1. Introduction

This Business Console Privacy Policy ("Policy") describes how Icarus Inc., the developer and operator of Hail Sentinel, ("Company," "we," "us," or "our") collects, uses, discloses, and protects your personal and business information when you use the Hail Sentinel Business Console ("Console" or "Platform").

The Business Console is designed for commercial customers who require advanced hail intelligence capabilities, multi-location monitoring, team management, and API access.

2. Data Controller Information

The data controller responsible for your personal information is:

3. Information We Collect

3.1 Account and Organization Information

• Administrator Details: Name, email address, phone number, and job title of account administrators.
• Organization Information: Company name, address, industry, size, and billing information.
• Team Member Data: Names, email addresses, and roles of users added to your organization's account.
• Payment Information: Billing address, payment method details (processed through secure third-party payment processors).

3.2 Location and Asset Data

• Monitored Locations: Addresses, geographic coordinates, and property details of locations you add for monitoring.
• Asset Information: Details about assets at monitored locations (optional), such as vehicle fleets, equipment, or property values.
• Custom Zones: Geographic boundaries and alert zones you define within the Console.

3.3 Usage and Technical Data

• Console Activity: Features accessed, reports generated, alerts configured, and actions taken within the Console.
• API Usage: API calls, endpoints accessed, request parameters, and response data.
• Device Information: Browser type, operating system, IP address, and device identifiers.
• Log Data: Access logs, error logs, and security audit trails.

3.4 Integration Data

• Third-Party Integrations: Data exchanged with connected services (CRM, ERP, fleet management systems).
• Webhook Data: Information transmitted to your configured webhook endpoints.
• SSO/SAML Data: Authentication tokens and user attributes from identity providers.

4. How We Use Your Information

4.1 Service Delivery

• Providing weather intelligence and hail predictions for your monitored locations
• Generating reports, analytics, and historical data visualizations
• Sending alerts and notifications to configured channels (email, SMS, webhooks)
• Managing your organization's account, team members, and permissions
• Processing API requests and delivering data to your integrated systems

4.2 Service Improvement

• Analyzing platform usage to improve features and user experience
• Improving forecast accuracy and alert timing based on aggregate data
• Developing new features and capabilities for business customers
• Conducting research using anonymized and aggregated data

4.3 Business Operations

• Processing payments and managing billing
• Providing customer support and technical assistance
• Communicating service updates, maintenance windows, and important notices
• Ensuring compliance with contractual obligations (SLAs, service agreements)

4.4 Security and Compliance

• Detecting and preventing unauthorized access, fraud, and abuse
• Maintaining audit trails for compliance purposes
• Enforcing our Terms of Service and Acceptable Use Policy
• Complying with legal obligations and responding to lawful requests

5. Legal Bases for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data based on:

• Contract Performance: Processing necessary to provide the services under your service agreement or subscription terms.
• Legitimate Interests: Processing for service improvement, security, fraud prevention, and business operations, balanced against individual rights.
• Legal Obligation: Processing necessary to comply with applicable laws, regulations, and legal processes.
• Consent: Where required for specific processing activities (e.g., marketing communications).

6. Data Sharing and Third Parties

6.1 Service Providers

We share data with trusted service providers who assist in operating the Console:

• Cloud Infrastructure: Google Cloud Platform (data hosting and processing)
• Authentication: Firebase Authentication, identity providers you configure
• Payment Processing: Stripe (payment processing and billing)
• Analytics: Internal analytics systems (usage metrics)
• Communication: Email and SMS delivery services

6.2 Your Integrations

When you configure integrations, data may be shared with:

• Third-party services you connect (CRM, ERP, fleet management)
• Webhook endpoints you configure
• Your identity provider for SSO/SAML authentication

6.3 Legal and Safety Disclosures

We may disclose information:

• To comply with legal process, court orders, or government requests
• To protect rights, property, or safety of Icarus Inc., our customers, or others
• In connection with a merger, acquisition, or sale of assets (with notice)
• With your organization's consent for purposes not described in this Policy

6.4 No Sale of Personal Information

We do not sell personal information to third parties. We do not share personal information for cross-context behavioral advertising.

7. Data Retention

We retain data based on business needs, contractual obligations, and legal requirements:

Data Type	Retention Period
Account Data	Duration of contract + 3 years
Location/Asset Data	Duration of contract + 1 year
Usage/Analytics Data	Up to 2 years (rolling)
API Logs	90 days (standard), customizable for business plans
Billing/Financial Records	Up to 7 years (legal compliance)
Security Audit Logs	Up to 3 years

Business customers may have custom retention periods as specified in their agreements. Data deletion requests are processed according to your contract terms and applicable law.

8. Your Rights and Choices

8.1 Data Subject Rights

You have the following rights regarding your personal data:

• Access: Request a copy of personal data we hold about you or your organization.
• Correction: Update or correct inaccurate information through the Console or by request.
• Deletion: Request deletion of personal data, subject to contractual and legal retention requirements.
• Portability: Export your data in structured, machine-readable formats.
• Restriction: Request restriction of processing in certain circumstances.
• Objection: Object to processing based on legitimate interests.

8.2 Organization Administrators

Account administrators can:

• Manage team member access and permissions
• Export organizational data through the Console
• Configure data retention settings (where available)
• Request account deletion through business support

8.3 How to Exercise Rights

To exercise your privacy rights:

• Use the data management tools in the Console
• Contact your account administrator (for team members)
• Email us at privacy@hailsentinel.com
• Contact your account manager

9. Data Security

We implement robust security measures:

• Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access control (RBAC), multi-factor authentication
• Infrastructure: SOC 2 Type II compliant cloud infrastructure
• Monitoring: 24/7 security monitoring, intrusion detection, anomaly detection
• Auditing: Comprehensive audit trails for compliance and forensics
• Penetration Testing: Regular third-party security assessments

10. International Data Transfers

Your information may be processed in the United States and other countries where our infrastructure and service providers operate.

For transfers from the EEA, UK, or Switzerland:

• We use Standard Contractual Clauses (SCCs) approved by the European Commission
• We rely on adequacy decisions where applicable
• Business customers may negotiate Data Processing Agreements (DPAs) with additional safeguards

11. Changes to This Policy

We may update this Policy periodically. We will notify you of material changes by:

• Posting notice in the Console
• Sending email to account administrators
• Updating the "Last Updated" date
• For business customers, notifying through your account manager

12. Contact Us

For questions about this Privacy Policy or our data practices: