OutpostGet Started

Privacy Policy

Last updated · April 30, 2026

Effective Date: April 30, 2026 Last Updated: April 30, 2026 Version: 1.1

This Privacy Policy describes how Grizzly Tec, LLC ("Grizzly Tec," "we," "us," or "our") collects, uses, shares, and protects information in connection with LoxPilot, our remote support membership service for Loxone smart home system owners, accessible at loxpilot.com (the "Service").

This Privacy Policy applies only to the LoxPilot Service. For information about how we handle data on grizzlytec.com (our marketing site) or in connection with our integration and installation services, please see our Grizzly Tec Privacy Policy.

By using LoxPilot, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

1.1 Information You Provide Directly

  • Account information: name, email address, phone number, billing address, password, and Loxone system identifier(s).
  • Payment information: processed by Stripe; we do not store full credit card numbers on our systems.
  • Conversations with Grixx: the questions you ask, the responses generated, and the conversation context.
  • Support tickets and attachments: descriptions of issues, photos, screenshots, configuration files, log files, and other materials you upload through the LoxPilot customer portal.
  • Booking information: when you schedule a human support session, your name, email, and the session topic are collected by our booking tool.
  • Survey and feedback responses.

1.2 Information from Your Loxone System

When you authorize remote access to your Loxone Miniserver, we may collect:

  • System configuration and structure files;
  • Device status and event logs;
  • Diagnostic data necessary to identify and resolve issues;
  • Firmware and software version information.

We do not access camera feeds, audio recordings, intercom recordings, or other sensitive media stored locally on your system, except where you specifically request troubleshooting of a media-related feature and grant temporary access for that purpose.

1.3 Information We Collect Automatically

  • Usage data: pages visited, features used, session duration, click patterns, and similar Service interaction data.
  • Device and connection data: IP address, browser type, operating system, device identifiers, and approximate location (derived from IP).
  • Cookies and similar technologies: see Section 6.

1.4 Information from Third Parties

  • Stripe: billing and payment confirmation data.
  • Loxone Cloud (when applicable): authentication tokens and remote access credentials you authorize.
  • Cal.com: booking confirmations and scheduling data when you book a human support session.
  • Referral sources: if you reach LoxPilot through a referral, we may receive the referrer's identity.

2. How We Use Information

We use the information we collect to:

  • Provide the Service: authenticate your account, deliver Grixx responses, route support requests, and access your Loxone system to deliver authorized support;
  • Process payments: through Stripe;
  • Schedule and deliver human support sessions: through Cal.com and Google Calendar;
  • Communicate with you: account confirmations, billing notices, support replies (delivered through the LoxPilot portal), security alerts, renewal reminders, and (with your consent) marketing communications;
  • Improve the Service: analyze usage patterns and Grixx conversation quality in aggregated and anonymized form to improve features, accuracy, and performance;
  • Ensure security and prevent abuse: detect fraud, enforce our Terms, and protect against unauthorized access;
  • Comply with legal obligations: respond to lawful requests, enforce contracts, and meet regulatory requirements.

We do not use your personal information for any purpose materially different from what is described above without notifying you and, where required, obtaining your consent.

3. AI Processing (Grixx)

LoxPilot uses an AI assistant called Grixx, which is built on top of Anthropic's Claude API.

When you interact with Grixx:

  • Your messages and conversation context are sent to Anthropic's API to generate a response;
  • Anthropic processes the data solely to return a response and does not use your conversations to train its models under our agreement with them;
  • Anthropic may retain API request data for a limited period for abuse monitoring purposes, after which it is deleted in accordance with Anthropic's data retention policies (see Anthropic's privacy practices);
  • We retain conversation history in our own systems to deliver continuity of service, support quality assurance, and provide your conversation history within your account.

We use anonymized and aggregated patterns from Grixx conversations to improve the Service (for example, identifying common issues, refining prompts, and detecting accuracy problems). This analysis does not identify individual customers.

4. Sub-Processors and Third-Party Service Providers

We use the following sub-processors to deliver LoxPilot. Each sub-processor receives only the data necessary to perform its function:

Sub-ProcessorPurposeData ReceivedLocation
AnthropicAI processing (Grixx)Conversation messages and contextUnited States
StripePayment processingPayment method, billing informationUnited States
SupabaseDatabase and authenticationAccount data, conversation history, ticket dataUnited States
VercelWeb hosting and edge delivery for loxpilot.comUsage and traffic dataUnited States
HostingerServer hosting for internal automation infrastructureOperational data including ticket references and customer identifiers passed through automation workflowsUnited States / European Union
Cal.comBooking and scheduling for human support sessionsName, email, session topic, scheduling preferencesUnited States
Google (Calendar)Calendar integration for human support sessions (synced from Cal.com)Booking event details: customer name, email, session topic, timeUnited States
TelegramInternal operational notifications to Grizzly Tec staff regarding customer activityCustomer name, ticket references, and brief activity descriptions sent to a private operations channelInternational (UAE / multiple)
Loxone CloudRemote system access (when authorized)Authentication tokens, system dataEuropean Union

This list may be updated as we add or change sub-processors. Material changes will be communicated through this Privacy Policy.

5. How We Share Information

We do not sell your personal information. We do not share your personal information with third parties for their own marketing or AI training purposes.

