What we collect, how we use it, and what we don't do with it.
Last updated: May 8, 2026.
Burton NDT Rentals (operating entity: Burton NDT LLC) is the data controller for this site. Our headquarters is at 832 S. Broadway St., La Porte, TX 77571. Contact us at information@bndtrentals.com or 281-941-4311 with any privacy question.
Information you give us directly — name, company, email, phone, shipping details, dates, and any free-text instructions you submit through our quote/reservation form, contact form, or direct email/phone correspondence. The quote builder also stores the items you add to your cart in your browser's localStorage (under bndt-quote-cart-v1) so your cart survives page navigation. That data stays on your device until you submit the form or clear it.
Technical information we collect automatically — IP address, browser user-agent, referring page, requested URL, country code (derived from your IP at the network edge), and timestamps. We use this for security (rate-limiting form submissions and blocking abuse), performance monitoring (page- load times, Core Web Vitals like LCP / INP / CLS), and error diagnostics (capturing JavaScript exceptions to fix bugs). Most of these signals are stored in our own database (the “Burton NDT first-party analytics” processor below) rather than handed to a third-party analytics SaaS.
Per-tab session id — when you load a page, our analytics tracker writes a random UUID to your browser's sessionStorage (key bndt_pv_session). This lets us count distinct sessions and measure how long visitors spend on each page. The id is wiped automatically when you close the tab — it is not a persistent fingerprint.
How long we keep it — page-view and event rows are auto-deleted after 180 days. Resolved errors are auto-deleted after 90 days. Quote-form submissions and customer profiles stay until you ask us to delete them.
What we do NOT collect — we do not run third-party advertising trackers, build behavioral profiles across other websites, sell data to data brokers, or share form submissions with marketing partners. We do not use cookies for tracking — only standard session cookies for the admin login.
Form and email submissions are used solely to respond to your request — sending a quote, scheduling a calibration, processing a rental or sale, and following up on the engagement. Technical logs are used to keep the site running and secure. We do not sell or share your information with third parties for marketing purposes.
We use the following processors to run the site and our business. Each is bound by its own privacy commitments and processes data only on our instructions for the purposes below.
Vercel (hosting & CDN)
Purpose: Hosts the website infrastructure and serves pages from edge locations.
Data: Standard request logs (IP, user-agent, requested URL, timestamp, response status). Retained for limited periods per Vercel's terms.
Their privacy policy (opens in new tab)Vercel Analytics & Speed Insights
Purpose: Aggregate page views and Core Web Vitals (LCP, INP, CLS) to monitor site performance.
Data: Hashed visitor identifiers, page paths, referrer, country-level location, device type. No personally-identifying data, no behavioral profile, no cross-site tracking.
Their privacy policy (opens in new tab)Sentry (error tracking)
Purpose: Captures unhandled JavaScript and server-side errors so we can fix bugs.
Data: Stack trace, page URL, browser, anonymized session context. Email addresses, phone numbers, and free-text form fields are scrubbed before transmission.
Their privacy policy (opens in new tab)Burton NDT first-party analytics
Purpose: Page-view counts, top pages, top referrers, top countries, and Core Web Vitals stored in our own database (not a third-party analytics SaaS) to understand how visitors find and use the site.
Data: Path, referrer (when sent by your browser), a per-tab anonymous session id (sessionStorage UUID, expires when the tab closes), country code (from edge headers), browser user-agent, and IP. Performance metrics (LCP, INP, CLS, FCP, TTFB) when your browser supports them. We never write these rows for known bots; admin browsers self-exclude via a `mako_no_track` localStorage flag.
Burton NDT first-party error log
Purpose: An in-house duplicate of Sentry's data, stored in our own database so the admin team can triage errors directly from the panel.
Data: Same fields as Sentry — message, module, stack, route, user-agent, sanitized context. Resolved errors are auto-deleted after 90 days; raw page-view and event rows are auto-deleted after 180 days.
Resend (transactional email)
Purpose: Delivers quote-confirmation and customer-service emails on our behalf.
Data: Recipient email address, message body, delivery status. Used only for the email you actually send or receive.
Their privacy policy (opens in new tab)Cloudflare Turnstile (bot protection)
Purpose: Confirms you are a human before accepting form submissions, without using CAPTCHA puzzles or third-party tracking cookies.
Data: An anonymized challenge token. Cloudflare may inspect IP and browser characteristics during the challenge.
Their privacy policy (opens in new tab)Google Maps (embedded location previews)
Purpose: Embeds map previews on the contact and location pages.
Data: Google may set its own cookies and collect interaction data once you click into the embed. We do not load the embed for you proactively.
Their privacy policy (opens in new tab)YouTube (embedded equipment-in-action videos)
Purpose: Embeds video demonstrations on the projects pages.
Data: We use the privacy-enhanced YouTube embed (youtube-nocookie.com) to minimize tracking before playback. YouTube/Google may still set cookies and collect data when you press play.
Their privacy policy (opens in new tab)We also share data when required by law (court order, subpoena) or to protect our legal rights and the safety of our team and customers.
Active customer records are retained for the duration of the business relationship plus seven years for tax and accounting purposes. Quote requests that don't convert are retained for 24 months and then deleted. Server access logs are typically retained 30–90 days. Error reports and analytics aggregates are retained according to each processor's default retention policy (Vercel, Sentry).
Wherever you live, you can email us at information@bndtrentals.com to ask what data we hold about you, correct inaccurate data, or request deletion. We'll respond within 30 days.
If you are in the EU/UK (GDPR): you have the right to access, correct, delete, or port your data; restrict or object to certain processing; withdraw consent; and lodge a complaint with your data-protection authority. We are a U.S. business that primarily serves U.S. industrial customers; if you submit a request from the EU/UK, we honor it but the site is not specifically directed at EU/UK consumers.
If you are a California resident (CCPA / CPRA): you have the right to know what personal information we collect, the categories of sources and recipients, and the business purposes for collection; the right to delete your personal information; the right to correct inaccurate information; and the right to opt out of any "sale" or "sharing" of personal information. We do not sell or share personal information for cross-context behavioral advertising — but you can still send us a request and we will confirm in writing.
This site is a B2B industrial-equipment service. It is not directed at children under 13, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.
We do not set advertising cookies. The browser's localStorage is used by the quote-builder cart and by the error buffer described above; you can clear both at any time via your browser's site-data controls. Vercel Analytics may set a first-party cookie for hashed visitor identification. Embedded Google Maps and YouTube content may set their own cookies once you interact with them.
The site enforces HTTPS with HSTS preload, a strict Content-Security-Policy with per-request nonces, and modern security headers. Form submissions are protected by Cloudflare Turnstile and rate-limited at the server. We do not store payment-card data on our infrastructure — those flows go through trusted payment processors directly.
We may update this policy as our processors or practices change. When we do, we'll bump the date at the top. Material changes will be highlighted in a banner on the site for at least 30 days.
Questions about your data? information@bndtrentals.com or call 281-941-4311.
