Privacy Policy

Effective Date: April 16, 2026

Controller / Who we are. Project DIAMOnD, Inc., a Michigan corporation (“Project DIAMOnD^®”, “Project DIAMOnD”, “we”, “us”, “our”) determines the purposes and means of processing personal information collected on the Project DIAMOnD Infrastructure and acts as the business/controller for such information under applicable U.S. privacy laws.

‍Address: 2675 Bellingham Drive, Troy, MI 48083-2044, USA

‍Privacy: contact@projectdiamond.org
Security: contact@projectdiamond.org
DMCA (Project DIAMOnD-hosted content only): contact@projectdiamond.org

‍Project DIAMOnD^® is a registered trademark of Automation Alley. Used here under license.‍

Contents

1) Scope & Services Not Covered
2) What We Collect on the Project DIAMOnD Infrastructure
3) How We Use Project DIAMOnD Infrastructure Information
4) Legal Bases
5) Sharing & Disclosures (Project DIAMOnD Infrastructure Only)
6) Data Location & Transfers
7) Retention
8) Security
9) Cookies & Analytics (Project DIAMOnD Infrastructure)
10) Your Choices & Rights
11) Children
12) Public Funding; Records; No Endorsement
13) Do Not Upload Restricted Content to Project DIAMOnD Systems
14) Breach Notification (Michigan)
15) Third-Party Sites & Services
16) U.S. State Privacy Disclosures
17) Changes to this Policy
18) How to Contact Us

1) Scope & Services Not Covered

This Policy explains how Project DIAMOnD collects, uses, discloses, and protects personal information on the Project DIAMOnD Infrastructure only, which includes onboarding, profile and account administration, community and academy features, Project DIAMOnD-hosted pages, and links or referrals provided for navigation purposes.

When you select Marketplace or other third-party features, you leave the Project DIAMOnD Infrastructure and enter platforms operated by third parties. Activities conducted on those platforms, including file uploads, licensing, orders, payments, or identity verification, are governed by the applicable third parties’ privacy policies and terms. Project DIAMOnD does not control the privacy practices of third-party platforms, although Project DIAMOnD may receive limited information from such providers as described in this Policy.

2) What We Collect on the Project DIAMOnD Infrastructure

a) Information you provide directly‍

• Account and profile information (such as name, email address, phone number, and organizational affiliation or role).
• Community and academy content (such as posts, comments, and non-restricted attachments submitted to Project DIAMOnD-hosted pages). Support inquiries, forms, and survey responses.
• Eligibility or compliance attestations (such as representations that you are not debarred or suspended under 2 CFR Part 180), where applicable.

b) Information collected automatically

• Log and device data (such as IP address, device or browser type, timestamps, and referring or exit pages).
• Usage information related to the Project DIAMOnD Infrastructure (such as page views, feature interactions, and internal navigation or search activity within Project DIAMOnD-hosted pages).
• Cookies or similar identifiers necessary for authentication, security, and session continuity (see Section 9).

c) Information received from service providers acting on Project DIAMOnD’s behalf

‍Service providers may provide limited information necessary to operate, secure, and administer the Project DIAMOnD Infrastructure, including:

• Identity and Business Verification. Verification status and related metadata (such as pass/fail result, verification method, and timestamp) received from identity or business verification providers. Project DIAMOnD does not receive or store copies of government-issued identification, biometric templates, or raw verification media.
• Infrastructure Hosting and Operations. Operational and administrative telemetry from infrastructure, hosting, or collaboration service providers used to support the Project DIAMOnD Infrastructure (such as system availability, performance metrics, access logs, and administrative audit trails).
• Third-Party Platform Integration Signals. Limited authentication, authorization, or referral signals exchanged with third-party platforms accessed through the Project DIAMOnD Infrastructure for account continuity or navigation purposes. These signals do not include marketplace file content, transaction details, pricing information, or payment data.
• All such information is processed solely for the purposes described in this Policy and in accordance with written agreements with the applicable service providers.

