🔒 Legal Document

Privacy Policy

How WaterMan collects, uses, and protects your personal data and IoT device telemetry.

📅 Effective: 1 March 2026 🔄 Version 1.0
ℹ️

Summary

We collect account credentials, device telemetry (sensor readings, water levels, motor status), and usage logs to operate the WMS platform. We do not sell your data. Device data is stored securely and retained only as long as necessary.

1 Overview

This Privacy Policy describes how Team WaterMan ("we", "us", "our") operating the WMS Device Portal at wmsdevice.dpdns.org collects, uses, and safeguards information when you use our IoT water management platform.

By registering an account or connecting a device, you agree to the practices described here. If you do not agree, please discontinue use and contact us to delete your data.

2 Data We Collect

👤

Account Information

  • · Username and display name
  • · Email address and mobile number
  • · Hashed password (bcrypt — we never store plaintext)
  • · Device PIN (hashed)
  • · Account creation timestamp and verification status
🖥

Session & Access Logs

  • · IP address at login
  • · Browser user-agent string
  • · Login and session expiry timestamps
  • · Session identifier (hashed secret)

3 IoT Device Data

When your hardware devices communicate with our platform, the following telemetry is collected:

💧

Water Levels

Tank percentage, litres, fill/drain events

🌡️

Sensor Readings

Temperature, light level, and custom sensor params

⚙️

Motor Status

On/off state and last command timestamps

📡

Node Identity

MAC address, chip ID, firmware version, IP

🔑

API Keys

Device secret keys for authenticated requests

📋

OTA Logs

Firmware update checks and download records

Aggregated sensor logs: Raw readings are progressively aggregated into 5-minute, 30-minute, 60-minute, and daily summaries to reduce storage while preserving historical trends.

4 How We Use Your Data

1

Platform operation

Authenticating users, routing device commands, displaying dashboards and sensor graphs.

2

Alert notifications

Generating warnings and critical alerts when sensor thresholds are breached; delivering them via the portal and Telegram.

3

Device management

Processing OTA firmware updates, rate limiting API requests, and maintaining trusted node lists.

4

Security & integrity

Detecting abnormal login patterns, verifying MAC address trust levels, and logging access events.

5

Service improvement

Analysing aggregated, anonymised usage patterns to improve performance and reliability.

5 Data Sharing & Third Parties

We do not sell, rent, or trade your personal data or device telemetry. Limited sharing occurs only in these circumstances:

📨

Telegram Bot

Alert messages are forwarded to your linked Telegram chat ID via the Telegram Bot API. Only alert content is transmitted — no account credentials or full sensor history.

⚖️

Legal Requirement

We may disclose data if required by applicable law, court order, or governmental authority, and only to the extent strictly necessary.

6 Data Retention

Data Type Retention
Account data Until account deletion request
Session / login logs Rolling 90 days
Raw sensor readings Aggregated after 24 hours; raw purged
5-min aggregates 30 days
60-min aggregates 6 months
Daily aggregates Indefinite (core history)
OTA / update logs 90 days
Alerts Until acknowledged + 30 days

7 Security Measures

🔐

Bcrypt passwords

All passwords hashed with bcrypt before storage.

🔑

API key auth

Devices authenticate via unique per-device API keys.

📡

MAC trust verification

Node MAC addresses are locked and verified on each connection.

⏱️

Rate limiting

Per-device and per-endpoint rate limits prevent abuse.

🔒

HTTPS only

All web traffic is served exclusively over TLS.

📝

Audit logging

Login events, OTA actions, and updates are logged.

No system is completely secure. In the event of a data breach affecting your personal information, we will notify affected users promptly and take immediate remediation steps.

8 Your Rights

Access: Request a copy of all personal data we hold about you.
Correction: Update inaccurate account details via your Profile page at any time.
Deletion: Request full account and device data deletion. Use the Danger Zone in your Profile, or contact us directly.
Portability: Request your sensor history exported in CSV format.
Restriction: Request we limit processing of your data while a dispute is resolved.

9 Cookies & Sessions

We use only strictly necessary cookies — no advertising or analytics trackers.

PHPSESSID PHP session identifier — expires on browser close
wms_auth Remember-me token — 30-day persistent login
dark_mode UI theme preference — no expiry

You can clear cookies at any time via your browser settings. Doing so will log you out.

10 Children's Privacy

The WMS Device Portal is intended for use by individuals aged 13 and above. We do not knowingly collect personal data from children under 13. If you believe a child has registered, please contact us immediately and we will delete the account.

11 Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. Significant changes will be communicated via an in-app alert. Continued use of the platform after changes constitutes acceptance.

12 Contact Us

For privacy-related requests, questions, or to exercise your rights, reach us at:

privacy@wmsdevice.dpdns.org
🌐 wmsdevice.dpdns.org
📍 India

We aim to respond to all privacy requests within 72 hours.

↑ Back to top