FactoryChecks — Privacy Policy

Effective: 2026-05-26 Operator: AlienLogicLab, LLC (Wyoming, USA)

Table of Contents

1. Who We Are
2. Scope & the Most-Restrictive-Applies Principle
3. Data We Collect
4. How and Why We Use Your Data (Purposes & Legal Bases)
5. Analytical Processing, Derived Scoring, Benchmarking, ML, and Anonymized Aggregation
6. Hosting & International Transfers
7. Sharing Your Data
8. Data Retention
9. Security
10. Your Rights
11. Regime-Specific Addenda
12. Cookies & Analytics
13. Children
14. Changes to This Policy & Contact

1. Who We Are

AlienLogicLab, LLC ("AlienLogicLab," "we," "us," "our") is a Wyoming, USA limited liability company. We operate the FactoryChecks platform — the website, applications, APIs, and related services (collectively, the "Platform" or "Services") — which provides structured operational capability verification and qualification support for manufacturers and the buyers who source from them.

Primary contact for privacy matters:

Data Protection Officer (DPO) / EU Representative:

• DPO: FactoryChecks has not appointed a Data Protection Officer; we have assessed that our current processing does not require one under GDPR Art. 37. Data-protection inquiries may be directed to [email protected].
• EU/EEA & UK Representative (GDPR / UK GDPR Art. 27): Not currently appointed. Individuals in the EU/EEA or UK may contact us at [email protected] regarding their rights.

2. Scope & the Most-Restrictive-Applies Principle

This Privacy Policy applies to all personal data (also: personal information) processed by AlienLogicLab, LLC through the Platform, regardless of where you are located.

Regulatory coverage. Our user base is international and our infrastructure is hosted in Singapore. Accordingly, we have written this policy to satisfy the requirements of the four major privacy regimes that apply to our operations, assessed in parallel:

Most-restrictive-applies principle. Where two or more of the above regimes impose conflicting requirements regarding the same processing activity or the same data subject right, we apply the requirement that is most protective of the individual. This means, in practice, that GDPR-grade standards serve as our default floor for all users unless a stricter provision applies under another regime for a specific category of data subject or data type.

If you believe a specific regime applies to your situation that is not listed above, please contact us using the details in Section 14.

3. Data We Collect

We collect personal data in three primary contexts: (a) Buyers using the Platform, (b) Factories participating in or assessed by the Platform, and (c) incidental personal data captured in the course of Inspections. We describe each below.

3.1 Buyers

Account & identity data: Name, email address, professional role, company name, country of business, and any optional profile information you provide when creating a Buyer account.

Contact & communication data: Email correspondence, support tickets, messages sent through the Platform, and metadata associated with those communications (timestamps, message IDs).

Product request and sourcing data: Information you enter into product requests or RFQ (request for quotation) submissions, including product descriptions, specifications, volume requirements, timeline, and other sourcing criteria.

Payment metadata: We use Stripe as our payment processor. We do not store your full card number, card verification value (CVV), or banking credentials. We receive and retain Stripe-provided payment metadata, including: billing name, billing address (country/postal code), payment method type (e.g., card brand and last four digits), transaction IDs, amounts, and payment status. Stripe's own privacy policy governs data Stripe processes as an independent controller or processor.

Usage and behavioral data: Pages visited, features used, search queries, timestamps of actions, session duration, device type and operating system, browser type, and referring URL. We collect this data through first-party server logs and our analytics provider (see Section 12).

Preference and settings data: Notification preferences, language settings, and other account configurations.

3.2 Factories

Business and registration data: Company legal name, trade name(s), registered address, business registration number, country of incorporation, and related corporate identity documents provided to us or obtained from public registers.

Operational and facility data: Factory address(es), floor area, headcount ranges, product categories, production capacity, equipment inventories, production process descriptions, quality management system documentation, and other operational information provided by the factory or gathered during an Inspection.

Capability data: Stated and verified manufacturing capabilities, process types, materials handled, tolerances, certifications (see below), and derived capability signals processed and maintained by the Platform as part of the capability intelligence function. Factory-level capability data is largely organizational/commercial in nature; to the extent it contains or is linked to personal data of individuals (e.g., named owners, directors, or technical contacts), those individuals are covered by this policy.

