Back to Home
    IronStampIronStamp

    Privacy Policy

    Last updated: July 17, 2025

    IronStamp ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SaaS platform, IronStamp, and related services. IronStamp is registered in Massachusetts and complies with applicable state and federal privacy laws.

    1. Information We Collect

    We collect the following types of information:

    A. Account and Profile Information

    • Name, email address, and password (for account creation and authentication)
    • Company name, license number, business address, phone number, business email, team size, business focus
    • Notification preferences and designated notification email addresses

    B. Team and Employee Information

    • Team member names, email addresses, and roles
    • Employee names and email addresses (for certification tracking)

    C. Certification and Document Data

    • Certification names, numbers, issue and expiration dates
    • Uploaded files (PDFs, images, documents) and associated metadata (file name, size, type)

    D. Technical and Usage Data

    • IP address (for security and rate limiting)
    • Device/browser information (for troubleshooting and security)
    • Session data (cookies or localStorage used for authentication)

    E. Communications

    • Emails, reminders, and notifications sent to you or your team

    We do not knowingly collect information from children under 13.

    2. How We Use Your Information

    We use your information to:

    • Create and manage your account
    • Authenticate users and teams
    • Onboard users and organizations
    • Track certifications, compliance, and team data
    • Generate and store documents (e.g., PDFs)
    • Send notifications and reminders (email, SMS)
    • Provide customer support
    • Improve and secure our services
    • Comply with legal obligations

    2A. Legal Basis for Processing (for EEA Users)

    If you are located in the European Economic Area (EEA), we process your personal information on the following legal bases:

    • Consent (e.g., for marketing communications)
    • Contractual necessity (e.g., to deliver IronStamp services)
    • Legitimate interests (e.g., product improvement, fraud prevention)
    • Legal obligation (e.g., tax and regulatory compliance)

    3. How We Share Your Information

    We do not sell your personal information.

    We may share it with:

    Service Providers:

    Including but not limited to Supabase (database, auth, storage), Resend (email delivery), Stripe (billing), and other subprocessors strictly required to operate IronStamp. All subprocessors are contractually obligated to protect your data and process it only on our instructions.

    Legal Authorities:

    When required to comply with legal obligations, court orders, or government requests.

    Business Transfers:

    In the event of a merger, acquisition, restructuring, or sale of all or part of our assets.

    4. Cookies and Tracking Technologies

    We use cookies and localStorage to:

    • Maintain your authentication session
    • Store user preferences

    We do not use third-party advertising or analytics cookies.

    5. Data Security

    We implement technical and organizational safeguards to protect your information, including:

    • Data encryption in transit and at rest (AES-256)
    • Role-based access controls and authentication
    • Regular monitoring and backups

    As required by Massachusetts law (201 CMR 17.00), we maintain a Written Information Security Program (WISP) to safeguard personal information of Massachusetts residents.

    6. Data Retention

    We retain your information as long as your account is active or as needed to deliver our services.

    You may:

    • Close your account at any time
    • Request deletion of your personal data by contacting us below

    7. Your Rights and Choices

    You have the right to:

    • Access and review your data
    • Correct inaccuracies
    • Delete your personal information
    • Export your data (PDF, CSV, ZIP)
    • Opt out of non-essential emails

    To exercise your rights, contact us at the address below.

    8. Children's Privacy

    IronStamp is not intended for children under 13. We do not knowingly collect data from individuals under 13 years of age. If we become aware that such data has been collected, we will delete it promptly.

    9. Changes to This Policy

    We may update this Privacy Policy from time to time. Material changes will be posted on our website, and the "Last updated" date above will be revised. We encourage you to review this policy regularly.

    10. International Data Transfers

    If you use IronStamp from outside the United States, your information may be transferred to and processed in the U.S. We take steps to ensure appropriate safeguards are in place for such transfers in accordance with applicable law.

    11. Notice for California Residents (CCPA)

    If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including:

    • Right to know what data we collect
    • Right to request deletion
    • Right to opt out of the sale of personal data (we do not sell data)

    You can exercise these rights by contacting us below.

    12. Contact Us

    IronStamp Privacy Team

    IronStamp®

    📧 ironstamp.team@gmail.com

    Back to IronStamp