Privacy Policy

1. Who we are

Schmosby, LLC d/b/a Junctr(“Junctr,” “we,” “us,” or “our”) operates the Junctr marketplace, an AI-assisted platform that helps business buyers find pre-curated B2B vendors and run the resulting evaluation in one place — from search to RFP to contract.

This policy explains what personal information we collect, how we use it, when we share it, your rights over it, and how to reach us. It applies to junctr.ai and every Junctr subdomain or product we operate under this entity.

We are headquartered in the United States. The Junctr service is intended for use by businesses and the individuals authorized to act on those businesses’ behalf. We do not knowingly market the service to consumers (in the household-shopping sense) or to children under 16.

2. What information we collect

We collect personal information in three ways: (a) you give it to us, (b) it’s generated automatically when you use the service, and (c) we obtain it from public records or vetted commercial data providers about businesses we expect buyers to want to evaluate.

2.1 Account & profile data you provide

Name, work email address, password (stored as a one-way hash), and login activity.
For buyer organizations: company name, website, industry, employee-size band, location, business-verification status, preferences (budget ranges, sourcing criteria), team-member roles (Officer / Team Member), and Team Member email domain.
For vendor organizations: company name, public profile (tagline, description, services offered, categories, location), team roster (Account Manager / Team Lead / Sales Rep), and any self-reported attributes you publish.
Optional profile content you choose to upload — profile photos, vendor logos, self-overview text, due-diligence documents, and pitch decks.

2.2 Marketplace activity data

Search queries you submit (raw text plus the AI-refined version we generate to power matching), result sets returned, vendors you shortlisted, and your selections.
Connections you initiate with vendors and the lifecycle of those connections (deck shared, meeting booked, RFP sent, contract signed, match outcome, cancellation reason).
Documents created or exchanged inside the platform: RFPs (questions and answers), NDAs, contracts, and pitch decks.
Communications metadata associated with the platform (e.g., who scheduled a meeting, when an email was sent through the in-product email pipeline).
Feedback you leave (match feedback, “why-not-selected” reasons, ratings, survey responses).

2.3 Automatic / device data

IP address, approximate geolocation derived from IP, device and browser identifiers, language, time zone.
Pages viewed, links clicked, ad impressions and clicks within the marketplace, session timestamps.
Performance and error telemetry (e.g., Vercel Speed Insights).
Cookies, local storage, and similar technologies — see Section 8.

2.4 Vendor enrichment / commercial business data

To make the marketplace useful from day one, we pre-populate vendor profiles using public sources and vetted commercial data providers. This includes business-entity data (company name, website, year founded, headquarters, public filings), public press and signal data (news, blog posts, podcast appearances), and professional career attributesabout a business’s leadership and team (role history, seniority, time-in-role).

We do not scrape LinkedIn or any platform whose terms prohibit it. We do not collect or surface personal contact information (personal email, phone, home address) about employees or executives from these sources. Career attributes are used to help buyers evaluate the credibility and depth of a vendor — not to enable outreach to individuals.

If you are listed in a vendor profile and would like the data corrected, suppressed, or removed, see Section 7 below.

2.5 Payment data

When you subscribe to a paid plan or add to a vendor Feature Pool, payments are processed by Stripe. Junctr does not receive or store full card numbers; we store the Stripe customer identifier and the billing-status fields Stripe returns (subscription tier, last-four, country, current period end).

2.6 Diligence data (when applicable)

For connections that progress to due diligence, buyers may request — and vendors may choose to share — third-party diligence reports (e.g., Middesk, Baselayer). Those reports may contain identifiers about the vendor’s legal entity, officers, and regulatory standing. They are visible only to the parties in that specific connection.

3. How we use the information

We use the categories above for the purposes below, and only for those purposes:

Run the marketplace. Authenticate accounts, render search results, route connections, deliver invites, store documents you create.
AI-assisted matching. Convert your queries into structured intent, compute vector embeddings against vendor profiles, rank results, and surface relevance explanations. See Section 4.
Service notifications. Send transactional emails and in-app nudges about activity that affects you (connection updates, NDA signed, RFP returned, password rotation, saved-search alerts).
Safety and integrity. Detect abuse, prevent fraud, enforce platform rules, respond to legal process, defend the service.
Service improvement. Measure how features perform, debug errors, prioritize roadmap. Where this requires using content you provided (e.g., RFP / contract text), we apply the strict limits in Section 5.
Marketing — only on an opt-in basis for accounts; service messages about your existing activity may be sent under our legitimate-interest basis.
Comply with law. Tax, regulatory, and law-enforcement obligations.

We do not sell personal information for money. We do not engage in cross-context behavioral advertising(sometimes called “targeted advertising” in state laws) using your personal information. See Section 7 for the specific rights this triggers under California, Virginia, Colorado, Connecticut, Utah, and similar state laws.