Certification and compliance data: Copies of, or references to, third-party certifications (e.g., ISO 9001, IATF 16949, CE, MIC, KC), their scope, issuing bodies, and expiry dates.

Contact information of factory representatives: Names, titles, email addresses, and phone numbers of individuals authorized to represent the factory on the Platform or in connection with an Inspection.

Publicly available data: Business registration data, export records, trade directories, and other publicly available information used to build or enrich a factory profile. We do not publicly acknowledge the specific sources of factory data gathered through automated or third-party means.

3.3 Incidental Personal Data Captured During Inspections

On-site or remote Inspections may result in incidental capture of personal data relating to factory employees and other individuals present at or associated with the facility. This includes but is not limited to:

• Names, roles, or titles of employees visible in facility photographs or video recordings taken during the Inspection, or mentioned in inspector field notes.
• Headcount figures and workforce composition data (treated as organizational/operational data unless linked to identifiable individuals).
• Individual employee qualifications or certifications referenced in quality system documentation.

Minimization posture. We apply strict data minimization to incidental personal data:

• Inspectors are instructed to collect only the minimum information necessary for the Inspection purpose.
• Individuals' faces in photographs are anonymized or blurred to the extent practicable before storage.
• Field notes containing personal data about named employees are treated as strictly confidential operational records and are not included in Capability Assessments or Inspection Reports shared with Buyers.
• Incidental personal data is not used for any purpose beyond the legitimate operational purpose of the Inspection.

Facial images that could enable identification may constitute special-category or biometric data under GDPR Art. 9, Vietnam PDPD Art. 9, and equivalent provisions. We minimize such images, anonymize or blur them where practicable before storage, and do not use them for biometric identification.

4. How and Why We Use Your Data (Purposes & Legal Bases)

We use personal data only for specified, explicit, and legitimate purposes. The table below describes our main processing activities, their purposes, and the legal bases we rely on under the GDPR (Art. 6, and Art. 9 where applicable for special categories). Legal bases under other regimes are addressed in Section 11.

Legitimate interests assessment. Where we rely on legitimate interests, we have considered and balanced our interests against the rights and interests of data subjects. For capability data relating to organizations (factories), we consider the organizational nature of that data and the expectation of commercial transparency. We do not rely on legitimate interests where those interests are overridden by your fundamental rights, particularly for processing that is intrusive or unexpected.

Consent withdrawal. Where we rely on your consent (e.g., marketing emails), you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal. Withdrawal instructions are in Section 10.

5. Analytical Processing, Derived Scoring, Benchmarking, ML, and Anonymized Aggregation

Disclosure. As part of our capability intelligence function — which is central to the Services we provide — we perform the following categories of analytical processing on Platform data:

• Derived capability scoring and signals: We generate structured capability signals, scores, and tags derived from raw factory data (stated capabilities, Inspection observations, certifications, and operational metrics). These are used to power capability matching between Buyers' sourcing requirements and Factory profiles.
• Benchmarking: We compare factory profiles and capability signals against aggregated datasets to provide relative context (e.g., capability breadth within a product category or geography). Benchmarking outputs are produced at the aggregate or anonymized level and are not attributed to individual factories in any publicly visible ranking or rating.
• Machine learning and automated processing: We use machine learning models for capability classification, product decomposition (breaking a product description into its constituent manufacturing capability requirements), taxonomy gap analysis, and capability matching. These models process Platform data to improve the accuracy and coverage of the capability intelligence layer.
• Anonymized aggregation: We generate and may publish or share aggregated, anonymized datasets and statistics (e.g., industry capability trends, regional manufacturing capacity) that do not identify individual factories, users, or personal data subjects.

Safeguards. The following safeguards apply:

1. Personal data is not used as a direct feature input to ML models if an anonymized or pseudonymized equivalent is available.
2. Derived scores and capability signals attributed to a named factory are not published as public rankings or blacklists (consistent with our product posture — Section 11 addenda).
3. Anonymized aggregates used for benchmarking or published statistics are reviewed to ensure re-identification risk is negligible (k-anonymity or an equivalent re-identification-risk standard).
4. Automated decisions that produce legal or similarly significant effects on individuals are not made solely by automated means without human review — consistent with GDPR Art. 22.
5. Factory-level capability data used for ML training is treated as confidential; model outputs are sanitized to avoid memorization of specific training examples.

