Privacy Policy
Effective Date: November 1, 2025
Last Updated: November 11, 2025
Table of Contents
- Introduction
- Data Controller Information
- Scope of Policy
- Information We Collect
- How We Collect Information
- How We Use Your Information
- Legal Basis for Processing (GDPR)
- Information Sharing & Disclosure
- Public vs. Private Data
- International Data Transfers
- Data Retention
- Your Privacy Rights
- Cookies & Tracking Technologies
- Security Measures
- Children's Privacy
- Data Breach Notification
- Third-Party Services
- Automated Decision-Making
- Your Choices & Controls
- Changes to This Policy
- Contact Information
1. Introduction
VerSquare ("we," "us," or "our"), operated by Search Assistant, Inc., is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Platform - a review-based provider marketplace that helps potential business buyers discover deal professionals (such as lenders, lawyers, and due diligence providers) who they may wish to engage in their transaction.
This Privacy Policy applies to information collected through:
- Our website at www.versquare.com
- Our mobile applications
- Email communications
- Customer service interactions
- Any other services we provide
Please read this Privacy Policy carefully. By using the Platform, you acknowledge that you have read and understood this Privacy Policy and agree to our collection, use, and disclosure practices as described.
If you do not agree with this Privacy Policy, please do not use the Platform.
2. Data Controller Information
The data controller responsible for your personal information is:
Search Assistant, Inc. (doing business as VerSquare) 6595 Roswell Road Suite G #5313 Atlanta, GA 30328
Email: support@versquare.com
3. Scope of Policy
3.1 What This Policy Covers
This Privacy Policy covers personal information that we collect, use, and disclose in connection with the Platform and our Services.
3.2 What This Policy Does Not Cover
This Privacy Policy does not cover:
- Information collected by third-party websites linked from our Platform
- Information collected by Providers (the companies included within the Platform) through their own websites or services
- Information practices of third-party service providers (though we describe what information we share with them)
You should review the privacy policies of Providers and third-party services independently.
4. Information We Collect
We collect several types of information from and about users of our Platform.
4.1 Personal Identifiers
Information that identifies you personally:
- Full name (collected for verification of review legitimacy)
- Display name (how you appear on reviews: First Name + First Letter of Last Name)
- Email address
- Phone number (if provided)
- Physical address (if provided)
- IP address
- Device identifiers (device ID, advertising ID)
- Account credentials (encrypted password)
4.2 Commercial & Platform Information
Information related to your use of the platform and related commercial activities:
- Provider interaction history (which Providers you've reviewed or searched for)
- Saved providers (Providers you've bookmarked or saved for future reference)
- Deals you are working on (if you choose to disclose this information)
- Review history (reviews you've posted, ratings you've given)
- Service preferences
4.3 Internet & Network Activity
Information about your Platform usage:
- Browsing history on our Platform
- Search queries and filters used
- Page views, clicks, and navigation paths
- Time spent on pages
- Referral sources (how you found our Platform)
- App usage patterns
- Interaction with emails we send
- Features and content you access
4.4 Location Data
Geographic information:
- General location inferred from IP address (city, state, country)
- Precise device location [only if you enable location services - optional]
- Location information you provide in your profile or reviews
4.5 User-Generated Content
Content you create on the Platform:
- Reviews and ratings
- Photos (uploaded to reviews or profile)
- Comments and responses
- Questions and answers
- Messages sent through the Platform
- Customer service communications
4.6 Technical Data
Information about your device and usage:
- Device type, model, and manufacturer
- Operating system and version
- Browser type and version
- Screen resolution
- Language preferences
- Time zone settings
- Cookies and similar tracking technologies (see Section 13)
- Log data (timestamps, error logs, crash reports)
4.7 Verification & Authentication Data
Information collected to verify identity and authenticity:
- Email verification confirmations
- Transaction documentation (ex. loan applications, invoices, correspondence with Providers) [only if you required for additional verification]
- Device fingerprinting data (for fraud detection)
- Authentication credentials
4.8 Inferences & Derived Data
Information we derive from your usage:
- Predictions about your interests and preferences
- User engagement scores
- Review quality and credibility scores
- Fraud risk assessments
- Service recommendations
4.9 Sensitive Personal Information
We generally do not collect sensitive personal information (e.g., Social Security numbers, precise financial account information, health data, biometric data) unless you voluntarily provide it in reviews or communications.
We strongly discourage including sensitive personal information in your reviews or public profile.
If you do provide sensitive information, you consent to our processing of that information as described in this Privacy Policy.
