Retrofit.ai
Back

Legal

Privacy Policy

Last updated June 12, 2026

This Privacy Policy explains how Retrofit.ai (“we”, “us”, “our”) collects, uses, and protects information about HVAC contractors (“Contractors”) and the homeowners they invite to a pre-inspection (“Homeowners”).

1. Information we collect

From Contractors: name, company name, work email, phone number (optional), profile photo (optional), and the information needed to authenticate sign-in.

From Homeowners: the structured intake responses (property details, equipment, comfort goals, etc.), photos and optional video they upload to the pre-inspection link, and any consent flags they tick. We collect this information only after a Homeowner clicks the link a Contractor sends them.

Automatic: standard server logs (IP address, user-agent, timestamp), browser cookies required for sign-in sessions, and anonymous usage counters for our third-party providers (e.g. Mapbox geocoding usage).

2. How we use information

  • To operate the Service: render the contractor dashboard, the homeowner intake wizard, and the assessment outputs (heat-load estimate, complexity rating, rebate flags).
  • To analyze uploaded photos: inspection photos are sent to Google’s Gemini API, which automatically reads visible equipment details (make, model, condition, approximate age) to pre-fill the assessment. This output is a starting point for the Contractor, not an automated decision about any individual.
  • To send transactional emails: invitations to homeowners, new- submission notifications to contractors. We do not send marketing email without explicit opt-in.
  • To debug, improve, and secure the Service.
  • To comply with legal obligations.

3. Sharing

We do not sell your personal information. We share data only with service providers we engage to operate Retrofit.ai, under contracts that require them to protect your data and use it only for our service. Current providers include:

  • Vercel (hosting, edge network, Blob object storage for photos and videos).
  • Neon (managed Postgres database for the structured submission data).
  • Mapbox (address autocomplete and static map previews; we proxy requests so your token is never exposed).
  • Resend (transactional email delivery).
  • Google (Gemini API — uploaded inspection photos are sent to Google to automatically extract equipment details such as make, model, and condition).

A Homeowner’s submission is shared only with the Contractor who invited them and with platform administrators (currently the Retrofit.ai founding team).

4. How long we keep it

We keep submission data and uploaded photos for as long as the relevant lead exists in the Contractor’s dashboard. Contractors can archive a lead (hiding it while keeping the record) or permanently delete it, which removes the homeowner’s submission and every uploaded photo and video from both our database and our file storage. A Contractor can also delete their entire account, which erases all of their leads, submissions, and uploaded media the same way. Deletion is irreversible. We may keep aggregated, anonymous metrics indefinitely (e.g. number of submissions per month) that do not identify any individual.

5. Your rights

You may have rights to access, correct, or delete the personal information we hold about you, and to object to or restrict certain processing, subject to applicable law. Contractors can update their profile in-app and, from the dashboard, permanently delete any individual lead or their entire account (erasing all of their leads, submissions, and uploaded media). Homeowners who completed a pre-inspection can request access to, or deletion of, their information by emailing hello@retrofit.ai; we verify the request and respond within 30 days.

6. Security

We use TLS for all in-transit data, hashed passwords with bcrypt, token-scoped object storage, and least-privilege access for our team. No system is perfectly secure; we encourage you to use a strong unique password and to notify us promptly of any suspected breach.

7. Children

Retrofit.ai is intended for use by adults running or coordinating HVAC installs in their own homes or for clients. The Service is not directed to children under the age of 13.

8. International transfers

Data is hosted on servers operated by our service providers, which may be located in Canada or the United States. In particular, photos analyzed by Google’s Gemini API are processed in the United States. By using the Service, you consent to data being processed in those jurisdictions.

9. Changes

We may update this policy from time to time. Material changes will be communicated by email to Contractors. The “Last updated” date at the top of this page reflects the most recent revision.

10. Contact

Privacy questions? Reach us at hello@retrofit.ai.

This page is boilerplate prepared for the beta launch and is not legal advice. Retrofit.ai will replace it with counsel-reviewed language before general availability.