Privacy Policy

We collect information you provide directly when you order an inspection or sign up for in-person notifications:

• Identifiers: name, email address, phone number, ZIP code.
• Order information: bicycle make, model, year, frame type, ownership history, reason for inspection, referrer.
• Photographs: images of the bicycle, which may incidentally include surroundings, location indicators, or any objects in frame.
• Payment information: billing details required to complete payment, processed by Stripe (we do not store card numbers).

We also collect information automatically when you visit the site:

• Internet activity: pages viewed, links followed, intake-form interactions, session identifiers.
• Cookies and session storage: a first-party session identifier (pc_session) used to maintain context across page loads, and analytics cookies set by Google Analytics 4.
• Technical data: IP address, browser type, device type, referring URL, request timestamps. We retain IP and IP-derived approximate location alongside our internal activity log.
• Geolocation: approximate location inferred from ZIP code or IP address.

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), the categories above include identifiers, commercial information, internet activity, geolocation data, and (where voluntarily provided as a referrer) professional or employment-related information.

We use the information we collect to:

• Produce and deliver the inspection report you ordered.
• Communicate with you about your order, including confirmation, photo upload reminders, and report delivery.
• Process payment, prevent fraud, and respond to chargebacks or disputes.
• Maintain records of inspections for the duration of any potential dispute or warranty period.
• Improve our service, including aggregate analysis of site usage and intake-form completion.
• Comply with legal obligations and respond to lawful requests from authorities.

We do not sell personal information. We do not share personal information with third parties for cross-context behavioral advertising. Our use of third-party processors (described below) is solely to operate the service.

We rely on a small number of third-party service providers to operate the site and deliver inspection reports. Each processor receives only the information necessary for its role:

• Stripe processes payments. It receives the customer's name, email address, and payment details. Stripe's privacy policy: stripe.com/privacy.
• Resend sends our transactional email (order confirmation, photo upload links, report delivery). It receives the recipient email address and the message content. Resend's privacy policy: resend.com/legal/privacy-policy.
• Amazon Web Services (AWS) stores submitted photographs in the AWS S3 service, US West (N. California) region. The storage bucket is not publicly accessible; photos are retrieved only by our inspectors via short-lived signed URLs. AWS privacy: aws.amazon.com/privacy.
• Vercel hosts the site. It receives standard HTTP request metadata, including IP addresses, user agent strings, and request paths, in its operational logs. Vercel's privacy policy: vercel.com/legal/privacy-policy.
• Microsoft Azure hosts our PostgreSQL database, which stores order records, account contact information, and report content. Microsoft's privacy statement: privacy.microsoft.com.
• Google Analytics 4 measures aggregate site usage. It receives anonymized visitor data, including approximate location and pages viewed. We do not enable Google Signals, demographics, or advertising features. Google's privacy policy: policies.google.com/privacy.

DNS for our domain is managed by Cloudflare, which acts as a registrar and resolver and does not receive personal information through our use.

Reports are private by default. They are accessible only via the unique link sent to the customer's email; the link is not indexed and is not guessable.

If the customer chooses to publish a report publicly, for example to share it in an online marketplace listing, the public version of the page does not display the customer's name, email, phone number, or ZIP code. Only the bicycle's identifying details (make, model, year, frame type) and the inspection findings appear on the public page.

The customer can return the report to private at any time from the report page.

We use standard security measures to protect the information we collect, including:

• HTTPS encryption for all connections to the site.
• Photo storage with no public access; photos are retrieved by our inspectors only via short-lived signed URLs.
• TLS encryption for connections to our database.
• Payment data handled entirely by Stripe; we do not store, transmit, or have access to card numbers.
• Operator credentials stored as bcrypt hashes; we maintain no customer accounts or customer passwords at this time.

No system is perfectly secure. We cannot guarantee that the information you submit will not be accessed, disclosed, altered, or destroyed by breach of any of our administrative, physical, or technical safeguards.

Our services are not directed to children under thirteen (13). We do not knowingly collect personal information from children under thirteen. If we become aware that we have collected personal information from a child under thirteen, we will delete it promptly. Customers must be eighteen (18) or older to place an order, or must have the consent of a parent or legal guardian.

California residents have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the rights to:

• Know what personal information we have collected about you.
• Request a copy of the personal information we hold about you.
• Request deletion of personal information we have collected from you.
• Request correction of inaccurate personal information.
• Opt out of the sale or sharing of personal information. We do not sell or share for cross-context behavioral advertising.
• Be free from discrimination for exercising any of these rights.

To exercise any of these rights, contact hello@presidiocomposites.com from the email address associated with your order. We will respond within forty-five (45) days.