Privacy & Security Policy

When you register or place an order, we collect:

• Full name, business name, email address, and phone number
• Billing and shipping addresses
• Account credentials (passwords are hashed using bcrypt — we never store plain-text passwords)
• Job title and company role where provided

We retain complete records of your:

• Orders, order items, quantities, and pricing
• Quote requests and custom pricing agreements
• Applied promotional codes and discount history
• Wishlists and saved product lists

• Products viewed and browsing patterns (used to power recommendations)
• Search queries within the platform
• Device type, browser, and approximate geographic region (derived from IP)
• Session timestamps and page interactions

• Contact form submissions and support inquiries
• Quote communications and negotiation history
• Job applications, including uploaded resumes (stored securely in our database)

We use your information to process purchases, generate quotes, send order confirmations, manage shipping and returns, and provide customer support.

Browsing and order history powers features like “Recently Viewed” and “Similar Products.” We do not sell this data to third parties or use it for cross-site advertising.

• Transactional emails: order confirmations, quote updates, shipping notifications
• Account security alerts: password changes, suspicious login attempts
• Service updates: policy changes, platform maintenance
• Marketing communications: only with your explicit consent, and always with an unsubscribe option

Aggregated, anonymized usage data helps us improve search relevance, catalog organization, and site performance. No individual customer is identified in this analysis.

• Neon (database hosting) — stores all platform data in SOC 2 compliant infrastructure on Azure
• Vercel (application hosting) — serves the BuildSupply platform
• Resend (email delivery) — sends transactional emails; no access to order or account data

We may disclose information if required by law, court order, or to protect the rights and safety of BuildSupply, our customers, or the public.

In the event of a merger, acquisition, or sale of assets, customer data may transfer to the acquiring entity under the same protections described in this policy.

• All data transmitted via HTTPS/TLS encryption
• Database access restricted to application-level credentials; no direct public access
• Passwords hashed using bcrypt with a cost factor of 12
• Session tokens signed with a secure secret and expire after 7 days
• Admin panel restricted to authorized personnel with role-based access control
• Resume files stored as encrypted base64 in the database — never publicly accessible

• Production system access limited to essential personnel only
• All admin actions are logged and auditable via the Error Logs system
• Security incidents are reviewed and remediated promptly
• Error logs retained for debugging and purged on a rolling 90-day basis

In the event of a data breach that materially affects your personal information, we will notify affected customers within 72 hours of discovery via the email address on file.

We use a session cookie (bs_token) to maintain your logged-in state. This cookie is strictly necessary for the platform to function and cannot be disabled while you are signed in.

We store your admin theme preference (admin-theme) in localStorage to preserve your light/dark mode choice across sessions.

We do not use third-party analytics platforms (e.g., Google Analytics). All usage data is stored in our own database and not shared with advertising networks.

By continuing to use the BuildSupply platform after being presented with our consent notice, you acknowledge this policy and consent to the data practices described above.