Log InSign Up

Privacy Policy

Last updated December 16, 2025

Here, we outline the personal data (PD) and non-personal data (NPD) Mfr.io, Inc. collects, how we safeguard your information, and your rights to control and manage your data. Our commitment is to your privacy and data security.

At Mfr.io, Inc., we are committed to transparency in our data collection practices. We collect information in the following ways:

Information collected automatically

  • Device and Technical Information: Collected based on our legitimate interests to operate and improve the services. This may include your device type, operating system, browser type, language settings, and similar technical details.
  • Usage and Browsing Data: Collected based on our legitimate interests to understand how our site and services are used. This may include pages viewed, time spent on pages, links clicked, referring/exit pages, and interactions with features.
  • Analytics and Event Tracking: We use Google Analytics (with IP anonymization enabled) and RudderStack to help us understand site traffic, usage trends, and product interactions. This may include anonymized or truncated IP information, approximate geographic location, device identifiers, and event/usage metadata.
  • Log Data: Our servers may automatically record certain information when you access our services, such as your IP address, access times, and pages requested, for security, troubleshooting, and abuse prevention.

Information you provide

  • Account and Profile Information: If you create an account or profile, we may collect your name, email address, company name, and other information you choose to provide in your profile.
  • Manufacturer and Business Details: If you create or manage a manufacturer profile, we may collect business details you submit such as facility/location details, capabilities, certifications, images, product information, and other profile content.
  • Requests and Communications: If you submit a “Request Demo” form, contact us, or otherwise communicate with us, we collect the information you provide in those communications.
  • RFIs/RFQs and AI Assistant Interactions: If you interact with the AI Assistant, submit an RFI/RFQ, or request a quote, we collect the information you provide (such as your questions, messages, and contact details) so we can process your request and facilitate communication with the relevant manufacturer.
  • Billing and Transaction Information: If you purchase paid services, payments are processed by Stripe (our payment processor). We may receive billing contact details (such as name, email, and billing address), subscription/plan details, invoice/receipt information, and payment status. We do not receive or store full payment card numbers; that information is handled directly by Stripe.

You may choose what information you provide to us. However, certain information may be required to create an account, publish a profile, or process an RFI/RFQ or purchase.

At Mfr.io, Inc., we leverage Artificial Intelligence (AI) to enhance our services and improve user interactions. Our AI Assistant may appear on our own website or be embedded on manufacturers’ websites under our branding.

AI Assistant

  • Integration: The AI Assistant may be embedded within manufacturer profile pages (on mfr.io) or on manufacturer websites to facilitate connections between buyers and manufacturers.
  • Functionality: The AI Assistant can help users by:
    • Answering Questions: Providing responses to inquiries related to manufacturers and their products/services.
    • Facilitating Requests: Enabling the submission of Requests for Quotations (RFQs) and Requests for Information (RFIs).

Data Collection and Use

  • Data Collected: We collect information you provide through your interactions with the AI Assistant, such as your messages, questions, and any details you submit to request information or a quote.
  • Transcript Sharing: Conversations with the AI Assistant may be securely logged and shared with the specific manufacturer you are interacting with to facilitate customer support, follow-up, and response quality. We do not share those transcripts with other manufacturers.
  • Abuse Prevention: We may log IP addresses and related technical information to help prevent fraud, spam, and abuse of the AI Assistant.
  • Non-Training Use: We do not use AI Assistant interaction content to train our own underlying AI models. We may review interactions to operate the service, troubleshoot issues, enforce policies, and improve response quality (for example, through testing and evaluation), consistent with this Privacy Policy.
  • Data Retention: We retain AI Assistant interaction data only as long as reasonably necessary for the purposes described in this Privacy Policy (such as facilitating an RFI/RFQ, supporting users, preventing abuse, maintaining records, and improving service quality), unless a longer retention period is required by law.
  • User Rights: Users have the right to access, correct, or delete their personal data collected through AI interactions. To exercise these rights, please contact us at support@mfr.io.

Processing by Third Parties

  • OpenAI Services: When you interact with the AI Assistant, your queries may be processed by OpenAI’s services to generate responses. OpenAI processes data in accordance with their Privacy Policy.
  • Manufacturer Websites: If the AI Assistant appears on a manufacturer’s website, that manufacturer may separately collect information under its own privacy policy (for example, through cookies or analytics tools). We are not responsible for the privacy practices of third-party websites.
  • Data Security: We implement security measures to protect your data during processing by service providers. This includes encryption, access controls, and security reviews designed to prevent unauthorized access, disclosure, alteration, or destruction.

Transparency and Disclosure

  • User Notification: Users will be informed when they are interacting with AI-generated responses.

We use information we collect to operate, maintain, and improve Mfr.io, Inc. and to provide our services. This includes:

  • Provide and Operate the Services: Create and maintain accounts and profiles, publish manufacturer information, and enable features such as RFIs/RFQs and the AI Assistant.
  • Facilitate Buyer–Manufacturer Communication: Route RFIs, RFQs, and related messages to the appropriate manufacturer and support follow-up.
  • Process Transactions: Process purchases and subscriptions (through Stripe) and provide invoices, receipts, and service notices.
  • Service Improvement and Analytics: Understand how users interact with our site and services using tools like Google Analytics and RudderStack, so we can improve usability, performance, and features.
  • Customer Support: Respond to questions, troubleshoot, and provide support related to accounts, profiles, and AI Assistant interactions.
  • Security and Abuse Prevention: Detect, prevent, and investigate fraud, spam, abuse, and security incidents.
  • Communication: Send account-related and service-related communications, including confirmations and updates you request, and—if you opt in or where permitted—product updates and marketing messages.

