Privacy Policy

Information you provide directly:

• Account registration data: name, email address, password (hashed)
• Business information: company name, address, phone, website
• RFQ content: project descriptions, uploaded documents, contact details
• Quote submissions: pricing estimates, scope notes, assumptions
• Payment information: processed by Stripe (we do not store card data)
• Profile data: capabilities, certifications, software tools, project history

Information collected automatically:

• IP address and approximate geographic location
• Browser type, operating system, and device information
• Pages visited, search queries, and usage patterns
• Session identifiers and authentication tokens
• Log data including access times and referring URLs

We use collected information to:

• Operate, maintain, and improve the Platform
• Match customers with qualified engineering service providers
• Process RFQ submissions and dispatch to matched providers
• Facilitate payment processing and subscription management
• Send transactional emails (RFQ notifications, quote alerts, receipts)
• Generate AI-powered embeddings for provider search and matching
• Enforce rate limits and prevent abuse
• Comply with legal obligations and resolve disputes
• Analyze usage patterns to improve search quality and user experience

We do not sell your personal information to third parties. We do not use your data for advertising targeting outside the Platform.

We share information only in these circumstances:

• With matched providers: Teaser RFQ details (no contact info until acceptance)
• With selected providers: Customer contact info only after quote acceptance
• With payment processors: Stripe handles payment data per their privacy policy
• With document signing services: Signwell receives NDA documents for electronic signing
• With cloud storage: AWS S3 stores uploaded documents and signed NDAs
• With AI providers: OpenAI or Anthropic process queries for intent extraction (no PII sent)
• Legal requirements: When required by law, court order, or to protect our rights

We use the following cookies and storage mechanisms:

We do not use third-party advertising cookies. We do not use cross-site tracking pixels. Essential authentication cookies cannot be disabled while using the Platform.

We implement industry-standard security measures including:

• Passwords hashed with bcrypt (never stored in plaintext)
• JWT tokens with short expiration (15 minutes) and secure rotation
• HTTPS/TLS encryption for all data in transit
• AWS S3 server-side encryption for files at rest
• Database encrypted at rest on Render managed PostgreSQL
• Rate limiting and abuse prevention on all API endpoints
• Webhook signature verification for all payment and signing events

No system is perfectly secure. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

• Account data retained while your account is active
• RFQ and quote data retained for 3 years for dispute resolution
• Payment records retained for 7 years per financial regulations
• Signed NDAs and audit trails retained for 7 years
• Search logs retained for 90 days for abuse prevention
• Inactive accounts may be deleted after 2 years of inactivity with notice

You have the right to:

• Access: Request a copy of your personal data we hold
• Correction: Update inaccurate or incomplete information via your profile
• Deletion: Request deletion of your account and associated data (subject to retention requirements)
• Portability: Request export of your data in a machine-readable format
• Opt-out: Unsubscribe from non-transactional communications at any time

To exercise these rights, contact us at privacy@promechdirectory.com. We will respond within 30 days. Some requests may be subject to legal retention obligations.

Our Platform integrates with these third-party services, each governed by their own privacy policies:

For privacy questions or data requests, contact our Privacy Team:

This Privacy Policy applies to ProMechDirectory services. By using the Platform you acknowledge you have read and understood this policy.