4.10 Information We Do NOT Collect
We do not knowingly collect:
- Information from children under 18 years of age
- Credit card numbers or payment information (if we process payments, this is handled by third-party payment processors who do not share full card numbers with us)
- Social Security numbers or government ID numbers (except as necessary for Provider verification and not for general users)
- Video content for reviews
5. How We Collect Information
5.1 Information You Provide Directly
We collect information you provide directly when you:
- Create an account
- Complete your profile
- Post reviews, ratings, or comments
- Upload photos
- Search for or view Providers
- Save Providers for future reference
- Disclose information about deals you are working on
- Contact customer support
- Subscribe to newsletters or communications
- Participate in surveys or promotions
- Voluntarily verify your review
5.2 Information Collected Automatically
We automatically collect certain information when you use the Platform through:
Cookies and Similar Technologies:
- Cookies (small text files stored on your device)
- Web beacons and pixel tags
- Local storage (HTML5)
- Mobile device identifiers
See Section 13 (Cookies & Tracking Technologies) for details.
Log Data:
- Server logs recording your IP address, browser type, pages visited, timestamps
Analytics Tools:
- Usage analytics platforms
- Performance monitoring tools
- Error tracking services
5.3 Information from Third Parties
We may receive information about you from:
LinkedIn:
- If you connect your LinkedIn account to your VerSquare account, we receive basic profile information (name, email, profile photo) as permitted by your LinkedIn privacy settings
Public Sources:
- Publicly available information (e.g., if you're a Provider, we may collect information from business registries, SBA databases, state licensing boards)
Fraud Detection Services:
- Information from fraud detection and prevention service providers
Business Partners:
- If you access the Platform through a partner site or referral program
Service Providers:
- Analytics providers
- Email service providers (engagement data)
- Hosting providers (access logs)
5.4 Provider-Submitted Information
For Provider accounts, we collect:
- Business name and information
- License and registration details
- Compliance and verification documents
- Professional credentials
Providers are responsible for the accuracy of information they provide.
6. How We Use Your Information
We use the information we collect for the following purposes:
6.1 Service Delivery & Operation
- Account Management: Create and manage your account; authenticate you; remember your preferences
- Platform Functionality: Provide core features - posting reviews, searching Providers, viewing content, saving Providers, managing deals
- Review Publication: Display your reviews and ratings publicly
- Customer Support: Respond to your inquiries, troubleshoot issues, provide assistance
- Transactions: Process any transactions (if applicable)
6.2 Review Authenticity & Fraud Prevention
- Verification: Verify the authenticity of reviews through transaction confirmation or Provider confirmation
- Fraud Detection: Detect and prevent fake reviews, fraudulent accounts, and abusive behavior using AI/ML algorithms
- Pattern Analysis: Analyze patterns of IP addresses, device fingerprints, writing styles, and behaviors to identify suspicious activity
- Account Security: Protect against unauthorized access, hacking, and other security threats
- Compliance Monitoring: Ensure compliance with our Terms of Service and guidelines
6.3 Improvement & Analytics
- Service Enhancement: Improve Platform features, functionality, and user experience
- Usage Analytics: Understand how users interact with the Platform; identify popular features and content
- Performance Monitoring: Monitor Platform performance, uptime, and error rates
- A/B Testing: Test new features and designs to optimize user experience
- Research & Development: Develop new products, features, and services
6.4 Personalization
- Recommendations: Provide personalized Provider recommendations based on your searches, saved Providers, and interactions
- Customized Content: Tailor search results and content to your interests
- Preference Management: Remember your settings and preferences
6.5 Communications
Transactional Communications (Essential):
- Account confirmations and security alerts
- Password resets and authentication codes
- Notifications of policy or Terms changes
- Moderation decisions on your content
- Responses to customer support inquiries
Platform Activity Notifications (Opt-Out Available):
- Notifications when Providers respond to your reviews
- Notifications about new reviews on Providers you've followed or searched
- Platform updates and new features
Marketing Communications (Opt-In Only):
- Newsletters and Platform news
- Promotional offers
- Surveys and research requests
- Partner offers and collaborations
6.6 Legal & Compliance
- Legal Obligations: Comply with applicable laws, regulations, and legal processes
- Terms Enforcement: Enforce our Terms of Service and policies
- Dispute Resolution: Resolve disputes, investigate complaints, and respond to legal requests
- Law Enforcement Cooperation: Cooperate with law enforcement when required by law
- Regulatory Reporting: Report to regulatory authorities as required
6.7 Advertising & Marketing
