Table of Contents
- Introduction
- Data Controller Information
- Scope of Policy
- Information We Collect
- How We Collect Information
- How We Use Your Information
- International Users
- Information Sharing & Disclosure
- Public vs. Private Data
- Data Storage and Transfers
- Data Retention
- Your Privacy Rights
- Cookies & Tracking Technologies
- Security Measures
- Children's Privacy
- Data Breach Notification
- Third-Party Services
- Automated Decision-Making
- Your Choices & Controls
- Changes to This Policy
- Contact Information
1. Introduction
VerSquare ("we," "us," or "our"), operated by Search Assistant, Inc. (a Delaware corporation), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Platform - an online platform for small business mergers and acquisitions, including reviews, ratings, data, research, content, and services related to SBA lending, business brokerage, and acquisition advisory.
This Privacy Policy applies to information collected through:
- Our website at www.versquare.com
- Email communications
- Customer service interactions
- Any other services we provide
Please read this Privacy Policy carefully. By using the Platform, you acknowledge that you have read and understood this Privacy Policy and agree to our collection, use, and disclosure practices as described.
If you do not agree with this Privacy Policy, please do not use the Platform.
2. Data Controller Information
The data controller responsible for your personal information is:
Search Assistant, Inc., a Delaware corporation (doing business as VerSquare)
6595 Roswell Road
Suite G #5313
Atlanta, GA 30328
Email: support@versquare.com
3. Scope of Policy
3.1 What This Policy Covers
This Privacy Policy covers personal information that we collect, use, and disclose in connection with the Platform and our Services.
3.2 What This Policy Does Not Cover
This Privacy Policy does not cover:
- Information collected by third-party websites linked from our Platform
- Information collected by Providers (the companies included within the Platform) through their own websites or services
- Information practices of third-party service providers (though we describe what information we share with them)
You should review the privacy policies of Providers and third-party services independently. When you initiate sharing of your information with a Provider through the Platform (such as through an inquiry form or profile share), the Provider's use of that information is governed by their privacy policy, not ours (see Section 8.11).
4. Information We Collect
We collect several types of information from and about users of our Platform.
4.1 Personal Identifiers
Information that identifies you personally:
- Full name (collected for verification of review legitimacy)
- Display name (how you appear on reviews: First Name + First Letter of Last Name)
- Email address
- Phone number (if provided)
- Physical address (if provided)
- IP address
- Device identifiers (device ID, advertising ID)
- Authentication credentials (which may include third-party authentication tokens or encrypted passwords, depending on your sign-in method)
4.2 Commercial & Platform Information
Information related to your use of the platform and related commercial activities:
- Provider interaction history (which Providers you've reviewed or searched for)
- Saved providers (Providers you've bookmarked or saved for future reference)
- Deals you are working on (if you choose to disclose this information)
- Review history (reviews you've posted, ratings you've given)
- Service preferences
4.3 Internet & Network Activity
Information about your Platform usage:
- Browsing history on our Platform
- Search queries and filters used
- Page views, clicks, and navigation paths
- Time spent on pages
- Referral sources (how you found our Platform)
- Platform usage patterns
- Interaction with emails we send
- Features and content you access
4.4 Location Data
Geographic information:
- General location inferred from IP address (city, state, country)
- Precise device location [only if you enable location services - optional]
- Location information you provide in your profile or reviews
4.5 User-Generated Content
Content you create on the Platform:
- Reviews and ratings
- Photos and documents (uploaded to reviews, profiles, or Business Accounts)
- Comments and responses
- Questions and answers
- Messages sent through the Platform
- Customer service communications
4.6 Technical Data
Information about your device and usage:
- Device type, model, and manufacturer
- Operating system and version
- Browser type and version
- Screen resolution
- Language preferences
- Time zone settings
- Cookies and similar tracking technologies (see Section 13)
- Log data (timestamps, error logs, crash reports)
4.7 Verification & Authentication Data
Information collected to verify identity and authenticity:
- Email verification confirmations
- Transaction documentation (e.g., loan applications, invoices, correspondence with Providers), only if required for additional verification
- Professional licensing verification (NMLS records, state bar registrations, state broker license registries) for Professional Account claims
- Device fingerprinting data (for fraud detection)
- Authentication credentials
4.8 Inferences & Derived Data
Information we derive from your usage:
- Predictions about your interests and preferences
- User engagement scores
- Review quality and credibility scores
- Fraud risk assessments
- Service recommendations
- Dual-attribution review scores (individual-scoped, institution-scoped, and shared dimensions) for Professional Account holders
- Aggregate ratings, rankings, and indices
Derived Data (analyses, aggregations, scores, ratings, rankings, and other processed data that VerSquare creates from user content and platform activity) is the sole and exclusive property of VerSquare, as described in the Terms of Service (Section 12.2).
4.9 Business Account Data
Additional information collected for Business Account holders and their Authorized Users:
- Business profile claim or creation records
- Terms acceptance records (clickwrap acceptance timestamp, terms version, acceptance method)
- Authorized User access records (invitation, acknowledgment timestamp, terms version)
- Business Content submissions (business descriptions, service listings, team biographies)
- Business Media uploads (logos, photos, documents such as PDFs and brochures)
- Ownership dispute filings and supporting documentation
- Subscription status and tier information
- Contact information associated with the Business Account
- Deal criteria and preferences (types of deals, buyer profiles, transaction sizes, and geographic areas the business is interested in)
4.10 Professional Account Data
Additional information collected for Professional Account holders:
- Professional profile claim or creation records
- Terms acceptance records (clickwrap acceptance timestamp, terms version, acceptance method)
- Dual-attribution consent records (timestamp, terms version, IP address)
- Employer affiliation history with date ranges (current and historical employers)
- Professional Content submissions (biography, professional headshot, certifications, practice descriptions, areas of specialization)
- Professional credentials and licensing information (license numbers, license status, professional designations)
- Work experience and professional history
- Contact information associated with the Professional Account (phone, email, office address)
- Attribution dispute filings and related correspondence
- Deal criteria and preferences (types of deals, buyer profiles, transaction sizes, and geographic areas the professional is interested in)
- Subscription status and tier information
4.11 Verified Buyer Program Data
Additional information collected for participants in the Verified Buyer (credentialing) program:
- Buyer profile information (name, contact details, professional background)
- Acquisition criteria (target industry, deal size range, geographic preferences)
- Financial qualification data (funding sources, proof of funds or pre-qualification, SBA pre-approval status)
- Deal team members (names, roles, and contact information of advisors, attorneys, accountants, or other professionals on the buyer's deal team)
- Transaction history and status (deals in progress, completed acquisitions)
- Supporting documentation submitted for credential verification
Verified Buyer data is collected to facilitate introductions between qualified buyers and Providers, and to maintain the integrity of the credentialing program. The Verified Buyer program is subject to separate Credential Terms (when available). Until those terms are published, this data is processed under the Terms of Service.