We share information only in these circumstances:

  • Sub-processors and service providers: as listed in Section 4, to operate the Service.
  • Legal compliance: when required by law, court order, subpoena, or government request, or when necessary to investigate suspected violations of our Terms or to protect rights, safety, or property.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of all or part of our business. We will notify you before your information is transferred and becomes subject to a different privacy policy.
  • With your consent: for any other purpose disclosed to you and to which you affirmatively consent.

6. Cookies and Tracking Technologies

LoxPilot uses cookies and similar technologies categorized as follows:

  • Essential cookies: required for authentication, session management, and core Service functionality. These cannot be disabled without breaking the Service.
  • Functional cookies: remember your preferences (e.g., theme, language).
  • Analytics cookies: measure how customers use LoxPilot to help us improve the Service. Data is aggregated.

We do not use advertising cookies or share data with advertising networks.

You may disable non-essential cookies through your browser settings. Disabling essential cookies will prevent LoxPilot from functioning correctly.

7. Data Retention

  • Active accounts: we retain your information for as long as your account is active.
  • After account termination: we retain your account data for 90 days, during which you may request reactivation or data export. After 90 days, your data is permanently deleted.
  • Legal retention: we retain billing records and other data required by law (typically 7 years for tax records) regardless of account status.
  • Anonymized and aggregated data: may be retained indefinitely as it no longer identifies you.

8. Data Security

We implement administrative, technical, and physical safeguards to protect your information, including:

  • Encryption in transit (TLS 1.2 or higher) for all data exchanged between you and our Service;
  • Encryption at rest for sensitive data stored in our database;
  • Access controls limiting employee and contractor access to personal data on a need-to-know basis;
  • Logging and monitoring of system access;
  • Regular review of our sub-processors' security practices.

No security system is impenetrable. While we work to protect your information, we cannot guarantee absolute security. If we become aware of a data breach affecting your personal information, we will notify you in accordance with applicable law.

9. Your Rights and Choices

9.1 Universal Rights (All Customers)

Regardless of where you live, you may:

  • Access: request a copy of the personal information we hold about you;
  • Correct: request that we correct inaccurate information;
  • Delete: request that we delete your personal information (subject to legal retention requirements);
  • Export: request a copy of your account data in a portable format;
  • Opt out of marketing: unsubscribe from marketing emails or reply STOP to marketing SMS;
  • Withdraw consent: where processing is based on your consent, you may withdraw it.

To exercise these rights, contact us at info@grizzlytec.com. We will respond within 30 days, or sooner where required by law.

9.2 California Residents (CCPA / CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act and California Privacy Rights Act:

  • Right to know what personal information we collect, use, and disclose;
  • Right to delete personal information;
  • Right to correct inaccurate information;
  • Right to opt out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising);
  • Right to limit the use and disclosure of sensitive personal information;
  • Right to non-discrimination for exercising your rights.

We have not sold personal information in the preceding 12 months and do not anticipate doing so. To exercise your California rights, contact info@grizzlytec.com. You may also designate an authorized agent to make a request on your behalf.

9.3 Texas Residents (TDPSA)

If you are a Texas resident, the Texas Data Privacy and Security Act provides the following rights:

  • Right to confirm whether we process your personal data and to access that data;
  • Right to correct inaccuracies;
  • Right to delete personal data;
  • Right to obtain a portable copy of your personal data;
  • Right to opt out of targeted advertising, sale of personal data, or profiling that produces legal or similarly significant effects (we do not engage in any of these activities).

To exercise your Texas rights, contact info@grizzlytec.com. You may appeal a denied request by replying to our response with the subject line "Privacy Appeal."

9.4 Other State Privacy Laws

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with comprehensive privacy laws have substantially similar rights to those described above. To exercise your rights, contact info@grizzlytec.com.

10. Children's Privacy

LoxPilot is not directed to children under 18, and we do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will delete it promptly. If you believe a child has provided us with personal information, please contact info@grizzlytec.com.

11. Geographic Scope

LoxPilot is offered only to customers located in the United States. We do not target or market the Service to customers in the European Union, the United Kingdom, or other jurisdictions outside the United States.

If you access LoxPilot from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country. By using the Service, you consent to this transfer.

12. SMS and Text Messaging

If you provide a phone number and consent to SMS communications, we may send you appointment confirmations, support notifications, and service updates by text message. Message frequency varies. Message and data rates may apply.

You may opt out of SMS messages at any time by replying STOP. For help, reply HELP or contact info@grizzlytec.com.

We do not sell, rent, share, or disclose mobile phone numbers or SMS consent to third parties or affiliates for marketing or promotional purposes.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email and post the updated Privacy Policy at loxpilot.com/privacy with an updated "Last Updated" date.

For changes that materially expand our use of your personal information beyond what is described here, we will obtain your consent before applying those changes to data we already hold.

14. Contact Us

Questions about this Privacy Policy or our data practices?

Grizzly Tec, LLC Attn: Privacy 1310 Rayford Park Rd, Suite 364 Spring, TX 77386 Email: info@grizzlytec.com Phone: (346) 220-2472

For privacy-specific requests, please use subject line: "LoxPilot Privacy Request" so we can route your message correctly.