4. How AI is used on Junctr

Matching, suggestion, and many text-generation features on Junctr are powered by third-party large language models — primarily Anthropic’s Claude family — and embedding models from established providers (e.g., OpenAI’s text-embedding-3-small or Voyage AI). We disclose this clearly because several jurisdictions (California, Colorado, Utah, and others) require it.

4.1 Where AI is involved

Refining and structuring your natural-language search queries.
Ranking and explaining vendor matches against your stated need.
Drafting RFP questions, contract structure, and deck-fit analyses for your review.
Classifying out-of-scope industry requests so admins can decide whether to expand coverage.
Summarizing meeting context, suggesting follow-ups, and comparing decks side-by-side (Pro buyers).
Triaging and grouping incoming search demand for vendor-side intelligence reports.

4.2 What AI is NOT doing

Making legally significant decisions about you (e.g., credit, employment, housing) without human review.
Profiling you for behavioral advertising.
Generating final RFP or contract text that is sent to a counterparty without you reviewing and editing it first.

4.3 What the AI providers see

When we call an AI provider, we send the minimum content needed for the task — your search query, a structured intent summary, vendor profile excerpts, or document text you have asked us to analyze. Our agreements with these providers prohibit them from using your data to train their general-purpose foundation models. Inputs and outputs may be retained briefly by the provider for abuse-monitoring purposes, after which they are deleted in line with that provider’s policy.

4.4 Your control over AI matching

You can decline AI-generated suggestions at any time. Match feedback you submit is used to improve ranking on our system; it is never used to train a third-party foundation model. Where we offer an opt-out, it is presented in-product and applies going forward.

5. RFPs, NDAs, and contracts — special handling

Documents created or exchanged inside Junctr — including RFP question/answer content, NDA terms, contract drafts, signature blocks, and pitch-deck content — are subject to stricter handling than ordinary platform activity:

Not shared outside the parties.Junctr does not disclose the contents of an RFP, NDA, contract, or pitch deck to any third party who isn’t a party to that specific connection, except as required by law, by an enforceable court order, to defend our service against a claim, or with your explicit, written opt-in.
Not used for marketing or vendor-side disclosures.The specific contents of a buyer’s RFP are never disclosed to other vendors, to ad surfaces, or to insight reports in a way that could re-identify the buyer or the opportunity.
Subprocessors needed to deliver the document. A document must sometimes pass through specific service providers to do its job — DocuSign for NDAs and contracts, Cloudflare R2 for deck storage, Anthropic for the analysis you requested, Resend for emailing it out. These are listed in Section 6 and are bound to confidentiality + data-processing terms.
Quality improvement (limited use). Documents may be used by Junctr internally in aggregated, de-identified, or representative form — never attributed to a party or shared externally — to improve our matching, drafting quality, and abuse detection. Examples: counting how often a deck section is helpful; calibrating the RFP question library against common patterns. If you prefer that your data not be used in this way at all, you may email privacy@junctr.aiwith the subject line “Decline quality-improvement use” and we will exclude your content going forward.
Retention. RFPs, NDAs, contracts, and pitch decks are retained for the life of the connection plus the period required for record-keeping (typically seven years for executed contracts; shorter for drafts you abandon). You may request earlier deletion, subject to legal-hold exceptions.

6. Who we share information with

We share personal information only with: (a) other parties to a connection or transaction you initiate, (b) service providers and subprocessors who help us run Junctr, and (c) parties to whom we are required to disclose by law.

6.1 Within a connection

When you select a vendor or accept a buyer, the parties to that connection see one another’s profile information, the documents exchanged in the connection, and the connection lifecycle status. Team members of your organization with appropriate roles also see this content. We do not expose your contact details to other vendors you did not connect with.

6.2 Service providers (subprocessors)

The following categories of vendors process data on our behalf under written data-processing terms:

Category	Examples	What they see
Hosting & infra	Vercel, Neon (PostgreSQL), Cloudflare R2	Account, content, file storage
AI / embeddings	Anthropic (Claude), OpenAI / Voyage (embeddings)	Query text, document excerpts, ranking inputs
Email	Resend	Recipient email, subject, body, send status
Payments	Stripe	Billing identity (no full card # on Junctr)
E-signature	DocuSign	NDA / contract content, signer identity
Scheduling / video	Calendly, Zoom	Meeting invitees, times, join URLs
Diligence (opt-in)	Middesk, Baselayer	Vendor entity details, requested when triggered
Enrichment	Crunchbase, People Data Labs / Apollo (career attributes only), NewsAPI, Diffbot, BuiltWith, SEC EDGAR	Business-entity + public-signal data
Performance / error	Vercel Speed Insights	Anonymized performance metrics

6.3 Legal disclosures

We may disclose personal information when we have a good-faith belief that disclosure is required by law, regulation, valid legal process, or an enforceable governmental request; to protect the safety of any person; or to defend the rights, property, or operations of Junctr against a claim. We will challenge requests we believe are overbroad and, where lawful, notify affected accounts.

