How we handle operator data.

Vendor lists and contact information.

Recent invoices and price sheets (60-90 days).

Purchase history exports by SKU or category.

Contracts, amendments, and term sheets.

Rebate agreements, accrual records, and tracking notes.

Freight terms, delivery schedules, and surcharge schedules.

SKU/category mapping files.

Manual notes on known pain points or exceptions.

We do not request personally identifiable customer data, payment card data, health records, or any regulated data outside the scope of purchasing review.

The public contact form is for qualification and scheduling only. Do not upload invoice files, price sheets, purchase history exports, or any sensitive purchasing records through the web form.

After the fit review, we provide a secure upload channel with explicit instructions. If you are uncomfortable with any channel we propose, we will work with your IT or legal team to find an acceptable alternative.

Only after a signed fit review and clear scope agreement do we request actual purchasing records.

Upload channels are scoped to the specific records needed for the diagnostic. We do not request broad system access, database credentials, or API keys.

Operators retain ownership of their data at all times. We do not copy data into systems outside the agreed review scope without explicit written permission.

We provide a standard mutual NDA before any sensitive records are exchanged. If your legal team has a preferred NDA template, we will review and execute it promptly.

The NDA covers all purchasing data, operator context, findings, and communications during the diagnostic engagement.

Diagnostic data is retained only for the duration of the engagement plus a reasonable wind-down period (typically 90 days) to support follow-up questions and deliverable corrections.

After the retention period, data is deleted from active systems. Backup retention follows the operator's preferred schedule where specified.

Ongoing engagement data is retained for the duration of the engagement and deleted within 90 days of termination unless a different schedule is agreed in writing.

We do not use operator purchasing data to train models, build benchmarks, or create composite analyses without explicit written permission.

If an operator chooses to contribute anonymized patterns to a future benchmark or research study, that contribution requires a separate written agreement with clear opt-in language.

All diagnostic findings are human-reviewed before delivery. No automated conclusion is sent to an operator without founder review.

AI-assisted internal workflows help structure the review. Human judgment is required for all conclusions, recommendations, and pilot decisions.