Privacy Policy
Effective Date: March 3, 2026
1. Introduction
This Privacy Policy describes how Engular LLC ("Company," "we," "us," or "our") collects, uses, and protects your information when you use the SupplierScore platform (the "Service"). We act as a data processor on behalf of our customers (the data controllers) with respect to supplier quality data stored in the Service.
By using the Service, you consent to the practices described in this policy.
2. Information We Collect
Account Information
When you register, we collect your first name, last name, email address, and organization name. We also store an encrypted version of your password.
Organization & Supplier Data
Customers enter and manage supplier quality data through the Service, including supplier records, NCRs, CAPAs, scorecards, evaluations, communications, documents, and notes. This data is owned by the customer and processed by us solely to provide the Service.
Usage Data
We collect information about how you interact with the Service, including pages visited, features used, and actions taken. This data is used to improve the Service and is not shared with third parties for advertising purposes.
Server Logs
Our servers automatically record information including your IP address, browser type, operating system, referring URLs, and timestamps. This data is retained for security monitoring and debugging purposes.
Payment Information
Payment processing is handled entirely by Stripe. We do not store credit card numbers, bank account details, or other sensitive payment information on our servers. We receive only a tokenized reference and basic transaction details (plan type, billing status) from Stripe.
3. How We Use Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Process subscriptions and manage billing
- Send transactional emails (account confirmation, password resets, subscription notifications)
- Monitor for security threats and unauthorized access
- Respond to support requests
- Enforce our Terms of Service
We do not sell, rent, or share your personal information with third parties for marketing purposes.
4. Third-Party Service Providers
We use the following third-party services to operate the platform:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Email, organization name, billing details |
| Postmark | Transactional email delivery | Email address, email content |
| Hosting provider | Infrastructure and data storage | All Service data (encrypted at rest) |
Each provider is bound by data processing agreements and is prohibited from using your data for their own purposes.
5. Data Retention
We retain your account data for as long as your account is active. After account termination, we retain your data for 30 days to allow for data export, after which it is permanently deleted. Server logs and usage data are retained for up to 90 days.
6. Data Security
We implement industry-standard security measures to protect your data, including:
- Encryption in transit: All data transmitted between your browser and our servers is encrypted via TLS (HTTPS)
- Multi-tenant isolation: Each organization's data is logically isolated using application-level tenant scoping (acts_as_tenant), preventing cross-organization data access
- Password security: User passwords are hashed using bcrypt with appropriate cost factors
- Access controls: Role-based access control (admin/member) restricts sensitive operations
7. Your Rights
You have the right to:
- Access your personal data stored in the Service
- Correct inaccurate or incomplete personal data
- Delete your account and associated data
- Export your data via the CSV and PDF export features built into the Service
- Object to processing of your personal data in certain circumstances
To exercise these rights, contact us at privacy@supplierscore.com. We will respond within 30 days.
8. Cookies
The Service uses session cookies only to maintain your authenticated session. We do not use third-party tracking cookies, advertising cookies, or analytics cookies. No data is shared with advertising networks.
9. Children's Privacy
The Service is not directed to children under 16 years of age. We do not knowingly collect personal information from children. If we discover that a child under 16 has provided us with personal information, we will delete it promptly.
10. International Data Transfers
The Service is hosted in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States. We implement appropriate safeguards for international transfers as described in our Data Processing Agreement.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 30 days before the changes take effect. The "Effective Date" at the top of this page indicates when the policy was last revised.
12. Contact
If you have questions about this Privacy Policy or our data practices, please contact us at:
Engular LLC
Email: privacy@supplierscore.com