Privacy Policy

We collect only what we need to run the platform:

• Account data — your name, email address, and company name when you register. Authentication is handled by Clerk; we never store your password directly.
• Search & usage data — the queries you run, products and supplier profiles you view, and filters you apply. This helps us improve relevance and catch data quality issues.
• Supplier data — if you are a supplier, the catalog feed, pricing, stock levels, and company details you submit or authorise us to ingest.
• Technical data — IP address, browser type, and session identifiers, collected automatically to secure the platform and diagnose errors.

We do not collect payment card details. Billing, where applicable, is handled by a PCI-compliant third-party processor.

• To provide and operate the platform — search, supplier profiles, product listings.
• To verify supplier credentials and maintain data accuracy.
• To send transactional emails (account confirmation, password reset, feed sync alerts).
• To analyse aggregate usage patterns and improve the product. We use anonymised or pseudonymised data for this purpose wherever possible.
• To comply with legal obligations and protect against fraud or abuse.

We do not sell your data. We do not use your data to serve third-party advertising.

We use a minimal set of cookies:

• Session cookies — required for authentication. Deleted when you close your browser.
• Preference cookies — remember UI settings (e.g. sort order). Expire after 30 days.
• Analytics cookies — privacy-respecting, first-party analytics to understand which features are used. No fingerprinting or cross-site tracking.

You can disable cookies in your browser settings. Session cookies are required to log in; disabling them means you can browse as a guest only.

We share data only in these limited circumstances:

• Service providers — authentication (Clerk), hosting, and email delivery. These providers process data on our behalf under strict data processing agreements.
• Suppliers you contact — when you initiate contact via the platform, your name and email are shared with that supplier so they can respond to you.
• Legal requirements — we will disclose data if required by law or to protect the rights, property, or safety of our users or the public.

We retain account data for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where we are required to keep it for legal compliance (e.g. financial records).

Anonymised usage data may be retained indefinitely for product analytics.

If you are based in the EEA or UK, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate data.
• Erasure — request deletion of your data (“right to be forgotten”).
• Portability — receive your data in a machine-readable format.
• Objection — object to processing based on legitimate interests.
• Restriction — ask us to limit processing in certain circumstances.

To exercise any of these rights, email us at privacy@supplierhub.io. We will respond within 30 days.

All data is transmitted over HTTPS. Database access is restricted to authenticated internal services. We conduct periodic security reviews and address vulnerabilities promptly. No system is 100% secure — please use a strong, unique password and enable two-factor authentication where available.

We may update this policy as the platform evolves. We will notify registered users by email for material changes and update the “Last updated” date above. Continued use after notification constitutes acceptance.

Questions about this policy? privacy@supplierhub.io