No sale of derived data. Derived scores, capability signals, and Platform analytics are not sold to third parties as standalone data products.

6. Hosting & International Transfers

6.1 Where Data Is Hosted

All primary Platform data — including user accounts, factory profiles, Inspection data, and Capability Assessments — is hosted on infrastructure located in Singapore. Our primary cloud/hosting provider operates data centers in the Singapore region.

Singapore is the primary jurisdiction governing our hosting operations, and the Singapore PDPA applies to this processing. Singapore does not currently hold an EU adequacy decision; accordingly, where personal data of EU/EEA data subjects is transferred to Singapore for hosting, we rely on the transfer mechanisms described below.

6.2 Transfer Mechanisms

Where personal data originating in the EU/EEA is transferred to Singapore (or to any other country outside the EEA that does not benefit from an EU adequacy decision), we rely on one or more of the following transfer mechanisms:

• Standard Contractual Clauses (SCCs): The European Commission's standard contractual clauses (2021 SCCs, as applicable), incorporated into agreements with our hosting provider(s) and other relevant processors.
• UK International Data Transfer Agreement (IDTA) / Addendum: For transfers of UK personal data, as applicable.
• Adequacy decisions: Where the European Commission or UK ICO has issued a current adequacy decision for a recipient country, we rely on it.

Where required, we put in place Standard Contractual Clauses (and, for UK personal data, the UK IDTA or Addendum) with relevant processors, and we conduct Transfer Impact Assessments for transfers to Singapore as applicable.

Vietnam cross-border transfers. Personal data of Vietnamese data subjects (primarily factory-side personal data) transferred to Singapore is subject to Vietnam PDPD Art. 25–26 cross-border transfer requirements. We obtain consent to this cross-border transfer as part of factory onboarding. See Section 11(c) for the Vietnam-specific addendum.

US transfers. AlienLogicLab, LLC is a US entity. Personal data may be accessible by AlienLogicLab personnel in the United States for support and operational purposes. To the extent such access constitutes a transfer under applicable regimes, it is covered by the same SCC or contractual frameworks described above, and by our internal data access controls.

7. Sharing Your Data

We do not sell your personal data. The following categories of sharing occur in connection with operating the Platform:

7.1 Capability Assessments and Inspection Reports Shared with Buyers

A Capability Assessment or Inspection Report commissioned by a Buyer is shared with that Buyer under a report license that permits use solely for the Buyer's internal sourcing evaluation. The report may contain factual operational observations about the relevant Factory's facilities, capabilities, certifications, and related matters. Field notes and incidental personal data about named employees are excluded from Buyer-facing reports.

Factories are informed at the time of Inspection scheduling that a Buyer-commissioned Capability Assessment will be delivered to the commissioning Buyer.

7.2 Service Providers and Subprocessors

We engage third-party service providers and subprocessors to support Platform operations. Each is bound by data processing agreements that require them to process personal data only on our documented instructions and to implement appropriate security measures. Our current subprocessors include:

A current list of subprocessors is available on request. Each subprocessor is bound by a data processing agreement; where a subprocessor is located outside the EEA, appropriate transfer safeguards (such as SCCs) are applied.

7.3 Legal Disclosure

We may disclose personal data to law enforcement, regulatory authorities, or courts when required to do so by applicable law, or when we believe in good faith that such disclosure is necessary to: (a) comply with a legal obligation; (b) protect our rights or property; (c) prevent fraud or a security threat; or (d) protect the safety of any person.

7.4 Business Transfers

If AlienLogicLab, LLC undergoes a merger, acquisition, asset sale, or similar transaction, personal data may be transferred to the successor entity, subject to that entity assuming the same privacy obligations set out in this policy (or providing notice and the opportunity to delete, as required by applicable law).

7.5 What We Do NOT Do

• We do not sell personal data to third parties (including under CCPA/CPRA definitions of "sale" or "sharing").
• We do not disclose personal data to advertisers or advertising networks.
• We do not publish public factory rankings, ratings, or blacklists attributing scores to named factories.

8. Data Retention

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, to resolve disputes, and to enforce our agreements.

Retention periods reflect operational need, dispute-resolution windows, and applicable record-keeping obligations (including Vietnam's contract-records requirements, the Singapore PDPA reasonableness standard, and the GDPR storage-limitation principle). We delete or anonymize personal data when the applicable period elapses, subject to legal holds.

