Lam Chem

Privacy

Privacy policy

Last updated: May 2026. This policy explains what data Lam Chem collects when you use the SupraDye Impact Calculator, why we collect it, how it is protected, and what your rights are.

1. What we collect

When your organization is invited to the calculator, we collect:

  • Account data — email address, optional full name, organization name, role (admin or member), invitation timestamp.
  • Authentication data — hashed password (we never see the plain-text password), session cookies, last sign-in time.
  • Calculator inputs — the recipes, batch sizes, fabric blends, utility rates, emission factors, and operating context you enter when you save a profile.
  • Server logs — IP address, browser user-agent, and request paths, retained for ~30 days for security and troubleshooting.

2. What we do NOT collect

  • Plain-text passwords.
  • Payment information (the calculator does not process payments).
  • Marketing analytics or behavioural advertising trackers.
  • Any data from third parties about your organization other than what you enter yourself.

3. Where data is stored

All customer data is stored in a managed Supabase Postgres database, encrypted at rest (AES-256) and in transit (TLS 1.2+). Each row is tagged with an organization identifier; PostgreSQL Row Level Security policies enforce that a signed-in user can only read or write rows belonging to their own organization. This isolation is enforced at the database level, not at the application level.

4. Multi-tenant isolation

If you are a factory customer (e.g. Fakir Knitwears), no other factory customer (e.g. Square Apparel) can see your saved profiles, your recipes, your costs, or your organization name. Lam Chem internal administrators have read access for support purposes (for example, to help you load an old profile) but do not modify your data without consent.

5. Sub-processors

We use the following sub-processors to operate the service:

  • Supabase — database, authentication, transactional email.
  • Vercel — application hosting and edge delivery.

Both providers operate under industry-standard data processing agreements. No sub-processor is granted authorisation to use customer data for any purpose other than delivering the service.

6. PDF reports

When you click Preview Summary / Detailed / Confidential the PDF is generated entirely inside your browser. The generated file is not uploaded back to Lam Chem servers. When you download or print the report, where it goes is up to you.

7. Your rights

You can request access to, export of, or deletion of your organization's data at any time by contacting Lam Chem (see Contact). Account deletion removes saved profiles and the organization record; pseudonymised audit log entries (e.g. "an admin invited this email at this time") may be retained for security accountability for up to 12 months.

8. International transfers

Your data may be stored in regions outside your country (Supabase regions cover the EU, US, Asia-Pacific, and South America). Lam Chem selects regions based on customer locality where practical. If you require a specific region for compliance reasons, contact us.

9. Cookies

We use only the cookies required to keep you signed in (session cookies set by Supabase Auth). No analytics or advertising cookies.

10. Changes to this policy

We will notify organization admins by email at least 30 days before any material change to this policy.

This document is provided for transparency. It is not legal advice. For binding contractual terms, see the master services agreement signed between your organization and Lam Chem.