Back to Home

PRIVACY POLICY

Last updated: January 2025

1. Introduction

MRO Command ("we," "us," or "our") operates the MRO Command platform, a maintenance, repair, and operations (MRO) management system that includes AI-powered procurement, equipment tracking, inventory management, vendor management, and communication tools.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, including our website, mobile applications, SMS services, email integrations, and AI-powered features. Please read this policy carefully. By using MRO Command, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Account Information

When you create an account or your organization administrator adds you, we collect:

  • Full name and job title
  • Email address
  • Phone number (for SMS features)
  • Organization name and details
  • Billing and shipping addresses
  • Role and permission level within the platform
  • Authentication credentials (hashed passwords or SSO tokens)

2.2 Equipment and Asset Data

To provide equipment management services, we collect:

  • Equipment names, descriptions, and identifiers
  • Serial numbers, model numbers, and manufacturer information
  • Physical locations within your facility
  • Equipment status (operational, needs maintenance, down, retired)
  • Maintenance history and troubleshooting notes
  • Equipment photographs and nameplate images
  • Associated manuals, parts lists, and documentation
  • Tribal knowledge and institutional notes added by your team
  • QR code assignments and scan history

2.3 Inventory Data

For inventory management features, we collect:

  • Part numbers, descriptions, and specifications
  • Quantities on hand and reorder points
  • Bin locations and storage areas
  • Criticality levels and categorization
  • Unit costs and pricing information
  • Inventory transaction history (issues, receipts, adjustments)
  • Equipment associations and usage patterns
  • QR code assignments for inventory items

2.4 Vendor and Procurement Data

To facilitate procurement and vendor management, we collect:

  • Vendor names, contacts, and addresses
  • Vendor tier classifications (approved, pending, blacklisted)
  • Request for quote (RFQ) details and specifications
  • Quote information including pricing, lead times, and payment terms
  • Purchase order details and history
  • Vendor performance metrics and response times
  • Email correspondence with vendors
  • Vendor geographic and proximity data

2.5 Communication Data

When you use our communication features, we collect:

  • SMS messages sent to and from your MRO Command number
  • Email messages processed through our inbound email system
  • Chat conversations with AI agents (ALEX, equipment assistant, calendar assistant, etc.)
  • Voice-to-text transcriptions if applicable
  • Attachments and images sent via SMS or email
  • Communication metadata (timestamps, delivery status)

2.6 Usage and Activity Data

We automatically collect information about your use of the platform:

  • Login times and session duration
  • Features accessed and actions taken
  • Search queries within the platform
  • QR code scans and mobile interactions
  • Device information (browser type, operating system, device type)
  • IP addresses and approximate geographic location
  • Activity logs and audit trails
  • Error logs and diagnostic data

2.7 Image and Document Data

When you upload files to the platform, we collect:

  • Equipment photographs and nameplate images
  • Inventory item images
  • Document scans (manuals, invoices, packing slips)
  • Quote documents and attachments from vendors
  • Purchase order PDFs
  • Any other files you choose to upload

3. How We Use Your Information

3.1 Core Platform Services

  • Providing equipment tracking, inventory management, and maintenance scheduling
  • Generating and managing requests for quotes (RFQs)
  • Automating vendor outreach and quote collection
  • Creating purchase orders and managing procurement workflows
  • Processing and routing SMS and email communications
  • Generating QR codes and managing asset labeling
  • Providing dashboards, reports, and analytics

3.2 AI-Powered Features

We use artificial intelligence to enhance your experience:

  • ALEX Procurement Agent: Analyzes your requests and creates structured RFQs
  • Quote Parsing: Automatically extracts pricing, terms, and line items from vendor emails
  • Equipment Assistant: Provides troubleshooting guidance and equipment information via chat
  • Calendar Assistant: Creates tasks and schedules from natural language input
  • Intent Classification: Determines the purpose of incoming SMS and email messages
  • Parts Finder: Searches for part information, pricing, and availability
  • Email Draft Generation: Suggests replies to vendor communications
  • Document OCR: Extracts text from images of nameplates, invoices, and documents

