1. Introduction
Arplans LLC (“Arplans,” “we,” “our,” or “us”) is a compliance infrastructure company headquartered in Wilmington, Delaware. We operate the Arplans platform (the “Platform”), which connects institutions and corporations (“Institutional Buyers” or “Planners”) to verified local vendors (“Vendors”) for sourcing, compliance verification, contracting, payment processing, and audit-ready economic impact reporting.
This Privacy Policy describes how we collect, use, disclose, store, and protect your personal information when you access or use our Platform, website (arplans.co), mobile applications, and related services (collectively, the “Services”). By using our Services, you consent to the practices described in this Privacy Policy.
2. Scope and Applicability
This Privacy Policy applies to all users of the Services, including:
- • Vendors who create compliance profiles, submit certifications, and receive payments through the Platform.
- • Planners (institutions and corporations) who use the Platform to source, verify, contract with, and pay Vendors.
- • Organization Members who access the Platform through an organizational account.
- • Website Visitors who browse arplans.co or interact with our public-facing content.
- • This Policy does not apply to third-party websites, applications, or services linked from the Platform. We encourage you to review the privacy policies of any third-party services you access.
3. Information We Collect
3.1 Information You Provide Directly
- • Account Registration Information: Name, email address, phone number, business name, business address, tax identification number (EIN or SSN for sole proprietors), and role within your organization.
- • Vendor Compliance Profile Data: Business certifications (e.g., MBE, WBE, DSBE, DBE, SBE, UCP, SAM.gov registration), insurance documentation, W-9 forms, business licenses, references, service categories, geographic service areas, and past performance records.
- • Planner/Organization Data: Organization name, procurement contact information, program details, compliance requirements, and participation fee structures.
- • Financial Information: Bank account details for payment processing (via Stripe), invoicing information, and transaction records.
- • Communications: Messages, emails, and correspondence sent through or in connection with the Platform.
- • Support Requests: Information provided when contacting customer support.
3.2 Information Collected Automatically
- • Device and Browser Information: IP address, browser type and version, operating system, device identifiers, and screen resolution.
- • Usage Data: Pages visited, features used, timestamps, click patterns, search queries, and referral sources.
- • Cookies and Similar Technologies: Session cookies, persistent cookies, and pixel tags used to maintain login sessions, remember preferences, and analyze usage patterns.
- • Location Data: Approximate geographic location derived from IP address.
3.3 Information from Third Parties
- • Certification Verification: Data obtained from government registries (e.g., SAM.gov, state SBE databases, PA UCP registry) to verify vendor certifications.
- • Payment Processors: Transaction confirmations and payment status from Stripe.
- • Public Records: Publicly available business registration data used to validate vendor profiles.
4. How We Use Your Information
- • Platform Operations: To create and maintain accounts, process transactions, facilitate vendor-planner connections, and deliver the core Services.
- • Compliance Verification: To verify vendor certifications, validate business credentials, and maintain audit-ready compliance records.
- • Shared Vendor Infrastructure: Vendor compliance profiles are portable across programs and organizations on the Platform. This means a Vendor’s verified profile may be accessible to multiple Planners across multiple programs. This shared infrastructure is a core architectural feature of the Platform.
- • Economic Impact Reporting: To generate verified (not self-reported) economic impact data, including cross-program spend reporting and M/W/DSBE participation tracking for institutional compliance.
- • Payment Processing: To facilitate payments between Planners and Vendors through our integrated payment infrastructure.
- • Communications: To send transactional notifications, program updates, compliance alerts, and service announcements via email (Brevo) and SMS (SimpleTexting).
- • Platform Improvement: To analyze usage patterns, identify technical issues, improve features, and develop new services.
- • Legal Compliance: To comply with applicable laws, regulations, legal processes, and government requests.
- • Security: To detect, prevent, and address fraud, unauthorized access, and other security threats.
5. Shared Vendor Profile Infrastructure
A core feature of the Arplans Platform is that Vendor compliance profiles are shared infrastructure. This means:
- • Vendor profiles are not scoped to any single organization or program. Once verified, a Vendor’s compliance profile persists across all programs and organizations on the Platform.
- • Institutional Buyers (Planners) may view verified Vendor profiles, certifications, and past performance data across programs in which the Vendor has participated.
