Privacy Policy

Welcome to USA Factory Network (“we,” “our,” or “us”), accessible at usafactorynet.com (the “Site”). USA Factory Network is a business-to-business (B2B) marketplace that connects food and beverage brands (“Buyers”) with FDA-registered American manufacturers offering co-packing, private-label, and contract manufacturing services (“Manufacturers”).

This Privacy Policy explains how we collect, use, disclose, and protect your information when you visit our Site, create an account, or use any of our services (collectively, the “Services”). By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.

Our Services are intended for use by businesses and their authorized representatives. We do not knowingly target or collect personal information from individuals under the age of 18.

2.1 Account Information

When you create an account, we collect:

• Email address and password (for email/password registration)
• Name and email address (if you register via Google OAuth)
• Name and email address (if you register via LinkedIn OAuth)
• Account type designation (Buyer or Manufacturer)

2.2 Buyer Information

If you are a Buyer, we may collect the following through our request forms and profile:

• Contact information: full name, email address, phone number (optional), company name, job title
• Company details: company type, company size, industry, city, state, country, website
• Product request details: product description, category and subcategories, quantity range, budget range, timeline, preferred region, required certifications, and additional notes
• File attachments: up to five files per request (maximum 10 MB each), in PDF, PNG, JPG, DWG, STEP, STP, or STL format
• Preferences: preferred product categories and certifications

2.3 Manufacturer Information

If you are a Manufacturer, we may collect the following through claim forms and profile management:

• Claim details: claim type, full name, job title, business email, phone number, and authorization confirmation
• Profile information: company description, website, contact email, contact phone, product categories and subcategories, minimum order quantities (MOQ), lead time, certifications held, and company logo (PNG, JPG, WEBP, or SVG format, max 5 MB)

2.4 Quote and Communication Data

When you use our quoting and messaging features, we collect:

• Quote request details: contact name, email, company name, phone, product name, category, description, quantity, target price, timeline, certifications, additional details, and file attachments
• Chat messages: free-text messages and file attachments exchanged between Buyers and Manufacturers

2.5 Support and Inquiry Data

When you contact us through our support system, we collect:

• Your name, email, company name, inquiry type, and message content
• A cryptographic hash (SHA-256 with server salt) of your IP address — we never store your raw IP address
• Your browser's user agent string

2.6 Team Management Data

If you invite team members to your Manufacturer account, we collect the invitee's email address to process the invitation.

2.7 Automatically Collected Information

When you use our Services, we automatically collect:

• Page views and navigation data (every route change)
• Interaction events: sign-ups, logins, logouts, profile updates, searches, filter usage, request and quote activity, conversation and messaging events, manufacturer claims, team management actions, lead stage changes, shortlisting actions, and saved search alerts
• Device and browser identifiers stored via localStorage (not cookies) for analytics purposes

2.8 Subscription and Billing Data

If you subscribe to a Premium plan, our payment processor Stripe collects and processes your payment information, including credit or debit card number, expiration date, CVC, and billing address. We do not receive or store your full card details. We store the following subscription-related data on our servers:

• Stripe customer identifier and subscription identifier
• Subscription status (active, past due, canceled, trialing, or none)
• Plan type (monthly or yearly)
• Current billing period end date
• Whether the subscription is set to cancel at the end of the current period

2.9 In-App Notification Data

When system events occur (such as new matches, messages, or request updates), we generate in-app notifications that store: event type, related entity type and identifier, notification title and body, a call-to-action URL, optional metadata about the event, and whether the notification has been read.

2.10 Email Deliverability Data

To maintain email deliverability and comply with anti-spam regulations, we collect and process:

• Email delivery logs: For each email sent, we record the email type, recipient address, subject line, delivery status (sent, delivered, bounced, or failed), and a reference identifier from our email provider (Resend)
• Bounce data: When an email hard-bounces (permanently undeliverable), the recipient address is added to our suppression list to prevent future delivery attempts
• Complaint data: When a recipient marks an email as spam, the address is added to our suppression list and all email preferences for that user are automatically set to “off”

Suppression records are retained indefinitely to protect our sending reputation and ensure compliance with email regulations.

We use the information we collect for the following purposes:

• Account management: to create and manage your account, authenticate your identity, and provide access to our platform
• Marketplace operations: to facilitate connections between Buyers and Manufacturers, process requests and quote submissions, and enable communication between matched parties
• AI-powered matching: to analyze Buyer requests and Manufacturer capabilities and generate match scores that help connect Buyers with suitable Manufacturers
• Communications: to send transactional emails including welcome messages, request confirmations, match notifications, quote notifications, message digests, password resets, team invitations, and administrative alerts
• Product improvement: to analyze usage patterns, track feature engagement, and improve our platform's functionality and user experience
• Support: to respond to your inquiries and resolve technical issues
• Security and fraud prevention: to detect and prevent abuse, enforce rate limits, and maintain the integrity of our platform
• Subscription management: to process Premium subscription signups, manage billing status, and enforce tier-based feature limits through our payment processor Stripe
• Account moderation: to enforce our Terms of Service by suspending or banning accounts that violate our policies, maintaining an email blacklist to prevent abusive sign-ups, and logging moderation actions for audit purposes

4.1 Manufacturer Public Profiles

The following Manufacturer information is publicly visible to all Site visitors and Buyers: company name, location, product categories, certifications, minimum order quantities, lead time, company description, website, logo, and contact email and phone number.

