Early access open — 10 free slots for 3 months.
    Thermal Reports

    Privacy Policy

    Last updated: April 2026

    1. Information We Collect

    We collect the following data when you use the ThermalReports platform:


  1. Registration data: full name, email address, company name and role.
  2. Thermal inspection data: thermal photographs (FLIR, HIKMICRO and other cameras), generated PDF reports, inspected equipment locations, recorded temperatures and anomaly classifications.
  3. Usage data: IP address, browser type, pages visited and access times.

    4. 2. Legal Basis for Processing

    We process your personal data based on:


  4. Consent: when you create an account and accept this policy.
  5. Contract performance: to provide the services contracted on the platform.
  6. Legitimate interest: to improve security and service quality.

    7. 3. Data Storage

  7. Files (thermal photos, PDF reports): stored on Backblaze B2 in the United States, with encryption at rest.
  8. Structured data (registrations, inspections, anomalies): stored in a PostgreSQL database via Supabase (self-hosted), on our own infrastructure.
  9. Backups: performed daily with 30-day retention.

    10. 4. Cookies and Local Storage

    We use cookies and local storage for:


  10. Authentication session (app): token in localStorage to keep your session active.
  11. Language preference: stored in localStorage.
  12. Cookie consent (marketing site): stored to honor your banner choice.

    13. On the public website (thermalreports.com), if you accept measurement cookies, we use:


  13. Google Analytics 4 (GA4): aggregated visit statistics (first-party via Google).
  14. Mautic (self-hosted): marketing automation and page tracking as configured on our instance.

    15. If you choose essential cookies only, we do not load GA4 or Mautic in your browser. See the Cookie Policy for purposes and retention.

    5. Data Sharing

    We do not sell, rent or share your personal data with third parties for commercial purposes. We share data only with essential services for platform operation:


  15. Cloudflare: CDN and DDoS protection.
  16. Backblaze B2: file storage.
  17. Sentry: error monitoring (anonymized data).

    18. All providers are subject to confidentiality and data processing agreements.

    6. Data Retention

  18. Your data is retained as long as your account is active.
  19. Upon deletion request, your data is removed within 30 days.
  20. Access log data is retained for 6 months for security purposes.

    21. 7. Your Rights

    Under LGPD (Brazil), GDPR (Europe) and CCPA (California), you have the right to:


  21. Access: request a copy of all data we hold about you.
  22. Rectification: request correction of inaccurate or outdated data.
  23. Erasure: request deletion of your personal data.
  24. Portability: receive your data in a structured, machine-readable format.
  25. Withdraw consent: withdraw your consent at any time.

    26. To exercise any of these rights, contact us at privacy@thermalreports.com.

    8. Security

    We employ technical and organizational measures to protect your data, including:


  26. Encryption in transit (TLS/HTTPS) and at rest.
  27. Role-based access control (RBAC).
  28. Automated daily backups.
  29. Continuous security monitoring.

    30. 9. International Data Transfers

    Some data may be stored on servers in the United States (Backblaze B2). We ensure these transfers comply with LGPD and GDPR requirements, with appropriate safeguards in place.

    10. Changes to This Policy

    We may update this Privacy Policy periodically. Significant changes will be communicated by email or platform notice with 30 days advance notice.

    11. Contact — Data Protection Officer (DPO)

    For questions about privacy or data protection:


  30. Email: privacy@thermalreports.com
  31. Company: ThermalReports
  32. Website: thermalreports.com

    33. Cookie Policy · Terms of Service