Privacy Policy

1. Information We Collect

1.1 Information You Provide

Account Information:

• Full name
• Email address
• Password (encrypted)
• Company name (for buyers, brokers, and manufacturers)
• Business registration documents (brokers and manufacturers only)
• Account type/role (buyer, broker, or manufacturer)

Profile and Business Information:

• Business address and contact details
• Company website and description
• Industry certifications and credentials
• Tax identification numbers (when required)
• Preferred communication settings

Component and Inventory Data:

• Component listings (part numbers, descriptions, specifications)
• Inventory levels and pricing
• Product datasheets and technical documents
• Images and multimedia content

Transaction and Communication Data:

• Inquiry messages between buyers and sellers
• Search queries and preferences
• Purchase orders and quotations
• Email communications with us
• Support tickets and customer service interactions

1.2 Information Collected Automatically

Usage and Analytics Data:

• IP address and geolocation
• Device information (browser type, operating system, device identifiers)
• Pages viewed and features used
• Time spent on pages
• Referral sources and search terms
• Click patterns and navigation paths
• Session duration and frequency

Cookies and Tracking Technologies:

• Essential cookies for Platform functionality
• Analytics cookies to understand user behavior
• Preference cookies to remember your settings
• Marketing cookies (with your consent)

For detailed information about cookies, see our Cookie Policy.

1.3 Information from Third Parties

We may receive information from:

• Stripe: Payment processing information (transaction IDs, payment status)
• Email Service Providers: Email delivery and engagement metrics
• Business Verification Services: Verification of business credentials
• Public Databases: Publicly available business information
• Social Media Platforms: If you connect your account (optional)

2. How We Use Your Information

2.1 Platform Operation and Service Delivery

• Create and manage your account
• Process and facilitate transactions
• Enable communication between buyers and sellers
• Display your listings and business profile
• Process search queries and deliver relevant results
• Provide customer support
• Send transactional emails (order confirmations, inquiry notifications)

2.2 Platform Improvement and Analytics

• Analyze usage patterns and trends
• Improve Platform features and user experience
• Test new features and functionality
• Generate aggregated statistical data
• Optimize search algorithms and AI recommendations
• Identify and fix technical issues

2.3 Business Operations

• Process subscription payments
• Verify business credentials and prevent fraud
• Enforce our Terms of Service
• Resolve disputes and investigate complaints
• Comply with legal obligations
• Prevent illegal activities and security threats

2.4 Marketing and Communications (With Consent)

• Send newsletters and product updates
• Notify you about new features
• Provide personalized recommendations
• Send promotional offers and announcements
• Conduct surveys and gather feedback

Note: You can opt out of marketing communications at any time using the unsubscribe link in emails or by updating your account settings.

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on:

• Contract Performance: Processing necessary to fulfill our Terms of Service and provide Platform services
• Legitimate Interests: Analytics, fraud prevention, Platform improvement, and business operations
• Legal Obligations: Compliance with laws, regulations, and legal processes
• Consent: Marketing communications and optional features (you can withdraw consent anytime)

4. How We Share Your Information

4.1 With Other Users

Certain information is visible to other Platform users to facilitate transactions:

• Sellers' Public Profiles: Company name, business description, location, contact information, listings
• Buyers' Information in Inquiries: Name, company name, email address (when sending inquiries)
• Transaction Details: Information necessary to complete transactions

4.2 Service Providers and Business Partners

We share data with trusted third parties who help us operate the Platform:

Other Service Providers:

• Email Services: To send transactional and marketing emails
• Cloud Hosting: To store data and run the Platform (AWS, Vercel, MongoDB Atlas)
• Analytics Tools: To understand Platform usage and improve services
• Customer Support: To provide help desk and support services
• Security Services: To prevent fraud and protect against cyber threats

All service providers are contractually obligated to protect your data and use it only for specified purposes.

4.3 Legal Requirements and Protection

We may disclose your information when required to:

• Comply with laws, regulations, or legal processes
• Respond to government or law enforcement requests
• Enforce our Terms of Service
• Protect our rights, property, or safety
• Protect users from fraud, abuse, or illegal activities
• Investigate security incidents

4.4 Business Transfers

If Exepart is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred to the successor entity. You will be notified of any such change and your choices regarding your information.

4.5 Aggregated and De-Identified Data

We may share aggregated, anonymized data that cannot identify you for business analytics, market research, and industry reporting.

5. Data Security

5.1 Security Measures

We implement industry-standard security measures to protect your data:

• Encryption: SSL/TLS encryption for data transmission; encrypted storage for sensitive data
• Access Controls: Role-based access; multi-factor authentication for admin accounts
• Password Security: Passwords are hashed using bcrypt (not stored in plain text)
• Network Security: Firewalls, intrusion detection systems, DDoS protection
• Regular Audits: Security assessments and vulnerability scans
• Employee Training: Staff trained on data protection and security best practices
• Incident Response: Procedures for detecting and responding to security breaches

5.2 Data Retention

We retain your personal data for as long as:

• Your account is active
• Needed to provide services you requested
• Required by law or for legal purposes
• Necessary for fraud prevention or security

After account deletion, we may retain certain data in anonymized form for analytics or as required by law. Transactional records may be retained for tax and accounting purposes.

5.3 Your Security Responsibilities

You can help protect your account by:

• Using a strong, unique password
• Not sharing your password with anyone
• Logging out after using shared devices
• Reporting suspicious activity immediately
• Keeping your contact information current

6. Your Privacy Rights

6.1 Rights Under GDPR (EU/EEA Users)

If you are in the European Economic Area, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure ("Right to be Forgotten"): Request deletion of your data
• Restriction: Limit how we process your data
• Data Portability: Receive your data in a machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for marketing or optional processing
• Lodge a Complaint: File a complaint with your data protection authority

6.2 Rights Under CCPA (California Residents)

California residents have the right to:

• Know: Request disclosure of data collected, used, and shared
• Delete: Request deletion of your personal information
• Opt-Out: Opt out of the "sale" of personal information (we do not sell data)
• Non-Discrimination: Not be discriminated against for exercising your rights

6.3 How to Exercise Your Rights

To exercise your privacy rights:

• Email us at privacy@exepart.com
• Submit a request through your account settings
• Include your name, email, and specific request

We will respond within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

6.4 Marketing Communications

You can opt out of marketing emails by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your email preferences in account settings
• Emailing privacy@exepart.com

Note: You cannot opt out of transactional emails (e.g., password resets, order confirmations).

7. International Data Transfers

Exepart operates globally, and your data may be transferred to and processed in countries other than your own. These countries may have different data protection laws.

Safeguards: When transferring data internationally, we use:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Privacy Shield certification (where applicable)
• Data processing agreements with service providers
• Encryption during transit and at rest

8. Children's Privacy

The Platform is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, contact us immediately at privacy@exepart.com, and we will delete it promptly.

9. Third-Party Links and Services

The Platform may contain links to third-party websites, services, or advertisements. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. Changes become effective immediately upon posting to the Platform.

Notification: For material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Send an email notification to registered users
• Display a prominent notice on the Platform
• Request renewed consent if required by law

Your continued use of the Platform after changes constitutes acceptance of the updated Privacy Policy.

11. Data Protection Officer

For privacy-related inquiries or concerns, contact our Data Protection Officer:

12. Contact Us

For questions about this Privacy Policy or our data practices: