Privacy Policy

Effective Date: [DATE] | Last Updated: [DATE] | Version: 1.0

This document requires attorney review before publication. Marked sections contain placeholders or decision points requiring legal guidance.

Table of Contents

1. Introduction
2. Information We Collect
3. How We Use Your Information
4. Legal Basis for Processing (GDPR)
5. How We Share Your Information
6. Third-Party Services
7. Data Retention
8. Your Privacy Rights
9. California Privacy Rights (CCPA/CPRA)
10. European Privacy Rights (GDPR)
11. Cookies and Tracking
12. Data Security
13. Children's Privacy
14. International Data Transfers
15. Changes to This Policy
16. Contact Us

1. Introduction

BlinkR, Inc. ("BlinkR," "we," "us," or "our") operates the BlinkR manufacturing intelligence platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

Confirm corporate entity name and structure. Verify "BlinkR, Inc." is the correct legal entity.

2. Information We Collect

2.1 Information You Provide Directly

Data Category	Specific Data Elements	Purpose
Account Information	Name, email address, password (hashed), company name, job title, phone number	Account creation, authentication, communication
Customer Data	Customer names, company names, email addresses, phone numbers, physical addresses, purchase history	CRM functionality, quote generation, business operations
Prospect Data	Names, email addresses, phone numbers, company names, job titles, LinkedIn profile URLs, outreach history	Sales prospecting, lead management
Business Documents	Quotes, purchase orders, project details, pricing information, RFQs, invoices	Core business operations, document management
Communication Data	Email content (when integrated), notes, activity logs	Communication tracking, CRM functionality
Uploaded Files	CAD files (STEP, STL), PDFs, images, company logos	Design review, document management
AI Interaction Data	Prompts, generated content, coaching conversations	AI-powered features (Sales Coach, Content Studio)

2.2 Information Collected Automatically

Data Category	Specific Data Elements	Purpose
Device Information	Browser type, operating system, device type, screen resolution	Service optimization, troubleshooting
Usage Data	Pages visited, features used, click patterns, time spent, navigation paths	Service improvement, analytics
Log Data	IP address, access times, error logs, referring URLs	Security, debugging, fraud prevention
Location Data	General geographic location (derived from IP address)	Service customization, compliance
Local Storage Data	Cached data, preferences, session information	Performance, offline functionality

2.3 Information from Third Parties

Microsoft Outlook Integration: When you connect your Outlook account, we access email metadata and content for communication tracking.
LinkedIn (User-Provided): Prospect information you import from LinkedIn or enter manually.
FedEx Integration: Shipping rate information and tracking data.

3. How We Use Your Information

We use the information we collect to:

3.1 Provide and Maintain the Service

Create and manage your account
Process quotes, projects, and business documents
Enable CRM and customer management features
Provide AI-powered assistance (Sales Coach, Content Studio, ONIT Engine)
Facilitate communication tracking and email integration
Generate reports and analytics

3.2 Improve and Develop the Service

Analyze usage patterns to improve features
Develop new features and functionality
Train and improve AI models (using anonymized data only)
Conduct research and analysis

3.3 Communicate with You

Send service-related notifications
Respond to your inquiries and support requests
Send marketing communications (with your consent)
Provide product updates and announcements

3.4 Ensure Security and Compliance

Detect and prevent fraud, abuse, and security incidents
Enforce our Terms of Service
Comply with legal obligations
Protect the rights and safety of users

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we process personal data based on the following legal grounds:

Legal Basis	Processing Activities
Contract Performance	Providing the Service, account management, billing, customer support
Legitimate Interests	Service improvement, security, fraud prevention, analytics (where not overridden by your rights)
Consent	Marketing communications, non-essential cookies, AI feature usage
Legal Obligation	Tax records, compliance with court orders, regulatory requirements

5.1 We Do NOT Sell Your Personal Information

BlinkR does not sell, rent, or trade your personal information to third parties for monetary consideration.

5.2 Service Providers

We share information with third-party service providers who perform services on our behalf:

Provider Category	Purpose	Data Shared
Cloud Infrastructure (Supabase, Vercel)	Data storage, hosting	All Service data
AI Services (OpenAI, Anthropic)	AI-powered features	Prompts, context for AI generation
Email Integration (Microsoft)	Outlook connectivity	OAuth tokens, email metadata
Shipping Services (FedEx)	Rate calculations	Package dimensions, addresses

5.3 Business Transfers

If BlinkR is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your personal information.

5.4 Legal Requirements

We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5.5 With Your Consent

We may share your information for other purposes with your explicit consent.

