CableBlock - Electrical Cable Schedule Management

1. Introduction

This Privacy Policy explains how Enblock Limited, a company incorporated in the Hong Kong Special Administrative Region ("Enblock," "we," "us," or "our"), collects, uses, disclosures, and safeguards your personal data when you use the CableBlock SaaS platform (the "Service").

We are committed to protecting your privacy in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO") of Hong Kong and other applicable privacy laws.

Note on Beta Status: During the Beta phase, we may collect additional diagnostic data to identify bugs and improve system stability.

2. Information We Collect

2.1 Personal Information

We collect minimal personal data necessary to provision your account and verify access:

Identity Data: Your name and email address. This is managed securely through our authentication provider, Clerk.
Billing Data: We do not store full credit card numbers. All payment transactions are processed by Stripe. We only store a reference ID (stripe_customer_id and stripe_payment_intent_id) to verify purchases and project validity.

2.2 Project & Engineering Data

To provide the core functionality of the Service, we process:

Uploaded Files: CSV files containing cable schedules, which include data such as cable numbers, source/destination IDs, and technical specifications.
Project Metadata: Project names, descriptions, and the email addresses of team members you send invitations to.
Generated Artifacts: Network diagrams and topology maps generated from your data.

2.3 Technical Usage Data

Log Data: Server logs, IP addresses, and interaction timestamps.
Background Jobs: Data related to onboarding and account setup is processed via Inngest.

3. How We Use Your Information

We use your information strictly to:

Provide the Service: Parsing your CSVs, validating topology, and rendering interactive diagrams.
Manage Access: Verifying "Project Tier" entitlements (Free, Standard) and enforcing project expiry dates.
Collaboration: Sending email invitations to team members you invite via the project invitation system.
Transactions: Processing one-time "Standard Workspace" payments and renewals.

4. Data Sharing & Third-Party Processors

We do not sell your data. We share data only with the critical infrastructure providers required to run the Service. By using the Service, you consent to the transfer of your data to these third-party processors, which may be located outside of Hong Kong:

Provider	Purpose	Data Shared
Clerk	Authentication & Identity	Email, Name, Password (hashed)
Supabase	Database & File Storage	Project data, CSV uploads, User IDs
Stripe	Payment Processing	Billing info, Payment Intent IDs
Inngest	Workflow Orchestration	User ID, Email (during onboarding)
Vercel	Hosting & Infrastructure	IP addresses, request logs

5. Public Sharing Features

The "Standard Workspace" tier allows you to generate Shared Links.

Risk: These links provide read-only access to your project diagrams without authentication.
Responsibility: If you generate a Shared Link, you acknowledge that anyone with that URL can view your project data. We are not responsible for data exposure resulting from your distribution of these links.

6. Data Retention

Active Projects: Data is retained and editable for the 12-month active period.
Expired Projects: After 12 months, projects enter "Read-Only" mode. Data is retained to allow you to view or renew the project.
CSV Files: Original CSV uploads are stored in our secure storage bucket for audit and processing purposes.

7. Security

We implement industry-standard security measures:

Encryption: Data is encrypted in transit (HTTPS) and at rest (via Supabase).
Access Control: We use Row Level Security (RLS) and a strict Data Access Layer (DAL) to ensure users can only access projects they own or have been invited to.
Log Sanitization: We have sanitized our server logs to ensure sensitive Personal Identifiable Information (PII) is not recorded.

8. Your Rights

Under the Hong Kong Personal Data (Privacy) Ordinance (PDPO), you have the right to:

Check whether we hold personal data about you and access such data.
Require us to correct any personal data relating to you which is inaccurate.
Ascertain our policies and practices in relation to personal data.
Request the deletion of your account and associated project data.

To exercise these rights, please contact our Data Protection Officer at: privacy@enblock.net

9. Changes to This Policy

We may update this Privacy Policy to reflect changes in our architecture or legal requirements.