services are set forth in our Terms of Service, which are incorporated by reference into this Policy.

Information We Collect

We collect the following categories of information in connection with your use of the Services. This data may be provided directly by you, automatically collected through your interactions, or obtained from authorized third parties.

a. Information You Provide

We collect information you or your authorized representatives voluntarily submit to us when using the Services, including:

• Business and Account Information: Company name, business contact details, organizational email addresses, shipping and billing addresses, EIN, D-U-N-S Number, and any other identifiers necessary to verify account status or process transactions.

• Order and Fulfillment Data: Names, work emails, and phone numbers of employees, contractors, or other recipients designated for device retrieval or shipment coordination. This may also include opt-in SMS preferences and routing instructions submitted via order forms.

• Team Member & Assignment Data: We may collect information related to specific personnel as submitted by your organization, including names, job titles, home or remote work addresses, personal contact information, and hardware or asset assignments. Assigned devices may include laptops, tablets, monitors, or phones, and are typically accompanied by identifying metadata such as make, model, serial number, asset tag, purchase date, and purchase price.

• Payment and Billing Details: Billing contact information, invoicing details, and payment method preferences. Credit card data is processed through PCI-DSS compliant vendors via tokenization; we do not store full card numbers or CVVs.

b. Information Collected Automatically

We automatically collect certain technical and behavioral data through your interactions with our Services:

• Device and Browser Data: IP address, browser type and version, operating system, device type, language preference, and screen dimensions.

• Interaction and Activity Logs: Page views, clickstreams, search queries, referring URLs, timestamps, and time-on-page measurements.

• Session and Authentication Data: Login credentials (hashed), session tokens, CSRF tokens, login timestamps, and system event logs related to security and access control.

c. Communications and Support

We maintain records of communications initiated by you or your team, including:

• Email correspondence, chat interactions, support requests, and phone transcripts.

• Metadata associated with support activity, such as timestamps, agent interactions, and resolution summaries.

• Call recordings or transcriptions where legally permitted and applicable.

d. Tracking, Analytics, and Attribution

We utilize internal diagnostic tools as well as third-party tracking and analytics services to understand product usage and improve our Services. These tools may use cookies, pixels, tags, or similar technologies and include (but are not limited to):

• Analytics Platforms: Google Analytics, Microsoft Clarity, LinkedIn Insight Tag, TikTok Pixel, and HubSpot Analytics.

• Attribution and Behavioral Tools: Meta Pixel (Facebook), Proof/ProofSource, UTM tracking parameters, and email open or click metrics.

These technologies may collect data such as scroll depth, interaction heatmaps, referrer URLs, campaign identifiers, session replay logs, and unique visit identifiers. While these tools may enable attribution and usage diagnostics, we do not use cookies or tags for behavioral advertising purposes.

e. Information from Third Parties

We may collect or enrich your data through partnerships, integrations, or publicly available sources, including:

• Shipping and Logistics Providers: To validate addresses or track delivery status.

• Credit Reporting or Risk Tools: For vetting businesses using invoiced net terms or evaluating fraudulent activity.

• CRM Integrations and Identity Match Services: To unify communications, link session behavior, or personalize platform access.

‍

How We Use Information

We use the information we collect to operate, deliver, and improve our Services, to comply with our legal obligations, and to protect the integrity of our operations. Specifically, we may use personal and organizational information for the following purposes:

a. Service Delivery and Fulfillment

To provide, process, and fulfill retrieval kit orders, shipping requests, warehousing instructions, subscriptions, or support inquiries; including identity verification, user authentication, transaction processing, and order tracking.

b. Business Communications

To communicate with you or your designated representatives regarding order status, service issues, transactional follow-ups, account updates, administrative messages, and other operational or contractual matters. These communications may be delivered by email, SMS, or in-app messages.

c. Internal Operations

To analyze usage patterns, monitor platform performance, detect and prevent fraud, ensure system security, troubleshoot errors, and support audit, compliance, or risk management objectives.

d. Legal, Regulatory, and Security

To comply with applicable laws and legal process (e.g., subpoenas, court orders), enforce our Terms of Service or other contractual rights, resolve disputes, or respond to lawful requests from government or regulatory authorities.

e. Business Intelligence and Analytics

We use aggregated and de-identified data to understand how our Services are used, improve functionality, evaluate feature adoption, and make strategic decisions. In some cases, we use third-party analytics tools (see Section 2.d) to assist with these efforts.

f. Advertising and Retargeting

We do not sell personal information for monetary gain. However, we may share limited technical and behavioral data—such as cookie identifiers, IP addresses, or page view history—with advertising platforms (e.g., Google Ads, Meta, LinkedIn, TikTok) to conduct enterprise-focused retargeting, audience matching, or campaign measurement.