4.12 Sensitive Personal Information
We generally do not collect sensitive personal information (e.g., Social Security numbers, health data, biometric data) unless you voluntarily provide it in reviews or communications.
We strongly discourage including sensitive personal information in your reviews or public profile.
Financial Verification (Verified Buyer Program): If you participate in the Verified Buyer program and authorize financial verification through our third-party provider (currently Plaid), we may access your financial account balances to assess buyer qualification. We do not store precise account balances, account numbers, or login credentials. We retain only summary-level qualification data (e.g., whether you meet a funding threshold). Plaid's access to your financial accounts is governed by Plaid's own privacy policy and your authorization with Plaid. You may revoke Plaid's access at any time through your financial institution or Plaid's portal.
If you provide other sensitive information voluntarily, you consent to our processing of that information as described in this Privacy Policy.
4.13 Information We Do NOT Collect
We do not knowingly collect:
- Information from children under 18 years of age
- Credit card numbers or payment information (if we process payments, this is handled by third-party payment processors who do not share full card numbers with us)
- Social Security numbers or government ID numbers (except as necessary for Provider verification and not for general users)
- Biometric data for identity verification (Professional Account verification uses licensing records, not biometrics)
- Video content for reviews
5. How We Collect Information
5.1 Information You Provide Directly
We collect information you provide directly when you:
- Create an account
- Complete your profile
- Claim or create a Business Account or Professional Account
- Accept Supplemental Terms (Business Account Terms, Professional Account Terms)
- Grant Authorized User access to a Business Account
- Post reviews, ratings, or comments
- Upload photos, documents, or other media
- Search for or view Providers or Professionals
- Save Providers for future reference
- Send an inquiry or share your profile with a Provider (see Section 8.11)
- Submit an attribution dispute or ownership dispute
- Update your employer affiliation (Professional Account holders)
- Provide deal criteria and preferences (Business Account, Professional Account)
- Participate in the Verified Buyer program, including authorizing financial verification through Plaid
- Disclose information about deals you are working on
- Contact customer support
- Subscribe to newsletters or communications
- Participate in surveys or promotions
- Voluntarily verify your review
5.2 Information Collected Automatically
We automatically collect certain information when you use the Platform through:
Cookies and Similar Technologies:
- Cookies (small text files stored on your device)
- Web beacons and pixel tags
- Local storage (HTML5)
- Mobile device identifiers
See Section 13 (Cookies & Tracking Technologies) for details.
Log Data:
- Server logs recording your IP address, browser type, pages visited, timestamps
Analytics Tools:
- Usage analytics platforms
- Performance monitoring tools
- Error tracking services
5.3 Information from Third Parties
We may receive information about you from:
LinkedIn:
- If you connect your LinkedIn account to your VerSquare account, we receive basic profile information (name, email, profile photo) as permitted by your LinkedIn privacy settings
Public Sources:
- Publicly available information (e.g., if you're a Provider or Professional, we may collect information from business registries, SBA databases, state licensing boards, NMLS, state bar registries, state broker license registries, and professional association directories)
- This publicly sourced data forms the basis of unclaimed business and professional profiles on the Platform (see our Terms of Service, Sections 6.1 and 9)
Fraud Detection Services:
- Information from fraud detection and prevention service providers
Business Partners:
- If you access the Platform through a partner site or referral program
Financial Verification Providers:
- If you authorize financial verification as part of the Verified Buyer program, we receive summary-level financial qualification data from Plaid (see Section 4.12)
Service Providers:
- Analytics providers
- Email service providers (engagement data)
- Hosting providers (access logs)
Marketing Attribution:
When you visit or log in to our website, cookies and similar technologies may be used by our marketing tools to associate your activity with your account for the purpose of delivering relevant communications. See Section 13 (Cookies & Tracking Technologies) and our Cookie Policy for details.
5.4 Provider and Professional-Submitted Information
For Business Account and Professional Account holders, we collect the information described in Sections 4.9 and 4.10 respectively. This includes profile content, media, credentials, deal criteria, and verification documents. Account holders are responsible for the accuracy of information they provide (see the applicable Business Account Terms or Professional Account Terms).
