PackBOM Privacy Policy

Account info such as name, email, company name, and role.

Packaging data including SKUs, BOMs, material types, weights, supplier information, and supporting metadata.

Sales data such as units sold by state and revenue figures.

Uploaded files including spec sheets, certificates, technical drawings, and evidence documents.

Usage data such as pages visited, features used, and session duration.

Payment information is processed by Stripe. PackBOM never stores card numbers.

We use your data to provide the PackBOM service, generate EPR compliance reports, send transactional emails, and improve the product.

Transactional emails include supplier requests, reminders, notifications, and report availability messages.

We do not sell your data to third parties.

We do not use your packaging data to train AI models.

Supabase provides database and authentication services. See supabase.com.

Stripe processes payments. See stripe.com.

Resend sends transactional email. See resend.com.

OpenAI powers AI-assisted data extraction when you upload spec sheets. See openai.com.

Vercel hosts the application. See vercel.com.

Each service has its own privacy policy.

When you upload spec sheets, certificates, or technical documents for AI extraction, we send them to OpenAI's API to extract structured packaging data.

OpenAI does not use API data for training under its API data usage policy.

Extracted data is stored in your PackBOM account.

You review and approve all AI-extracted data before it enters your compliance records.

You can use PackBOM without AI extraction.

PackBOM data is stored in Supabase on AWS infrastructure.

Data is encrypted in transit with TLS and encrypted at rest.

Row-level security helps ensure organizations can only access their own data.

We retain your data as long as your account is active.

After account deletion, active data is removed within 30 days and backups are purged within 90 days.

Access: request a copy of all your data.

Export: download your packaging data, reports, and evidence files at any time.

Delete: request complete account and data deletion.

Correct: update information in your account.

California residents have CCPA rights. Contact support@packbom.com.

We use essential cookies for authentication sessions.

We do not use advertising cookies or tracking cookies.

Vercel Analytics may provide privacy-friendly usage analytics without collecting personal data.

We will notify you by email of material changes.

Continued use of PackBOM after changes means you accept the updated policy.

Privacy questions: support@packbom.com.

PackBOM is operated by Miguel Zazueta.

San Jose, California.