Deletion. When personal data is no longer required for any of the above purposes, it is deleted or irreversibly anonymized in accordance with our data deletion procedures. Anonymized data that cannot be re-identified is no longer "personal data" and may be retained indefinitely for analytical or benchmarking purposes.

Legal hold. Retention periods may be extended where data is subject to a legal hold, active dispute, regulatory investigation, or audit obligation.

9. Security

We take the security of your personal data seriously and implement technical and organizational measures appropriate to the risk.

Technical measures:

• Encryption in transit: All data transmitted between users and the Platform is encrypted using TLS (HTTPS). APIs enforce TLS; unencrypted connections are rejected.
• Encryption at rest: Data stored on our infrastructure, including database volumes, is encrypted at rest using industry-standard encryption (AES-256 or equivalent).
• Encrypted backups: Database backups are encrypted before storage and are stored separately from primary data with access controls.
• Field-level encryption of sensitive data: Certain categories of sensitive data (e.g., payment metadata fields, credentials) are encrypted at the field level in the database, providing an additional layer of protection beyond volume encryption.
• Access controls: Access to production systems and personal data is limited to authorized personnel on a need-to-know basis, enforced through role-based access control.
• API authentication: Platform APIs require authentication (JWT-based tokens) and enforce role-based authorization on all endpoints.

Organizational measures:

• Internal data handling policies limit access to personal data to personnel who require it to perform their role.
• Personnel with access to personal data are subject to confidentiality obligations.
• We conduct periodic review of access controls and security configurations.
• We maintain incident response procedures for potential data breaches.

Breach notification. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority (or authorities) within the timeframes required by applicable law (72 hours under GDPR; as required under Singapore PDPA; as required under Vietnam PDPD), and will notify affected individuals where the risk is high. See Section 11 for regime-specific breach notification obligations.

Limitation. No security system is impenetrable. We cannot guarantee that unauthorized parties will never be able to defeat our security measures. We encourage you to use a strong, unique password and to notify us immediately if you suspect unauthorized access to your account.

10. Your Rights

Subject to applicable law, you have the following rights regarding your personal data. We honor the most protective set of rights available to you under the applicable regime(s) identified in Section 2.

How to exercise your rights. Submit a request by email to [email protected]. We will verify your identity before processing a request. We will respond within the shorter of: 30 days (GDPR/UK GDPR), 30 days (Singapore PDPA), 72 hours to 30 days (Vietnam PDPD as applicable), and 45 days + one 45-day extension (CCPA/CPRA). In practice, we will respond within 30 days of verified receipt, with notification of any extension.

Factory data subjects. If you are an individual associated with a Factory (e.g., a named employee whose data appears in an Inspection record), you may exercise the rights above in relation to personal data we hold about you. Note that certain operational capability data is organizational in nature and may not constitute your personal data; we will advise you accordingly.

Authorized agents. You may designate an authorized agent to submit requests on your behalf. We require verification of the agent's authority (signed authorization or power of attorney) and may verify your identity directly. See also Section 11(d) for CCPA-specific authorized agent procedures.

Complaint to a supervisory authority. You have the right to lodge a complaint with your local supervisory authority. See Section 11 for jurisdiction-specific contact details.

11. Regime-Specific Addenda

11(a) GDPR / UK GDPR Addendum (EU/EEA and UK Data Subjects)

Controller. AlienLogicLab, LLC is the data controller for personal data of EU/EEA and UK data subjects processed through the Platform.

Legal bases (summary). As set out in Section 4. Where we rely on legitimate interests, details of the balancing test are available on request.

Special categories. We do not intentionally collect special-category personal data (GDPR Art. 9) — such as health data, biometric data for the purpose of uniquely identifying a natural person, political opinions, or religious beliefs — through the Platform. To the extent incidental collection occurs (see Section 3.3), we apply appropriate safeguards and minimize such collection.

Data Protection Officer. Not appointed; see Section 1. Inquiries: [email protected].

EU/EEA Representative (GDPR Art. 27). Not currently appointed; see Section 1.

UK Representative (UK GDPR Art. 27). Not currently appointed; see Section 1.

