Privacy Policy

Last updated: August 5, 2025

1. Introduction

Leftover Labs ("we," "our," or "us") operates a comprehensive monitoring service platform that enables third parties to monitor hardware systems with real-time alerts, notifications, and remote controls. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our monitoring services.

2. Information We Collect

2.1 Personal Information

We may collect personal information that you provide directly to us, including:

  • Name, email address, and contact information
  • Account credentials and authentication information
  • Organization and team details
  • Payment and billing information
  • Communication preferences and notification settings

2.2 Hardware Monitoring Data

Through our monitoring services, we collect:

  • Sensor data from connected hardware devices
  • Device identifiers, timestamps, and measurement types
  • System performance metrics and operational status
  • Alert and notification history
  • Remote control command logs and execution records

2.3 Technical Information

We automatically collect technical information, including:

  • IP addresses, browser type, and device information
  • API usage patterns and access logs
  • System performance and error logs
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To provide, maintain, and improve our monitoring services
  • Real-time Monitoring: To collect, process, and analyze hardware data for monitoring purposes
  • Alert Management: To generate and deliver alerts, notifications, and reports
  • Remote Controls: To execute authorized remote control commands on connected hardware
  • Account Management: To manage user accounts, teams, and multi-tenant access
  • Security: To protect against unauthorized access and ensure system security
  • Communication: To send service-related communications and support
  • Legal Compliance: To comply with applicable laws and regulations

4. Data Sharing and Disclosure

We may share your information in the following circumstances:

  • With Your Consent: When you explicitly authorize us to share information
  • Service Providers: With trusted third-party service providers who assist in our operations
  • Team Members: Within your organization or team as configured in your account settings
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In connection with mergers, acquisitions, or asset sales
  • Safety and Security: To protect rights, property, or safety of users or others

5. Data Security

We implement comprehensive security measures to protect your information:

  • Token-based authentication for all external API endpoints
  • Elevated permissions required for hardware control commands
  • Encryption of sensitive hardware credentials at rest
  • Multi-tenant data isolation to prevent cross-tenant access
  • Regular security audits and monitoring
  • Secure data transmission using industry-standard protocols

6. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Account Information: Retained while your account is active and for a reasonable period after closure
  • Monitoring Data: Retained according to your subscription tier and data retention policies
  • Audit Logs: Control action logs retained for security and compliance purposes
  • Legal Requirements: Some data may be retained longer to comply with legal obligations

7. Your Rights Under GDPR

If you are located in the European Union, you have the following rights:

  • Right of Access: Request access to your personal data
  • Right to Rectification: Request correction of inaccurate personal data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Request limitation of processing your data
  • Right to Data Portability: Request transfer of your data to another service
  • Right to Object: Object to processing of your personal data
  • Right to Withdraw Consent: Withdraw consent for data processing

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by relevant data protection authorities
  • Other legally recognized transfer mechanisms

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain user sessions and authentication
  • Remember user preferences and settings
  • Analyze usage patterns and improve our services
  • Provide personalized experiences

You can control cookie settings through your browser preferences.

10. Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will take steps to delete it promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending email notifications to registered users
  • Providing in-app notifications

12. Contact Information

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

  • Email: privacy@leftoverlabs.com
  • Data Protection Officer: dpo@leftoverlabs.com

13. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contract Performance: To provide monitoring services as agreed
  • Legitimate Interests: To improve services, ensure security, and prevent fraud
  • Legal Compliance: To comply with applicable laws and regulations
  • Consent: Where you have provided explicit consent for specific processing activities