Effective Date: May 31, 2026 · Last Updated: May 31, 2026

Privacy Policy

At Equipment Maintenance Log, accessible from equipmentmaintenancelog.com, the privacy and security of our visitors is a top priority. This Privacy Policy describes what personal data we collect, why we collect it, how we use and protect it, and what rights and choices you have.

This policy applies to information collected through our website only. By accessing or using Equipment Maintenance Log, you acknowledge that you have read and agree to this Privacy Policy. Questions may be sent to support@equipmentmaintenancelog.com.

Definitions

Personal Data: Any information relating to an identified or identifiable person, including name, email, IP address, and online identifiers.
Processing: Any operation on personal data, including collection, storage, use, transfer, and deletion.
Data Controller: Equipment Maintenance Log, determining the purposes and means of processing personal data.
You / User: Any individual accessing or using Equipment Maintenance Log.

Information We Collect

1. Information You Provide Directly

Contact form submissions: name, email address, and message content
Account registration: name, email address, username, and encrypted password
Billing details (processed securely via third-party processors; full card numbers are never stored on our servers)
Email address and preferences for newsletter or mailing list subscriptions
Files, documents, or images you voluntarily upload

2. Automatically Collected Data

IP address, browser type and version, operating system, and device type
Pages visited, time and date of visit, duration, and referring URL
HTTP request headers and server log data
Cookie identifiers, session tokens, and similar tracking data (see Cookies section)
Aggregated usage analytics via PostHog or similar services

3. Data from Third-Party Authentication

When you log in via Google or another OAuth provider, we receive limited profile data (name, email, unique identifier) as permitted by your settings. We never receive your third-party password.

How We Use Your Information

We process personal data for the following purposes:

Purpose	Examples	Legal Basis (GDPR)
Service Delivery	Operating the website; responding to support requests	Contract / Legitimate Interests
Analytics & Improvement	Understanding usage patterns; improving features	Legitimate Interests
Email Marketing	Newsletters, updates, and promotional content	Consent
Transaction Processing	Processing orders, payments, and refunds	Contract
Security & Fraud Prevention	Detecting malicious activity; protecting user accounts	Legitimate Interests
Legal Compliance	Meeting tax, regulatory, and court-ordered obligations	Legal Obligation

Cookies and Tracking Technologies

Equipment Maintenance Log uses cookies, web beacons, and similar technologies. Cookies are small text files placed on your browser to help us deliver and improve our services.

Category	Purpose	Examples	Duration
Strictly Necessary	Core functionality, security, session management. Cannot be disabled.	Session cookies, CSRF tokens, auth tokens	Session
Analytics / Performance	Anonymised visitor behaviour data; site performance improvement.	PostHog, _ga, _gid	Up to 2 years
Functional / Preference	Remembering your settings: language, dark mode, layout.	Theme preference, locale cookies	Up to 1 year

Managing Cookies: You can control or delete cookies through your browser settings. Opt-out tools: DAA Opt-Out, Your Online Choices (EU). Disabling strictly necessary cookies may impair website functionality.

Cookie Consent: Where required by law (e.g. GDPR, ePrivacy Directive), you will be presented with a cookie consent banner on your first visit. Your preference is stored and honoured on subsequent visits.

Payments and Financial Transactions

Payments are processed by PCI-DSS Level 1 compliant third-party processors. We do not store, transmit, or access full payment card numbers.

SSL/TLS encryption for all payment data in transit
Tokenisation of payment methods to avoid storing raw card data on our servers
PCI-DSS compliant environments audited by certified security assessors
Transaction records (excluding card details) retained for up to 7 years for accounting, tax, and legal compliance

Third-Party Services

We work with trusted third-party service providers who may access your personal data only to the extent necessary to perform services on our behalf. All processors are bound by Data Processing Agreements (DPAs).

Hosting and infrastructure: Cloud providers who host our website and databases
Analytics: Tools for measuring usage and performance
Email delivery: Providers for transactional and marketing emails
Payment processing: PCI-compliant payment processors
Security and monitoring: Fraud detection and uptime monitoring services

How We Share Your Information

We do not sell your personal information. Data is shared only in these limited circumstances:

Service Providers: Trusted processors under contract who help operate our website; they may only process data as instructed by us.
Legal Requirements: Where required by law, regulation, subpoena, or court order. We notify you where legally permitted before disclosing.
Safety: To protect the rights, property, or safety of Equipment Maintenance Log, our users, or the public.
Business Transfers: In a merger, acquisition, or asset sale, your data may transfer. You will be notified via a prominent website notice and, where feasible, by email.
With Your Consent: For any other purpose with your explicit prior consent.

