Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account, we collect your full name, email address, and a password (stored in hashed form). We also collect your business name, industry, and employee count during onboarding.

1.2 Assessment Data

When you complete a security assessment, we collect and store your answers to the questionnaire, your overall security score, category scores, and letter grade. This data is used to display your results and track your security posture over time. Anonymous (non-account) assessments are associated with a temporary session token rather than a user account.

1.3 AI-Generated Content

The Service uses artificial intelligence (powered by Anthropic's Claude API) to generate security summaries, risk analysis, and remediation plans based on your assessment answers. Your answers and business context are sent to Anthropic's API for this purpose. We do not use your assessment data to train AI models. Anthropic's data handling practices are governed by their own privacy policy.

1.4 Payment Information

Payment processing is handled entirely by Stripe, Inc. We do not store credit card numbers, bank account details, or other financial instrument data on our servers. We retain only your Stripe customer ID and subscription status for account management purposes. Stripe's handling of your payment data is governed by the Stripe Privacy Policy.

1.5 Automatically Collected Information

We use Vercel Analytics to collect basic usage data including page views, browser type, and general geographic region. We do not use tracking cookies for advertising purposes. A session cookie is used solely for authentication.

2. How We Use Your Information

We use the information we collect to: provide, operate, and maintain the Service; calculate your security score and generate your assessment report; produce AI-powered remediation plans and risk summaries; process payments and manage your subscription; send transactional communications including monthly score change alerts and re-assessment reminders (paid subscribers only); and improve and develop the Service.

3. How We Share Your Information

We do not sell your personal information. We share data only with the following categories of service providers, solely to operate the Service: Stripe for payment processing; Anthropic for AI analysis generation; Resend for transactional email delivery; Vercel for hosting and analytics; and our PostgreSQL database hosting provider (Neon) for data storage. We may also disclose information if required by law, court order, or governmental regulation.

4. Data Retention and Deletion

We retain your account data and assessment history for as long as your account is active. You may delete your account at any time from Settings > Danger Zone. When you delete your account, the following happens immediately: your Stripe subscription is canceled; all personal account data, assessment records, and security scores are permanently deleted from our database. This deletion is irreversible. A privacy-preserving fingerprint (a one-way hash of your email and business name) is retained solely to prevent trial abuse after account deletion, and cannot be used to identify you.

5. Data Security

We implement industry-standard security measures to protect your data, including encrypted connections (HTTPS/TLS) for all data in transit, hashed password storage using bcrypt, secure server infrastructure hosted on Vercel, and JWT-based session authentication with HTTP-only cookies and expiring tokens. While we take reasonable precautions, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

6. Your Rights and Choices

You may: access and update your account information through the dashboard settings; permanently delete your account and all associated data at any time through Settings > Danger Zone (no need to contact us); and request a copy of the personal data we hold about you. For data export requests, contact us at support@epochetechnicalsolutions.com.

7. Children's Privacy

The Service is intended for business use and is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

9. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Epoche Technical Solutions, LLC
Email: support@epochetechnicalsolutions.com
McKinney, TX