Your privacy matters to us. This Privacy Policy explains what information EXM Fire Protection Services collects, how we use it, and the choices you have. We operate as a business-to-business service provider; we do not sell personal information to third parties.
Who We Are
EXM Fire Protection Services ("EXM," "we," "us," or "our") is a professional commercial kitchen exhaust cleaning and fire protection company operating in California and Oregon. We are the data controller for personal information collected through our website at www.exhaustmaintenance.com and through our service delivery operations.
This Privacy Policy applies to information collected when you visit our website, request a quote, enter into a service agreement, or communicate with us by phone, email, or in person. It does not apply to information collected by third parties we do not control.
Information We Collect
We collect information in two ways: information you provide to us directly, and information collected automatically when you use our website.
Information You Provide:
- Contact information: Name, business name, job title, phone number, email address, and mailing address when you request a quote or contact us
- Service information: Business address, kitchen layout details, cooking volume, equipment types, and exhaust system specifications provided to enable service delivery
- Payment information: Billing address, payment method details (processed securely through our payment processor; we do not store full card numbers)
- Communications: Records of emails, phone calls, texts, and other correspondence with our team
- Service records: Inspection findings, before-and-after documentation, grease level data, and compliance certificates associated with your account
Information Collected Automatically:
- Log data: IP address, browser type and version, pages visited, referring URL, and timestamps
- Device information: Device type, operating system, and screen resolution
- Cookie data: Session identifiers and preference data (see Section 7 for details)
- Analytics data: Aggregate usage patterns collected through analytics services
We collect only the information necessary to provide our services, respond to inquiries, and fulfill our legal obligations. We do not collect sensitive personal information such as Social Security numbers, government IDs, or health information.
How We Use Your Information
We use the information we collect for the following purposes:
- Service delivery: Scheduling, performing, and documenting cleaning and inspection services at your premises
- Quotes and billing: Preparing service quotes, issuing invoices, and processing payments
- Compliance documentation: Generating certificates of service, inspection reports, and records required by local fire codes
- Customer communications: Responding to inquiries, sending service reminders, appointment confirmations, and follow-up communications
- Account management: Maintaining service history and scheduling recurring cleaning intervals
- Legal compliance: Meeting our obligations under applicable laws, responding to lawful requests from authorities, and enforcing our Terms of Service
- Safety and security: Detecting and preventing fraud, unauthorized access, or illegal activity
- Service improvement: Analyzing usage patterns and feedback to improve our services and website
- Marketing: Sending occasional service updates or promotional communications to existing customers (you may opt out at any time)
We do not use your personal information for automated decision-making or profiling that produces legal or similarly significant effects.
Legal Basis for Processing
For customers or contacts who may be subject to GDPR, we process personal information under the following legal bases:
- Contract performance: Processing necessary to fulfill our service agreements with you
- Legitimate interests: Operating and improving our business, preventing fraud, and communicating about relevant services
- Legal obligation: Complying with applicable fire code record-keeping requirements, tax regulations, and other applicable laws
- Consent: Marketing communications, where we rely on your consent, which you may withdraw at any time
Information We Share
We do not sell, rent, or trade your personal information. We share information only in the following limited circumstances:
- Service providers: Trusted third parties who assist us in operating our business, including payment processors, scheduling software, cloud storage providers, and email service providers. These vendors are contractually bound to use your data only as directed by us and in accordance with this Policy.
- Regulatory authorities: Fire marshals, health departments, and other government agencies when required by law or as part of service documentation you have authorized
- Insurance carriers: Service records and certificates shared at your direction to support your insurance requirements
- Legal compliance: When required by law, court order, or lawful government request, or to protect the rights, property, or safety of EXM, our customers, or the public
- Business transfers: In connection with a merger, acquisition, or sale of all or substantially all of our assets, with appropriate confidentiality protections
Any third parties with whom we share data are required to maintain appropriate security measures and may not use your information for their own marketing purposes.
Data Retention
We retain personal information for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required by law.
- Service records and certificates: Minimum 5 years (required by applicable fire codes)
- Financial and billing records: 7 years (required by tax regulations)
- Customer account information: Duration of the business relationship, plus 3 years after last service
- Marketing opt-out records: Indefinitely, to honor your preferences
- Website log data: 12 months, then aggregated or deleted
- Communications: 3 years after last interaction
When retention periods expire, we securely delete or anonymize personal information. Some residual copies may remain in backups for a limited period before being overwritten.