Data Security

We implement appropriate technical and organisational measures to protect your personal data:

HTTPS/TLS 1.2+ encryption for all data in transit
Bcrypt or equivalent hashing for stored passwords; plaintext passwords are never stored
Role-based access controls limiting data access to authorised personnel
Regular security assessments, penetration testing, and vulnerability scanning
Real-time monitoring systems for detecting suspicious activity
PCI-DSS compliant payment environment

In the event of a personal data breach likely to result in risk to your rights, we will notify affected individuals and relevant supervisory authorities within the legally mandated timeframe (e.g. 72 hours under GDPR).

Data Retention

We retain personal data only as long as necessary to fulfil stated purposes or as required by law:

Data Type	Retention Period	Reason
Server access logs	90 days	Security monitoring and abuse prevention
Analytics data	Up to 14 months	Trend analysis (auto-deleted by analytics provider)
Newsletter subscriptions	Until unsubscribed + 30 days	Suppression list maintenance
Account data	Account lifetime + 12 months post-deletion	Dispute resolution and backups
Transaction records	7 years	Tax and legal compliance
Uploaded files	Duration of use + 90 days post-closure	Service delivery; backup
Contact form submissions	3 years	Correspondence records and dispute resolution

Your Privacy Rights

Depending on your location, you may have rights to access, correct, delete, restrict, or transfer your personal data. You may exercise these rights by contacting us at support@equipmentmaintenancelog.com. We will respond within the timeframe required by applicable law. You will never be penalized or discriminated against for exercising your privacy rights.

GDPR — European Union Rights

If you are in the EU or EEA, the General Data Protection Regulation (EU) 2016/679 grants you these rights:

Right of Access (Art. 15): Request a copy of personal data we hold and how it is processed.
Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data without undue delay.
Right to Erasure (Art. 17): Request deletion of your data where no longer necessary, consent is withdrawn, or processing is unlawful, subject to legal retention obligations.
Right to Restriction (Art. 18): Request we temporarily halt processing in certain circumstances.
Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format (e.g. CSV/JSON) and transfer it to another controller where technically feasible.
Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time where processing relies on it, without affecting the lawfulness of prior processing.

International Transfers: Transfers outside the EEA are protected by EU Standard Contractual Clauses (SCCs, Commission Decision 2021/914), adequacy decisions, or other lawful Chapter V GDPR mechanisms.

We will respond to GDPR requests within 30 days (extendable by 2 months for complex cases). You may also lodge a complaint with your EU Member State's supervisory authority (DPA).

UK GDPR

If you are in the UK, your rights under the UK GDPR and Data Protection Act 2018 mirror those under EU GDPR listed above. The Information Commissioner's Office (ICO) is the UK supervisory authority: ico.org.uk.

CCPA / CPRA — California Consumer Privacy

The California Consumer Privacy Act (CCPA), as amended by the CPRA (effective January 1, 2023), grants California residents:

Right to Know: Disclosure of categories and specific pieces of personal information collected, sources, purposes, and third parties with whom data is shared.
Right to Delete: Request deletion of personal information, subject to exceptions.
Right to Correct: Request correction of inaccurate personal information we hold.
Right to Opt Out of Sale: We do not sell personal information.
Right to Non-Discrimination: We will not deny service or charge different prices because you exercised a CCPA right.

Submit CCPA requests to support@equipmentmaintenancelog.com. We verify identity and respond within 45 days (extendable by 45 days). Residents of Virginia, Colorado, Connecticut, Texas, Oregon, and other states with similar privacy laws may exercise equivalent rights by contacting us at the same address.

Children's Privacy (COPPA)

Equipment Maintenance Log is not directed to children under 13. We do not knowingly collect personal information from children under 13 (or under 16 in jurisdictions where a higher threshold applies). If we discover we have inadvertently collected such data, we will delete it immediately. Parents or guardians should contact us at support@equipmentmaintenancelog.com.

Changes to This Policy

We may update this Privacy Policy periodically. When material changes are made, we will update the "Last Updated" date at the top and post a prominent notice on our website. Your continued use of Equipment Maintenance Log after any modification constitutes acceptance of the revised policy.

Contact Us

For questions, data subject requests, or privacy complaints, please contact us:

Websiteequipmentmaintenancelog.com

Emailsupport@equipmentmaintenancelog.com

We aim to respond to all enquiries within 5 business days, and within applicable legal deadlines for formal data subject requests.