6. How We Use Your Information
We use the information we collect for the following purposes:
6.1 Service Delivery & Operation
- Account Management: Create and manage your account (including Business Accounts and Professional Accounts); authenticate you; remember your preferences
- Platform Functionality: Provide core features - posting reviews, searching Providers and Professionals, viewing content, saving Providers, managing deals
- Review Publication: Display your reviews and ratings publicly
- Dual Attribution: Attribute reviews to both individual Professionals and their affiliated institutions, and calculate individual-scoped, institution-scoped, and shared review scores (see our Terms of Service, Section 9)
- Portable Reputation: Maintain review attribution and scores across employer changes for Professional Account holders
- Inquiry and Profile Sharing: Process and deliver inquiry forms and profile shares that you initiate with Providers (see Section 8.11)
- Consent Management: Maintain records of terms acceptance, dual-attribution consent, and Authorized User acknowledgments
- Customer Support: Respond to your inquiries, troubleshoot issues, provide assistance
- Transactions: Process any transactions (if applicable)
6.2 Review Authenticity & Fraud Prevention
- Verification: Verify the authenticity of reviews through transaction confirmation or Provider confirmation
- Fraud Detection: Detect and prevent fake reviews, fraudulent accounts, and abusive behavior using AI/ML algorithms
- AI-Powered Content Moderation: Use automated systems, including artificial intelligence, to flag, review, and moderate content submitted to the Platform (see our Terms of Service, Section 10.2)
- Pattern Analysis: Analyze patterns of IP addresses, device fingerprints, writing styles, and behaviors to identify suspicious activity
- Account Security: Protect against unauthorized access, hacking, and other security threats
- Compliance Monitoring: Ensure compliance with our Terms of Service and guidelines
6.3 Improvement & Analytics
- Service Enhancement: Improve Platform features, functionality, and user experience
- Usage Analytics: Understand how users interact with the Platform; identify popular features and content
- Performance Monitoring: Monitor Platform performance, uptime, and error rates
- A/B Testing: Test new features and designs to optimize user experience
- Research & Development: Develop new products, features, and services
6.4 Personalization
- Recommendations: Provide personalized Provider and Professional recommendations based on your searches, saved Providers, and interactions
- Deal Matching: Match users (buyers, sellers, and other participants in business transactions) with relevant Providers and Professionals based on deal criteria, service needs, geographic areas, and transaction profiles
- Customized Content: Tailor search results and content to your interests
- Preference Management: Remember your settings and preferences
6.5 Communications
Transactional Communications (Essential):
- Account confirmations and security alerts
- Password resets and authentication codes
- Notifications of policy or Terms changes (including 30-day advance notice for material changes to Supplemental Terms)
- Moderation decisions on your content
- Responses to customer support inquiries
Platform Activity Notifications (Opt-Out Available):
- Notifications when Providers respond to your reviews
- Notifications about new reviews on Providers you've followed or searched
- Platform updates and new features
Marketing Communications (Opt-In Only):
- Newsletters and Platform news
- Promotional offers
- Surveys and research requests
- Partner offers and collaborations
6.6 Legal & Compliance
- Legal Obligations: Comply with applicable laws, regulations, and legal processes
- Terms Enforcement: Enforce our Terms of Service and policies
- Dispute Resolution: Resolve disputes, investigate complaints, and respond to legal requests
- Law Enforcement Cooperation: Cooperate with law enforcement when required by law
- Regulatory Reporting: Report to regulatory authorities as required
6.7 Advertising & Marketing
- Interest-Based Advertising: Serve targeted advertisements based on your interests and behaviors (with your consent where required)
- Advertising Performance: Measure effectiveness of advertising campaigns
- Retargeting: Show you ads for VerSquare on other websites (with your consent where required)
6.8 Business Operations
- Corporate Transactions: In connection with mergers, acquisitions, asset sales, or similar transactions
- Protection of Rights: Protect the rights, property, and safety of VerSquare, our users, and the public
- Business Analysis: Analyze business performance and market trends
7. International Users
VerSquare is based in the United States and designed for US-based users participating in domestic small business transactions. If you access the Platform from outside the United States, you acknowledge that your information will be transferred to and processed in the United States, which may have different data protection laws than your country of residence. By using the Platform, you consent to the transfer and processing of your information in the United States.
We do not currently target or market our services to users in the European Economic Area, United Kingdom, or other jurisdictions with comprehensive data protection regimes (such as GDPR). If we expand our services internationally, we will update this Privacy Policy to reflect applicable legal requirements.
8. Information Sharing & Disclosure
We share your information in the following circumstances:
8.1 Public Display
Information Made Public:
The following information is publicly visible to all internet users (including non-registered visitors):
- Your display name (First Name + First Letter of Last Name) - unless you choose to review anonymously
- Your reviews and ratings (text, star rating, date)
- Photos you upload to reviews
- Review update dates ("edited" indicator)
- Deal context data related to your review
Public Consequences:
- This information can be viewed by anyone
- It may be indexed by search engines (Google, Bing)
- It may be cached, archived, or republished by third parties
- It may appear in search results outside of VerSquare
- Deletion may not remove cached or archived versions
Provider and Professional Access:
- Providers and Professionals can see your public information for reviews of their business or profile
- Providers and Professionals cannot see your email, IP address, device info, or private account details, unless you initiate sharing through an inquiry form, profile share, or other platform feature (see Section 8.11)
Professional Account Public Data:
- Professional Account holders' employer affiliation history (with date ranges) is publicly visible on their profile
- Dual-attribution review scores (individual, institution, and shared dimensions) are publicly visible
Business Account Authorized Users:
- When an Account Holder grants Authorized User access to a Business Account, the Authorized User can view and manage Business Account data, including profile content, media, and subscription status. The Account Holder controls which individuals have Authorized User access.
8.2 Service Providers & Processors
We share your information with third-party service providers who perform services on our behalf:
Hosting & Infrastructure:
- Backend platform and database management
- Application hosting and deployment
- Content delivery networks (CDNs)
Analytics & Performance:
- Website and app analytics
- Performance monitoring
- Error tracking and crash reporting
Communications:
- Email service providers (transactional and marketing emails)
- Customer support platforms
Security & Fraud Prevention:
- Fraud detection services
- Security monitoring tools
- Identity verification services
Advertising & Marketing (if applicable):
- Advertising networks
- Marketing automation platforms
- Data analytics providers
Payment Processing:
- Payment processors
- Note: We do not store full credit card numbers
These service providers have access to your information only to perform services on our behalf and are contractually obligated to protect your information and comply with this Privacy Policy and applicable law.
8.3 Business Partners
API Partners:
- If you access the Platform through partner integrations
- Limited information sharing as needed for the integration
Affiliate Programs (if applicable):
- Referral partners receive limited information if you arrived through their referral link
8.4 Search Engines & Web Crawlers
Your public information (reviews, ratings, display name) is accessible to:
- Search engines (Google, Bing, Yahoo, etc.)
