Privacy Policy

JL Engineering Group ("JL Engineering," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information when you use our website at jlengineering.co.

1. Information We Collect

Information You Provide Directly

• Contact form submissions — your name, email address, selected service type, and project details when you submit a project inquiry
• Account registration — your first name, last name, and email address when you create an account
• Orders — your name, email address, shipping address, and order details when you place an order
• Guest checkout — your email address and shipping address when you check out without creating an account

Information Collected Automatically

• IP address — collected for rate limiting and fraud prevention on form submissions and authentication requests
• Session tokens — stored in secure HttpOnly cookies to maintain your logged-in state
• Cart data — stored temporarily in your browser's sessionStorage and cleared when you close your browser tab

Information We Do Not Collect

• We do not store full payment card numbers, CVV codes, or raw payment data. Payment processing is handled securely by Stripe, who maintain their own privacy policy
• We do not use tracking pixels, behavioral advertising cookies, or third-party analytics platforms
• We do not sell, rent, or trade your personal information to any third party

2. How We Use Your Information

• To respond to your project inquiries and provide engineering consulting services
• To process and fulfill your product orders
• To send order confirmations and shipping updates
• To maintain the security of your account and prevent unauthorized access
• To detect and prevent spam, fraud, and abuse of our platform
• To comply with applicable laws and legal obligations

3. Data Storage and Security

Your data is stored in a Cloudflare D1 database hosted on Cloudflare's global infrastructure. We implement the following security measures:

• Passwords are never stored in plain text — they are hashed using PBKDF2 with 100,000 iterations and a unique random salt
• Session tokens are stored in HttpOnly, Secure, SameSite=Strict cookies inaccessible to browser scripts
• All data is transmitted over HTTPS with TLS encryption enforced at all times
• API endpoints are protected by CORS policies, rate limiting, and origin validation
• Administrative access requires a separate secret credential not stored in any codebase

4. Data Retention

• Contact submissions — retained indefinitely for business records unless you request deletion
• Account data — retained for the lifetime of your account plus 90 days after deletion
• Order records — retained for 7 years for tax and legal compliance purposes
• Session tokens — automatically expire after 30 days of inactivity
• IP addresses — retained for 90 days for fraud prevention purposes

5. Third-Party Services

We use the following third-party services to operate our platform:

• Cloudflare — website hosting, DDoS protection, bot detection, and Turnstile verification. Cloudflare Privacy Policy
• Stripe — payment processing. Stripe handles all payment card data under PCI-DSS compliance. Stripe Privacy Policy
• Resend — transactional email delivery for contact form notifications. Resend Privacy Policy
• Google Fonts — web font delivery. Google Privacy Policy

6. Your Rights

You have the following rights regarding your personal data:

• Access — you may request a copy of the personal data we hold about you
• Correction — you may request that inaccurate data be corrected
• Deletion — you may request that your personal data be deleted, subject to legal retention requirements
• Portability — you may request your data in a portable format
• Objection — you may object to processing of your data in certain circumstances

To exercise any of these rights, contact us at contact@jlengineering.co.

7. Children's Privacy

Our website and services are not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy as our services evolve. When we make material changes, we will update the "Last Updated" date at the top of this page. Continued use of our services after changes constitutes acceptance of the updated policy.

9. Future Services

As JL Engineering expands into additional services — including engineering consulting project management, client portals, and enhanced order tracking — this Privacy Policy will be updated to reflect any new data collected or processed in connection with those services.