Legal
Privacy Notice
How Patriot Bio Supply handles business contact and transaction metadata.
Last updated: March 22, 2026
Patriot Bio Supply, LLC ("PBS," "we," or "us") operates the patriotbiosupply.com platform for B2B procurement services. This Privacy Notice describes how we collect, use, share, and protect information in connection with our platform and services. PBS is a United States-based company and processes all data within the United States.
Information we collect
We collect information in the following categories:
Business contact information
- Name, email address, phone number, and job title provided through account registration, lead forms, and sourcing requests.
- Organization name, DUNS number, CAGE code, and buyer company identifiers.
Transaction and procurement data
- Order details, purchase order numbers, line items, and pricing.
- Compliance evaluation results, audit packet metadata, and evidence file references.
- PunchOut session data and cXML transaction records.
- Payment processing identifiers (we do not store full payment card numbers).
Operational and technical data
- IP addresses, browser type, device information, and page interaction data collected through analytics.
- Error reports and performance metrics used for platform stability.
- Authentication tokens and session identifiers.
How we use information
- To process sourcing requests, orders, compliance evaluations, and audit packet generation.
- To manage your account, verify buyer authorization, and enforce role-based access controls.
- To communicate order confirmations, compliance status updates, and account notifications.
- To monitor platform security, detect fraud, and investigate unauthorized access attempts.
- To analyze usage patterns and improve platform features and performance.
- To comply with applicable laws, regulations, and legal requests.
Third-party service providers
We use the following categories of service providers to operate our platform. Each provider processes data solely for the purpose of delivering their specific service to PBS:
- Database and authentication: Supabase (PostgreSQL database hosting, user authentication, and file storage).
- Payment processing: Stripe (payment intent creation and transaction processing). Stripe maintains its own privacy policy at stripe.com/privacy.
- Commerce engine: BigCommerce (headless product catalog and order processing APIs).
- Product analytics: PostHog (pseudonymized usage analytics, funnel tracking, and web vitals measurement).
- Error monitoring: Sentry (application error capture and performance traces with PII scrubbing enabled).
- Email delivery: Resend (transactional email delivery for notifications and order confirmations).
- Hosting and infrastructure: Vercel (application hosting, edge functions, and CDN delivery).
We do not sell personal information to third parties. We do not use personal information for automated decision-making or profiling beyond compliance scoring that is directly related to procurement eligibility.
Data retention
- Account data: Retained for the duration of your active account relationship, plus 90 days after account closure for dispute resolution.
- Order and compliance records: Retained for 7 years to support audit and regulatory requirements consistent with federal procurement record-keeping standards.
- Analytics data: Aggregated and anonymized within 13 months of collection.
- Authentication logs: Retained for 12 months for security monitoring purposes.
- Lead form submissions: Retained for 24 months or until the associated opportunity is closed.
Cookies and local storage
We use cookies and browser local storage for the following purposes:
- Authentication: Session cookies managed by Supabase to maintain your signed-in state.
- Analytics: PostHog uses localStorage to track pseudonymized usage patterns. You may opt out of analytics tracking through the analytics notice banner displayed on your first visit, or by contacting us.
- Preferences: Local storage for analytics consent preferences (analytics_consent flag).
We do not use advertising cookies or cross-site tracking technologies.
Your rights
You may exercise the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of inaccurate personal information.
- Deletion: Request deletion of your personal information, subject to our data retention obligations for compliance and audit records.
- Opt-out of analytics: Disable analytics tracking through the cookie consent controls available on our platform.
To exercise these rights, contact us at the email address below. We will respond within 45 days (or the period required by applicable law).
Data breach notification
In the event of a data breach involving your personal information, we will notify affected users without unreasonable delay and no later than 60 days after discovery, consistent with applicable state and federal notification requirements. Notification will be provided via email to the address associated with your account and, where required by law, to the applicable state attorney general or regulatory authority.
California residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at the email address below.
Security
We implement administrative, technical, and physical security measures to protect your information, including encryption in transit (TLS), role-based access controls, input validation, and continuous security monitoring through Sentry. For details, see our Security and Trust Center.
Changes to this notice
We may update this Privacy Notice from time to time. Material changes will be communicated through an in-platform notification or email to registered account holders. The "Last updated" date at the top of this page indicates the most recent revision.
Contact
For privacy questions or to exercise your data rights, contact: privacy@patriotbiosupply.com
Patriot Bio Supply, LLC
40 W. Oaks Ct., Montgomery, TX 77356