- Web crawlers and indexing bots
- AI systems and data aggregators (for indexing, not AI training)
We allow search engine indexing to:
- Increase visibility of Provider information
- Help users discover reviews through search
- Promote transparency in the SBA lending market
- Support consumer protection and informed decision-making
Opt-Out Requests: You may request to opt out of search engine indexing under certain circumstances (see Section 12 - Your Privacy Rights). However:
- We may decline such requests where the public interest in transparency, consumer protection, and freedom of expression outweighs individual privacy concerns
- Each request is evaluated on a case-by-case basis
- Already-indexed content will remain in search engine caches
- Your reviews will remain visible on VerSquare
8.5 Aggregated & Anonymized Data
We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you:
- Market research and trends
- Industry reports and white papers
- Platform usage statistics
- Data shared with researchers or partners
This data is not considered "personal information" under most privacy laws.
8.6 Legal & Compliance Disclosures
We may disclose your information when required or permitted by law:
Legal Process:
- In response to subpoenas, court orders, or legal process
- To comply with law enforcement requests
- As required by applicable law or regulation
Rights Protection:
- To protect the rights, property, and safety of VerSquare, our users, and the public
- To enforce our Terms of Service or policies
- To detect, prevent, or address fraud, security, or technical issues
- To investigate violations or potential violations
Regulatory Authorities:
- Financial services regulators
- Consumer protection agencies
- State attorneys general
8.7 Corporate Transactions
In connection with:
- Mergers or acquisitions
- Sale of all or part of our business or assets
- Reorganization or bankruptcy
- Other corporate transactions
Your information may be transferred to the acquiring entity. We will notify you via email and/or Platform notice before your information is transferred and becomes subject to a different privacy policy.
8.8 With Your Consent
We may share your information with third parties when you explicitly consent to such sharing.
8.9 LinkedIn Integration
If you connect your LinkedIn account to VerSquare:
- We receive information from LinkedIn (per your privacy settings)
- You may have the option to share VerSquare content on LinkedIn
- LinkedIn may collect information about your use of VerSquare (see their privacy policy)
8.10 Licensing and Regulatory Authorities
We may, in our sole discretion, report conduct to licensing authorities, regulatory agencies, or law enforcement if:
- A Professional Account holder engages in retaliation against a reviewer that constitutes a potential licensing violation (see Professional Account Terms, Section 7.4)
- A Business Account holder violates the Consumer Review Fairness Act or applicable state consumer review protection laws (see Business Account Terms, Section 10)
- Conduct on the Platform constitutes harassment, threats, or other unlawful activity
8.11 User-Initiated Sharing with Providers
Your data is private by default. Providers and Professionals cannot see your private account information unless you choose to share it. When you initiate sharing through the Platform - for example, by sending an inquiry to a Provider, sharing your profile, or using another platform feature designed to connect you with a Provider - the following information may be disclosed to that Provider:
- Your name and contact information (as provided in the inquiry or share)
- Any message or details you include in the inquiry
- Your account type (general user, Business Account holder, Professional Account holder)
- Information about a particular deal or deal criteria
If you are a Verified Buyer, your credential status and summary qualification data may also be shared with Providers when you initiate an introduction or match through the Platform.
This sharing is user-initiated. VerSquare does not share your private information with Providers except in response to your affirmative action. Once shared, the Provider's use of your information is governed by their own privacy policy, not ours.
8.12 Information We Do NOT Share with Providers
Except as described in Section 8.11 (user-initiated sharing), Providers cannot access:
- Your email address or phone number
- Your IP address or device information
- Your account password
- Your private profile information
- Your verification documentation
- The identity of users who flag their content
- Your browsing or search history on VerSquare
9. Public vs. Private Data
Understanding what information is public vs. private is critical for your privacy.
9.1 Public Data (Visible to All)
| Data Type | Visibility |
|---|---|
| Display name (First Name + First Letter of Last Name) | Public - unless you choose anonymous review |
| Review text | Public - Never include personal information you want private |
| Star ratings | Public |
| Review photos | Public - Ensure no sensitive information is visible |
| Review date | Public |
| "Edited" indicator | Public (if you edit your review) |
| Professional Account employer affiliation history | Public - name of employer and date ranges displayed on profile |
| Dual-attribution review scores | Public - individual, institution, and shared dimension scores |
| Business Account profile content | Public - business descriptions, service listings, media |
9.2 Private Data (Not Publicly Visible)
| Data Type | Who Can Access |
|---|---|
| Full name | VerSquare only - unless you initiate sharing through an inquiry or profile share (see Section 8.11) |
| Email address | VerSquare only - unless you initiate sharing through an inquiry or profile share (see Section 8.11) |
| Authentication credentials | Encrypted - Even VerSquare cannot see your password or authentication tokens |
| IP address | VerSquare only - Used for fraud detection |
| Device information | VerSquare only - Used for fraud detection |
| Verification documents | VerSquare only - Never shared with Providers |
| Terms acceptance and consent records | VerSquare only - Retained for legal compliance |
| Search history | VerSquare only - Not shared with anyone |
| Browsing history | VerSquare only - Used for analytics |
| Saved Providers | VerSquare only - Not publicly visible |
| Deal information | VerSquare only - Aggregate data only, not traceable |
| Business Account data | Account Holder and Authorized Users - visible to team members with access |
9.3 Protecting Your Privacy
To protect your privacy:
- Choose whether to display your name (First Name + First Letter of Last Name) or review anonymously
- Do not include personal contact information (phone, email, address) in reviews
- Do not upload photos containing sensitive personal information
- Be mindful that public content can be viewed, copied, and republished by anyone
Note: Even if you choose to review anonymously, determined individuals may be able to identify you through review content details. Be cautious about what you disclose.
10. Data Storage and Transfers
VerSquare is based in the United States. Your information is stored and processed in the United States and may also be processed in other countries where our service providers operate (for example, cloud hosting and content delivery). These countries may have data protection laws that differ from those in your country of residence. See Section 7 for additional information for international users.
