Return to Home
    IronStamp

    /// LEGAL DOCUMENTATION ///

    Privacy Policy

    Last updated: July 17, 2025

    IronStamp ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SaaS platform, IronStamp, and related services. IronStamp is registered in Massachusetts and complies with applicable state and federal privacy laws.

    01 Information We Collect

    We collect the following types of information:

    A. Account and Profile Information

    • Name, email address, and password (for account creation and authentication)
    • Company name, license number, business address, phone number, business email, team size, business focus
    • Notification preferences and designated notification email addresses

    B. Team and Employee Information

    • Team member names, email addresses, and roles
    • Employee names and email addresses (for certification tracking)

    C. Certification and Document Data

    • Certification names, numbers, issue and expiration dates
    • Uploaded files (PDFs, images, documents) and associated metadata (file name, size, type)

    D. Technical and Usage Data

    • IP address (for security and rate limiting)
    • Device/browser information (for troubleshooting and security)
    • Session data (cookies or localStorage used for authentication)

    E. Communications

    • Emails, reminders, and notifications sent to you or your team

    We do NOT knowingly collect information from children under 13.

    02 How We Use Your Information

    We use your information to:

    • Create and manage your account
    • Authenticate users and teams
    • Onboard users and organizations
    • Track certifications and compliance
    • Generate and store documents
    • Send notifications and reminders
    • Provide customer support
    • Improve and secure our services
    • Comply with legal obligations

    02A Legal Basis (EEA Users)

    If you are located in the European Economic Area (EEA), we process your personal information on the following legal bases:

    Consent

    For marketing communications

    Contract

    To deliver IronStamp services

    Legitimate Interest

    Product improvement, fraud prevention

    Legal Obligation

    Tax and regulatory compliance

    03 How We Share Your Information

    We do NOT sell your personal information.

    We may share it with:

    Service Providers

    Including Supabase (database, auth, storage), Resend (email delivery), Stripe (billing), and other subprocessors strictly required to operate IronStamp.

    Legal Authorities

    When required to comply with legal obligations, court orders, or government requests.

    Business Transfers

    In the event of a merger, acquisition, restructuring, or sale of all or part of our assets.

    04 Cookies & Tracking

    We use cookies and localStorage to:

    • Maintain your authentication session
    • Store user preferences

    We do NOT use third-party advertising or analytics cookies.

    05 Data Security

    We implement technical and organizational safeguards:

    🔐

    AES-256 encryption in transit and at rest

    👤

    Role-based access controls

    📊

    Regular monitoring and backups

    As required by Massachusetts law (201 CMR 17.00), we maintain a Written Information Security Program (WISP) to safeguard personal information of Massachusetts residents.

    06 Data Retention

    We retain your information as long as your account is active or as needed to deliver our services. You may:

    • Close your account at any time
    • Request deletion of your personal data

    07 Your Rights

    You have the right to:

    Access
    Correct
    Delete
    Export
    Opt-out

    To exercise your rights, contact us at the address below.

    08 Children's Privacy

    IronStamp is not intended for children under 13. We do not knowingly collect data from individuals under 13 years of age. If we become aware that such data has been collected, we will delete it promptly.

    09 Policy Changes

    We may update this Privacy Policy from time to time. Material changes will be posted on our website, and the "Last updated" date above will be revised. We encourage you to review this policy regularly.

    10 International Transfers

    If you use IronStamp from outside the United States, your information may be transferred to and processed in the U.S. We take steps to ensure appropriate safeguards are in place for such transfers in accordance with applicable law.

    11 California Residents (CCPA)

    If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA):

    • Right to know what data we collect
    • Right to request deletion
    • Right to opt out of data sale (we do not sell data)

    12 Contact Us

    IronStamp Privacy Team

    IronStamp®

    📧 ironstamp.team@gmail.com

    Back to IronStamp