TempGuard · Privacy policy

Privacy policy

This policy explains what data TempGuard collects, why, how it is used, and the rights you have over it. We keep it short and human.

Effective · November 2025Version · 1.0~7 min readController · AEBISS, Sharjah, UAE
On this page
On this page
  1. Who we are
  2. Data we collect
  3. How we use it
  4. Legal basis
  5. Sub-processors
  6. Retention
  7. Your rights
  8. Cookies
  9. Children
  10. Changes
  11. Contact
01 · Who we are

AEBISS, the data controller.

TempGuard is a product of AEBISS, a company registered in Sharjah, United Arab Emirates. When you use the TempGuard marketing site, dashboard, or mobile apps, AEBISS is the data controller for any personal data we collect directly from you.

For customer accounts, AEBISS acts as a data processor on behalf of the organisation that holds the account — your employer, clinic, pharmacy, or facility. Their policies apply to their employees' use of the product; ours apply to how we handle the data on their behalf.

02 · Data we collect

Only what we need to run the service.

From the marketing site

  • Request form entries (name, email, company, phone, your message)
  • Anonymous analytics: page views, referrer, device type, approximate region — no cross-site tracking
  • Cookies strictly required to remember preferences (theme, language)

From the dashboard and mobile apps

  • Account data — name, email, role, organisation, phone (optional, for call alerts)
  • Authentication — salted password hash, login history
  • Device data — temperature readings, timestamps, device identifiers, probe calibration, battery level, signal strength
  • Configuration — thresholds, escalation lists, site and group structure, integrations
  • Activity — dashboard actions, alert acknowledgements, audit trail entries
  • Support — emails, chat messages, and screenshots you send to our team
Temperature is not personal data

The temperature readings themselves are operational telemetry — they describe a fridge, not a person. But the account that owns them, and the actions taken on them, can be tied to an individual, which is why we treat the surrounding context carefully.

03 · How we use it

To deliver the service you signed up for.

  • To show you live readings, history, and alerts on your devices
  • To dispatch alerts by phone call, SMS, WhatsApp, email, and push when thresholds are crossed
  • To authenticate users and keep their accounts secure
  • To bill paying customers and keep legally required financial records
  • To respond to support questions and investigate incidents
  • To improve the product — in aggregate and with access restricted to the engineering team
  • To send essential service emails (incident notices, billing, policy changes). You cannot unsubscribe from these; they are part of running your account.

We do not sell your data, share it with advertisers, or use it to train third-party commercial AI models.

04 · Legal basis

Why we are allowed to process.

Contract
Running the dashboard, storing readings, dispatching alerts — all necessary to deliver what your organisation bought.
Legitimate interest
Service security, fraud prevention, in-product analytics, and responding to support requests.
Legal obligation
Tax and financial record-keeping; responses to lawful requests from competent authorities.
Consent
Marketing emails (opt-in only), and any non-essential cookies where applicable.
05 · Sub-processors

Who helps us run the service.

We use a small set of trusted sub-processors. Each is bound by a data-processing agreement and may only process your data on our instructions.

Cloud hosting
Our cloud provider hosts the dashboard, database, and backups. Currently in the EU West region (Frankfurt) while UAE datacenter access is restored; intended to return to UAE-region hosting.
Identity & authentication
A managed identity-as-a-service provider handles account authentication, session management, and login rate-limiting on our behalf.
SMS / voice
A global communications-platform (CPaaS) provider delivers SMS and voice-call alerts.
Email
A transactional email provider sends service emails and email alerts.
WhatsApp
The WhatsApp Business API (Meta) delivers WhatsApp alerts.
Push
Apple Push Notification service and Firebase Cloud Messaging deliver mobile push alerts.
Customer support
A helpdesk tool for tickets and a live-chat tool on the marketing site.

We update this list when it changes. Enterprise customers with a signed DPA receive at least 30 days' advance notice of any material change to sub-processors (addition, removal, or change of processing location) and may object in writing; if we cannot reasonably accommodate the objection, you may terminate the affected services on a pro-rata refund for the unused period.

A Data Processing Addendum covering sub-processors, international transfer safeguards, and notification procedures is available on request from legal@aebiss.com.

06 · Retention

Kept as long as you need it.

Temperature history
Kept for the life of your subscription. Exportable at any time.
Alert logs & audit trail
Subscription duration + 12 months (for compliance evidence).
Account & billing records
As long as you remain a customer + 7 years for financial records (UAE tax requirements).
Support conversations
24 months from last contact.
Marketing-site enquiries
24 months from last contact, unless you ask us to delete sooner.
After cancellation
90-day reactivation window, then purged from active systems within 30 days and from encrypted backups on their standard rolling expiry schedule.
07 · Your rights

You are in control.

Under the UAE Personal Data Protection Law (PDPL) and — where it applies — the EU General Data Protection Regulation (GDPR), you have the right to:

  • Access the personal data we hold about you
  • Correct inaccuracies
  • Delete your data (subject to legal retention requirements)
  • Export your data in a portable format
  • Restrict or object to certain processing
  • Withdraw consent where consent is the basis (e.g. marketing emails)
  • Complain to a supervisory authority

To exercise any of these rights, email privacy@aebiss.com. We respond within 30 days. If you signed up through an employer, we may route the request to them first, since your data belongs to their account.

08 · Cookies

Strictly what we need.

The marketing site uses a minimal set of cookies:

Strictly necessary
Session continuity and CSRF protection. Cannot be turned off without breaking the site.
Preferences
Theme (light/dark), language, and small UI state. First-party only.
Analytics
Aggregated, anonymised page views. No cross-site tracking. No advertising IDs.

The dashboard itself uses only strictly necessary cookies.

09 · Children

Not for under-16s.

TempGuard is a business product. It is not intended for, marketed to, or designed to collect data from anyone under the age of 16. If you believe a child has provided personal data to us, contact privacy@aebiss.com and we will delete it.

10 · Changes

When we update this policy.

Material changes will be announced by email to the account admin at least 30 days before they take effect. Minor clarifications may be made at any time; the "effective" date above always reflects the latest version. An archive of previous versions is available on request.

11 · Contact

Talk to a human.

AEBISS · Sharjah, United Arab Emirates