11. Data Retention
11.1 General Retention Principle
We retain your personal information only as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
11.2 Retention Periods by Data Category
| Data Category | Retention Period | Rationale |
|---|---|---|
| Active account data | Duration of account | Service provision |
| Deleted account data | 30-90 days | Account recovery period, then deletion |
| Published reviews | Indefinitely or until deleted | Platform value, may be anonymized instead of deleted |
| Transaction/verification data | 7 years | Legal compliance (financial records) |
| Marketing communications | Until consent withdrawn | Consent-based retention |
| Security logs | 1-2 years | Security and fraud prevention |
| Customer support records | 3 years | Legal compliance, quality assurance |
| Payment data (if applicable) | Per payment processor policy | Typically 7 years for tax compliance |
| Legal hold data | Duration of legal matter | Legal obligation |
| Terms acceptance records | Indefinitely | Legal compliance, consent defensibility |
| Dual-attribution consent records | Indefinitely | Legal compliance, consent defensibility |
| Attribution dispute records | 7 years | Legal compliance |
| Deactivated Professional Account data | Indefinitely (reduced display) | Platform-sourced data + third-party reviews persist; self-provided content removed |
| Terminated Business Account data | Per Business Account Terms Section 8 | Factual info persists; authored content at platform discretion |
11.3 Account Deletion
When you delete your account:
- Your account is immediately deactivated
- Your personal information is deleted within 30-90 days
- Your published reviews may be anonymized (see Section 11.4)
- Some information may be retained for legal compliance, fraud prevention, or dispute resolution
11.4 Review Retention After Account Deletion or Deactivation
Published reviews are valuable public content. After account deletion or deactivation:
For General Users (account deletion):
- Your reviews remain published
- Your display name is replaced with "Anonymous User" or similar
- Your email and personal information are deleted
- Review content remains to preserve platform value and consumer information
For Professional Account Holders (deactivation):
- Reviews and scores attributed to your profile are NOT deleted (see Professional Account Terms, Section 10.1(d))
- Reviews may continue to be displayed in a reduced-profile format showing your name, historical employer attributions, and review content
- Your self-provided content (biography, headshot) is removed from public display
- This is because your profile is based in part on publicly available licensing data, and reviews constitute protected third-party speech
For Business Account Holders (subscription lapse or termination):
- Reviews of the business persist regardless of account status (see Business Account Terms, Section 8.2(d))
- Factual business information may continue to be displayed (see Business Account Terms, Section 8.2(b))
- Self-provided business content may be archived at the Platform's discretion (see Business Account Terms, Section 8.2(c))
Full Deletion:
We can perform full deletion of reviews on a case-by-case basis when legally required, but we do not offer this as a standard option. Anonymization (for general users) or reduced-profile display (for professionals) balances individual privacy rights with the public interest in maintaining consumer review information.
11.5 CCPA/CPRA Deletion Rights - What Can and Cannot Be Deleted
For California residents and others with statutory deletion rights, the following framework applies:
(a) Self-provided content (biography, headshot, profile descriptions, uploaded media): Subject to deletion on account deactivation or upon request. Section 11.3 and the applicable Supplemental Terms govern removal from public display.
(b) Platform-sourced data (information from NMLS, state licensing databases, bar registrations, business registries, and other publicly available sources): Exempt from deletion under the publicly available information exception. This data is collected from government and public sources and is not provided by you.
(c) Third-party review content (reviews written about you by other users): Exempt from deletion as it is not your personal information - it is the speech of the reviewer. Reviews are owned by their authors and are governed by the reviewer's rights, not yours.
11.6 Retention for Legal Compliance
We may retain information beyond the standard retention periods when:
- Required by law (e.g., financial records, tax documents)
- Necessary for legal proceedings
- Subject to legal hold
- Needed to protect our legal rights
11.7 Backup Retention
Information may persist in backup systems for up to 90 days after deletion from production systems. Backups are securely stored and not used for operational purposes.
12. Your Privacy Rights
You have certain rights regarding your personal information. The specific rights available depend on your location.
12.1 Rights for All Users
Access Your Information:
- View and download your account information
- Access your posted reviews and profile data
Correct Your Information:
- Update inaccurate or incomplete information via account settings
Delete Your Account:
- Request account deletion at any time
Opt-Out of Marketing:
- Unsubscribe from marketing emails via the unsubscribe link
- Manage communication preferences in account settings
Manage Cookies:
- Control cookie preferences via our cookie consent tool
- Browser settings to block or delete cookies
12.2 Additional Rights for California Residents (CCPA/CPRA)
Right to Know:
- Categories of personal information collected
- Purposes of collection and use
- Categories of sources
- Categories of third parties with whom we share information
- Specific pieces of personal information we have collected
Right to Delete:
- Request deletion of your personal information
- Exceptions apply (legal obligations, fraud prevention, transactions, internal uses)
- For the scope of what can and cannot be deleted (self-provided content vs. platform-sourced data vs. third-party reviews), see Section 11.5
Right to Correct:
- Request correction of inaccurate personal information
Right to Opt-Out of Sale/Sharing:
- Opt-out of "sale" or "sharing" of personal information for cross-context behavioral advertising
- We honor Global Privacy Control (GPC) signals
Right to Limit Use of Sensitive Personal Information:
- Limit use and disclosure of sensitive personal information beyond what is necessary
Right to Non-Discrimination:
- We will not discriminate against you for exercising your privacy rights
- No denial of services, different pricing, or reduced quality
Shine the Light Law:
- California residents may request information about personal information shared with third parties for their direct marketing purposes (if applicable)
12.3 Additional Rights for Other US States
Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws grant rights similar to CCPA (know, delete, correct, opt-out).
Specific state requirements may vary. Contact us to exercise your rights.
12.4 How to Exercise Your Rights
Account Settings:
- Access, correct, and manage many preferences directly in your account settings
Email:
- Send requests to support@versquare.com
Include in Your Request:
- Your name and email address associated with your account
- Specific right you wish to exercise
- Details to help us locate your information
- Preferred format for data portability (if applicable)
12.5 Verification Process
To protect your privacy, we must verify your identity before responding to rights requests.
