Privacy Policy

Last updated: February 23, 2026

ERP Research ("we," "us," or "our") operates the website www.erpresearch.com (the "Site"). This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights regarding that data.

1. Information We Collect

1.1 Information you provide

When you fill out a form on our Site — including contact forms, demo request forms, newsletter sign-ups, pricing quote forms, comparison tool gates, resource download gates, or the chatbot — we may collect:

• Name
• Email address
• Phone number
• Company name and size
• Industry
• Message or inquiry text

1.2 Information collected automatically

When you visit the Site, we automatically collect:

• Visitor identifier — a randomly generated UUID stored in the erp_vid cookie to recognize returning visitors.
• Country-level geolocation — derived from your IP address and stored in the erp_geo cookie. We do not store your full IP address for analytics purposes.
• Pages visited, referrer URL, and page type — logged to understand how people use our Site.
• A/B experiment assignment — stored in the erp_ab cookie to ensure a consistent experience during your visit.

1.3 Information from third parties

When you submit your business email address through a form, we may look up publicly available information about your company (company name, domain, and description) using a domain enrichment service. This helps us understand the businesses that use our Site.

2. How We Use Your Information

We use personal data for the following purposes:

• Respond to inquiries — to reply to contact, demo, or quote requests you submit.
• Send newsletters — if you subscribe, to deliver monthly ERP pricing updates. You can unsubscribe at any time.
• Process payments — when you purchase benchmark data access or a partner portal listing via Stripe.
• Improve the Site — to analyze usage patterns, run A/B tests, and fix issues.
• Prevent abuse — to rate-limit form submissions and detect spam.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal basis for collecting and using your personal data depends on the context:

• Consent — for analytics cookies (Google Analytics) and newsletter subscriptions. You provide this via our cookie consent banner or by opting in to the newsletter.
• Contractual necessity — for processing payments and providing services you have purchased (e.g., benchmark access, partner portal).
• Legitimate interest — for core site functionality such as visitor identification for spam prevention, A/B testing for site improvement, and responding to business inquiries.

4. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Site. For a complete list of cookies we use, their purposes, and how to manage them, please see our Cookie Policy.

We use Google Analytics 4 (GA4) to understand how visitors use our Site. GA4 is loaded with analytics consent set to denied by default and only collects data after you accept cookies through our consent banner.

5. Third-Party Services

We share personal data with the following categories of providers:

• Supabase (database hosting) — stores form submissions, page views, partner profiles, and benchmark access records. Supabase is SOC 2 Type II certified.
• Stripe (payment processing) — processes payments for benchmark data access and partner portal subscriptions. Stripe is PCI DSS Level 1 certified. We never store your credit card details on our servers.
• Google Analytics (analytics) — receives anonymized usage data only after you consent via our cookie banner.
• Domain enrichment service — receives email domain (not your full email) to return publicly available company information.
• Vercel (hosting) — hosts our Site and provides country-level geolocation via request headers.

We do not sell your personal data to any third party. We do not use third-party advertising pixels (e.g., Facebook Pixel, LinkedIn Insight Tag).

6. Data Retention

• Form submissions — retained for up to 24 months after submission, then deleted.
• Page view logs — retained for up to 12 months, then deleted.
• Benchmark access records — retained for the duration of your subscription or purchase, plus 90 days.
• Partner portal profiles — retained until you cancel your subscription and request deletion.
• Cookies — see our Cookie Policy for individual cookie durations.

7. Your Rights Under GDPR

If you are in the EEA, UK, or Switzerland, you have the following rights regarding your personal data:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate data.
• Right to erasure — request deletion of your personal data.
• Right to restrict processing — request that we limit how we use your data.
• Right to data portability — request your data in a machine-readable format.
• Right to object — object to our processing of your data, including for direct marketing.
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at privacy@erpresearch.com. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority.

8. Your Rights Under CCPA/CPRA

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) grant you additional rights:

• Right to know — you can request the categories and specific pieces of personal information we have collected about you.
• Right to delete — you can request deletion of your personal information.
• Right to correct — you can request correction of inaccurate personal information.
• Right to opt out of sale/sharing — we do not sell or share your personal information for cross-context behavioral advertising.

To exercise these rights, email privacy@erpresearch.com. We will not discriminate against you for exercising your rights.

9. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. When we transfer data outside the EEA, we rely on Standard Contractual Clauses or other legally approved transfer mechanisms to ensure your data is protected.

10. Children's Privacy

Our Site is intended for business professionals and is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.

11. Security

We implement technical and organizational measures to protect your data, including HTTPS encryption in transit, secure cookie flags, row-level security on our database, rate limiting on form submissions, and input validation on all API endpoints. No method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page with a new "Last updated" date. We encourage you to review this page periodically.

13. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:

• Email: privacy@erpresearch.com