These disclosures may constitute “sharing” or “targeted advertising” under certain privacy laws. All such activities are strictly limited to professional or organizational users and are not intended for consumer targeting. We do not use behavioral advertising toward end-users, employees, or individual recipients of retrieval kits.

g. Disclosure to Service Providers

We may disclose personal information to third-party vendors, contractors, logistics providers, payment processors, customer support tools, or IT infrastructure partners who perform services on our behalf, subject to binding confidentiality and data use restrictions.

h. Mergers, Sales, or Corporate Restructuring

In the event of a merger, acquisition, divestiture, financing, or sale of all or a portion of Device Rescue’s business, we may transfer or disclose information to relevant parties, provided such transfer is subject to confidentiality and appropriate safeguards.

SMS/Text Communications

Device Rescue may transmit transactional SMS or text message notifications as part of the Services. These messages are limited to operational or fulfillment-related purposes, including but not limited to order confirmations, shipment tracking, delivery instructions, return reminders, and other communications directly tied to a service interaction.

We do not send SMS messages for advertising, marketing, or promotional purposes.

SMS notifications are only initiated when the ordering party affirmatively opts in through our Service interface and represents that they are authorized to provide consent on behalf of the intended recipient. By opting in, the ordering party warrants that the recipient has been informed of and agrees to receive such communications.

Recipients may opt out at any time by replying “STOP.” Message and data rates may apply depending on carrier and plan. Delivery of SMS messages is not guaranteed and may be affected by device settings, carrier restrictions, or technical limitations beyond our control.

Disclosure of Information

Device Rescue does not sell personal information in exchange for monetary consideration. However, we may disclose information to third parties in limited circumstances consistent with the nature of our Services and applicable law.

We may share information with a customer’s authorized administrators and internal users for purposes aligned with the organization’s use of the Services. We may also disclose information to third-party service providers engaged under binding written agreements to perform functions on our behalf—such as hosting infrastructure, billing, payment processing, customer support, analytics, or logistics coordination. These service providers are contractually obligated to safeguard the confidentiality and integrity of the data they process and may only use such data in accordance with our instructions.

Where invoiced services or net terms are extended, we may disclose commercial payment history or credit risk information to appropriate commercial credit bureaus or agencies, solely for lawful business reporting purposes.

We may also disclose information if required by applicable law, regulation, subpoena, or legal process, or where we reasonably believe such disclosure is necessary to protect the rights, property, or safety of Device Rescue, our users, or others, or to detect, prevent, or respond to fraud, misuse, or security concerns.

In connection with certain advertising and measurement tools—including services offered by Meta, LinkedIn, Google, Microsoft, and similar platforms—we may transmit limited technical or behavioral data for the purpose of site optimization, attribution, or retargeting. Such disclosures may be deemed a “sale” or “sharing” under certain laws, even when no monetary consideration is exchanged.

No third party receives information from Device Rescue for their own independent commercial use or promotional benefit unrelated to the delivery or performance of our Services.

Data Security

Device Rescue maintains administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of your information. These safeguards include data encryption in transit and at rest, role-based access controls, audit logging, isolated service environments, and routine vulnerability monitoring. We also perform regular encrypted backups of critical systems and databases to ensure continuity and disaster recovery capability.

Payment information is never stored directly by Device Rescue. All payment processing is handled by a PCI-DSS Level 1 compliant third-party provider. Sensitive payment details, such as full card numbers and CVVs, are tokenized and securely stored off-platform in accordance with applicable industry standards.

We engage reputable infrastructure, analytics, and support service providers to operate and scale the Services. All such vendors are subject to contractual obligations requiring them to implement appropriate technical and organizational security measures and to process data only as instructed by Device Rescue.

Despite these precautions, no method of electronic transmission or storage can be guaranteed to be 100% secure. You are responsible for maintaining the confidentiality of your access credentials and for promptly notifying us of any suspected unauthorized access to your account.

Sub processors

To operate and maintain the Services, Device Rescue relies on a limited number of third-party service providers (“Sub processors”) for core business functions such as infrastructure hosting, logistics, analytics, billing, and customer support.

These vendors may process certain categories of personal or organizational information solely as necessary to support the delivery of our Services. We take care to use reputable service providers with publicly stated privacy and security practices, and we limit the information shared to what is operationally required.

Some Sub processors may operate in jurisdictions outside of your own. By using the Services, you acknowledge and agree that such third parties may process limited operational data in accordance with their own privacy policies and applicable data protection laws.

If required by law or upon reasonable written request, Device Rescue will provide additional details regarding its current Sub processors or assist with questions related to data processing practices.

Data Retention

Device Rescue retains personal and organizational data only for as long as reasonably necessary to fulfill the purposes for which it was collected, including the provision of Services, internal operations, compliance with legal and regulatory obligations, dispute resolution, and enforcement of our agreements.

We may retain transactional and operational data associated with retrieval orders, shipments, billing, and account activity for audit, tax, and contractual compliance purposes, even after account deactivation or termination.