Verification Methods:
- Email confirmation (to the email address on file)
- Account login verification
- Matching information you provide with information we have on file
- Additional verification for sensitive requests (e.g., deletion, data portability)
If we cannot verify your identity, we may decline your request.
12.6 Authorized Agents (California)
California residents may designate an authorized agent to submit requests on your behalf.
Agent Requirements:
- Provide written authorization signed by you
- We may require you to verify your identity directly
- We may require the agent to provide proof of authorization
12.7 Response Timelines
We respond to privacy rights requests within 45 days (may extend by an additional 45 days with notice for complex requests). We will confirm receipt of your request and provide a response within the applicable timeframe.
12.8 Appeals
If you are unsatisfied with our response to your rights request, you may appeal by contacting us at support@versquare.com with "Appeal" in the subject line.
We will respond to appeals within 45-60 days (varies by state).
12.9 No Fees
We do not charge fees for exercising your privacy rights, except:
- Manifestly unfounded or excessive requests (we may charge a reasonable fee or refuse)
- Repeated requests for copies of the same information (we may charge reasonable administrative costs)
13. Cookies & Tracking Technologies
13.1 What Are Cookies?
Cookies are small text files stored on your device (computer, phone, tablet) that help websites remember information about your visit.
Other tracking technologies include:
- Web beacons/pixels: Small images embedded in web pages or emails
- Local storage: HTML5 local storage
- Mobile identifiers: Device advertising IDs (IDFA, AAID)
13.2 How We Use Cookies
We use cookies and similar technologies for:
- Essential functionality (login, security, preferences)
- Performance and analytics (usage statistics, error tracking)
- Personalization (tailored content and recommendations)
- Advertising (targeted ads, retargeting) [if applicable]
13.3 Cookie Categories
13.3.1 Strictly Necessary Cookies (Essential)
Purpose: Enable core Platform functionality
Cannot be disabled (required for the Platform to work)
Examples:
- Authentication cookies (keep you logged in)
- Security cookies (detect fraudulent activity)
- Load balancing cookies (distribute traffic)
- Session cookies (remember your actions during a single session)
13.3.2 Functional Cookies
Purpose: Remember your preferences and choices
Optional (Platform works without these, but user experience may be reduced)
Examples:
- Language preference
- Region/location settings
- Accessibility preferences
- Font size or display preferences
13.3.3 Analytics/Performance Cookies
Purpose: Help us understand how users interact with the Platform
Requires consent where required by applicable law
Examples:
- Usage statistics and popular pages
- Error tracking and debugging
- Performance monitoring
- A/B testing
Data Collected: Page views, clicks, time on site, referral sources, device/browser info
13.4 Third-Party Cookies
Some cookies are set by third-party services we use:
- Analytics providers
- Advertising networks (if applicable)
- LinkedIn (if you use LinkedIn integration)
- Support tools
These third parties have their own privacy policies governing their use of your information.
Important: We do not control third-party cookies. Review their privacy policies independently.
13.5 Cookie Consent & Management
Cookie Consent Tool:
When you first visit our website, you'll see a cookie banner allowing you to:
- Accept all cookies
- Reject non-essential cookies
- Customize cookie preferences (granular consent by category)
Managing Cookie Preferences:
- Platform Settings: Manage cookie preferences in your account settings or via the cookie consent tool (accessible in the website footer)
- Browser Settings: Most browsers allow you to:
- Block cookies entirely
- Block third-party cookies
- Delete existing cookies
- Receive notifications when cookies are set
Browser Instructions:
- Chrome: Settings > Privacy and Security > Cookies and other site data
- Firefox: Settings > Privacy & Security > Cookies and Site Data
- Safari: Preferences > Privacy > Cookies and website data
- Edge: Settings > Privacy, search, and services > Cookies and site data
Mobile Devices:
- iOS: Settings > Privacy > Tracking (Limit Ad Tracking)
- Android: Settings > Privacy > Ads (Opt out of Ads Personalization)
Consequences of Disabling Cookies:
- Essential cookies: Platform may not function properly
- Functional cookies: Preferences won't be remembered
- Analytics cookies: We can't improve the Platform based on usage data
- Advertising cookies: You'll still see ads, but they won't be personalized
13.6 Do Not Track (DNT)
Some browsers offer a "Do Not Track" (DNT) signal. We honor Global Privacy Control (GPC) signals as an opt-out of sales/sharing under California law.
Note: There is no universal standard for how to respond to DNT signals. We respond to GPC but may not respond to DNT signals from all browsers.
13.7 Cookie Retention
Cookies have different lifespans:
- Session cookies: Deleted when you close your browser
- Persistent cookies: Remain on your device for a set period (varies by cookie)
Our cookie retention periods:
- Essential cookies: Duration of session or up to 1 year
- Functional cookies: Up to 1 year
- Analytics cookies: Up to 2 years
- Advertising cookies: Up to 90 days (if applicable)
14. Security Measures
14.1 Our Commitment to Security
We take the security of your personal information seriously and implement reasonable administrative, technical, and physical safeguards to protect your data.
14.2 Technical Security Measures
Encryption:
- In Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher (Transport Layer Security)
- At Rest: Sensitive data stored on our servers is encrypted using industry-standard encryption
Access Controls:
- Access to user data is limited to authorized personnel on a need-to-know basis
- Multi-factor authentication (MFA) for administrative access
- Least privilege principle
Secure Coding Practices:
- Code reviews for security-sensitive changes
- Input validation and sanitization (prevent SQL injection, XSS attacks)
14.3 Infrastructure Security
Our Platform is hosted on reputable third-party infrastructure providers who maintain industry-standard security certifications and practices, including:
- Physical access controls and 24/7 monitoring at data centers
- Network security (firewalls, DDoS protection, intrusion detection)
- Redundancy and backup systems
- Regular security patching and vulnerability management
We select infrastructure providers based on their security track record and contractual commitments to data protection.
