Privacy Policy

Account data: email, full name, phone, company (optional), country of residence, professional title, certifications, NDT methods, work-authorisation countries, hourly rate (inspector-side only).

Operational data: jobs you post or apply to, applications you submit, reports you deliver, photos uploaded as inspection evidence, escrow status, payout records.

Audit data: every state-changing action across the platform is recorded in our internal audit trail (actor identity, timestamp, subject, delta). This is operational telemetry, not analytics; we do not sell or share audit data with third parties.

To match inspectors to jobs, mediate communication between clients and inspectors via admin chat, process payments through Stripe, comply with KYC/AML obligations on the inspector side, and improve platform safety.

Strict price-visibility boundary: inspector pricing is never disclosed to clients; client budgets are never disclosed to inspectors. This isolation is enforced at the database and application layers (see our public engineering notes for technical detail).

Supabase — database, auth, storage, edge functions. EU + US regions.

Stripe — payment processing, Connect inspector payouts, KYC verification.

Vercel — web app hosting, edge caching.

Resend — transactional email (sign-up confirmations, dispatch notifications).

Access, correction, export, and erasure requests should be sent to privacy@nexpecapp.com. We respond within 30 days. Erasure may be limited by record-retention obligations for completed inspections (typically 7 years).

Privacy questions: privacy@nexpecapp.com. Security disclosures: security@nexpecapp.com (we follow the IETF security.txt standard).