- • Arplans aggregates anonymized and/or aggregated compliance and economic data across the Platform to produce cross-program spend intelligence, economic impact reports, and compliance benchmarks.
- • Vendors retain ownership of their profile data and may update or request deletion of their profiles subject to the data retention requirements described in Section 9.
- • By creating a Vendor profile on the Platform, you acknowledge and consent to this shared infrastructure model.
6. How We Share Your Information
6.1 With Other Platform Users
Vendor compliance profiles, certifications, and program participation history are visible to authorized Planners on the Platform. Planner program details are visible to Vendors who participate in or are invited to those programs.
6.2 With Service Providers
We share information with third-party service providers who process data on our behalf, including:
- • Stripe (payment processing)
- • Brevo (email and SMS communications)
- • Supabase (database hosting and authentication)
- • Netlify (web hosting)
- • OpenAI (AI-powered platform features)
- • SimpleTexting (SMS notifications)
These providers are contractually bound to use your information only for the purposes of providing services to Arplans and in accordance with this Privacy Policy.
6.3 For Compliance and Reporting
We may share aggregated, anonymized, or de-identified compliance and economic impact data with institutions, institutional partners, and the public for audit, reporting, and transparency purposes. This data does not identify individual Vendors or Planners unless required by applicable law or contractual obligation.
6.4 Legal Requirements
We may disclose your information if required by law, subpoena, court order, or government regulation, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Arplans, our users, or the public.
6.5 Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. We will notify affected users of any such transfer and any changes to this Privacy Policy.
7. Data Security
We implement commercially reasonable administrative, technical, and physical safeguards to protect your information, including:
- • Encryption of data in transit (TLS/SSL) and at rest.
- • Role-based access controls within organizational accounts.
- • Secure authentication through Supabase Auth.
- • Regular monitoring for unauthorized access and security vulnerabilities.
- • PCI-compliant payment processing through Stripe (Arplans does not store credit card numbers or bank account details directly).
No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
8. Cookies and Tracking Technologies
We use cookies and similar technologies to:
- • Maintain your login session and preferences.
- • Analyze Platform usage and performance.
- • Deliver relevant communications.
You may control cookies through your browser settings. Disabling certain cookies may affect Platform functionality. We do not currently respond to “Do Not Track” browser signals.
9. Data Retention
We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy, including:
- • Active account data is retained for the duration of your account.
- • Vendor compliance profiles and verified certifications are retained as part of the Platform’s shared infrastructure for as long as the Vendor maintains an active account.
- • Transaction records and economic impact data are retained for a minimum of seven (7) years to support audit and compliance obligations.
- • Communications and support records are retained for three (3) years after the last interaction.
Upon account deletion, we will remove or de-identify your personal information within ninety (90) days, except where retention is required by law or for legitimate compliance and audit purposes.
10. Your Rights and Choices
Depending on your jurisdiction, you may have the following rights:
- • Access: Request a copy of the personal information we hold about you.
- • Correction: Request correction of inaccurate or incomplete information.
- • Deletion: Request deletion of your personal information, subject to legal and contractual retention requirements.
- • Portability: Request your data in a structured, commonly used, machine-readable format.
- • Opt-Out of Communications: Unsubscribe from marketing communications at any time. Transactional communications related to active programs or payments cannot be opted out of while your account is active.
- • Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.
To exercise any of these rights, contact us at [email protected] or write to: Arplans LLC, Wilmington, DE 19801. We will respond to verified requests within thirty (30) days, or as required by applicable law.
11. Children’s Privacy
The Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected information from a child under 18, we will promptly delete it.
12. International Data Transfers
The Platform is operated in the United States. If you access the Services from outside the United States, your information may be transferred to and processed in the United States. By using the Services, you consent to such transfer and processing.
13. State-Specific Privacy Rights
13.1 California Residents (CCPA/CPRA)
California residents have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at [email protected].
13.2 Delaware Residents
Delaware residents may have additional rights under the Delaware Personal Data Privacy Act. We comply with all applicable Delaware data privacy requirements.
14. Third-Party Links and Integrations
The Platform may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies before providing any personal information.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Policy on the Platform and updating the “Effective Date” at the top. Continued use of the Services after any changes constitutes your acceptance of the updated Policy.
16. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy, please contact us:
Arplans LLC
Wilmington, Delaware 19801
Email: [email protected]
Phone: (267) 905-4783
Website: arplans.co