6.4 Business transfers

If we are involved in a merger, acquisition, financing diligence, or sale of assets, personal information may be transferred as part of that transaction, subject to the acquiring party honoring this policy or providing equivalent protections.

7. Your rights — state-by-state

We honor the rights below for every Junctr user, regardless of state of residence, unless an exception under law applies. Some states grant additional rights; we extend all of them as a baseline.

7.1 Universal rights we honor

Access — request a copy of the personal information we hold about you.
Correction — ask us to fix inaccurate information.
Deletion — ask us to delete personal information we hold, subject to legal-hold and counterparty-record exceptions (e.g., we can’t purge an executed contract solely on one party’s request).
Portability — receive your data in a structured, machine-readable format.
Opt-out of sale or targeted advertising — we do not engage in either, but you may register your preference for the record.
Opt-out of profiling — for decisions that would produce legal or similarly significant effects (Junctr does not currently do this).
Non-discrimination — we will not penalize you for exercising any of these rights.
Appeal — if we deny a rights request, you may appeal in writing; we will respond within 45 days.

7.2 California (CCPA / CPRA)

California residents have the rights above plus the right to (a) limit the use of “sensitive personal information,” (b) know the categories of personal information we’ve collected, sources, business purposes, and recipient categories for the prior 12 months, and (c) opt out of any “sale” or “sharing” for cross-context behavioral advertising. Junctr does not sell or share personal information in those senses. We honor browser-based Global Privacy Control (GPC) signals as an opt-out signal.

7.3 Other states

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MTCDPA), Iowa, Indiana, Tennessee, Delaware, New Hampshire, New Jersey, Maryland, Minnesota, and Nebraska (and any other state whose comprehensive privacy law comes into effect during the lifetime of this version of the policy) have the corresponding state-statutory rights. We treat these as functionally equivalent to the universal list above; where a specific state law grants a more protective right (for example, a shorter response window), we honor that more protective right for that resident.

7.4 How to exercise a right

Email privacy@junctr.ai from the email address on the Junctr account, or use the in-product privacy controls under your profile (buyer) or your vendor profile. We respond within 45 days; if more time is needed we will tell you why and may extend by up to 45 additional days as the law allows.

You may use an authorized agent to submit a request on your behalf. We will verify the agent’s authority and may ask you to confirm directly that the agent is acting for you. We do not charge a fee for verified requests unless they are clearly excessive or repetitive.

8. Cookies and similar technologies

We use a small set of first-party cookies to keep you signed in (authentication and session continuity), remember your preferences, and measure aggregate performance. We do not use third-party advertising cookies and we do not embed third-party advertising trackers.

You can disable cookies in your browser; some features (notably staying signed in) will not work without them. We honor Do-Not-Track signals and GPC where required by law.

9. Security

We use industry-standard practices to protect data: TLS in transit, encryption at rest with our infrastructure providers, scoped database access, hashed passwords (argon2 / bcrypt-class), short-lived signed tokens for sensitive flows (password reset, email change, domain change, investor data room), per-organization role-based access controls inside the app, rate-limiting on sensitive endpoints, and an internal review process for new subprocessors.

No system is perfectly secure. If we discover a breach that materially affects your personal information we will notify you and the regulators required by applicable law within the statutory window.

10. Retention

Account records — for the life of the account and up to seven years after closure for tax / audit purposes.
Authentication and access logs — typically 12 months.
Marketplace activity (search sessions, connections, feedback) — for as long as needed to deliver the service and to maintain the integrity of ranking signals; legacy detail is aggregated or de-identified.
Executed contracts and signed NDAs — seven years after the end of the agreement.
Draft / abandoned RFPs and decks — 24 months after last activity, then deleted unless you ask us to keep them.
Cookies — up to 13 months for non-essential cookies; session cookies expire when you close your browser.

These are defaults. We honor verified deletion requests where law permits and where doing so doesn’t require us to violate a separate obligation (e.g., a counterparty’s right to retain the contract you signed with them).

11. Children

Junctr is a B2B service and is not directed to children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided information to us, contact us and we’ll delete it.

12. International data transfers

Junctr is operated from the United States. If you access the service from outside the U.S., the personal information we collect about you will be transferred to and processed in the U.S., which may not have the same data-protection laws as your country of residence. Where required, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) with our subprocessors.

13. Changes to this policy

We may revise this policy. When we make material changes we will notify affected accounts by email or in-product banner before the changes take effect, and we will update the version date at the top. The current version is always available at this URL.

14. How to reach us

For any privacy question or rights request, email privacy@junctr.ai.

Schmosby, LLC d/b/a Junctr
United States

For copyright takedown notices, see the DMCA section of the Terms of Use. Junctr’s designated DMCA agent is registered with the U.S. Copyright Office under registration number DMCA-1073209.