Privacy Policy

1. Information We Collect

Provision Connect collects information to provide better services to our users. We collect information in the following ways:

Information You Provide

• Account Information: Name, email address, company name, phone number, and billing information when you register for our services.
• Business Information: Company details, certification information (SDVOSB, MBE, WBE, etc.), and procurement preferences.
• Transaction Data: Purchase orders, invoices, supplier information, and payment details processed through our platform.
• Communications: Messages you send us via email, chat, phone, or contact forms.

Information We Collect Automatically

• Usage Data: Pages visited, features used, time spent on platform, and interaction patterns.
• Device Information: Browser type, operating system, IP address, and device identifiers.
• Cookies and Tracking: We use cookies to improve user experience and analyze platform usage.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve our procurement platform and related services.
• Account Management: To create and manage your account, process transactions, and provide customer support.
• Communications: To send service updates, security alerts, and marketing communications (with your consent).
• Analytics: To analyze usage patterns, improve features, and develop new services.
• Security: To detect, prevent, and respond to fraud, security threats, and technical issues.
• Compliance: To comply with legal obligations, enforce our terms, and protect our rights.

3. Information Sharing

We do not sell your personal information. We may share information in these limited circumstances:

With Your Consent

We share information when you explicitly authorize us to do so, such as connecting with suppliers or buyers.

Service Providers

We work with third-party service providers who perform services on our behalf:

• Cloud infrastructure (AWS)
• Payment processors
• Email delivery services
• Analytics providers
• Customer support tools

Business Transfers

If we're involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

Legal Requirements

We may disclose information when required by law or to protect our rights, property, or safety, or that of our users or the public.

4. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data in transit is encrypted using TLS/SSL. Sensitive data at rest is encrypted.
• Access Controls: Strict access controls and authentication requirements for our systems.
• SOC 2 Certification: Our platform is SOC 2 Type II certified for security, availability, and confidentiality.
• Regular Audits: We conduct regular security audits and penetration testing.
• Employee Training: All employees receive security and privacy training.

5. Your Rights and Choices

Access and Correction

You can access and update your account information at any time through your account settings.

Data Portability

You can request a copy of your data in a structured, machine-readable format.

Deletion

You can request deletion of your account and associated data. Some information may be retained as required by law or for legitimate business purposes.

Marketing Communications

You can opt out of marketing emails by clicking the unsubscribe link in any marketing email or adjusting your communication preferences in your account settings.

Cookies

You can control cookies through your browser settings. Note that disabling cookies may affect platform functionality.

6. Data Retention

We retain your information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations (e.g., tax, accounting requirements)
• Resolve disputes and enforce agreements
• Maintain security and prevent fraud

When information is no longer necessary, we securely delete or anonymize it.

7. International Data Transfers

Our services are hosted in the United States. If you access our services from outside the U.S., your information will be transferred to and processed in the United States. We ensure appropriate safeguards are in place for international data transfers.

8. Children's Privacy

Our services are not directed to children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

9. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

• Right to know what personal information we collect and how it's used
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising privacy rights

To exercise these rights, contact us at support@arusolutions.com

10. European Privacy Rights (GDPR)

If you're in the European Economic Area, you have rights under the General Data Protection Regulation:

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page
• Updating the "Last Updated" date
• Sending email notification for significant changes

Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us: