Legal
Last updated: May 4, 2026
AutoHVAC, Inc. ("AutoHVAC," "we," "us," or "our") provides AI-powered HVAC load calculation software to professional contractors. This Privacy Policy explains what personal information we collect when you visit autohvac.ai or use our services, how we use and share that information, and the choices and rights you have. It applies to all users of the AutoHVAC platform.
Loading your privacy preferences…
When you create an account or contact us, we collect:
To provide our services we collect and process:
Subscription billing is processed by Stripe. Payment card data is sent directly from your browser to Stripe and is never stored on AutoHVAC servers. We receive only a transaction reference, the last four digits of your card, the billing postal code, and subscription status.
We automatically collect, through cookies and similar technologies:
When you submit your email or phone number through our forms, we transmit a cryptographically hashed (SHA-256) version of those values to our advertising and measurement partners (Google and Meta) so they can match your conversion event to a prior ad click. Hashing reduces re-identification risk but does not anonymize the data: under US privacy law, hashed identifiers remain personal information that can be linked back to you by the recipient platform.
We use cookies, pixels, software development kits (SDKs), and server-to-server APIs from the providers listed below. Some of these tools transmit hashed identifiers and event data to third parties for cross-context behavioral advertising, which qualifies as a "sale" or "share" of personal information under California law and the laws of several other US states. See Section 8 ("Your Privacy Rights") for instructions on how to opt out.
We use Google Analytics 4 ("GA4") with the following Google Advertising Features enabled: Google Signals, Enhanced Conversions for Web, User-Provided Data Collection, Remarketing, and Demographics & Interest Reporting. Our GA4 property is linked to a Google Ads account, and conversion events (such as completed purchases and lead submissions) are imported into Google Ads to measure ad performance and inform automated bidding.
When you complete a purchase or submit a free-report request, we transmit a hashed SHA-256 version of your email address (and phone number, if provided) to Google. Google uses this hash to match your conversion to a prior signed-in Google session, improving cross-device attribution. Google may also associate analytics data with its own information about your signed-in Google account if you have Ads Personalization enabled in your Google account settings.
You can opt out of Google's use of your data for advertising through any of the following:
We use the Meta Pixel and the Meta Conversions API ("CAPI") to measure the effectiveness of advertising on Facebook and Instagram, build custom audiences, and attribute conversions. The Pixel runs in your browser; CAPI runs on our servers and transmits the same events directly from our backend to Meta with an event ID for deduplication.
When you submit your email through our forms (lead capture, checkout, or purchase), we transmit a SHA-256 hashed version of your email address — and your phone number if provided — to Meta. We also transmit non-identifying event metadata such as the event name (e.g., Lead, Purchase), value, currency, and timestamp.
You can manage Meta's use of your data at https://www.facebook.com/adpreferences/ad_settings and at Instagram's ad preferences. You can also opt out of interest-based advertising via the Digital Advertising Alliance at https://optout.aboutads.info/.
Important — Session Recording Notice: We use Microsoft Clarity to record visitor interactions on our website. Clarity captures mouse movements, clicks, scrolls, page views, and pages visited in order to generate aggregated heatmaps and session replays we use to improve our user experience. Form input fields are masked by default and we do not collect keystrokes within form inputs. Recordings are transmitted to and stored by Microsoft Corporation, an independent third party that processes the data on its own servers consistent with Microsoft's Privacy Statement. By continuing to use this site, you consent to this recording.
We use PostHog to capture product usage events (such as feature clicks, uploads, and conversions) for the purpose of improving our software. PostHog is configured to identify users by email after sign-in so that we can analyze longitudinal product behavior. PostHog is hosted on our behalf and acts as a service provider — it does not use your data for its own purposes. See PostHog's privacy policy.
The following service providers receive personal data on our behalf:
Most modern browsers offer a "Do Not Track" setting and a "Global Privacy Control" signal that can communicate your privacy preferences to websites. We treat a valid GPC signal as an opt-out request from selling and sharing your personal information for cross-context behavioral advertising and as an opt-out of targeted advertising under applicable state privacy laws. When we detect a GPC signal we will, where technically feasible, disable advertising-purpose data sharing for the duration of your visit. We do not currently respond to legacy DNT browser signals because there is no industry-standard interpretation of those signals.