Cookies & Tracking Technologies
Our website uses cookies and similar technologies to provide functionality and analyze usage. The types of cookies we use include:
- Strictly necessary cookies: Required for the website to function (e.g., session management, theme preference). These cannot be disabled.
- Analytics cookies: Help us understand how visitors interact with our site (e.g., Google Analytics). Data is aggregated and anonymized.
- Preference cookies: Remember your choices such as light/dark mode preference.
We do not use advertising or behavioral targeting cookies. You can control cookies through your browser settings. Disabling cookies may affect website functionality.
We do not respond to "Do Not Track" browser signals at this time, as no industry standard exists for such signals. We do honor opt-out requests submitted directly to us.
Security
We implement commercially reasonable technical, administrative, and physical safeguards to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:
- HTTPS encryption for all data transmitted through our website
- Access controls limiting employee access to personal data on a need-to-know basis
- Secure, encrypted storage for service records and customer data
- Regular security reviews and employee privacy training
- PCI-compliant payment processing through certified third-party processors
No security system is impenetrable. In the event of a data breach that affects your rights and freedoms, we will notify you as required by applicable law, without undue delay and no later than 72 hours after becoming aware of the breach (where feasible).
Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal information:
Request a copy of the personal information we hold about you.
Request correction of inaccurate or incomplete personal information.
Request deletion of your personal information, subject to legal retention requirements.
Request your data in a structured, machine-readable format.
Request that we limit how we process your information in certain circumstances.
Object to processing based on legitimate interests or for direct marketing.
To exercise any of these rights, contact us at exmaintenance22@gmail.com or call (650) 587-8420. We will respond within 30 days. We may need to verify your identity before processing your request. We will not discriminate against you for exercising your privacy rights.
Marketing opt-out: You may opt out of marketing communications at any time by clicking "Unsubscribe" in any email or contacting us directly. We will honor opt-outs within 10 business days.
California Residents — CCPA Rights
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information.
Categories of personal information we collect (as defined by the CCPA):
- Identifiers (name, email, phone, IP address)
- Commercial information (services purchased, transaction history)
- Internet/electronic network activity (website usage data)
- Geolocation data (service address)
- Professional or employment-related information (business name, job title)
We do not sell or share personal information for cross-context behavioral advertising. We do not have actual knowledge of selling or sharing personal information of minors under 16 years of age.
Your CCPA rights include:
- Right to Know: Request disclosure of the categories and specific pieces of personal information collected, the purposes for collection, and the categories of third parties with whom we share data
- Right to Delete: Request deletion of personal information we have collected from you, subject to certain exceptions
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out of Sale/Sharing: We do not sell or share personal information; no opt-out is required
- Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined by the CPRA
- Right to Non-Discrimination: We will not deny, charge different prices for, or provide a different level of service based on your exercise of CCPA rights
To submit a verifiable consumer request, contact us at exmaintenance22@gmail.com or call (650) 587-8420. You may designate an authorized agent to make requests on your behalf. We will respond within 45 days, with a possible 45-day extension upon notice.
California's "Shine the Light" law (Civil Code § 1798.83) permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information for such purposes and therefore no disclosure list is maintained.
Children's Privacy
Our services are designed for commercial businesses and are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal information from a child under 18, we will take prompt steps to delete that information.
If you believe we may have collected information from or about a minor, please contact us immediately at exmaintenance22@gmail.com.
Third-Party Links
Our website may contain links to third-party websites or services, including scheduling platforms, review sites, and industry resources. These third parties have their own privacy policies, which we do not control and are not responsible for.
We encourage you to review the privacy policy of any third-party site you visit. The inclusion of a link on our website does not imply our endorsement of that site's privacy practices.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify active customers by email at least 14 days before the changes take effect
- Display a prominent notice on our website
Your continued use of our services after the effective date of any change constitutes your acceptance of the updated Policy. We encourage you to review this page periodically.
Contact Us
For privacy-related questions, requests, or complaints, please contact our privacy team:
- EXM Fire Protection Services — Privacy
- Email: exmaintenance22@gmail.com
- Phone: (650) 587-8420
- Mailing Address: EXM Fire Protection Services, San Francisco, CA
We take all privacy concerns seriously and will respond to your inquiry within 5 business days. For California CCPA requests, we will respond within the legally required timeframe.
If you are not satisfied with our response, you may have the right to lodge a complaint with your applicable data protection authority. California residents may contact the California Privacy Protection Agency (CPPA) at cppa.ca.gov.