International transfers. As described in Section 6.2. Where personal data is transferred from the EU/EEA to Singapore or the USA, we rely on SCCs (2021 Commission Decision). Transfer Impact Assessments (TIAs) are conducted as required.

Supervisory authority complaints. If you are in the EU/EEA, you have the right to lodge a complaint with the data protection authority ("DPA") in your member state of habitual residence, place of work, or place of the alleged infringement. A list of EU DPAs is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

If you are in the UK, you may complain to the Information Commissioner's Office (ICO): https://ico.org.uk

Data subject rights — response times. We respond to GDPR data subject requests within one calendar month of verified receipt, extendable by a further two months for complex or numerous requests (with notice within the first month).

Profiling and automated decision-making. As described in Section 5, analytical processing and ML are conducted with human oversight. We do not rely on solely automated decisions that produce legal or similarly significant effects on EU/EEA or UK data subjects (GDPR Art. 22).

11(b) Singapore PDPA Addendum (All Users — Primary Hosting Jurisdiction)

Applicable to: All personal data processed through the Platform, given that primary hosting is in Singapore.

Consent. We collect personal data under one or more of the following bases permitted by the PDPA: (i) deemed consent by contractual necessity (Schedule 2, paragraph 1(b)-(c)), (ii) legitimate interests (Schedule 2, paragraphs 7–8), or (iii) express consent obtained at the point of collection. Individuals who have not provided consent, or who have withdrawn consent, will not receive personal data collection for non-essential purposes.

Purpose limitation. We collect personal data for the purposes set out in Section 4 only and will not use personal data for any new materially different purpose without notifying you and, where required, obtaining fresh consent.

Access and correction. You have the right to request access to your personal data held by us and to request correction of any inaccuracies. Contact us at [email protected]. We will respond within 30 days.

Do Not Call (DNC) Registry. To the extent we use personal contact numbers (Singapore numbers) for marketing, we comply with the Singapore DNC Registry obligations.

Data Protection Officer (PDPA). We have designated an individual responsible for ensuring compliance with the Singapore PDPA, who can be reached at [email protected].

Breach notification. Under the PDPA Mandatory Data Breach Notification Obligation (Part VI A), we will notify the PDPC and affected individuals of data breaches that meet the notifiable threshold within 3 calendar days (PDPC) and as soon as practicable (individuals).

PDPC. You may contact the Personal Data Protection Commission (PDPC) of Singapore at: https://www.pdpc.gov.sg

11(c) Vietnam PDPD Addendum (Vietnamese Data Subjects — Primarily Factory-Side)

Applicable to: Personal data of individuals located in or citizens of Vietnam, particularly factory representatives, employees, and other individuals whose personal data arises in connection with factory operations on the Platform. The Vietnam Personal Data Protection Decree (Decree 13/2023/ND-CP, effective 1 July 2023) ("PDPD") applies to such processing.

Categories of personal data under PDPD. The PDPD distinguishes between basic personal data and sensitive personal data. We do not intentionally collect sensitive personal data as defined under Art. 9 PDPD (including health data, biometric data, political views, religious beliefs, etc.) in connection with factory operations. Incidental collection (Section 3.3) is minimized and handled with heightened care.

Consent. Where consent is required under the PDPD, we obtain it in a clear, specific, and voluntary manner prior to or at the time of data collection. Consent records are maintained. You may withdraw consent at any time; withdrawal does not affect prior lawful processing.

Data subject rights under PDPD. Vietnamese data subjects have the following rights under Decree 13/2023 (Arts. 9–17): the right to know; the right to consent; the right of access; the right of withdrawal of consent; the right of erasure; the right to restrict processing; the right to data portability; the right to object to processing; the right to complain or report; the right to claim damages. We honor all of these rights on request. Contact us at [email protected].

Cross-border transfer notice. Personal data of Vietnamese data subjects may be transferred to and processed in Singapore (primary hosting) and, for operational support purposes, accessed by personnel in the United States. By providing your personal data and using the Platform, you consent to this cross-border transfer as disclosed herein.

Competent authority. Complaints regarding personal data protection in Vietnam may be directed to the Ministry of Public Security (MPS) or the competent People's Committee.

11(d) CCPA / CPRA Addendum (California Residents)

Applicable to: California residents using the Platform, pursuant to the California Consumer Privacy Act (Cal. Civ. Code § 1798.100 et seq.) and the California Privacy Rights Act (Cal. Civ. Code § 1798.100 et seq., as amended).

