FSC Audit Pro
Back to Home

Privacy Policy

Last Updated: March 11, 2026

1. Introduction

FSC Audit Pro ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our foodservice design quality control platform. We are based in San Francisco, California, and comply with applicable data protection laws worldwide, including the California Consumer Privacy Act (CCPA), the EU General Data Protection Regulation (GDPR), the UK GDPR, Brazil's Lei Geral de Proteção de Dados (LGPD), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), Singapore's Personal Data Protection Act (PDPA), Australia's Privacy Act 1988, and South Africa's Protection of Personal Information Act (POPIA), where applicable.

2. Information We Collect

2.1 Account Information

  • Name and username
  • Email address
  • Company name
  • Telephone number (optional)
  • Business address (optional)

2.2 Payment Information

Payment processing is handled by Stripe. We do not store your credit card numbers or bank account details. Stripe's privacy practices are governed by their own privacy policy.

2.3 Uploaded Documents

When you use the Service, you upload PDF documents including plan drawings, equipment specifications, and cutsheet books. These documents are stored securely and processed solely for the purpose of generating your audit reports.

2.4 Usage Data

  • Audit history (dates, project names, file names)
  • Feature usage and processing metrics
  • Browser type, device information, and IP address
  • Pages visited and actions taken within the Service

3. How We Use Your Information

  • To provide and maintain the Service, including generating audit reports
  • To process your subscription and payments
  • To communicate with you about your account and the Service
  • To improve the Service and develop new features
  • To detect, prevent, and address technical issues or fraud
  • To comply with legal obligations

4. AI Processing and Your Documents

Important: Your uploaded documents are confidential and will NOT be used to train AI models or for any purpose other than generating your requested audit reports.

Documents are sent to enterprise AI providers exclusively for real-time processing of your audit. These providers process documents under their enterprise API terms, which prohibit using API inputs for model training.

Processing lifecycle: Your uploaded PDF files are processed through a multi-phase pipeline. Original PDF files are permanently deleted from storage immediately upon completion of audit processing. Extracted text data (used for optional verification) is automatically purged within 14 days of audit completion. At no stage is any document content, extracted text, or audit output used for AI model training, fine-tuning, or improvement — by us or by our AI providers.

Aggregated analytics: We may collect anonymized, non-reversible metrics about audit processing (e.g., average processing time, number of equipment items per audit) for service improvement. These metrics contain no personal data and cannot be linked to any individual, company, or project.

5. Third-Party Service Providers

We engage trusted third-party providers in the following categories to operate the Service:

  • Cloud infrastructure: Account data, authentication, and document storage
  • Payment processing: Subscription billing and payment information
  • AI processing: Document content is sent to enterprise AI providers solely for real-time audit analysis
  • Application hosting: Server logs and request metadata

All providers are based in the United States, operate under enterprise service agreements, and are contractually prohibited from using your data for model training or any purpose beyond providing the Service. A detailed list of subprocessors is available upon request or as part of our Data Processing Agreement.

6. Data Retention

  • Account data: Retained while your account is active
  • Uploaded documents: Permanently deleted from storage immediately upon completion of audit processing. Original PDF files are not retained.
  • Extracted text data: Temporarily stored for up to 14 days to support optional verification, then automatically purged
  • Audit reports: Retained for the duration of your subscription plus 30 days after cancellation
  • Payment records: Retained as required by tax and financial regulations

You may request deletion of your data at any time. We will process deletion requests within 30 days, subject to legal retention requirements.

7. Your Rights

7.1 CCPA Rights (California Residents)

  • Right to Know: Request disclosure of personal information collected
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: We do not sell personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

7.2 GDPR Rights (EU/EEA Residents)

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Request restriction of processing
  • Objection: Object to processing based on legitimate interests

Our legal basis for processing is performance of a contract (providing the Service), legitimate interests (service improvement, fraud prevention), and your consent where required. You may lodge a complaint with your local supervisory authority.

7.3 UK GDPR Rights (United Kingdom Residents)

Residents of the United Kingdom have the same rights as described in Section 7.2 under the UK General Data Protection Regulation and the Data Protection Act 2018. You may lodge complaints with the Information Commissioner's Office (ICO).

7.4 LGPD Rights (Brazil Residents)

Under Brazil's Lei Geral de Proteção de Dados (LGPD), you have the right to:

  • Confirmation and access to your personal data
  • Correction of incomplete or inaccurate data
  • Anonymization, blocking, or deletion of unnecessary data
  • Data portability
  • Information about public and private entities with which data has been shared
  • Revocation of consent

You may lodge complaints with the Autoridade Nacional de Proteção de Dados (ANPD).

7.5 PIPEDA Rights (Canada Residents)

Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), you have the right to access your personal information, challenge its accuracy, and withdraw consent for its collection, use, or disclosure. We process personal data based on implied consent through your use of the Service. You may file a complaint with the Office of the Privacy Commissioner of Canada.

7.6 PDPA Rights (Singapore Residents)

Under Singapore's Personal Data Protection Act (PDPA), you have the right to access and correct your personal data, and to withdraw consent for collection, use, or disclosure. We do not transfer personal data outside of Singapore except to jurisdictions with comparable data protection standards or under contractual safeguards. You may file a complaint with the Personal Data Protection Commission (PDPC).

7.7 Privacy Act Rights (Australia Residents)

Under Australia's Privacy Act 1988 and the Australian Privacy Principles (APPs), you have the right to access and correct your personal information. We take reasonable steps to ensure cross-border disclosures comply with the APPs. You may lodge complaints with the Office of the Australian Information Commissioner (OAIC).

7.8 POPIA Rights (South Africa Residents)

Under South Africa's Protection of Personal Information Act (POPIA), you have the right to access, correct, and delete your personal information. We process personal data based on the legitimate interest of providing the Service and the performance of our contractual obligations. You may lodge complaints with the Information Regulator.

8. Data Security

We implement industry-standard security measures including encryption in transit (TLS) and at rest, access controls, and regular security reviews. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

9. Cookies

We use cookies and similar technologies as described in our Cookie Policy.

10. International Data Transfers

FSC Audit Pro is based in the United States and all data processing occurs within the United States. If you access the Service from outside the United States, your personal data will be transferred to and processed in the United States.

We rely on the following mechanisms to ensure adequate protection for international data transfers:

  • EU/EEA and UK: Standard Contractual Clauses (SCCs) as approved by the European Commission, supplemented by additional technical safeguards including encryption in transit and at rest
  • Canada: Contractual safeguards consistent with PIPEDA requirements for cross-border transfers
  • Other jurisdictions: Contractual data protection obligations with all subprocessors, ensuring processing standards equivalent to those required by applicable local law

For details on our transfer mechanisms, see our Data Processing Agreement or contact privacy@fscauditpro.com.

11. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related inquiries or to exercise your rights, contact us at privacy@fscauditpro.com.