14.4 Incident Response
We maintain procedures for responding to security incidents, including containment, assessment, notification, and corrective action. See Section 16 (Data Breach Notification) for notification details.
14.5 Security Limitations & User Responsibilities
No Guarantee of Absolute Security:
Despite our efforts, no system is 100% secure. We cannot guarantee that:
- Unauthorized access will never occur
- Data breaches will never happen
- Transmissions over the internet are completely secure
Your Responsibilities:
- Strong Passwords: Create a strong, unique password for your VerSquare account (combination of letters, numbers, symbols)
- Password Security: Never share your password with anyone
- Multi-Factor Authentication: Enable MFA if available (enhanced security)
- Phishing Awareness: Be cautious of phishing emails attempting to steal your credentials
- Secure Devices: Protect your devices with passwords, PINs, or biometric locks
- Logout: Log out of your account when using shared or public devices
- Report Suspicious Activity: Notify us immediately if you suspect unauthorized access to your account
We will never ask for your password via email or phone.
14.6 Security Incident Reporting
If you believe you've discovered a security vulnerability in the Platform, please report it to:
Security Email: support@versquare.com
Please provide:
- Description of the vulnerability
- Steps to reproduce (if applicable)
- Potential impact
Responsible Disclosure:
- We request you do not publicly disclose vulnerabilities until we've had reasonable time to address them
- We will acknowledge receipt within 48 hours
- We will work with you to understand and address the issue
15. Children's Privacy
15.1 Age Restriction
VerSquare is not directed to children under the age of 18. Our Platform is designed for adults seeking information about SBA lenders and financial services.
We do not knowingly collect personal information from individuals under 18 years of age.
15.2 Age Verification
To use the Platform and create an account, you must confirm you are at least 18 years old.
15.3 Parental Notice
If you are a parent or guardian and believe your child under 18 has provided us with personal information, please contact us immediately at support@versquare.com.
We will promptly:
- Investigate the matter
- Delete the child's information from our systems
- Terminate the associated account
15.4 COPPA Compliance (US)
We comply with the Children's Online Privacy Protection Act (COPPA):
- We do not knowingly collect information from children under 13
- We do not have actual knowledge of collecting information from children under 13
- If we learn of such collection, we will delete the information immediately
16. Data Breach Notification
16.1 Breach Prevention
We implement robust security measures (see Section 14) to prevent data breaches. However, no system is entirely immune.
16.2 Breach Response Plan
If a data breach occurs, we have an incident response plan to:
- Contain the breach and prevent further unauthorized access
- Assess the scope and impact of the breach
- Determine what information was affected
- Notify affected individuals and authorities as required by law
- Take corrective measures to prevent future breaches
16.3 Notification Requirements
We will notify affected individuals without unreasonable delay and in accordance with applicable state and federal law requirements. Notification will include:
- Nature of the breach
- Categories and approximate number of individuals affected
- Measures taken or proposed to address the breach
- Contact information for further inquiries
Notification methods: Email, written notice, or substitute notice (if contact information is unavailable). We may also notify relevant state attorneys general and consumer reporting agencies as required by law.
16.4 Your Role
If you suspect your account has been compromised:
- Change your password immediately
- Enable multi-factor authentication (if available)
- Review your account activity for unauthorized actions
- Contact us at support@versquare.com with details
17. Third-Party Services
17.1 Third-Party Websites
The Platform may contain links to third-party websites, including:
- Provider websites
- Partner sites
- News articles or resources
We are not responsible for:
- The privacy practices of third-party websites
- The content or accuracy of third-party websites
- Your interactions with third-party websites
You should review the privacy policies of third-party websites before providing them with personal information.
17.2 Provider Services
When you engage with Providers through the Platform:
- Providers are independent businesses, not our agents or employees
- Providers have their own privacy policies and terms
- Any information you provide directly to Providers is governed by their privacy policies, not ours
- We are not responsible for Provider data practices
You should review Provider privacy policies before engaging their services or sharing personal information.
17.3 LinkedIn Integration
If you connect your LinkedIn account or use LinkedIn login features:
- LinkedIn may collect information about your use of VerSquare
- This information is governed by LinkedIn's privacy policy
- Your LinkedIn activity may be visible to your connections on LinkedIn
Review LinkedIn privacy settings to control what information is shared.
17.4 Third-Party Analytics & Advertising
We use third-party analytics and advertising services (see Section 13 - Cookies). These services have their own privacy policies that govern their data practices.
18. Automated Decision-Making
18.1 Use of Automated Systems
We use automated decision-making systems and artificial intelligence (AI) for certain purposes, including:
Fraud Detection & Prevention:
- Automated scoring of review authenticity
- Pattern recognition to identify fake reviews
- Risk assessment for user accounts and Provider profiles
- Anomaly detection (suspicious behavior, fraudulent patterns)
Content Moderation (AI-Powered):
- Automated flagging of potentially violating content using artificial intelligence
- Spam detection
- Detection of prohibited content (hate speech, personal information, etc.)
- Screening for harmful or illegal material
- Automated systems may flag, modify, or temporarily remove content pending human review (see Terms of Service, Section 10.2)
Review Attribution & Scoring:
- Automated calculation of dual-attribution review scores (individual-scoped, institution-scoped, and shared dimensions) for Professional Account holders
- Automated categorization of review dimensions
- Aggregate score calculation when minimum review thresholds are met
Personalization:
- Personalized Provider recommendations
- Customized search results based on your interests and past behavior
- Tailored content on the Platform
Platform Optimization:
- Rating and ranking calculations for Providers
- Quality and credibility scoring for reviews
- A/B testing for feature optimization
18.2 Human Oversight
We do not make solely automated decisions with significant legal or similarly significant effects on you.