Categories of personal information collected. In the prior 12 months, we have collected the following categories of personal information as defined under the CCPA/CPRA:

Sensitive personal information (CPRA). We do not intentionally collect sensitive personal information as defined by CPRA (Cal. Civ. Code § 1798.140(ae)) — including SSN, driver's license, financial account credentials, health data, racial/ethnic origin, religious beliefs, or communications content.

Purposes of collection. As described in Section 4. Categories of personal information are collected and used to provide the Services, process payments, improve the Platform, and prevent fraud.

Categories disclosed to third parties. We disclose the following categories of personal information to the following categories of third parties for business purposes:

Sale or sharing of personal information. We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes. You have the right to opt out of any future sale or sharing — submit an opt-out request to [email protected].

Your CCPA/CPRA rights. California residents have the right to:

• Know what personal information we collect, use, disclose, and sell.
• Delete personal information we hold about them (subject to exceptions).
• Correct inaccurate personal information.
• Opt out of the sale or sharing of personal information.
• Limit use and disclosure of sensitive personal information (CPRA).
• Non-discrimination — we will not discriminate against you for exercising your rights.

How to exercise CCPA/CPRA rights. Submit a verifiable consumer request to [email protected]. We will acknowledge receipt within 10 business days and respond substantively within 45 calendar days (extendable by a further 45 days with notice).

Authorized agents. You may designate an authorized agent to make a CCPA request on your behalf by providing written authorization (signed by you) or a power of attorney. We may require direct verification of your identity in addition to the agent's authority.

Shine the Light (Cal. Civ. Code § 1798.83). California customers may request, once per calendar year, information about the categories of personal information disclosed to third parties for those parties' direct marketing purposes. We do not disclose personal information to third parties for their own direct marketing purposes.

12. Cookies & Analytics

Cookies. We use a limited number of first-party cookies that are strictly necessary for the operation of the Platform (e.g., session authentication tokens, user preference settings). We do not use third-party advertising cookies or tracking pixels.

Analytics. We use Plausible Analytics for website analytics. Plausible is a privacy-friendly analytics tool that does not use cookies, does not collect personal data, does not track visitors across websites, and does not generate individual behavioral profiles. Plausible aggregates usage metrics (page views, referrer data, country-level location) in a form that does not constitute personal data. Plausible is based in the EU and is GDPR-compliant by design. No Plausible data constitutes personal data for the purposes of this policy.

No consent banner (analytics). Because Plausible does not use cookies and does not process personal data, we do not display a cookie consent banner for analytics purposes. If we add any additional analytics tools that use cookies or process personal data, we will update this policy and implement appropriate consent mechanisms.

Future changes. If we introduce additional cookies or tracking technologies, we will update this section, display a cookie consent notice as required by applicable law, and provide you with the ability to manage your preferences.

13. Children

The Platform is not directed to, and we do not knowingly collect personal data from, children under the age of 16 (the minimum age in the EU/EEA under GDPR and generally under applicable law). In jurisdictions where the applicable minimum age is higher (e.g., 18 for certain categories), we apply that higher standard.

If you are under 16 (or the higher applicable age in your jurisdiction), do not use the Platform or provide any personal data to us.

If we become aware that we have collected personal data from a child below the applicable minimum age without verifiable parental or guardian consent, we will take steps to delete that information as quickly as practicable. If you believe we may have collected such data, please contact us at [email protected].

14. Changes to This Policy & Contact

Changes. We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Effective Date" at the top of the policy;
• Post a notice on the Platform; and
• Where required by applicable law, provide direct notification (e.g., by email).

Your continued use of the Platform after the effective date of a revised policy constitutes your acceptance of the updated terms, to the extent permitted by applicable law. For material changes that require fresh consent under applicable law, we will obtain such consent before the new processing begins.

Contact us. For all privacy-related inquiries, requests to exercise your rights, or complaints:

We aim to acknowledge all privacy-related inquiries within 5 business days and to resolve them within 30 days of verified receipt.

FactoryChecks — Privacy Policy Effective: 2026-05-26 | Operator: AlienLogicLab, LLC (Wyoming, USA) | Platform: FactoryChecks