6. Third-Party Services

Our Service integrates with the following third-party services. Each has its own privacy policy:

Service	Purpose	Privacy Policy
Supabase	Database, authentication	supabase.com/privacy
Vercel	Hosting, serverless functions	vercel.com/legal/privacy-policy
OpenAI	AI content generation	openai.com/privacy
Anthropic	AI assistance (Claude)	anthropic.com/privacy
Microsoft	Outlook email integration	privacy.microsoft.com
FedEx	Shipping rate calculations	fedex.com/privacy-policy

Verify all third-party integrations are listed. Confirm links to privacy policies are current.

7. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this policy:

Data Type	Retention Period	Reason
Account Information	Duration of account + 30 days after deletion request	Service provision, account recovery
Business Documents (Quotes, Projects)	7 years after creation	Legal/tax compliance, business records
Customer/Prospect Data	Duration of account + 90 days	Service provision, data export period
Communication Logs	2 years	Business continuity, dispute resolution
AI Conversation Data	90 days	Feature functionality, improvement
Audit Logs	7 years	Security, compliance, legal requirements
Usage Analytics	2 years (aggregated indefinitely)	Service improvement

Review retention periods for compliance with applicable laws. Consider industry-specific requirements.

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate or incomplete information
Deletion: Request deletion of your personal information (subject to legal retention requirements)
Data Portability: Request your data in a structured, machine-readable format
Objection: Object to processing based on legitimate interests
Restriction: Request restriction of processing in certain circumstances
Withdraw Consent: Withdraw consent for processing based on consent

To exercise these rights, please contact us at privacy@blinkr.com or use the in-app privacy controls in Settings → Privacy.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

9.1 Right to Know

You have the right to request that we disclose:

The categories of personal information we collected
The categories of sources from which we collected personal information
Our business purpose for collecting personal information
The categories of third parties with whom we share personal information
The specific pieces of personal information we collected about you

9.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions.

9.3 Right to Opt-Out of Sale/Sharing

BlinkR does not sell personal information. We do not share personal information for cross-context behavioral advertising.

9.4 Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

9.5 Authorized Agent

You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization.

9.6 How to Submit Requests

California residents may submit requests by:

Email: privacy@blinkr.com
Online: Do Not Sell or Share My Personal Information

We will verify your identity before processing requests. We will respond within 45 days (or 90 days if an extension is needed).

9.7 California Shine the Light

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing. We do not disclose personal information for third-party direct marketing.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

10.1 Data Controller

BlinkR, Inc. is the data controller for personal information collected through the Service.

If EU representative is required (Art. 27), add representative contact information here.

10.2 Your GDPR Rights

Right of Access (Art. 15): Obtain confirmation and access to your personal data
Right to Rectification (Art. 16): Correct inaccurate personal data
Right to Erasure (Art. 17): Request deletion ("right to be forgotten")
Right to Restriction (Art. 18): Restrict processing in certain cases
Right to Data Portability (Art. 20): Receive data in machine-readable format
Right to Object (Art. 21): Object to processing based on legitimate interests
Rights Related to Automated Decision-Making (Art. 22): Not be subject to solely automated decisions with legal effects

10.3 Lodging a Complaint

You have the right to lodge a complaint with a supervisory authority in your country of residence if you believe our processing violates GDPR.

10.4 International Data Transfers

Your data is transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission to provide adequate protection for transfers outside the EEA.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Service. See our Cookie Policy for detailed information.

11.1 Types of Cookies We Use

Cookie Type	Purpose	Duration
Essential	Authentication, security, core functionality	Session / 30 days
Functional	Preferences, settings, personalization	1 year
Analytics	Usage patterns, performance monitoring	2 years

11.2 Managing Cookies

You can manage cookie preferences through:

Our cookie consent banner
Your browser settings
Settings → Privacy in the application

12. Data Security

We implement appropriate technical and organizational measures to protect your information:

Encryption: Data encrypted in transit (TLS 1.2+) and at rest (AES-256)
Authentication: Secure password hashing (bcrypt), session management
Access Control: Role-based access, principle of least privilege
Infrastructure: Secure cloud hosting with SOC 2 certified providers
Monitoring: Security logging, anomaly detection
Incident Response: Documented breach response procedures

Despite our efforts, no method of transmission or storage is 100% secure. If you have reason to believe your interaction with us is no longer secure, please contact us immediately.

13. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@blinkr.com.

Verify age threshold aligns with GDPR (16) vs COPPA (13) requirements based on target market.

14. International Data Transfers

BlinkR is based in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States.

For transfers from the EEA, UK, or Switzerland, we use:

Standard Contractual Clauses (SCCs) approved by the European Commission
Additional safeguards where required

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Posting the new Privacy Policy on this page
Updating the "Last Updated" date
Sending an email notification for significant changes
Displaying an in-app notification

Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

16. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

BlinkR, Inc.
Attn: Privacy Team
[ADDRESS LINE 1]
[CITY, STATE ZIP]
United States

Email: privacy@blinkr.com
Privacy Request Form: Submit a Request

Add physical address (required for CAN-SPAM and general legal compliance). Confirm email address.