Privacy Policy

What we collect

• Account data — name, email, organization, role. Required to use the platform.
• Project data — every input you enter (panel layouts, load values, project name, notes). This is your engineering work product; we treat it as confidential.
• Engine outputs — calculation results, audit trails, generated reports.
• Usage metadata — server logs (IP, user-agent, timestamps), error reports, and aggregated feature-usage counts.
• Billing data — only what our payment processor (Stripe / Lemon Squeezy) requires; we never see full card numbers.

What we don't collect

• No third-party advertising cookies.
• No session-replay or behavioural tracking SDKs.
• No selling of any data to anyone, ever — not anonymised, not aggregated, not "partner-shared."
• No location tracking beyond IP-derived country (for compliance and abuse prevention).

How we use it

• To run the platform and produce calculation results for you.
• To improve the product — debugging, performance, and roadmap prioritisation.
• To communicate with you — release notes, billing receipts, security notices. You can unsubscribe from product-marketing emails; transactional emails (security, billing) are mandatory.

Where it's stored

All data is stored in North America — Canadian and US AWS regions, with daily backups and 30-day retention. There is no transatlantic replication. See security.html for technical detail.

Sub-processors

• Supabase — auth, database, file storage (US/Canada regions).
• Railway — application hosting.
• Cloudflare — CDN, DNS, DDoS protection.
• Stripe / Lemon Squeezy — payment processing.
• Postmark / Resend — transactional email.

We update this list when a sub-processor changes. Material changes are emailed to admins 30 days in advance.

Your rights

• Access — download every record we have about you, including projects and audit logs, via the account settings page.
• Correction — fix any record from the same page or by writing to [email protected].
• Deletion — request hard deletion of your account and all associated data. Hard deletion completes within 30 days; we keep a minimum audit trace (account-creation event, deletion-confirmation event) for fraud prevention.
• Portability — export every project as JSON; this is built into the project page.
• Withdraw consent — for any optional processing, in account settings.

Cookies

We use only first-party functional cookies (login session, CSRF). No advertising or analytics cookies. The cookie banner you don't see is intentional — there's nothing to consent to that isn't strictly necessary.

Children

EEP is a professional engineering platform. We do not knowingly accept accounts from anyone under 18.

Changes to this policy

Material changes are emailed to all admins at least 30 days before they take effect. Non-material changes (typo fixes, clarifications) are made silently with a date update at the top of this page.

Contact

Privacy questions and rights requests: [email protected]. We respond within five business days.