Privacy Policy
Effective Date: April 15, 2026 · Last Updated: April 15, 2026
Steeled Inc. ("we", "us", "our") operates DefenseBizStack.ai ("Platform"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Platform.
1. Information We Collect
1.1 Information You Provide
- Account Information: Name, email address, phone number, company name, job title.
- StackID Profile: Company details, NAICS codes, certifications, past performance summaries, service capabilities.
- Marketplace Listings: Supplier capabilities, compliance status indicators, pricing information, company descriptions.
- Communications: Messages sent through the Platform, support inquiries, feedback.
- Payment Information: Billing address and payment method details (processed by our third-party payment processor; we do not store full credit card numbers).
1.2 Information Collected Automatically
- Usage Data: Pages visited, features used, time spent, click patterns, search queries.
- Device Information: Browser type, operating system, screen resolution, device type.
- Log Data: IP address, access times, referring URLs, error logs.
- Cookies and Similar Technologies: See Section 7 below.
1.3 Sensitive Defense-Related Data
CRITICAL: CAGE codes, UEI numbers, clearance levels, and facility security data are NEVER included in analytics event payloads, marketing tools, or third-party tracking systems. This data is stored exclusively in our secured database and is never transmitted to analytics providers, advertising platforms, or any non-essential third-party service.
2. How We Use Your Information
| Purpose | Data Used |
|---|---|
| Provide and improve the Platform | Account info, usage data, device info |
| Process subscriptions and payments | Account info, payment info |
| Operate the Marketplace | StackID profile, marketplace listings |
| Compliance readiness assessments | Company data you provide (never CAGE/UEI in analytics) |
| Communication and support | Account info, communications |
| Analytics and product improvement | Usage data, device info (anonymized/aggregated) |
| Security and fraud prevention | Log data, IP address, device info |
| Legal compliance | As required by applicable law |
3. How We Share Your Information
We do not sell your personal information. We may share information in these circumstances:
- Marketplace Visibility: Information you include in your StackID profile and Marketplace listing is visible to other Platform users according to your visibility settings and their subscription tier.
- Service Providers: We use trusted third-party service providers for payment processing, email delivery, cloud hosting, and analytics. These providers are contractually obligated to protect your data and use it only for the services they provide to us.
- Legal Requirements: We may disclose information if required by law, subpoena, court order, or government request.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.
- With Your Consent: We may share information with your explicit consent.
4. Third-Party Services
The Platform integrates with or uses the following categories of third-party services:
- Cloud Infrastructure: Hosting and database services for secure data storage and processing.
- Payment Processing: Secure payment handling (PCI-compliant).
- AI Services: AI model providers for generating compliance assessments, market intelligence, and content. AI prompts may include non-sensitive user data; we do not send CAGE/UEI/clearance data to AI providers.
- Email Services: Transactional and notification emails.
- Analytics: Privacy-respecting analytics (see Section 5).
5. Analytics
We use privacy-respecting analytics to understand how the Platform is used and to improve our services.
- We use server-side analytics that minimize client-side tracking.
- Analytics data is aggregated and anonymized wherever possible.
- We do not use analytics for advertising or ad targeting.
- We never include CAGE codes, UEI numbers, clearance levels, facility security data, or other sensitive defense-related identifiers in analytics event payloads.
6. Data Security
We implement industry-standard security measures to protect your data, including:
- Encryption in transit (TLS/HTTPS) and at rest (AES-256).
- Access controls and authentication requirements.
- Regular security assessments and monitoring.
- Secure data backup and disaster recovery procedures.
While we take reasonable measures to protect your information, no method of transmission or storage is 100% secure. You acknowledge and accept the inherent risks of providing information online.
7. Cookies and Tracking Technologies
7.1 Cookies We Use
| Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, security, core functionality | Session / 30 days |
| Functional | Preferences, settings, UI state | 1 year |
| Analytics | Usage patterns (privacy-respecting, server-side) | 1 year |
7.2 Local Storage
We use browser local storage for anonymous visitor identification (a randomly generated ID) to enable basic analytics. This ID is not linked to your personal identity unless you create an account.
7.3 Managing Cookies
You can control cookies through your browser settings. Disabling essential cookies may prevent certain Platform features from functioning correctly.
8. Data Retention
- Active Accounts: We retain your data for as long as your account is active and as needed to provide the Service.
- After Account Deletion: Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records, dispute resolution).
- Analytics Data: Aggregated, anonymized analytics data may be retained indefinitely for product improvement.
- Legal Requirements: We may retain certain data as required by applicable law, regulation, or legal process.
9. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal data (subject to legal retention requirements).
- Portability: Request a machine-readable copy of your data.
- Objection: Object to certain processing of your data.
- Restriction: Request that we restrict certain processing of your data.
To exercise any of these rights, contact us at support@defensebizstack.ai. We will respond to verified requests within 30 days.
10. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:
- The right to know what personal information we collect, use, and disclose.
- The right to delete personal information we hold about you.
- The right to opt out of the sale or sharing of personal information. We do not sell your personal information.
- The right to non-discrimination for exercising your privacy rights.
11. Children's Privacy
The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will take steps to delete it promptly.
12. International Data Transfers
The Platform is operated from the United States. If you access the Platform from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Platform, you consent to such transfers.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Platform. The "Last Updated" date at the top of this policy reflects the most recent revision.
14. Contact Us
For privacy-related questions or to exercise your data rights, contact us at:
Steeled Inc.
San Diego, California
Email: support@defensebizstack.ai