Privacy Policy

1. Introduction

RetailReady EDI ("RetailReady", "we", "us", or "our") operates the RetailReady EDI platform at retailreadyedi.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, website, and related services (collectively, the "Service").

2. Information We Collect

Account Information

• Name, email address, and password when you register
• Company name, address, phone number, and GS1 Company Prefix
• Billing information processed through Stripe (we do not store credit card numbers)

EDI & Business Data

• Purchase orders, acknowledgments, advance ship notices, and invoices exchanged through the platform
• Product catalog data including SKUs, UPCs, ASINs, and product descriptions
• Trading partner configurations and retailer connection details
• Shipment details including tracking numbers, carrier information, and carton contents

Usage Data

• Log data such as IP address, browser type, pages visited, and timestamps
• Feature usage patterns to improve the Service
• Error reports and performance metrics

Third-Party Authentication

• If you sign in with Google OAuth, we receive your name and email address from Google. We do not access your Google contacts, calendar, or other Google services.

3. How We Use Your Information

• To provide and operate the EDI platform, including document processing, transmission, and compliance monitoring
• To create and manage your account
• To process payments and manage subscriptions via Stripe
• To send transactional emails (account verification, password reset, document notifications, deadline alerts)
• To provide in-app AI assistance using anonymized context (powered by Anthropic's Claude)
• To monitor compliance with retailer requirements and alert you to potential issues
• To improve the Service based on usage patterns
• To respond to support requests

4. Third-Party Services

We share data with third-party services only as necessary to operate the platform:

• Stripe — Payment processing. Stripe receives your billing information directly. See Stripe's Privacy Policy.
• Google — OAuth authentication (if you choose to sign in with Google). See Google's Privacy Policy.
• Anthropic — AI assistant features. Queries are sent to Anthropic's Claude API. No personally identifiable information is included in AI requests. See Anthropic's Privacy Policy.
• Resend — Transactional email delivery. See Resend's Privacy Policy.

5. EDI Document Handling

EDI documents (850, 855, 856, 810) are transmitted to and from your trading partners via SFTP and/or AS2 protocols. These documents contain business data such as purchase order details, pricing, and shipping information. We process and store this data solely to provide the Service. Documents are retained for the duration of your account plus 90 days after account closure to support dispute resolution and compliance auditing.

6. Data Security

We implement industry-standard security measures to protect your data, including:

• Encryption in transit (TLS/HTTPS for all connections, encrypted SFTP/AS2 for EDI transmission)
• Encryption at rest for sensitive credentials (trading partner passwords, AS2 certificates)
• Secure password hashing using ASP.NET Identity
• Role-based access controls
• Regular security reviews

7. Data Retention

• Account data: Retained while your account is active and for 30 days after deletion request.
• EDI documents: Retained for the duration of your account plus 90 days.
• Usage logs: Retained for up to 12 months.
• Billing records: Retained as required by tax and accounting regulations.

8. Your Rights

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate personal data
• Request deletion of your account and associated data
• Export your EDI documents and product catalog data
• Withdraw consent for optional data processing

To exercise any of these rights, contact us at privacy@retailreadyedi.com.

9. Cookies

We use essential cookies to maintain your session and authentication state. We do not use third-party tracking cookies or advertising cookies. Analytics, if enabled, use privacy-respecting methods that do not track individual users across sites.

10. Children's Privacy

The Service is designed for business use and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the platform. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy, contact us at:
privacy@retailreadyedi.com