For important decisions (e.g., account termination, content removal), we provide human review and oversight:
- Automated systems flag content or accounts for review
- Human moderators review flagged content and make final decisions
- You can appeal decisions and receive human review
18.3 Logic of Automated Decision-Making
Fraud Detection:
Our fraud detection algorithms analyze multiple data points:
- IP address patterns (e.g., multiple accounts from same IP)
- Device fingerprinting (e.g., same device creating multiple accounts)
- Writing style analysis (e.g., similar language across reviews)
- Timing patterns (e.g., coordinated review posting)
- Account behavior (e.g., rapid review posting, unusual activity)
Scoring: Reviews and accounts receive fraud risk scores. High-risk items are flagged for human review.
Content Moderation:
Our moderation AI screens content for:
- Prohibited keywords and phrases
- Sentiment analysis (detecting harmful or abusive tone)
- Image content analysis (detecting inappropriate visuals)
- Pattern matching (comparing against known violating content)
Flagging: Content with high risk scores is flagged for human moderator review.
Personalization:
Our recommendation algorithms consider:
- Your search history and clicked Providers
- Your saved Providers
- Your review history and ratings
- Similar users' behavior (collaborative filtering)
- Provider characteristics (location, services, ratings)
Output: Personalized recommendations and search result ordering.
18.4 Questions About Automated Decisions
If you have questions or concerns about an automated decision affecting you (such as content moderation, fraud detection, or review scoring), contact us at support@versquare.com. We will review your inquiry and provide a response.
18.5 Non-Discrimination
Our automated systems are designed to be fair and non-discriminatory. We do not use protected characteristics (race, gender, religion, etc.) in decision-making, and we provide human oversight for significant decisions.
If you believe you've been subject to discriminatory automated decision-making, please contact us.
19. Your Choices & Controls
You have control over your personal information and how we use it.
19.1 Account Information
Access & Update:
- Log in to your account settings to view and update your personal information
- Correct inaccuracies or update outdated information
Account Deletion:
- Request account deletion at any time (see Section 11.3 for details)
- Use account settings or contact support@versquare.com
19.2 Communication Preferences
Marketing Emails:
- Opt-Out: Click "Unsubscribe" at the bottom of any marketing email
- Manage Preferences: Adjust email preferences in account settings
- Opt-In Requirement: We only send marketing emails to users who have opted in
Platform Notifications:
- Manage notification preferences in account settings
- Choose which notifications you receive (e.g., Provider responses, new reviews)
Transactional Emails:
- Cannot opt out (essential for account security and service updates)
- Examples: Password resets, security alerts, Terms/Privacy Policy changes
19.3 Cookie Preferences
Manage Cookies:
- Use our cookie consent tool (website footer) to customize cookie preferences
- Accept or reject non-essential cookies by category
- Change your preferences at any time
Browser Controls:
- Block or delete cookies using browser settings (see Section 13.5)
19.4 Personalization & Recommendations
Opt-Out of Personalization:
- Disable personalized recommendations in account settings (if available)
- Note: This may reduce the relevance of search results and content
19.5 Search Engine Indexing
Request Evaluation for Opt-Out:
- Contact us to request that your public reviews be evaluated for exclusion from search engine indexing (see Section 12)
- Requests will be evaluated on a case-by-case basis, balancing your privacy rights against the public interest in transparency and consumer protection
- Note: Already-indexed content may remain in search engine caches
19.6 LinkedIn Connection
Disconnect LinkedIn:
- Disconnect your linked LinkedIn account in account settings
- Note: This does not delete information already shared with LinkedIn
20. Changes to This Policy
20.1 Right to Modify
We may update this Privacy Policy from time to time to reflect:
- Changes to our data practices
- New features or services
- Legal, regulatory, or operational developments
- Industry best practices
20.2 Notification of Changes
When we make changes, we will:
- Update the "Last Updated" date at the top of this Privacy Policy
- Notify you via email (to the address associated with your account)
- Display a notice on the Platform
- For material changes, provide advance notice (typically 30 days)
20.3 Material Changes
Material changes include:
- New purposes for data collection or use
- Sharing data with new categories of third parties
- Reduction of your privacy rights
- Changes to data retention periods
- Changes requiring new consent under applicable law
For material changes, we will provide at least 30 days' advance notice before the changes take effect. Your continued use of the Platform after the effective date constitutes acceptance of the updated Privacy Policy.
20.4 Your Acceptance
Your continued use of the Platform after changes become effective constitutes your acceptance of the updated Privacy Policy.
If you do not agree to the changes, you may:
- Stop using the Platform
- Delete your account before the changes take effect
- Contact us with questions or concerns about the changes
20.5 Policy Version History
We maintain an archive of previous versions of this Privacy Policy for reference. Contact us if you would like to review a prior version.
21. Contact Information
21.1 Privacy Inquiries
For questions, concerns, or complaints about this Privacy Policy or our privacy practices, contact us:
Privacy Department
Email: support@versquare.com
Mail:
Search Assistant, Inc.
Attn: Privacy Department
6595 Roswell Rd
Suite G #5313
Atlanta, GA 30328
21.2 California Privacy Rights (California Residents)
To Exercise Your CCPA/CPRA Rights:
VerSquare operates exclusively online and provides the following methods to submit privacy requests:
Email: support@versquare.com
Include in Your Request:
- Your name and email address associated with your account
- Specific right you wish to exercise (know, delete, correct, opt-out)
- Sufficient details to help us locate your information
We will respond to verified requests within 45 days.
Shine the Light Law:
California residents may request information about personal information shared with third parties for direct marketing purposes by emailing support@versquare.com with "California Shine the Light Request" in the subject line.
21.3 Response Time
We strive to respond to privacy inquiries within:
- 48 hours: Acknowledgment of receipt
- 45 days: Substantive response
Complex requests may require additional time (we will notify you of any extensions).
Acknowledgment & Consent
BY USING THE PLATFORM, YOU ACKNOWLEDGE THAT:
- You have read and understood this Privacy Policy in its entirety
- You understand how we collect, use, and share your personal information
- You consent to our data practices as described in this Privacy Policy
- You understand your privacy rights and how to exercise them
- You have been given an opportunity to ask questions or seek clarification
IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, PLEASE DO NOT USE THE PLATFORM.