RACO Monitoring Center

Privacy Policy

Effective Date: January 7, 2026

This Privacy Policy describes how RACO Manufacturing and Engineering (“RACO,” “we,” or “us”) collects, uses, stores, and discloses information in connection with the RACO Monitoring Center, including related web applications, cloud services, firmware integrations, notification services, and documentation (collectively, the “Services”).

This Privacy Policy forms part of, and is incorporated by reference into, the RACO Monitoring Center Terms of Service (Municipal & Utility Version) (the “Terms”). Capitalized terms not defined here have the meanings set forth in the Terms.

1. Scope and Intended Use

The Services are intended solely for business, industrial, utility, and municipal use by authorized customer entities (“Customer”). The Services are not intended for consumer or personal use.

This Privacy Policy applies to:

Data transmitted from Customer-owned devices connected to the Services
Authorized users accessing the Services on behalf of a Customer
Contact information used for alarm notification routing

2. Categories of Information Collected

2.1 Customer-Generated Operational Data

The Services process machine-generated data transmitted from Customer equipment, including:

Device identifiers and configuration metadata
Alarm events, state changes, timestamps, and values
System health, diagnostics, and communication logs
Monitored analog or digital signals as configured by Customer

This data relates to Customer equipment and operations, not individuals.

2.2 Account and Authorized User Information

RACO may collect limited information necessary to provision and administer access to the Services, such as:

Name
Business email address
Business phone number
Organization name and user role

This information is used exclusively for authentication, authorization, system administration, and support.

2.3 Notification and Escalation Data

To route notifications as configured by Customer, the Services may store:

Email addresses
Phone numbers (SMS or voice)
On-call schedules and escalation rules

Customer is responsible for ensuring it has appropriate authorization to provide such contact information.

2.4 Technical and Access Information

When authorized users access the web application, the Services may collect:

IP address
Browser and device type
Authentication events and session logs
Access timestamps and configuration changes

This information is used for security, auditability, and system integrity.

3. How Information Is Used

RACO processes information solely to:

Provide and operate the Services
Detect, log, and route alarm events based on Customer configuration
Deliver notifications on a best-effort basis
Maintain system security, reliability, and audit trails
Provide customer support and troubleshooting

RACO does not:

Use Customer data for advertising
Sell Customer data
Perform independent monitoring, supervision, or operational decision-making

4. Data Ownership and Roles

Customer retains ownership of all Customer-generated operational and alarm data.
RACO acts as a service provider / data processor, processing data solely to provide and support the Services in accordance with the Terms.
RACO retains ownership of the Services, software, and aggregated or anonymized system-level data that does not identify a Customer or facility.

5. Data Sharing and Disclosure

RACO may disclose information only:

To third-party service providers (e.g., cloud hosting, notification delivery) strictly as required to provide the Services
To authorized users designated by Customer
As required by law, regulation, or lawful government request
To protect the security, integrity, or lawful operation of the Services

RACO does not sell or rent Customer data.

6. Third-Party Services

The Services rely on third-party providers, including cellular carriers, internet providers, cloud infrastructure, and notification services.

Customer acknowledges that:

Data transmission and notification delivery depend on third parties outside of RACO’s control
RACO is not responsible for delays, failures, or outages caused by third-party services

The Services may involve the processing and storage of data in the United States, Canada, or other jurisdictions where RACO or its authorized service providers operate. Customer acknowledges that data may be subject to the laws of the jurisdictions in which it is processed. RACO implements commercially reasonable safeguards to protect data regardless of processing location.

7. Data Retention

RACO retains data only as long as reasonably necessary to:

Provide the Services
Support diagnostics, auditability, and system integrity
Comply with contractual and legal obligations

Retention periods may vary based on data type, Customer configuration, and applicable service plans. Customers may be offered configurable retention options for certain categories of data. Data deletion or export requests are subject to the Terms and applicable law.

8. Security Measures

RACO implements commercially reasonable administrative, technical, and physical safeguards, including:

Encrypted communications between devices and cloud services
Authentication and role-based access controls
Network security controls and monitoring
Logging of access and configuration changes

No system is completely secure, and RACO does not guarantee absolute security.

9. Customer Responsibilities

Customer is responsible for:

Configuring access permissions appropriately
Maintaining the confidentiality of credentials
Ensuring lawful use of contact information provided for notifications
Securing Customer-owned networks and equipment

RACO does not monitor or validate Customer compliance with internal policies or regulatory obligations.

10. No Life-Safety or Emergency Use

Consistent with the Terms, the Services are not a life-safety, emergency response, or dispatch system. Nothing in this Privacy Policy creates any obligation for RACO to monitor, respond to, or intervene in Customer operations.

