Legal

Privacy Policy

Last updated: February 19, 2026

1. Information We Collect

Information you provide: Email address (for account creation and magic-link authentication), contractor profile details (company name, contact info, service areas, equipment, certifications).

Information we collect automatically: Usage data, API request logs, and browser/device information for analytics and security purposes.

Payment information: Payment processing is handled entirely by Stripe. We do not store credit card numbers or payment details on our servers.

2. How We Use Your Information

  • To authenticate your account via magic-link email
  • To display your contractor profile in the registry
  • To process subscription payments via Stripe
  • To send transactional emails (login links, account updates)
  • To improve our AI search and matching algorithms
  • To detect and prevent fraud or abuse

3. Contractor Profile Data

Contractor profiles in the Sycamore-API registry are intended to be public business information. By claiming a profile, you consent to your business information being displayed publicly on the platform and returned via our API. Profile information (company name, location, services, contact details) is visible to all visitors and API consumers.

4. Data Sharing

We do not sell personal information. We share data only with:

  • Stripe – for payment processing
  • Resend – for transactional email delivery
  • Cloudflare – for CDN, tunneling, and DDoS protection

5. Cookies and Sessions

We use a single HttpOnly session cookie to maintain your authenticated state. We do not use third-party tracking cookies or advertising pixels.

6. Data Retention

Account and profile data is retained while your account is active. Magic-link tokens expire after 1 hour. You may request deletion of your account and associated data by contacting us at [email protected].

7. Security

We use HTTPS encryption for all data in transit. Passwords are not used — authentication is via email magic links only. Session tokens are signed JWTs stored in HttpOnly cookies.

8. Your Rights

You may request access to, correction of, or deletion of your personal data at any time. Contact [email protected].

9. Contact

For privacy questions: [email protected]

Terms of Service →