Privacy Policy

1. Information We Collect

We collect only what is necessary to provide the service:

• Demo access: Name, email address, and optionally company, role, and intended use. Collected to deliver your verification code.
• Pioneer / paid account registration: Email address, full name, and optionally company. Passwords are hashed with bcrypt and never stored in plaintext.
• Access interest (notify-me form): Name and email address. Forwarded to the administrator by email and not stored in our database.
• Usage events: When you use the platform, we log events such as calculations run, PDF exports, and project saves, along with basic parameters such as culvert type and analysis mode. For authenticated users, events are associated with your account. For demo and anonymous users, events are logged without any personal identifier. This data is used internally to understand how the platform is being used and improve it. It is not shared with third parties.
• Server and security logs: IP address, request path, and timestamp. Retained in application memory for security monitoring and abuse prevention. Not written to persistent storage and reset on server restart.
• Payment information: We do not collect payment card data directly. When payment processing is enabled, all payment data will be handled exclusively by Stripe, Inc. under their own privacy policy and will never touch our servers.

We use a single session cookie to maintain your authenticated state. We do not use cookies for tracking, advertising, or analytics.

2. How We Use Your Information

• To deliver the service: sending verification codes, authenticating users, maintaining sessions.
• To monitor for security threats and abuse: IP-level banning, bot detection, rate limiting.
• To send transactional emails: verification codes and registration confirmations only. We do not send marketing emails.
• To analyze aggregated, non-personally-identified feature usage in order to improve the platform.
• To notify you when paid access becomes available, if you submitted an interest form.

3. Third-Party Service Providers

We share personal data with the following providers solely to operate the platform. They act as data processors, not independent data controllers.

4. Data Retention

• Demo verification codes: Expire within 15 minutes of generation. Stored in application memory only, not persisted to disk.
• Demo sessions: Expire 48 hours after verification or on logout.
• Pioneer / paid account data: Retained for the duration of your active subscription plus 90 days following expiry. Deleted upon written request.
• Usage logs: Retained in the database and may be pruned periodically. Deleted upon account deletion request.
• Security logs: Retained in application memory for the duration of the server process. Not persisted to disk. Reset on server restart.
• Access interest submissions: Name and email forwarded to the administrator by email only and not retained in our database.

5. Your Rights

You may request any of the following by contacting us using the button in the navigation bar:

• Access: A copy of the personal data we hold about you.
• Deletion: Removal of your account and associated personal data. We will process deletion requests within 30 days.
• Correction: Correction of inaccurate personal data.

We do not currently serve users in the European Economic Area and do not make GDPR representations. If this changes, this policy will be updated accordingly.

6. Cookie and Session Policy

• We use one session cookie to maintain your authenticated state.
• This cookie contains no personally identifiable information, only a session identifier referencing your server-side session.
• We do not use third-party cookies, tracking pixels, advertising cookies, or browser fingerprinting of any kind.
• We do not use Google Analytics, Meta Pixel, or any third-party analytics service.

7. Children's Privacy

This platform is a professional engineering tool intended for adult users. We do not knowingly collect personal information from children under 13. If you believe a child has submitted information through this platform, please contact us and we will delete it.

8. Changes to This Policy

Material changes will be noted with a revised date on this page. We will make reasonable efforts to notify registered users of material changes by email. Continued use of the platform after a revised policy takes effect constitutes acceptance.