Privacy Policy

Effective Date: April 5, 2026 | Version: 1.0

1. Introduction

This Privacy Policy describes how KHouse Holdings LLC ("KHouse", "we", "us") handles information collected through Global Customer Vision ("GCV"), a supply-chain intelligence platform accessible at supplychain.khousellc.com.

Our approach is minimal-collection: we collect only what is necessary to authenticate you, manage beta access, operate the Service, and comply with law. We do not sell your personal information, we do not use advertising cookies, and we do not share account data with marketing networks.

2. Information We Collect

Account Information (you provide)

First and last name
Email address
Organization / company name (optional)
Password hash (via Supabase Auth — we never see your plaintext password)
Records of your Terms of Use and Privacy Policy acceptance (version, timestamp, IP address, user-agent)

Usage and Log Data (collected automatically)

HTTP request logs (URL path, method, status, response time)
IP address (for rate limiting, security, and legal compliance)
User-agent string (browser/OS information)
Timestamps of API calls and dashboard interactions
Authentication events (login, logout, session refresh)

What We Do NOT Collect

Detailed query history or search terms saved to your profile
Map pan/zoom interactions tied to your identity
Payment information (GCV is free during beta pilot; no payment processor is integrated)
Third-party tracking cookies, advertising pixels, or analytics beacons (no Google Analytics, Meta Pixel, TikTok Pixel, etc.)
Biometric data, precise geolocation, or device fingerprints beyond standard HTTP headers

3. How We Use Your Information

We use the information we collect to:

Authenticate you and maintain your session
Process access requests and admin approval workflows
Communicate about account status, approvals, platform updates, or downtime
Operate, monitor, debug, and secure the Service
Analyze aggregated usage patterns to prioritize features and fix bugs
Enforce our Terms of Use
Comply with legal obligations, respond to lawful requests, and protect our rights

4. Third-Party Services

GCV relies on the following third-party infrastructure providers. Each has its own privacy policy:

Supabase — authentication and Postgres database hosting. Your account credentials and profile data are stored in Supabase's managed infrastructure.
Railway — backend FastAPI hosting for the GCV API. Server logs containing your IP and request metadata pass through Railway.
Cloudflare — edge network, DDoS protection, and Workers hosting for the GCV frontend. Cloudflare processes your request headers and IP for security and routing.
Mapbox — map tiles and geospatial rendering. Mapbox receives tile requests with coarse geographic metadata but does not receive your GCV account identity.
AISStream.io — real-time AIS vessel position data stream. No user data is transmitted to AISStream.io; we consume their stream server-side.
Resend — transactional email delivery for account verification and admin notifications.

5. Cross-App Authentication (KHouse Umbrella)

GCV uses a shared Supabase authentication project with other KHouse Holdings LLC applications, including the KHouse marketing website and the Tank Heating Calculator. This means:

Your email, name, and organization are stored once in a shared user_profiles table.
Access to each KHouse app (GCV, Tank Heating Calc, etc.) is granted separately via a user_app_accessrecord with a per-app approval status.
Revoking access in one app does not revoke it in another. Each KHouse app administrator approves access independently.
If you request deletion of your KHouse account, we delete your profile, all app-access records, and legal-acceptance records across all KHouse applications.

6. Data Retention

Account profile: retained while your account is active. After you request deletion, profile data is removed within 30 days, subject to legal holds.
Usage and server logs: retained for 90 days, then deleted or aggregated into non-identifying summary statistics.
Legal acceptance records: retained for 2 years after account closure for compliance and audit purposes.
Admin audit records (approve/deny actions): retained for 2 years for access-control accountability.

7. Data Security

We implement industry-standard safeguards:

TLS 1.2+ encryption for all traffic in transit
AES-256 encryption at rest via Supabase
Row-Level Security (RLS) policies on all database tables
JWT-based API authentication with short token lifetimes
Password hashing via bcrypt (handled by Supabase Auth)
Principle of least privilege for admin roles
No persistent storage of plaintext credentials or secrets

No system is perfectly secure. We cannot guarantee absolute security of data transmitted over the Internet or stored electronically.

8. Your Rights

Subject to applicable law, you have the right to:

Access the personal data we hold about you
Correct inaccurate or incomplete information
Request deletion of your account and associated data
Export your data in a portable format
Withdraw consent for data processing (where consent is the basis)
Lodge a complaint with a supervisory authority

California residents (CCPA/CPRA): You have additional rights including the right to know what categories of personal information we collect, the right to opt out of sale or sharing (we do neither), and the right to non-discrimination for exercising your rights.

EU/UK residents (GDPR/UK GDPR): We process personal data under Article 6(1)(b) (performance of a contract) and Article 6(1)(f) (legitimate interests in operating and securing the Service). You have rights of access, rectification, erasure, restriction, objection, and portability.

To exercise these rights, email us at the contact address below. We will respond within 30 days.

9. We Do Not Sell Personal Information

KHouse Holdings LLC does not sell, rent, or lease your personal information to third parties for monetary or other valuable consideration. We do not share personal information with data brokers, advertising networks, or marketing platforms.

10. Age Restriction

GCV is a commercial B2B platform intended for adult business users. You must be at least 18 years old to create an account. GCV is not directed to children under 13, and we do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. For material changes, we will provide at least 30 days' notice via the email on file and/or an in-app notice before the revised policy takes effect.

12. Contact

Questions or requests regarding this Privacy Policy? Contact us at:

KHouse Holdings LLC
Hampstead, North Carolina
scott@bluewatervision.net