🔒 Last Updated: May 2026

Privacy Policy

We believe privacy should be straightforward. Here's exactly what we collect, why we collect it, and how you can control it.

Plain-language summary: We collect only what we need to run the platform. We don't sell your data. We use Stripe for payments (we never see your card number), Google Analytics to understand traffic, and Netlify Forms to receive your contact submissions. California and EU residents have specific rights explained below.

1. What We Collect

Information You Give Us

When you fill out a contact form, claim a business listing, or sign up for a paid plan, we collect:

  • Contact information — your name, email address, phone number, and business name
  • Business information — service category, city/service area, license number, and insurance documentation (for verified listings)
  • Messages — anything you write in a contact or support form
  • Account credentials — email and password (stored securely, never in plain text)

Information Collected Automatically

When you visit BusinessCertified.org, our analytics and hosting infrastructure automatically record:

  • Usage data — pages visited, time on site, referring URL, and search terms used within the site
  • Device data — browser type, operating system, screen resolution, and IP address (anonymized after 14 days)
  • Cookies — small files that help us remember your preferences and understand how visitors use the site (see Cookie Policy below)

Payment Information

All billing is handled by Stripe, a PCI-DSS Level 1 certified payment processor. We never see, store, or have access to your full credit card number, CVV, or bank account details. Stripe provides us with a non-sensitive token confirming your payment status. You can review Stripe's privacy practices at stripe.com/privacy.

2. How We Use Your Information

We use the information we collect to:

🏗️

Operate the Platform

Create and manage your business listing, process your verification, display your profile to homeowners searching for your services.

💳

Process Payments

Charge your monthly subscription through Stripe, send receipts, and manage plan upgrades or cancellations.

📧

Communicate with You

Send transactional emails about your account (verification status, billing receipts, support replies). We don't send unsolicited marketing email.

📊

Improve the Site

Understand which pages are useful, where users get stuck, and which features to build — using aggregated, anonymized analytics data.

🔐

Prevent Fraud

Detect and prevent fake listings, fraudulent reviews, and unauthorized account access.

⚖️

Legal Compliance

Maintain records as required by law and respond to lawful requests from government authorities when legally required.

3. Third-Party Services

We work with a small number of trusted providers. Each has been selected for strong privacy practices:

💳

Stripe

Payment processing for all paid subscriptions. Stripe is PCI-DSS Level 1 compliant — the highest standard for payment security. When you enter billing info, you're communicating directly with Stripe's servers.

Stripe Privacy Policy →
📈

Google Analytics 4

We use GA4 to understand site traffic and user behavior in aggregate. We have IP anonymization enabled, data retention set to 14 months, and we do not use Google Signals. You can opt out using the Google Analytics opt-out browser add-on.

Google Privacy Policy →
📋

Netlify Forms

Contact forms on this site are processed by Netlify. Form submissions are stored on Netlify's servers and forwarded to our support team. Netlify is SOC 2 Type II certified. We regularly delete old form submissions.

Netlify Privacy Policy →

4. Cookie Policy

Cookies are small text files placed on your device. We use three categories:

Cookie Type Purpose Can You Opt Out?
Essential Keep you logged in, remember your session, prevent CSRF attacks. The site doesn't function without these. No — required for core functionality
Analytics Google Analytics 4 — helps us understand traffic patterns so we can improve the site. Anonymized. Yes — opt out via GA browser add-on or browser settings
Preferences Remember UI choices like your selected service category or whether you've dismissed a banner. Yes — clear cookies in your browser settings

5. California Residents — Your CCPA Rights

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have specific rights regarding their personal information:

RIGHT
Know — Request a copy of the personal information we've collected about you in the past 12 months, including what categories we collected, why, and who we shared it with.
RIGHT
Delete — Ask us to delete your personal information (with limited exceptions for legal obligations or completing transactions you've requested).
RIGHT
Correct — Request correction of inaccurate personal information we hold about you.
RIGHT
Opt Out of Sale — We do not sell personal information. We do not share personal information for cross-context behavioral advertising. No opt-out is needed, but you can confirm this anytime by contacting us.
RIGHT
Non-Discrimination — Exercising your CCPA rights will never result in denial of service, a different price, or reduced quality of service.

To exercise your California rights, email privacy@businesscertified.org with subject line "CCPA Request." We will respond within 45 days.

6. EU/UK Residents — Your GDPR Rights

If you are located in the European Union or United Kingdom, the General Data Protection Regulation (GDPR) gives you additional rights. Our legal basis for processing your data is generally contract performance (to deliver the service you signed up for) or legitimate interests (analytics to improve the site, fraud prevention).

Access — Obtain a copy of your personal data
Rectification — Correct inaccurate data
Erasure ("right to be forgotten") — Request deletion of your data
Portability — Receive your data in a machine-readable format
Restriction — Limit how we process your data in certain circumstances
Objection — Object to processing based on legitimate interests

To exercise GDPR rights, contact privacy@businesscertified.org. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

7. Data Retention

We keep your data only as long as necessary:

  • Active accounts — Data retained while your account is active and for 90 days after cancellation (so you can reactivate)
  • Payment records — Retained for 7 years to comply with tax and financial regulations
  • Contact form submissions — Deleted from Netlify after 12 months
  • Analytics data — Anonymized within 14 days; aggregated data retained for trend analysis

8. Security

We take reasonable technical and organizational steps to protect your information, including:

  • HTTPS/TLS encryption on all pages and API calls
  • Passwords hashed with bcrypt — never stored in plain text
  • Stripe handles all payment card data — we have no access to raw card numbers
  • Access to user data restricted to employees who need it to do their jobs

No system is perfectly secure. If you believe your account has been compromised, contact us immediately at privacy@businesscertified.org.

9. Children's Privacy

BusinessCertified.org is a B2B platform for business owners and consumers seeking local services. It is not directed at children under 13. We do not knowingly collect information from anyone under 13. If we learn we have inadvertently done so, we will promptly delete it.

10. Changes to This Policy

When we make material changes to this policy, we'll post the updated version here with a new "Last Updated" date. For significant changes, we'll send an email notice to registered users at least 14 days before the changes take effect. Continued use of the site after the effective date constitutes acceptance of the updated policy.

Privacy Questions?

We're a real team and we respond to every privacy inquiry personally — no bot replies.

privacy@businesscertified.org

Response time: within 2 business days