3.3 Communication and Notifications

  • Sending transactional emails (account verification, password resets)
  • Delivering SMS notifications and responses
  • Alerting you to low inventory, equipment issues, or overdue tasks
  • Notifying you of new quotes and vendor responses
  • Sending workflow-triggered automated communications

3.4 Platform Improvement

  • Analyzing usage patterns to improve features
  • Identifying and fixing bugs and errors
  • Training and improving our AI models (in aggregate, anonymized form)
  • Developing new features based on user needs

3.5 Security and Compliance

  • Detecting and preventing fraud, abuse, and security incidents
  • Maintaining audit logs for compliance purposes
  • Enforcing our Terms of Service
  • Responding to legal requests and protecting our rights

4. How We Share Your Information

4.1 With Vendors (At Your Direction)

When you create an RFQ or send a purchase order, we share relevant information with vendors you select or that our system identifies as potential suppliers. This includes part specifications, quantities, delivery requirements, and your organization's contact information.

4.2 Service Providers

We share data with third-party service providers who help us operate the platform:

  • OpenAI: For AI processing, including chat assistants, quote parsing, and intent classification
  • Bird: For SMS and email delivery services
  • Resend: For transactional email delivery
  • Vercel: For hosting and infrastructure
  • Cloud storage providers: For file and document storage
  • Payment processors: For subscription billing (we do not store full credit card numbers)

4.3 Within Your Organization

Information you enter into MRO Command is accessible to other authorized users within your organization based on their role and permissions. Administrators can see all organizational data.

4.4 Legal Requirements

We may disclose your information if required by law, such as:

  • Complying with legal process (subpoenas, court orders)
  • Responding to government requests
  • Protecting our rights, privacy, safety, or property
  • Enforcing our Terms of Service

4.5 Business Transfers

If MRO Command is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Data Security

We implement multiple layers of security to protect your data:

  • Encryption: Data is encrypted in transit (TLS) and at rest
  • Access Controls: Role-based permissions limit data access
  • Organization Isolation: Multi-tenant architecture ensures your data is separate from other organizations
  • Authentication: Secure authentication with support for SSO/SAML (Enterprise+)
  • Audit Logging: All significant actions are logged for accountability
  • Session Management: Automatic session timeouts and secure session handling
  • Regular Security Reviews: We regularly assess and update our security practices

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specifically:

  • Active Account Data: Retained while your subscription is active
  • Activity Logs: Retained for 2 years for audit and compliance purposes
  • Communication Records: SMS and email logs retained for 1 year
  • Billing Records: Retained for 7 years per accounting requirements
  • Deleted Accounts: Data is deleted within 90 days of account termination, except where retention is required by law

You may request data export or deletion at any time by contacting us.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Portability: Request your data in a portable format
  • Opt-Out: Opt out of certain data processing activities
  • Withdraw Consent: Withdraw previously given consent

To exercise these rights, contact us at privacy@mrocommand.com or through your account settings.

8. SMS and Communication Policies

When you use our SMS features:

  • Message and data rates may apply based on your carrier
  • You can opt out of SMS at any time by texting STOP
  • SMS messages are processed by our AI systems to determine intent and take actions
  • We do not sell your phone number or send marketing SMS without consent
  • SMS functionality requires explicit opt-in during account setup

9. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for authentication and core functionality
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Help us understand how users interact with the platform

You can control cookies through your browser settings, though disabling essential cookies may affect platform functionality.

10. Children's Privacy

MRO Command is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we learn we have collected data from a child, we will delete it promptly.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses where required.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the platform after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

MRO Command

Email: privacy@mrocommand.com

Website: mrocommand.com

Terms of Service →Back to Home →