Privacy Policy

Last updated: May 13, 2026

1. Who We Are

Gerim-Sterling LLC ("we," "us," "our") operates FDA Cosmetic & Pharma Compliance. This Privacy Policy explains how we collect, use, store, and protect your personal data.

2. What We Collect

Account data: Email address, name (if provided), and report tier.

Usage data: Ingredient check queries, timestamps, IP address (anonymized), and feature usage counts. We do not store uploaded PDF or Excel files permanently.

Payment data: We do not store credit card or bank details. Payments are processed by PayPal; we only receive confirmation of payment status, transaction ID, and payer email.

Cookies: We use essential cookies for authentication and session management. Analytics cookies are optional and require consent.

3. How We Use Your Data

- To provide and improve the Service
- To process payments and manage one-time report purchases
- To send transactional emails (receipts, password resets, license keys)
- To enforce rate limits and prevent abuse
- To generate aggregated, anonymized usage statistics

We do not sell your personal data. We do not use your ingredient lists for marketing or share them with third parties.

4. Data Retention

Account data: retained while your account is active. Deleted within 30 days of account closure upon request.

Usage logs: retained for 90 days for rate-limiting and abuse prevention, then purged.

Payment records: retained for 7 years as required by tax law.

5. Security

We use industry-standard measures: HTTPS/TLS for all connections, hashed passwords (bcrypt), session cookies with HttpOnly and Secure flags, and rate limiting to prevent brute-force attacks. No system is 100% secure; use a unique password and enable 2FA where available.

6. Third-Party Services

- PayPal: Payment processing. Subject to PayPal's Privacy Policy.
- Google OAuth: Optional login method. Subject to Google's Privacy Policy.
- Google AdSense (free tier only): Subject to Google's Ad Policies.

7. Your Rights

You may request access, correction, or deletion of your personal data by emailing [email protected]. We will respond within 30 days. California residents: see CCPA rights below.

8. CCPA / California Residents

Under the California Consumer Privacy Act (CCPA), California residents have the right to: (1) know what personal information is collected, (2) know whether personal information is sold or disclosed (we do not sell), (3) say no to the sale of personal information (N/A), (4) access their personal information, and (5) equal service and price even if they exercise privacy rights. To exercise these rights, email [email protected].

9. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy. Material changes will be announced via email to registered users. The "Last updated" date at the top reflects the most recent revision.

11. Contact

Privacy questions? Contact [email protected].

Legal Disclaimer

This service is provided "AS IS" without warranties of any kind. Regulatory data is for reference only and does not constitute legal or regulatory advice. Always consult a qualified attorney or regulatory consultant before making compliance decisions. Not affiliated with the U.S. Food and Drug Administration (FDA) or any government agency. IngredientCompliance is an independent tool operated by Gerim-Sterling LLC. © 2026 Gerim-Sterling LLC.