Where legally permitted, residual data may be archived or securely stored in backup systems for disaster recovery or continuity purposes. Such archived data is subject to restricted access and will not be reactivated except as required by law or in connection with a legitimate business interest.

Retention periods may vary depending on the nature of the data, applicable legal requirements, and contractual commitments. When data is no longer needed, we will take reasonable steps to delete, de-identify, or securely archive it.

Your Rights

Depending on your jurisdiction, you may have certain rights with respect to the personal information we maintain. These may include the right to access or correct your information, to request deletion where appropriate, or to object to certain forms of processing as permitted by law.

To exercise these rights, you may contact us at legal@devicerescue.com. We may take steps to verify your identity before processing a request, and we reserve the right to deny a request where permitted by law or where compliance would interfere with our legal obligations, contractual commitments, or essential business operations.

We do not discriminate against individuals for exercising their privacy rights. However, certain functionality may depend on the availability of specific data, and limitations may apply where rights conflict with legitimate business needs or the rights of others.

California Privacy Disclosures (CPRA)

If you are a resident of California, you may have additional rights under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, “CPRA”). This section outlines those rights and our disclosures consistent with California law.

We do not sell personal information for monetary gain. However, we may “share” limited technical data (such as IP addresses, browser metadata, or visit activity) with advertising platforms for retargeting or performance attribution, as described in this Policy. These practices may constitute “sharing” under California law. We limit such data usage to professional and organizational contexts and do not knowingly target individuals in a personal or consumer capacity.

Categories of Personal Information We Collect:

In the past 12 months, we have collected the following categories of personal information from users of our Services:

• Identifiers (e.g., names, emails, IP addresses)

• Commercial information (e.g., order history, transaction details)

• Internet or network activity (e.g., browsing behavior, usage metrics)

• Geolocation data (inferred from IP address)

• Professional or employment-related information (e.g., job titles, company affiliations)

• Sensitive information (e.g., device serial numbers, home addresses for retrieval coordination)

We collect this information to operate our Services, fulfill orders, provide support, perform analytics, and comply with legal obligations. We disclose this data only to authorized service providers, business partners, or as otherwise permitted by law, in line with the purposes described in this Policy.

California Rights:

If you are a California resident, you may have the right to:

• Access the categories and specific pieces of personal information we have collected about you

• Correct inaccurate personal information in our records

• Delete personal information, subject to certain legal exceptions

• Limit the use of sensitive personal information (if applicable)

• Opt out of the sale or sharing of personal information for cross-context behavioral advertising

We do not use sensitive personal information to infer characteristics about you, and we do not offer financial incentives tied to data collection.

To exercise any of these rights, or to designate an authorized agent to act on your behalf, you may contact us at legal@devicerescue.com. We may verify your identity before fulfilling a request, and we will not discriminate against you for exercising your rights under California law.

For clarity and transparency, all rights and protections afforded to California residents are also extended to our organizational customers and their authorized users, consistent with our commitment to responsible data stewardship.

International Use

Device Rescue is based in the United States. By accessing or using the Services from outside the U.S.—including Canada—you acknowledge and agree that your information may be transmitted to, stored in, and processed within the United States or other jurisdictions where our infrastructure or service providers operate. These jurisdictions may not offer the same level of data protection as your home country.

By continuing to use the Services, you consent to the transfer and handling of your data as described in this Policy, to the extent permitted by applicable law.

Changes to This Policy

We may revise this Privacy Policy from time to time to reflect changes in law, regulatory guidance, industry standards, or enhancements to our Services and data practices. When we do, we will update the “Last Updated” date at the top of this Policy.

If we make material changes that affect your rights or our obligations, we will provide advance notice where legally required—such as through in-Service notifications, email, or other appropriate channels.

Your continued access to or use of the Services after the effective date of any updated Policy will constitute your acknowledgment and acceptance of the revised terms. If you do not agree to the updated terms, you must discontinue use of the Services.

We encourage you to review this Policy regularly to stay informed about how we collect, use, and protect your information.

Changes to this Privacy Policy may accompany updates to our Terms of Service. Where applicable, updates will be coordinated to ensure consistency between these documents.

Contact

Device Rescue takes privacy seriously and welcomes inquiries about how we handle data. If you have questions about this Privacy Policy, our information practices, or if you wish to exercise your rights regarding your personal data, you may contact us using the information below.

We review all inquiries in good faith and aim to respond in a timely and appropriate manner. Depending on the nature of your request, we may ask for additional information to verify your identity before taking further action.

Please direct all privacy-related correspondence to:

Device Rescue LLC
784 S Clearwater Loop, STE 5250
Post Falls, ID 83854
United States

Email: legal@devicerescue.com

For general questions not related to data privacy, you may also reach us at info@devicerescue.com.