At Mfr.io, Inc., safeguarding your personal information is our priority. Our data storage and security protocols are designed to protect your information from unauthorized access, disclosure, alteration, or destruction. We primarily use AWS (Amazon Web Services) to securely store and process user data.

  • Two-Factor Authentication (2FA) and Access Controls: We use 2FA and role-based access controls to protect administrative access to our systems and limit access to personal data.
  • Data Encryption: We encrypt your data in transit and at rest to ensure that your personal details are shielded from unauthorized access.
  • Regular Security Audits: Our systems undergo periodic security assessments to identify and remediate potential vulnerabilities.

We retain your personal data only as long as necessary to fulfill the purposes we collected it for, including any legal, accounting, or reporting requirements:

  • Device Information, Browsing Behavior, and Analytics/Event Data: We keep Google Analytics and RudderStack (and similar usage/event) data for up to 26 months, after which it is deleted or anonymized where feasible.
  • Account, Profile, and Communications Data: Retained as long as your account is active and for up to 12 months after account deletion, unless otherwise required by law.
  • Billing and Transaction Records: We retain billing and transaction records (and related communications) as needed for accounting, tax, dispute resolution, and legal compliance. Payment card details are handled by Stripe; we do not store full card numbers.

In the unlikely event of a data breach, we have established a comprehensive incident response plan to promptly address the situation. We will notify affected individuals and relevant authorities within 72 hours or as required by applicable law, and take immediate steps to mitigate any potential harm.

You, as the user, have substantial control over your personal information. Under applicable data protection laws, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Ask us to correct any information you believe is inaccurate or incomplete.
  • Deletion: Request that we delete your personal information from our systems.
  • Object to Processing: Object to our processing of your personal data where we are relying on a legitimate interest.
  • Data Portability: Obtain and reuse your personal data for your own purposes across different services.
  • Withdraw Consent: Withdraw your consent at any time where we are relying on consent to process your personal data.
  • Lodge a Complaint: If you believe we are not complying with data protection laws, you have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, please contact us at support@mfr.io. We will respond to your request within a reasonable timeframe and notify you of the action we have taken.

Our Privacy Policy may evolve over time to reflect changes in our data practices or legal requirements. We commit to informing you of any significant changes to our Privacy Policy at least 30 days before they become effective. Notifications will be sent to the email address associated with your account or posted prominently on our website. We encourage you to review our Privacy Policy periodically to stay informed about how we are protecting the information we collect.

Mfr.io, Inc. is a U.S.-based company that primarily serves users in the United States and Canada. We do not specifically target or market our services to individuals in the European Union (“EU”) or European Economic Area (“EEA”). If you are an EU/EEA resident and choose to access our site, you acknowledge and agree to the data practices described in this Privacy Policy.

It is your responsibility to ensure that your use of our site complies with any local laws that may apply to you. If you are uncertain, please consult legal counsel or discontinue using our services.

Any personal data collected through our website may be processed on servers located in the United States or in other countries where our service providers maintain facilities. We rely on reputable third-party service providers that represent they comply with applicable data protection standards and maintain industry-standard security measures.

For information on how we handle cookies and Google Analytics (including IP anonymization), please see our Cookies section. We do not offer a GDPR-specific cookie consent banner or mechanism because our services are primarily intended for users in the U.S. and Canada.

For any data protection inquiries, including requests to access or delete your information, please contact us at support@mfr.io.

Our website uses cookies to improve your user experience. These small text files are placed on your device to collect standard internet log information and visitor behavior information. The types of cookies we use are:

  • Session Cookies: Essential for navigating our website efficiently; these are temporary and vanish when you close your browser.
  • Persistent Cookies: These help remember your preferences and remain on your device for future visits.
  • Third-Party Cookies / SDK Storage: We and our partners may use cookies or similar technologies to support analytics and event tracking. For example, Google Analytics (with IP anonymization enabled) and RudderStack may use cookies or local storage to collect usage and interaction data to help us understand traffic and improve our services.

You are in control of your data. You can set your browser to alert you when a website is requesting to store cookies, or you can opt to decline them altogether. Instructions for managing cookies can be found in your browser's help resources. Note that disabling cookies may affect the functionality of this and many other websites that you visit.

California Statement: Mfr.io, Inc. does not “sell” or “share” personal information as those terms are defined under the California Privacy Rights Act (CPRA). Since we do not sell or share personal data for cross-context behavioral advertising, we do not provide a “Do Not Sell or Share My Personal Information” link.

Our website is not intended for children under the age of 16, and we do not knowingly collect personal information from anyone under 16. If we become aware that a child under 16 has provided us with personal information, we take steps to remove such information and terminate the child's account.

If you have any questions or concerns regarding this Privacy Policy or your personal data, please do not hesitate to email us at support@mfr.io.

© 2026 All rights reserved.

Privacy Policy - Mfr.io, Inc.