AutoHVAC's load-calculation pipeline includes a vision step that uses OpenAI's API (GPT-4 class models) to extract architectural information from blueprints you upload. Specifically, our backend converts pages of your PDF to images and sends those images to OpenAI's API along with a structured prompt requesting items like room labels, perimeter measurements, and door/window counts.
Per OpenAI's API Data Usage Policy:
See OpenAI's privacy policy and API data usage terms.
We do not sell your personal information for money. We do, however, share certain personal information as described in this Section 5 and Section 3 above. Some of that sharing constitutes a "sale" or "share" under California's CCPA/CPRA and equivalent definitions in other US state privacy laws — see Section 8 for your right to opt out.
We share personal information with the subprocessors listed in Section 3 strictly to perform services on our behalf, under written contracts that prohibit them from using the data for their own purposes.
We share hashed identifiers and event data with Google and Meta so that they can attribute ad clicks to conversions, build audiences, and personalize advertising. Although these partners are technically processors for some of these activities, certain uses (such as cross-context behavioral advertising) qualify as a "sale" or "share" of personal information under US state privacy laws.
If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, personal information may be transferred to the successor entity, subject to the commitments in this Privacy Policy.
We may disclose personal information when we have a good-faith belief that disclosure is necessary to (a) comply with applicable law or valid legal process, (b) enforce our Terms of Service, (c) protect the rights, property, or safety of AutoHVAC, our users, or the public, or (d) investigate suspected fraud or wrongdoing.
We protect your data with industry-standard administrative, technical, and physical safeguards. No method of transmission over the internet or storage is 100% secure, however, and we cannot guarantee absolute security.
We retain personal information only as long as needed for the purposes described in this Policy:
Depending on where you live, you may have one or more of the following rights with respect to your personal information. We honor these rights regardless of your state of residence to the extent practical, and in all cases for residents of states with comprehensive privacy laws.
You can exercise any of the rights above by emailing support@autohvac.ai with the subject line "Privacy Rights Request" and a description of your request. We may need to verify your identity before responding (typically by confirming control of the email address associated with your account). Authorized agents may submit requests on your behalf with appropriate written authorization. We will respond within 45 days; that period may be extended by an additional 45 days where reasonably necessary, with notice to you.
You may also opt out of advertising-related sharing without contacting us by:
If we decline a privacy rights request, you may appeal by replying to our denial email or sending a new request to support@autohvac.ai with the word "Appeal" in the subject line. We will respond to appeals within 45 days. If you remain dissatisfied, you may contact your state Attorney General.
This section provides additional disclosures required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA").
In the past 12 months we have collected, sold/shared, or disclosed for a business purpose the following CCPA-defined categories:
We have not knowingly sold or shared the personal information of consumers under 16. We do not collect or process sensitive personal information for purposes that would trigger the right to limit under CCPA § 1798.121(a).
See Section 2 ("How We Use Your Information") for the full list.
See Section 3 ("Subprocessor Summary") and Section 5 ("How We Share Personal Information").
California residents have the right to opt out of the "sale" or "sharing" of personal information. To exercise this right, email support@autohvac.ai with "Do Not Sell or Share" in the subject line, or enable a Global Privacy Control browser signal as described in Section 8. When you opt out, we will visibly indicate that the opt-out preference signal has been honored.
California's "Shine the Light" law (Cal. Civ. Code § 1798.83) permits California residents to request information about disclosures of personal information to third parties for those parties' direct marketing purposes. We do not disclose personal information to third parties for their own direct marketing.
Residents of states with comprehensive privacy laws — including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Delaware, New Jersey, New Hampshire, Tennessee, Nebraska, Minnesota, Indiana, Kentucky, Rhode Island, Maryland, and Florida — have the rights described in Section 8. Where state law requires, we honor a Universal Opt-Out Mechanism (such as Global Privacy Control) and provide an appeals process for denied requests.
AutoHVAC operates from the United States and our subprocessors are primarily located in the United States. If you access our services from outside the US, your information will be transferred to and processed in the United States, where data protection laws may differ from your jurisdiction. Our services are not directed at residents of the European Economic Area, the United Kingdom, or other regions with comprehensive non-US privacy laws, and we do not solicit business from such residents.
AutoHVAC is a professional B2B tool not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at support@autohvac.ai and we will delete it.
We may update this Privacy Policy from time to time. When we make material changes we will:
For privacy questions, requests, or to exercise your rights, contact:
This Privacy Policy is effective as of May 4, 2026. By using the AutoHVAC platform, you acknowledge that you have read and understood this Policy.