3) How We Use Project DIAMOnD Infrastructure Information

We use personal information collected on the Project DIAMOnD Infrastructure for the following purposes:

• Operate the Project DIAMOnD Infrastructure. To support onboarding, account and profile management, access to community and academy features, and navigation or referral to third-party platforms.
• Compliance and Internal Controls. To support Project DIAMOnD’s internal control framework under 2 CFR §200.303, where applicable, including conflict-of-interest posture under §200.318(c)(1), eligibility and debarment screening under 2 CFR Part 180, and retention of Project DIAMOnD Infrastructure records required under §§200.334–200.337.
• Security and Integrity. To detect, investigate, and prevent fraud, abuse, unauthorized access, or maliciousactivity affecting the Project DIAMOnD Infrastructure.
• Program Evaluation and Improvement. To generate aggregated, de-identified metrics and insights to evaluate and improve the performance and usability of the Project DIAMOnD Infrastructure.
• Communications. To send service-related communications, onboarding guidance, and updates to policies or the Project DIAMOnD Infrastructure.
• Project DIAMOnD does not sell personal data. Project DIAMOnD is not a marketplace facilitator or merchant of record and does not access or process marketplace transaction or payment data.

4) Legal Bases

Project DIAMOnD processes personal information collected on the Project DIAMOnD Infrastructure consistent with applicable U.S. privacy laws and for the purposes described in this Policy, including the following bases, as applicable:

• Contractual or Programmatic Necessity. To operate the Project DIAMOnD Infrastructure and administer participation in the Project DIAMOnD program, including features and services you request.
• Legitimate Interests. To protect the security and integrity of the Project DIAMOnD Infrastructure, prevent fraud or abuse, and generate aggregated, de-identified analytics to improve services, where such interests are not overridden by individual rights.
• Legal Obligations. To comply with applicable laws and requirements, including lawful requests, audit and record-retention obligations under 2 CFR Part 200 (Subpart D), and applicable state data breach notification laws, including Michigan law.
• Consent. Where expressly requested in connection with specific activities or third-party services (such as identity or business verification workflows), and as governed by the applicable third party’s privacy policy and consent mechanisms.

5) Sharing & Disclosures (Project DIAMOnD Infrastructure Only)

• Service Providers. Project DIAMOnD may share personal information with service providers acting on Project DIAMOnD’s behalf to operate, maintain, and secure the Project DIAMOnD Infrastructure (such as infrastructure hosting, identity or business verification status, IT support, security monitoring, communications, and administrative services). These service providers process information pursuant to written agreements and only for the purposes described in this Policy.
• Government or Oversight Bodies. Project DIAMOnD may disclose information where required by law, regulation, courtv order, or applicable public funding or oversight requirements. Where permitted, Project DIAMOnD will provide notice so affected users may assert applicable confidentiality or exemption claims.
• Legal and Safety. Project DIAMOnD may disclose information as necessary to comply with law or to protect the rights, safety, or property of Project DIAMOnD, its users, or the public.
• Information Not Shared by Project DIAMOnD. Project DIAMOnD does not receive, host, or disclose marketplace files, orders, quotes, manufacturing details, or payment transaction data processed on third-party platforms. Such data is governed by the applicable third-party platforms’ terms and privacy policies and is outside Project DIAMOnD’s control.

6) Data Location & Transfers

Personal information processed on the Project DIAMOnD Infrastructure is hosted by reputable service providers primarily in the United States.

Certain service providers supporting identity or business verification or other infrastructure functions may process data in the United States and, in limited circumstances, in other jurisdictions, consistent with their disclosed practices.

If cross-border transfers occur in connection with the Project DIAMOnD Infrastructure, Project DIAMOnD requires its service providers to implement appropriate contractual and technical safeguards consistent with applicable law.

7) Retention

Project DIAMOnD retains personal information collected on the Project DIAMOnD Infrastructure only for as long as reasonably necessary to operate and support the Project DIAMOnD Infrastructure, to resolve disputes, and to comply with applicable legal obligations.

Where applicable funding or legal requirements apply, Project DIAMOnD retains Project DIAMOnD Infrastructure records inaccordance with 2 CFR §§200.334–200.337 and other applicable laws. Not all personal information collected on the Project DIAMOnD Infrastructure is subject to these retention requirements.

When retention periods expire, Project DIAMOnD deletes or de-identifies personal information in accordance with its data management practices.

8) Security

Project DIAMOnD applies administrative, technical, and physical safeguards appropriate to the Project DIAMOnD Infrastructure and the nature of the information processed (such as access controls, encryption in transit, least-privilege administration, and monitoring). No system is 100% secure. If you believe the security of the Project DIAMOnD Infrastructure has been compromised, please report the issue to contact@projectdiamond.org.

