Privacy Policy — CMMS Pro

Please review. This document forms part of the agreements governing your use of @@PRODUCT@@. Please read it carefully.

1. Introduction

This Privacy Policy explains how RIR LLC (“RIR LLC,” “we,” “us”) collects, uses, discloses, and safeguards information in connection with the CMMS Pro service and website at cmmspro-stats.com. It applies to our public website, account holders, and Authorized Users.

For Customer Data that we process on behalf of our business customers, the customer is the “controller” and we act as a “processor”; that processing is governed by our Data Processing Addendum and the customer’s own privacy practices.

2. Who We Are

RIR LLC is the operator of CMMS Pro. For privacy inquiries, contact [email protected].

3. Information We Collect

3.1 Information you provide

Account & profile: name, username, email, phone number, job title, company, and password (stored hashed).
Billing: subscription and seat details; payment card data is collected and processed directly by Stripe — we receive limited billing metadata (e.g., last four digits, status), not full card numbers.
Customer Data: the operational records you enter, such as work orders, assets, locations, parts, images, and personnel records. You control this data.
Communications: messages, support requests, and feature requests you send us.

3.2 Information collected automatically

Usage & device data: IP address, browser type, user-agent, pages visited, and timestamps, including login and activity logs used for security and audit.
Location data: if you use GPS-capture features, your device’s coordinates (with your permission) to tag assets and locations.
Cookies & local storage: see our Cookie Policy. We use browser local storage to keep you signed in.

4. How We Use Information

provide, operate, secure, and maintain the Service;
authenticate users and enforce access controls and seat limits;
process payments and manage subscriptions (via Stripe);
send transactional and service emails (for example, password resets, notifications, dispatch and work-order emails);
provide support and respond to requests;
monitor, troubleshoot, and improve performance and security, including audit logging;
comply with legal obligations and enforce our terms;
analyze usage in aggregated or de-identified form to improve the Service.

We do not sell your personal information, and we do not display third-party advertising in the Service.

5. Legal Bases (EEA/UK Users)

Where the GDPR or UK GDPR applies, we process personal data on the bases of: performance of a contract (to provide the Service); legitimate interests (security, improvement, and operation of the Service); consent (for example, optional location capture); and compliance with legal obligations. You may withdraw consent at any time where processing is based on consent.

7. Subprocessors

We rely on the following third-party subprocessors to deliver the Service. This list may be updated; see the current list and the DPA for details.

Subprocessor	Purpose	Data involved
Stripe, Inc.	Payment processing & subscription billing	Billing identifiers, payment card data (handled by Stripe)
Cloudflare, Inc.	CDN, DNS, network security, secure tunnel	IP address, request metadata
Resend	Transactional email delivery	Recipient email, message content
Self-hosted infrastructure	Application hosting & storage	All Customer Data at rest

8. Cookies & Local Storage

We use strictly necessary cookies and browser local storage to authenticate sessions and remember preferences. We do not use third-party advertising cookies. For details, see our Cookie Policy.

9. Data Retention

We retain personal data and Customer Data for as long as your Account is active and as needed to provide the Service, then for a limited period as required to comply with legal obligations, resolve disputes, and enforce agreements. After account termination, Customer Data is available for export for 30 days and is then deleted in the ordinary course, subject to backups that expire on a rolling basis.

10. Security

We implement administrative, technical, and physical safeguards designed to protect information, including encryption in transit, hashed passwords, access controls, and audit logging. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for safeguarding your credentials.

11. Your Privacy Rights

Depending on your location, you may have rights to access, correct, delete, or port your personal data, and to object to or restrict certain processing. To exercise these rights, contact [email protected]. If your data is held within a customer’s Account as Customer Data, please direct your request to that customer (the controller); we will assist them as a processor.

12. U.S. State Privacy Rights

Residents of California and certain other U.S. states may have rights to know, access, delete, and correct personal information, and to opt out of “sale” or “sharing” of personal information. We do not sell personal information. To exercise applicable rights, contact [email protected]. We will not discriminate against you for exercising your rights.

13. Children’s Privacy

The Service is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact [email protected] and we will delete it.

14. International Data Transfers

We operate in the United States, and information may be processed there or in other countries where our subprocessors operate. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.

15. Changes to This Policy

We may update this Privacy Policy. Material changes will be indicated by updating the effective date and, where appropriate, by additional notice. Continued use after changes take effect constitutes acceptance.

16. Contact Us

RIR LLC — CMMS Pro
Privacy: [email protected]
Address: 1750 14th Street, Orange City, FL 32763