4.2 Buyer Information Shared with Matched Manufacturers

When a Buyer is matched with a Manufacturer, the Manufacturer may see: company name, product description, category, quantity range, timeline, budget range, required certifications, and the Buyer's contact name, email, and phone number.

4.3 Direct Messaging

Once a connection is established, both parties may exchange free-form text messages and file attachments through our in-app messaging system.

We share information with the following third-party service providers who assist us in operating our platform:

We require all third-party service providers to handle your data in accordance with applicable laws and to use your information only for the purposes for which it was shared.

We use a limited number of cookies and browser local storage items to operate our Services:

6.1 Cookies

• Supabase authentication tokens (HTTP-only cookies prefixed with “sb-”): used for secure session management

6.2 Local Storage

• Request form draft (“request_draft ”): temporarily stores your in-progress Buyer request form data in your browser; cleared upon submission
• Mixpanel device/tracking ID: used for analytics session persistence

We do not use advertising cookies or third-party tracking cookies.

We retain your personal information for as long as your account is active or as needed to provide you with our Services. When you delete your account, we handle your data as follows:

• Manufacturer listings are unclaimed and contact information is removed
• Team memberships are removed
• Your Buyer profile, email preferences, and account data are deleted
• Requests, quotes, claims, conversations, and messages are reassigned to a system placeholder account to preserve platform data integrity — they are not hard-deleted
• Support ticket records have the user ID removed

In addition, the following data is subject to specific retention policies:

• Subscription records (Stripe customer and subscription identifiers) are retained for as long as your account is active and for a reasonable period after cancellation to handle billing disputes
• Account moderation records (suspension/ban actions, reasons, and admin details) are retained indefinitely as part of our audit trail
• Email suppression records (hard bounce and complaint flags) are retained indefinitely to prevent future delivery to invalid or complaining addresses
• Email delivery logs (email type, recipient, status, timestamp) are retained for compliance and deliverability monitoring purposes
• In-app notification records are retained for the lifetime of your account

Certain data may be retained for longer periods where required by law, to resolve disputes, or to enforce our agreements.

We implement commercially reasonable technical and organizational measures to protect your information, including:

• Cryptographic hashing (SHA-256 with server salt) of IP addresses — raw IP addresses are never stored
• HTTP-only cookies for session tokens to prevent cross-site scripting attacks
• Row-level security policies on our database to ensure users can only access their own data
• Rate limiting on forms (e.g., five support requests per ten minutes per IP) to prevent abuse
• Secure file storage for all uploaded attachments
• Payment processing handled by PCI DSS-compliant third-party processor (Stripe) — we do not store full payment card details on our servers
• Input validation and sanitization on all user-submitted content, including character length limits and injection prevention
• Webhook signature verification for all third-party integrations (Stripe, Resend) to prevent forged requests
• AI prompt boundaries and content sanitization to prevent prompt injection attacks when processing user data through our matching system
• Account moderation capabilities (suspension, banning, email blacklisting) to enforce platform integrity

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.

9.1 Account Deletion

You may delete your account at any time through your account settings. Deletion requires password confirmation and typing “DELETE” to confirm. Note that the last remaining administrator of a Manufacturer team account cannot delete their account without first transferring ownership.

9.2 Email Preferences

You can manage your email notification preferences at any time:

• Adjust message digest frequency: immediate, daily, weekly, or never
• Toggle individual email types on or off, including marketing emails (which are off by default)
• Unsubscribe via HMAC-signed token links included in every email (valid for 30 days) or through your settings page
• If you report an email as spam (via your email client's “Report Spam” button), we will automatically suppress all future emails to your address and disable all email notification preferences for your account. This is handled automatically through our email provider's complaint feedback loop.
• All emails include a one-click unsubscribe mechanism compliant with RFC 8058, which allows supported email clients (such as Gmail and Yahoo Mail) to display an unsubscribe button directly in the email interface.

9.3 Form Drafts

Buyer request form drafts are saved to your browser's localStorage and are cleared upon form submission. You may clear this data at any time by clearing your browser's local storage.

9.4 Analytics Opt-Out

Analytics tracking via Mixpanel is reset when you log out. Mixpanel uses localStorage (not cookies) for persistence. You may clear Mixpanel's localStorage entries through your browser settings.

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how we use it, the right to request deletion of your personal information, and the right to opt out of the sale of personal information. We do not sell your personal information to third parties.

To exercise your California privacy rights, please contact us at support@usafactorynet.com.

Our Services are designed for business use and are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you believe we have inadvertently collected such information, please contact us immediately at support@usafactorynet.com and we will take steps to delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on our Site with a new effective date. We encourage you to review this Privacy Policy periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: