Overview
EngineeringID ("we", "us", "our") is operated by EngineeringID. This Privacy Notice describes how we collect, use, and protect personal information when you use our credential and document sealing platform across the web, iOS, macOS, Android, browser extensions, and integrations.
We follow the principles of data minimization, purpose limitation, and encrypted-by-default storage. Where applicable law (GDPR, CCPA, PIPEDA, UK GDPR, LGPD, APPI, or state equivalents) gives you more rights, those apply — we don't use geography to shrink what you're owed.
What We Collect
Information you give us directly
- Identity & contact: name, email, organization, phone (optional).
- Professional credentials: license number, state or jurisdiction, profession, issuing board, expiration date.
- Documents: the files you upload for sealing. Document bodies are stored on cloud-storage infrastructure that provides encryption-at-rest; document bodies are not application-layer encrypted by Credo.
- Billing information: processed by Stripe. We never see your full card number.
- Government ID (for identity verification only): see § Identity Verification Privacy.
Information we collect automatically
- Device & session: user agent, IP address, device type, OS, language preference.
- Usage data: pages viewed, features used, error events — for reliability and fraud detection.
- Audit trail: every sealing event is hash-chained for tamper-evidence.
Information from third parties
- State licensing boards: we query public license databases to verify credentials.
- Payment processor: Stripe returns subscription and payment status.
How We Use It
- Provide the service: seal, verify, store, and share documents you create.
- Verify credentials: confirm that a license number is valid and belongs to you.
- Security & fraud prevention: detect account takeovers, block abuse, maintain audit logs.
- Communicate: transactional email (receipts, seal confirmations, security alerts), and — only if you opt in — product announcements.
- Comply with law: respond to valid legal process, maintain records required by professional licensing regulations.
- Improve the product: aggregated, de-identified analytics on feature usage and error rates.
We don't use your documents or credentials to train machine learning models. AI features (document classification, OCR, summary assist) run on data you've explicitly opted into, and are processed in isolated compute environments.
Retention
Security
- Encryption at rest: Field-level AES-256-GCM for credentials, MFA secrets, SSO tokens, and signing-key material.
- Encryption in transit: TLS 1.3 everywhere; HSTS enabled.
- Credential signing: RSA-4096 signatures on credential manifests.
- Authentication: Bcrypt password hashing; MFA via TOTP authenticator apps.
- Audit integrity: seal events are hash-chained; tampering is cryptographically detectable.
- Vulnerability disclosure: [email protected].
Your Rights
- Access: contact [email protected] to request your data export.
- Correct: update any inaccurate personal information in Account Settings.
- Delete: remove your account and all personal data (legal retention exceptions apply for sealed records).
- Portability: export in JSON.
- Object: opt out of any non-transactional processing.
- Automated decisions: we don't make legally significant decisions about you via automation alone.
- Regulatory complaint: file with your supervisory authority (e.g., your state AG, the ICO, your DPA) at any time.
Children's Data
Our platform requires a valid professional license, which is only issued to adults. If we discover we've collected information from someone under 18, we'll delete it. If you're a parent and believe your child has provided us information, contact [email protected].
Changes
Past versions are available on request. Contact [email protected].