9) Cookies & Analytics (Project DIAMOnD Infrastructure)

Essential cookies or similar technologies are required for authentication, security, and session continuity on the Project DIAMOnD Infrastructure. Project DIAMOnD may use limited analytics to understand aggregated and de-identified usage of the Project DIAMOnD Infrastructure. You can control non-essential cookies through your browser settings; essential cookies are required for core functionality.

10) Your Choices & Rights

• Project DIAMOnD Infrastructure Data. You may request access to, correction of, or deletion of personal information maintained by Project DIAMOnD in connection with the Project DIAMOnD Infrastructure by emailing contact@projectdiamond.org. We will respond to requests in accordance with applicable law and subject to legal, audit, or retention requirements.
• Verification Data. Requests relating to identity or business verification data processed by third-party verification providers must be directed to the applicable provider. Project DIAMOnD can assist in routing such requests where appropriate.
• Third-Party Platform Data. Requests relating to data processed on third-party platforms accessed through the Project DIAMOnD Infrastructure (including marketplace or payment data) must be directed to the applicable platform or service provider, as Project DIAMOnD does not control that data.
• Email Preferences. You may opt out of non-essential Project DIAMOnD communications where offered. Transactional or service-related communications may still be sent.

11) Children

The Project DIAMOnD Infrastructure is not directed to individuals under 18 years of age. Project DIAMOnD does not knowingly collect or process personal information from individuals under 18 on the Project DIAMOnD Infrastructure. If you believe that a minor has provided personal information through the Project DIAMOnD Infrastructure, please contact us so that we may take appropriate steps to remove such information.

12) Public Funding; Records; No Endorsement

• Funding Acknowledgment. Some Project DIAMOnD Infrastructure activities may be supported by public funds. This Policy does not create any right of payment or entitlement from any public entity.
• Records & Audit (Project DIAMOnD Infrastructure Only). Where lawfully required, including under applicable grant or funding requirements, Project DIAMOnD may provide reasonable access to retained Project DIAMOnD Infrastructure records to authorized officials for audit or monitoring purposes and will notify affected users where permitted by law.
• Public-Records Caution. To the extent Project DIAMOnD Infrastructure records are shared with a public body, such records may be subject to applicable public-records or freedom-of-information laws. Project DIAMOnD will reasonably support applicable confidentiality or exemption claims where available.
• No Endorsement. Use of the Project DIAMOnD Infrastructure must not imply county, state, or federal endorsement. Official seals, logos, or insignia may not be used without express written authorization.

13) Do Not Upload Restricted Content to Project DIAMOnD Systems

Do not upload Controlled Unclassified Information (CUI), export-controlled technical data, personal data subject to heightened legal protection, or other restricted or sensitive materials to the Project DIAMOnD Infrastructure except as expressly authorized in writing by Project DIAMOnD. Users are solely responsible for complying with applicable information-control, data protection, export control, and sanctions laws in connection with their participation in the Project DIAMOnD program.

14) Breach Notification (Michigan)

If a security breach involving personal information maintained on the Project DIAMOnD Infrastructure occurs, Project DIAMOnD will provide notices consistent with applicable law, including the Michigan Identity Theft Protection Act (MCL 445.61 et seq.), to the extent such requirements apply.

15) Third-Party Sites & Services

The Project DIAMOnD Infrastructure may contain links to or integrations with third-party platforms or services. Such third parties operate independently of Project DIAMOnD, and Project DIAMOnD does not control or assume responsibility for their privacy practices, security measures, or data handling activities. Review the applicable third-party privacy policies and terms before using those services.

16) U.S. State Privacy Disclosures (California, Colorado, Connecticut,Delaware, Montana, Oregon, Texas, Utah, Virginia, and similar laws)

• Scope. This section applies solely to the Project DIAMOnD Infrastructure when applicable U.S. state privacy laws grant residents specific privacy rights. It does not apply to identity verification services operated by third parties (such as Persona) or to marketplace activities conducted on third-party platforms (e.g., Markforged/Eiger or Stripe), which are governed by those parties’ own privacy policies and terms.
• No Sale or Sharing. Project DIAMOnD does not “sell” or “share” personal information, as those terms are defined under California law, and does not engage in targeted advertising in connection with the Project DIAMOnD Infrastructure. If these practices change, this Policy will be updated and any required opt-out mechanisms will be provided.

