Privacy Policy
ContractorVerify ("we", "us", or "our") operates the contractorverify.io website and the ContractorVerify API (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.
1. Information We Collect
We collect the following types of information:
- Account information - name, email address, company name, and billing details when you create an account or subscribe to a plan
- API usage data - request logs including timestamps, endpoints called, query parameters, IP addresses, and response status codes
- Payment information - processed securely through Stripe. We do not store full credit card numbers on our servers
- Device and browser data - user agent strings, screen resolution, and similar technical data collected automatically when you visit our website
- Communications - any emails, support tickets, or messages you send to us
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Process transactions and send related billing information
- Monitor API usage for rate limiting, abuse prevention, and capacity planning
- Send you technical notices, security alerts, and support messages
- Respond to your comments, questions, and customer service requests
- Analyze usage trends to improve our product and develop new features
- Detect, prevent, and address fraud, abuse, or technical issues
3. Cookies and Tracking
Our website uses cookies and similar tracking technologies for the following purposes:
- Essential cookies - required for authentication and session management
- Analytics cookies - we use Google Analytics (via Google Tag Manager) to understand how visitors interact with our site. These cookies collect anonymized usage data
- Preference cookies - to remember your settings and preferences
You can configure your browser to refuse cookies, though some features of the Service may not function properly without them. We do not use advertising or behavioral tracking cookies.
4. Third-Party Services
We share data with the following categories of third-party service providers:
- Payment processing - Stripe processes all payments. Their privacy policy governs payment data handling
- Cloud infrastructure - we host our Service on industry-standard cloud providers with SOC 2 compliance
- Analytics - Google Analytics collects anonymized website usage data
- Email - transactional emails (account verification, billing receipts, alerts) are sent through a third-party email service
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
5. Data Retention
We retain your data according to the following schedule:
- Account data - retained for the duration of your account plus 30 days after deletion request
- API request logs - retained for 90 days, then automatically purged
- Billing records - retained for 7 years as required by tax and accounting regulations
- Cached license verification data - cached for up to 24 hours, then refreshed from the source on next request
6. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access - request a copy of the personal data we hold about you
- Correction - request correction of inaccurate personal data
- Deletion - request deletion of your personal data and account
- Portability - request an export of your data in a machine-readable format
- Objection - object to certain processing of your personal data
- Restriction - request that we limit processing of your personal data
To exercise any of these rights, contact us at privacy@contractorverify.io. We will respond within 30 days.
7. API Data Handling
When you use the ContractorVerify API to verify contractor licenses, please note:
- Query data - license numbers, state codes, and business names submitted via API calls are logged for usage tracking and debugging. These logs are retained for 90 days
- Verification results - data returned by the API is sourced from publicly available state licensing board records. We cache this data for up to 24 hours to reduce load on state systems
- No sensitive PII storage - we do not store Social Security numbers, dates of birth, or other sensitive identifiers. The API operates on license numbers and business names only
- Batch processing - data submitted via batch endpoints follows the same retention and caching policies as single lookups
- Webhook payloads - if you configure webhooks, verification results are delivered to your specified endpoint over HTTPS. We retain webhook delivery logs for 30 days
You are responsible for how you store and use verification data returned by our API in compliance with applicable laws.
8. Data Security
We implement reasonable technical and organizational measures to protect your data, including:
- All data transmitted via TLS/HTTPS encryption
- API keys are hashed at rest and never stored in plaintext
- Infrastructure-level access controls and audit logging
- Regular security reviews of our codebase and dependencies
No method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it to security@contractorverify.io.
9. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the revised policy.
11. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
- Email: privacy@contractorverify.io
- General support: support@contractorverify.io