Skip to main content
Lotus Connect

Legal

Privacy Policy

Effective date: April 27, 2026

Lotus Connect LLC ("Lotus Connect", "we", "us") operates the Lotus Connect procurement platform at lotusconnectapp.com and our corporate website at lotusconnect.org. This Privacy Policy describes how we collect, use, disclose, and protect personal information.

1. Who we are

Lotus Connect LLC is a procurement company headquartered at 221 River Street, 9th Floor, Hoboken, NJ 07030. We provide end-to-end procurement, sourcing, manufacturing, distribution, and delivery services to education, government, transportation, healthcare, and construction organizations. We act as a data controller for the personal information we collect about our users (procurement administrators, buyers, accounting staff, and supplier contacts) and as a data processor for the order, quote, and supplier information our customer organizations entrust to us.

2. Information we collect

Information you provide

  • Account and profile information: name, work email address, phone number, employer, role, and department.
  • Authentication credentials: hashed passwords, multi-factor authentication secrets, and recovery codes (encrypted at rest).
  • Procurement records: requests, quotes, purchase orders, invoices, shipping addresses, vendor information, and notes you enter.
  • Communications: messages you send to our support team and transcripts of vendor or client correspondence you upload.

Information collected automatically

  • Usage and device data: IP address, browser type, operating system, referring URL, pages viewed, and timestamps.
  • Audit log entries: privileged actions you perform in the portal are recorded with a tamper-evident audit trail.
  • Cookies and similar technologies: a session cookie issued at sign-in, a multi-factor authentication session cookie, and a maintenance-mode bypass cookie used during planned cutovers.

Information from third parties

  • Supplier integrations: we receive product, pricing, and order information from supplier catalogs (including Amazon Business and other catalog suppliers) when a buyer initiates a PunchOut session or imports a catalog.
  • Accounting and customer-relationship integrations: we exchange invoice and customer information with QuickBooks Online and HubSpot when a customer organization has connected those services.

3. How we use information

  • To provide and operate the Lotus Connect platform.
  • To authenticate users, enforce role-based access, and protect against fraud and abuse.
  • To process procurement transactions: requests, quotes, purchase orders, invoices, payments, and returns.
  • To respond to support requests and communicate with you.
  • To comply with legal obligations and enforce our Terms of Service.
  • To improve the platform: aggregated and de-identified analytics, error monitoring, and product research.

4. How we share information

We share personal information with:

  • Service providers acting on our behalf: cloud hosting and database (Amazon Web Services: ECS Fargate, RDS PostgreSQL, ElastiCache, S3, SES, KMS, CloudWatch for application logs and error reporting), email delivery (Resend or AWS SES), AI features (Anthropic), accounting (QuickBooks Online), and customer-relationship management (HubSpot). Each provider is contractually bound to use information only to provide their service to us.
  • Supplier integrations you initiate: when you submit a cart through a PunchOut session or send a purchase order to a vendor, we transmit the necessary order, shipping, and identifying information to that supplier under the cXML or equivalent protocol.
  • Your customer organization: if you use Lotus Connect on behalf of an employer, that organization is the controller of the records you create and may access them through their administrator account.
  • Legal and safety: when required by law, subpoena, court order, or to protect our rights, users, or the public.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, with notice to affected users.

We do not sell personal information and we do not share it with advertisers or data brokers.

5. International data transfers

The platform is hosted in the United States. If you access Lotus Connect from outside the United States, your information will be transferred to and processed in the United States. We rely on standard contractual clauses or other lawful transfer mechanisms where required.

6. Data retention

We retain procurement records for as long as your customer organization remains a Lotus Connect customer plus a reasonable period to comply with tax, audit, and legal obligations. Audit logs are retained for at least seven years to satisfy procurement recordkeeping expectations. You may request deletion of your personal information by contacting us, subject to our legal retention obligations.

7. Security

We protect your information with administrative, technical, and physical safeguards including encryption of data in transit and at rest, multi-factor authentication for privileged accounts, role-based access control, idle-session expiration, password complexity rules with breach screening, tamper-evident audit logging, and structured incident response.

8. Your rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal information, to restrict or object to processing, and to lodge a complaint with a supervisory authority. To exercise any of these rights, contact us at acepeda@lotusconnect.com. We will respond within 30 days.

9. Children

Lotus Connect is a business-to-business platform intended for procurement administrators, buyers, accounting staff, and supplier contacts. It is not directed to children and we do not knowingly collect personal information from children. If you believe a child has submitted personal information to us, please contact us and we will delete it.

10. Cookies and tracking

We use only the cookies necessary to operate the platform: a session cookie issued at sign-in, a multi-factor authentication session cookie, and a maintenance-mode bypass cookie used during planned cutovers. We do not use third-party advertising cookies or cross-site tracking.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email to account administrators and posted at the top of this page with a new effective date. Continued use of the platform after a change constitutes acceptance of the updated policy.

12. Contact us

Lotus Connect LLC
221 River Street, 9th Floor
Hoboken, NJ 07030
Email: acepeda@lotusconnect.com
Phone: (201) 630-8686

Lotus Connect LLC

2026 Lotus Connect LLC. End-to-end procurement for education, government, transportation, healthcare, and construction.

221 River Street, 9th Floor, Hoboken, NJ 07030 | (201) 630-8686