11. Children’s Privacy

The Services are not intended for use by children, and RACO does not knowingly collect personal information from individuals under 18.

12. Changes to This Policy

RACO may update this Privacy Policy from time to time. Material changes will be communicated through the Services or to Customer administrators. Continued use of the Services constitutes acceptance of the revised policy.

13. Contact Information

Questions regarding this Privacy Policy or data handling practices may be directed to:

RACO Manufacturing and Engineering
727 Allston Way, Suite B
Berkeley, CA 94710
United States
📧 [Insert privacy or support contact]

Addendum 1

Data Processing Addendum (DPA)

Effective Date: January 7, 2026
This Data Processing Addendum (“DPA”) supplements and forms part of the RACO Monitoring Center Terms of Service (the “Terms”) and Privacy Policy.

1. Roles of the Parties

For purposes of applicable data protection laws:

Customer acts as the data controller (or equivalent)
RACO acts as a data processor or service provider, processing data solely on Customer’s behalf to provide the Services

Nothing in this DPA alters ownership provisions set forth in Section 10 of the Terms.

2. Scope of Processing

RACO processes data only to:

Operate, maintain, and support the Services
Transmit, store, and route alarm and event data as configured by Customer
Provide diagnostics, audit logs, and system integrity functions

RACO does not process data for independent purposes, marketing, or profiling.

3. Categories of Data

Processing may include:

Customer-generated operational and alarm data
Device identifiers and configuration metadata
Authorized user account information
Notification contact details provided by Customer

The Services are not intended to process sensitive personal data, and Customer shall not provide such data.

4. Processing Instructions

Customer instructs RACO to process data:

In accordance with the Terms, Privacy Policy, and this DPA
As necessary to provide the Services
As configured by Customer within the Services

Customer is responsible for the legality of its instructions and configurations.

5. Subprocessors

Customer authorizes RACO to engage subprocessors, including cloud hosting, messaging, and telecommunications providers, strictly to deliver the Services.

RACO requires subprocessors to implement reasonable confidentiality and security measures consistent with this DPA.

6. Security Measures

RACO implements commercially reasonable technical and organizational safeguards, including:

Encrypted communications
Access controls and authentication
Logging and monitoring
Segmentation between customer environments

RACO does not guarantee uninterrupted availability or absolute security.

7. Data Retention and Deletion

RACO retains data only as necessary to:

Provide the Services
Support diagnostics and auditability
Meet legal and contractual obligations

Upon termination of the Services, data handling will occur in accordance with the Terms, subject to applicable law.

8. Assistance and Cooperation

To the extent required by applicable law, RACO will provide reasonable assistance to Customer in responding to lawful data subject requests, provided such requests relate to data processed by RACO on Customer’s behalf.

9. Limitation of Liability

This DPA is subject to all disclaimers, exclusions, and limitations of liability set forth in the Terms.
Nothing in this DPA increases RACO’s liability or creates additional warranties

10. Governing Law

This DPA is governed by the same law and venue as the Terms.

Addendum 2

California Privacy Notice (CCPA / CPRA – B2B Context)

Effective Date: January 7, 2026
This California Privacy Notice supplements the Privacy Policy and applies only to the extent the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), is applicable.

1. Applicability

The RACO Monitoring Center is a business-to-business service. Information processed by RACO primarily concerns:

Business contacts acting in a professional capacity
Machine-generated operational data

Where applicable, RACO acts as a service provider under the CCPA/CPRA.

2. Categories of Personal Information

RACO may collect the following categories, as defined by CCPA/CPRA:

Identifiers (name, business email, business phone)
Internet or network activity (IP address, access logs)
Professional or employment-related information (role, organization)

RACO does not knowingly collect sensitive personal information as defined by CPRA.

3. Purpose of Collection

Personal information is collected and used solely to:

Provide and operate the Services
Authenticate and authorize users
Route alarm notifications as configured by Customer
Maintain security and auditability

4. No Sale or Sharing

RACO does not:

Sell personal information
Share personal information for cross-context behavioral advertising

All data sharing is strictly limited to service providers acting on RACO’s behalf.

5. Retention

Personal information is retained only as long as reasonably necessary for:

Service operation
Security and audit requirements
Legal and contractual compliance

6. Rights Under California Law

Where applicable and subject to legal limitations, individuals may have the right to:

Request access to personal information
Request correction of inaccurate information
Request deletion of personal information

Requests must be submitted through the Customer organization that controls the account. RACO may require verification and coordination with Customer before fulfilling requests.

7. No Discrimination

RACO does not discriminate against individuals for exercising rights under applicable California privacy laws.

8. Contact Information

California privacy inquiries may be directed to:

RACO Manufacturing and Engineering
727 Allston Way, Suite B
Berkeley, CA 94710
United States

📧 [Insert privacy contact]