1. Categories of Personal Information Collected (Project DIAMOnD Infrastructure Only).

1. Identifiers (e.g., name, email address, account identifier) and limited organization-related information (e.g., role or title).  
2. Internet or network activity data (e.g., login events, page views within the Project DIAMOnD Infrastructure).  
3. Communications you send to Project DIAMOnD (e.g., support requests, forms, surveys).
4. Eligibility or compliance attestations, including debarment or suspension status where applicable.

1. Sources of Information. You; your organization; Project DIAMOnD Infrastructure telemetry; and Project DIAMOnD service providers acting on our behalf (e.g., verification status metadata from identity verification providers).
2. Purposes of Use. To operate, maintain, and secure the Project DIAMOnD Infrastructure; satisfy internal controls and compliance obligations; provide service communications; and generate aggregated, de-identified analytics.
3. Disclosures. Personal information may be disclosed to Project DIAMOnD service providers (e.g., hosting, IT, security, and communications vendors) and to government or oversight bodies where disclosure is legally required. Project DIAMOnD does not disclose marketplace files, transaction data, pricing, or payment information, which are not hosted or controlled by Project DIAMOnD.
4. Your State Privacy Rights (where applicable).

1. Access / Know the categories and specific pieces of personal information Project DIAMOnD holds about you.  
2. Correction of inaccurate personal information.
3. Deletion of personal information, subject to applicable legal, audit, or retention requirements.
4. Portability (to receive a copy in a usable format).  
5. Opt-out of sale, sharing, or targeted advertising (not applicable at this time).
6. Limit use of certain sensitive personal information, where required by law (not applicable at this time, as Project DIAMOnD does not use sensitive personal information in a manner requiring such limitation).  
7. Appeal a decision if a request is denied.  
8. Non-discrimination for exercising privacy rights.

• How to Exercise Your Rights (Project DIAMOnD Infrastructure Data Only).  Email contact@projectdiamond.org with your request and state of residence. We may verify your identity (e.g., by confirming control of your Project DIAMOnD account or email address). If a request is denied, you may appeal by responding to our decision or emailing the same address with the subject line “Appeal.” We will provide a written response explaining the outcome.
• Authorized Agents (California).  If you use an authorized agent to submit a request, we may require proof of authorization and direct identity verification.
• Global Privacy Control (GPC). If Project DIAMOnD engages in activities that constitute a “sale,” “sharing,” or targeted advertising in the future, we will honor recognized opt-out preference signals on the Project DIAMOnD Infrastructure as required by applicable law. At present, such activities are not conducted.
• Notice at Collection (California). The “Categories of Personal Information,” “Purposes,” “Retention,” and “Sharing” sections of this Policy serve as Project DIAMOnD’s notice at collection for Project DIAMOnD Infrastructure pages.
• Financial Incentives. Project DIAMOnD does not offer financial incentives, loyalty programs, or differential pricing based on personal information collected through the Project DIAMOnD Infrastructure.
• Sensitive Data & Biometrics. Project DIAMOnD Infrastructure does not collect or process biometric identifiers or biometric templates. Any biometric verification (e.g., selfie-to-ID comparison) is conducted solely by third-party identity verification providers under their own policies and consent mechanisms. Project DIAMOnD does not use biometric information for identification or authentication purposes.
• Nevada Residents. Project DIAMOnD does not sell covered information as defined under Nevada law.

17) Changes to this Policy

Project DIAMOnD may update this Privacy Policy from time to time. Material changes will be posted on the Project DIAMOnD Infrastructure with an updated “Effective Date.” Where appropriate, Project DIAMOnD may require users to acknowledge the updated Policy. Continued use of the Project DIAMOnD Infrastructure after the effective date of an updated Policy constitutes acceptance of the revised Policy, except to the extent otherwise prohibited by applicable law.

18) How to Contact Us

Project DIAMOnD, Inc.

Address:
2675 Bellingham Drive
Troy, MI 48083-2044
United States 

Email Contacts:
Privacy inquiries: contact@projectdiamond.org
Security issues: contact@projectdiamond.org
Telephone:
+1 (800) 427-5100

Project DIAMOnD^® is a registered trademark of Automation Alley, Inc., used by Project DIAMOnD, Inc. under license.