Scope
This Privacy Policy explains how Reef Warden (“Reef Warden,” “we,” “us,” or “our”) collects, uses, and discloses information through this website, contact and support forms, partner applications and directory, staff and partner authentication, and Reef Warden email operations.
Connected products, customer accounts, monitoring services, or mobile applications may be governed by additional product-specific notices presented before the relevant information is collected.
Information we collect
We collect information you choose to provide, such as your name, email address, optional telephone number, organization, service area, aquarium or equipment details, support descriptions, partner application details, applicant-reported business operating metrics such as active aquariums serviced and approximate average system volume, messages, correspondents, feedback, and communication preferences.
If you check a separate SMS box, we also record the normalized number, selected region, exact consent text and version, server timestamp and form identifier, security hashes, verification or suppression status, and later messaging or carrier events. Contact-inquiry consent and support-ticket consent are stored as distinct grants linked to the applicable submission. A populated phone field without that checked box is not SMS consent.
If you check the separate email-updates box on the contact form or message widget, we record the normalized email address, exact marketing consent text and version, server timestamp and server-selected form identifier, security hashes, current requested or suppression status, and later unsubscribe, complaint, or delivery events. Submitting an inquiry or widget message without that checked box authorizes the requested reply, not recurring marketing email.
Approved staff and partner accounts also generate authentication, MFA enrollment and recovery, session, role, alias or organization membership, failed-attempt, and audit records. Reef Warden email operations may process sender and recipient addresses, subject lines, message bodies, headers, delivery events, and attachment metadata. Attachments and raw email are not made available unless the applicable safety controls are operational.
We also collect limited technical and security information, which may include an IP-derived security hash, browser or device information, request time, requested page, and form anti-abuse signals. Do not submit passwords, authentication codes, payment details, government identifiers, health information, or other sensitive personal information through public forms.
How we use information
- Respond to questions, consultations, support tickets, and email correspondence.
- Review product, professional, equipment, integration, and partner applications.
- Provision and secure approved staff and partner accounts.
- Operate the opted-in partner directory and connect visitors with listed providers when that directory launches.
- Manage optional SMS opt-in requests and, only after verification and activation, provide recurring automated updates within the separate inquiry-specific or ticket-specific consent given.
- Manage optional recurring email-update requests and, only after activation with working unsubscribe controls, send the product, requested-availability, educational, partnership, and company-news categories disclosed at opt-in.
- Operate, secure, maintain, and improve the website and private portals.
- Detect spam, fraud, abuse, or security incidents and maintain operational, consent, suppression, audit, and legal records.
Service providers
We use service providers to operate the website and process submissions. Cloudflare may provide Workers infrastructure, D1 data storage, private R2 object storage, queues, and Turnstile abuse prevention. Resend may transmit email notifications and messages, receive inbound email when configured, and provide delivery events. These providers process information under their own contractual and legal obligations.
Cloudflare Turnstile may collect technical signals needed to determine whether a request is legitimate. We do not place advertising trackers in the current website build.
When we disclose information
We may disclose information to service providers working on our behalf; when required by law or valid legal process; when reasonably necessary to protect security, rights, or safety; or in connection with a financing, merger, acquisition, reorganization, or transfer of the business subject to applicable law.
We do not sell personal information. We do not sell, rent, or share mobile numbers, email addresses, SMS or email opt-in data, or consent records with third parties or affiliates for their own marketing.
Retention and security
We retain information only as long as reasonably necessary to respond to requests, operate support and partner relationships, manage correspondence, maintain consent, authentication, security, and audit records, resolve disputes, and meet legal obligations. The period varies according to the information and its purpose. Private message bodies or raw files may be subject to separate operational retention and deletion schedules.
We use reasonable administrative, technical, and organizational safeguards, including role restrictions, MFA, password hashing, rate limits, private storage, session revocation, and audit records for applicable private portals. No transmission or storage system can be guaranteed completely secure.
Your choices
You may ask to access, correct, or delete information you submitted, or withdraw a communication preference, by contacting us through the website. Applicable law may provide additional rights, and we may need to verify a request before acting.
When recurring email updates are active, each marketing message will provide an unsubscribe method. Unsubscribing does not prevent an operational response to a separate request you submit. SMS-specific choices are described in our SMS Privacy Policy.
Children, links, and international processing
The website is not directed to children under 13, and we do not knowingly collect their personal information. Third-party links and manufacturers have their own privacy practices. Service providers may process information in countries other than your own, subject to protections required by applicable law.
Changes and contact
We may update this policy as the website and Reef Warden services evolve. We will post the revised policy with a new effective date and provide additional notice where required.
For privacy questions or requests, use the Reef Warden contact form.