Homepage

Command Center — Privacy Policy

Effective: April 11, 2026 · Version 2026-04-11

1. Who we are

This Privacy Policy describes how Ice Water LLC, an Illinois limited liability company doing business as Command Center ("Command Center," "we," "us," or "our"), collects, uses, and shares information when you use the Command Center platform (the "Service"). This Privacy Policy is incorporated into the Terms of Service by reference.

2. What we collect

We intentionally collect as little personal information as the Service requires to function. The categories below are the complete list; we do not maintain tracking pixels, advertising identifiers, or behavioral profiles.

2.1 Account information

  • full name,
  • email address,
  • username (if you provide one),
  • an avatar URL you choose,
  • the online/offline status indicator used by the Service,
  • account creation and last-update timestamps.

Authentication credentials (passwords, passkeys, OAuth tokens) are held by our authentication provider, Better Auth. Command Center does not see or store your password in plaintext.

2.2 Project information

  • project name, site URL, and site login URL (if provided),
  • site type (WordPress, Shopify, etc.),
  • contact email and phone associated with the project,
  • mailing address (city, state, ZIP, street address),
  • a logo URL.

Note: we do not store project-level billing addresses inside the Command Center database. Billing addresses are held by Stripe in connection with the payment method used.

2.3 Ticket and support interactions

  • ticket titles, descriptions, status, priority, due dates, and any free-form text you write into a ticket conversation,
  • time logs (duration and notes associated with work performed against a ticket),
  • estimates and estimate approvals,
  • any files, screenshots, or other attachments you upload.

Please do not paste long-lived credentials, API keys, or other secrets into ticket conversations. See Section 7 of the Terms of Service.

2.4 Billing metadata

  • a Stripe customer identifier linking your project to your Stripe record,
  • purchase records (package name, date, amount, applicable hours granted),
  • an append-only ledger of every hour grant and debit tied to your project, maintained for audit and reconciliation purposes.

We do not store your full card number, card verification value (CVC), or bank account number. Those values are handled exclusively by Stripe.

2.5 Automatically collected

  • server-side access logs (IP address, timestamp, request path, user agent) generated by our hosting provider (Vercel) and retained per that provider's default retention policy,
  • session tokens issued by Better Auth at sign-in,
  • audit log entries for sensitive administrative actions (incident resolution, manual ledger adjustments, hour conversions, ticket estimate transitions).

3. How we use information

We use the information described above only to:

  • provide, maintain, and support the Service;
  • authenticate users and prevent unauthorized access;
  • process payments, track hour balances, and reconcile billing records;
  • deliver support tickets and communicate with you about your account, projects, and tickets;
  • send transactional notifications (for example, ticket updates or payment receipts);
  • investigate and prevent fraud, abuse, or violations of the Terms of Service;
  • comply with legal obligations and respond to lawful requests from authorities;
  • with your affirmative, opt-in consent only, feature your project logo or name in marketing materials or case studies (see Section 6 below).

We do not use Customer Data to train machine-learning models, build user profiles for advertising, or sell information to third parties.

4. How we share information

We share information only in the narrow circumstances below.

4.1 With contractors performing support work

Command Center may subcontract delivery of specific support tickets to independent contractors. Those contractors see only the information needed to perform the ticket they are assigned to, and they are bound by confidentiality obligations. They never see billing details, payment methods, or data from projects they are not assigned to.

4.2 With subprocessors

We use the following subprocessors to run the Service:

  • Stripe, Inc. — payment processing. Stripe receives billing contact information and payment method details directly from you through their hosted checkout flow. Stripe's privacy practices are governed by Stripe's privacy policy.
  • Neon, Inc. — database hosting. Neon stores the Command Center database (account, project, ticket, time-log, and ledger data) in its managed Postgres infrastructure.
  • Vercel, Inc. — application hosting and serverless execution. Vercel sees request logs and executes Command Center's code on its edge network.
  • Better Auth — authentication provider. Better Auth manages user credentials, session tokens, and password reset flows.
  • Discord, Inc. — transactional webhook notifications. Command Center posts billing and ticket notifications to team Discord channels. Only information included in the notification payload is shared with Discord.

This list is current as of the effective date above. We will update it when we add, remove, or change a subprocessor.

4.3 For legal reasons

We may disclose information if we believe in good faith that disclosure is required to comply with a law, regulation, legal process, or governmental request, to enforce our Terms of Service, to detect or prevent fraud or security issues, or to protect the rights, property, or safety of Command Center, our users, or others.

4.4 In a business transition

If Ice Water LLC is involved in a merger, acquisition, financing, reorganization, or sale of assets, Customer Data may be transferred as part of that transaction. We will notify users via the Service or by email before any such transfer takes effect, and the recipient will be bound by terms at least as protective as these.

5. Data retention

We retain account data, project data, tickets, time logs, and ledger records for as long as your account is active and for as long as necessary afterwards to satisfy legal, accounting, and audit obligations. Audit log entries and billing ledger entries are append-only and are retained for at least seven (7) years after they are created.

You may request deletion of your account and associated personal information under Section 8. Note that we may retain anonymized or aggregated data, and records we are legally required to keep, after a deletion request is processed.

6. Marketing opt-in

If, and only if, you affirmatively opt in during onboarding or in your account settings, Command Center may use your project name, logo, and a brief description of the work we performed in marketing materials, case studies, or testimonials. You can withdraw marketing consent at any time by contacting us; we will stop using those materials in new marketing within a reasonable period, though we are not obligated to remove already-distributed copies (for example, printed collateral or archived posts).

7. Security

We use commercially reasonable administrative, technical, and physical safeguards designed to protect Customer Data, including TLS encryption in transit, access controls on sensitive endpoints, database row-level locks on financial mutations, an append-only audit log, and regular review of access permissions. No system is perfectly secure, however, and we cannot guarantee the security of information transmitted to or from the Service.

If you believe your account has been compromised, contact us immediately at the address in Section 11.

8. Your rights

Depending on where you live, you may have the following rights regarding your personal information:

  • the right to know what personal information we hold about you;
  • the right to request correction of inaccurate information;
  • the right to request deletion, subject to the retention limits in Section 5 and any legal hold we are under;
  • the right to withdraw marketing consent under Section 6;
  • the right to opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising. Command Center does not sell or share personal information in this sense.

To exercise any of these rights, contact us at the address in Section 11. We will verify your identity before acting on a request. We will respond within the timeframe required by applicable law.

9. Children

The Service is not directed to children under 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18 without verified parental consent, we will delete it.

10. International users

Command Center is operated from the United States. If you access the Service from outside the United States, you acknowledge that your information will be transferred to, stored, and processed in the United States and in any other country where our subprocessors operate. Data protection laws in those countries may be different from the laws of your country.

11. Contact

To exercise any right described in this Privacy Policy, to report a security concern, or to ask a privacy question, contact:

Ice Water LLC
d/b/a Command Center
Attn: Privacy
[Mailing address — update before go-live]
Email: [privacy@ — update before go-live]

12. Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page and notify affected users through the Service or by email. Your continued use of the Service after a change becomes effective constitutes acceptance of the revised Policy.