FND Engineering LLC ("we", "us", or "our") respects your privacy. This Privacy Policy outlines our practices concerning the collection, use, and disclosure of your personal information when you use our website, APIs, transactional alert systems, and related services (the "Services"). This policy is drafted in accordance with global data protection standards, including the GDPR, UK GDPR, and CCPA/CPRA.

1. Information We Collect

We collect information in three primary ways: information you provide to us, information we collect automatically through your use of the Services, and information we receive from third parties.

1.1. Information You Provide Directly

• Account Data: Name, business email address, company name, phone number, and physical address when you register for an account.
• Payment Information: We process billing via third-party providers (e.g., Stripe). We collect your billing address and payment history, but we do not store full credit card numbers.
• Communications: When you contact our support or sales teams, we collect the contents of your messages, attachments, and any other information you choose to provide.

1.2. Information We Collect Automatically (Telemetry & Usage)

• Log Data: As is true of most enterprise infrastructure services, our servers automatically record information, including your IP address, browser type, operating system, API request volumes, headers, and the dates/times of your requests.
• Message Transmission Data: When you use our Services to send or receive alerts, we process metadata related to the delivery of those emails (e.g., sender, recipient, timestamps, delivery status, bounce codes). We do not read the payload of your outgoing emails unless required for abuse investigation.
• Cookies and Tracking: We use cookies and similar technologies to administer the website, analyze trends, track users' movements around the site, and secure the platform.

2. How We Use Your Information

We process your Personal Information for the following legitimate business purposes:

• To provide, maintain, and optimize the Services, including routing alerts and matching auction data.
• To process transactions, generate invoices, and combat payment fraud.
• To enforce our Acceptable Use Policy (AUP) by monitoring bounce rates, spam complaints, and API abuse.
• To send administrative emails, including security updates, service degradation alerts, and policy changes.
• To comply with legal obligations, respond to court orders, and defend against legal claims.

3. How We Share Your Information

FND Engineering does not sell your Personal Information. We share information only under the following strictly controlled circumstances:

• Service Providers: We employ third-party infrastructure providers (such as AWS for hosting, Datadog for monitoring, and Stripe for payments) who process data on our behalf under strict Data Processing Agreements (DPAs).
• Legal Compliance: We may disclose data if required by law, subpoena, or other legal processes, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety, investigate fraud, or respond to a government request.
• Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition, data may be transferred as a business asset.

4. International Data Transfers

FND Engineering is headquartered in the United States. If you are accessing our Services from the European Economic Area (EEA), the UK, or other regions with laws governing data collection, please be aware that your data will be transferred to and processed in the US. We utilize Standard Contractual Clauses (SCCs) and robust security measures to ensure these transfers comply with applicable data protection laws.

5. Data Retention

We retain your Personal Information only for as long as your account is active or as needed to provide you the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Transactional email metadata (such as delivery logs) is typically retained for a maximum of 30 to 90 days before being aggregated or deleted.

6. Your Privacy Rights

Depending on your jurisdiction, you have specific rights regarding your data:

• Access and Portability: You may request a copy of the personal data we hold about you.
• Correction and Deletion: You may request that we correct inaccurate data or delete your account and associated data ("Right to be Forgotten").
• Restriction and Objection: You may object to our processing of your data for direct marketing or restrict processing under certain circumstances.

To exercise these rights, please email us at privacy@fndengineering.com. We will respond to your request within 30 days.

7. Security Practices

We implement technical and organizational measures to protect your data, including TLS encryption for data in transit, AES-256 encryption for data at rest, and strict Access Control Lists (ACLs) for our engineering staff. However, no internet transmission is 100% secure, and we cannot guarantee absolute security.