OWASP · TDPSA · GDPR Compliant

Privacy Policy

Last Updated: February 20, 2026

This policy applies to <strong>AquaShield Restoration USA</strong> and its website at aquashieldrestorationusa.com. It complies with the Texas Data Privacy and Security Act (TDPSA), effective 2024.

<strong>AquaShield Restoration USA</strong> ("we," "our," or "us") is a licensed restoration contractor based in Houston, Texas. We take your privacy seriously. This Privacy Policy explains what personal information we collect through our website, why we collect it, who we share it with, and the rights you have under applicable law — including the Texas Data Privacy and Security Act (TDPSA).

1. Categories of Personal Data We Collect

We collect the following categories of personal data when you use our Contact Support form, Free Inspection form, or interact with our website:

Category Data Elements Source
Identifiers First name, last name, email address, phone number You (form submission)
Property Data Property address, city, state, zip code, country You (inspection form)
Insurance Information Whether the property has active insurance (yes/no only — no policy numbers) You (inspection form)
Communications Message content, subject/service type, SMS consent preference You (form submission)
Technical / Internet Activity IP address, browser User-Agent string, form submission timestamp, spam score (internal) Automatically collected
Website Interaction Pages visited, session duration, referral source (via Google Analytics 4 if enabled) Automatically collected

⚠ We do NOT collect sensitive personal data

We do not collect health data, biometric data, racial or ethnic origin, religious beliefs, sexual orientation, citizenship status, genetic data, or precise geolocation beyond property address. No special category data under TDPSA or GDPR is collected.

2. Why We Collect This Data (Purpose of Processing)

We process your personal data only for the following purposes:

  • Scheduling free inspections — To contact you and schedule a property assessment at your request.
  • Responding to support inquiries — To answer your questions about our services, insurance claims, or restoration projects.
  • SMS communications — Only if you explicitly opt in. Used to send appointment reminders and status updates.
  • Fraud and spam prevention — IP addresses and User-Agent strings are used to detect bots and prevent abuse (legitimate interest).
  • Website analytics — Aggregate, anonymized data via Google Analytics 4 to improve our website performance.
  • Legal compliance — To meet our obligations under Texas law, TDPSA, and any applicable regulatory requirements.

Legal basis (TDPSA/GDPR): Primarily contract performance (responding to your service request) and legitimate interest (fraud prevention, security). Consent is obtained for SMS notifications and optional analytics.

3. Third Parties We Share Data With

We do not sell your personal data. We share data only with the following service providers (processors) who act on our behalf and are contractually required to protect it:

Provider Service Data Shared Privacy Policy
Supabase, Inc. Database & backend (PostgreSQL, hosted on AWS us-east-1) All form submission data supabase.com/privacy
Cloudflare, Inc. CDN, DDoS protection, and Turnstile CAPTCHA verification IP address, CAPTCHA challenge response cloudflare.com/privacypolicy
Resend / SendGrid Transactional email delivery (admin notifications) Name, email, message content (admin copy only) See provider's policy
Google Analytics 4 Website analytics (if enabled) Anonymized IP, pages visited, session data policies.google.com/privacy
Insurance Adjusters / Sub-contractors Service delivery (only when authorized by you) Name, phone, property address, insurance status Shared only under NDA / authorization

We do not share your data with data brokers, advertising networks, or third-party marketers. We do not sell, rent, or trade your personal information.

4. Data Retention

We retain your personal data only as long as necessary for the purposes described above:

  • Contact & Appointment records: 3 years from last interaction, then securely deleted.
  • Spam/rate-limiting logs (IP addresses): 90 days, then automatically purged.
  • Email records: 2 years (in our email system), aligned with transactional record requirements.
  • Analytics data (Google Analytics 4): 14 months (Google's default retention).
  • Legal obligations: If required by Texas law or a legal proceeding, records may be retained longer.

You may request early deletion of your data at any time. See Section 5 for instructions.

5. Your Privacy Rights (TDPSA)

Under the Texas Data Privacy and Security Act (TDPSA), Texas residents have the following rights. We will respond to all verified requests within 45 days (extendable by 45 days with notice):

👁️

Right to Access

Request a copy of the personal data we hold about you, in a portable, machine-readable format (CSV/JSON).

✏️

Right to Correction

Request correction of inaccurate personal data we maintain about you.

🗑️

Right to Deletion

Request that we delete your personal data, subject to legal retention obligations.

📦

Right to Portability

Receive your data in a structured, commonly used format (CSV or JSON).

🚫

Right to Opt-Out

Opt out of the sale or sharing of personal data for targeted advertising (we do not sell data, but you may still submit this request).

⚖️

Right to Appeal

If we deny your request, you may appeal. If still denied, you may file a complaint with the Texas Attorney General.

📋 How to Submit a Request

Submit your Data Subject Access Request (DSAR) via any of these methods:

Online Request Form Email: privacy@aquashieldrestorationusa.com

We respond within 45 days · Free of charge · Identity verification required

6. Do Not Sell My Personal Information

🛡️

NOTICE: We Do Not Sell Your Personal Data

$AquaShield Restoration USA does not sell, trade, or share your personal information with third-party advertisers, data brokers, or marketers for monetary or other valuable consideration.

As required by the Texas Data Privacy and Security Act (TDPSA), we also recognize and honor the Global Privacy Control (GPC) browser signal. If your browser sends a Sec-GPC: 1 header, our server automatically acknowledges it.

You still have the right to formally opt out of data sharing for targeted advertising purposes. To exercise this right:

7. Security Safeguards

We implement the following technical and organizational security measures, aligned with OWASP Top 10 2025:

  • TLS/HTTPS: All data in transit is encrypted using TLS 1.3.
  • Database encryption: All data at rest is encrypted by Supabase (AES-256 on AWS).
  • CAPTCHA: Cloudflare Turnstile protects all public forms against bot submissions.
  • Anti-spam: Multi-layer spam detection (honeypot, content analysis, rate limiting, User-Agent detection) on every form submission.
  • HTTP Security Headers: Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, HSTS, Permissions-Policy deployed on every response.
  • Input validation: All form data is validated with strict Zod schemas server-side before any database operation.
  • Rate limiting: Maximum 3 form submissions per IP per hour, enforced server-side.
  • Access control: Database access uses a service role key stored server-side only, never exposed to the client.

Despite these measures, no system is 100% secure. In the event of a data breach affecting your rights, we will notify you as required by Texas law.

8. Cookies & Tracking

Our website uses cookies and similar tracking technologies. Our Cookie Policy provides full details. Summary:

  • Strictly necessary: Session and security cookies required for the site to function. No consent required.
  • Analytics: Google Analytics 4 cookies (if you consent). IP anonymization is enabled. You may opt out via your browser or the Cookie Settings page.
  • No advertising cookies: We do not use third-party advertising or tracking cookies.

9. Contact & How to File a Complaint

If you have questions about this Privacy Policy, wish to exercise your rights, or want to report a concern:

AquaShield Restoration USA

Address

3733 Westheimer Rd. Ste 1-4583, Houston, TX 77027

If you are a Texas resident and believe we have not adequately responded to your privacy request, you may file a complaint with the Office of the Texas Attorney General.

This Privacy Policy was last updated on February 20, 2026. We reserve the right to update this policy periodically. Material changes will be posted on this page with an updated "Last Updated" date. Continued use of our website after changes constitutes acceptance of the updated policy.