- Interest-Based Advertising: Serve targeted advertisements based on your interests and behaviors (with your consent where required)
- Advertising Performance: Measure effectiveness of advertising campaigns
- Retargeting: Show you ads for VerSquare on other websites (with your consent where required)
6.8 Business Operations
- Corporate Transactions: In connection with mergers, acquisitions, asset sales, or similar transactions
- Protection of Rights: Protect the rights, property, and safety of VerSquare, our users, and the public
- Business Analysis: Analyze business performance and market trends
7. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal information based on the following legal grounds:
7.1 Contract Performance
We process your personal information to perform our contract with you (the Terms of Service), including:
- Account creation and management
- Providing Platform services
- Review posting and display
- Customer support
- Transaction processing
Legal Basis: GDPR Article 6(1)(b) - Performance of a contract
7.2 Consent
We process certain personal information based on your explicit consent, including:
- Marketing communications (newsletters, promotions)
- Optional features (location services, LinkedIn integration)
- Non-essential cookies (analytics, advertising)
- Sensitive personal information (if you choose to provide it)
You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
Legal Basis: GDPR Article 6(1)(a) - Consent
7.3 Legitimate Interests
We process your personal information based on our legitimate interests, including:
Fraud Prevention & Security:
- Detecting and preventing fake reviews
- Protecting against fraudulent accounts
- Ensuring Platform security
Service Improvement:
- Analyzing Platform usage
- Improving features and functionality
- Conducting research and development
Communications (Existing Customers):
- Sending direct marketing to existing customers (with easy opt-out)
- Platform updates and relevant news
Business Operations:
- Managing business relationships
- Analyzing business performance
We have conducted legitimate interest assessments (LIAs) balancing our interests against your rights and freedoms. We do not process your information for legitimate interests where your rights override our interests.
Legal Basis: GDPR Article 6(1)(f) - Legitimate interests
7.4 Legal Obligation
We process your personal information to comply with legal obligations, including:
- Regulatory compliance (financial services, consumer protection)
- Tax and accounting requirements
- Law enforcement cooperation
- Legal process responses (subpoenas, court orders)
- Record retention requirements
Legal Basis: GDPR Article 6(1)(c) - Legal obligation
7.5 Vital Interests
In rare circumstances, we may process your personal information to protect your vital interests or those of another person (e.g., to prevent serious harm or danger).
Legal Basis: GDPR Article 6(1)(d) - Vital interests
7.6 Special Category Data
We generally do not collect special category data (sensitive data under GDPR Article 9) such as health data, biometric data, or data revealing racial or ethnic origin.
If you voluntarily include such information in your reviews or communications, we process it based on explicit consent (GDPR Article 9(2)(a)) or because you have manifestly made it public (GDPR Article 9(2)(e)).
8. Information Sharing & Disclosure
We share your information in the following circumstances:
8.1 Public Display
Information Made Public:
The following information is publicly visible to all internet users (including non-registered visitors):
- Your display name (First Name + First Letter of Last Name) - unless you choose to review anonymously
- Your reviews and ratings (text, star rating, date)
- Photos you upload to reviews
- Review update dates ("edited" indicator)
- Deal context data related to your review (used in aggregate form elsewhere on the Platform and not traceable back to you or the specific deal)
Public Consequences:
- This information can be viewed by anyone
- It may be indexed by search engines (Google, Bing)
- It may be cached, archived, or republished by third parties
- It may appear in search results outside of VerSquare
- Deletion may not remove cached or archived versions
Provider Access:
- Providers can see your public information for reviews of their business
- Providers cannot see your email, IP address, device info, or private account details
8.2 Service Providers & Processors
We share your information with third-party service providers who perform services on our behalf:
Hosting & Infrastructure:
- Cloud hosting and database management (Google Cloud infrastructure)
- Content delivery networks (CDNs)
- Application hosting services
Analytics & Performance:
- Website and app analytics
- Performance monitoring
- Error tracking and crash reporting
Communications:
- Email service providers (transactional and marketing emails)
- Customer support platforms
Security & Fraud Prevention:
- Fraud detection services
- Security monitoring tools
- Identity verification services
Advertising & Marketing (if applicable):
- Advertising networks
- Marketing automation platforms
- Data analytics providers
Payment Processing:
- Payment processors (e.g., Stripe)
- Note: We do not store full credit card numbers
These service providers have access to your information only to perform services on our behalf and are contractually obligated to protect your information and comply with this Privacy Policy and applicable law.
GDPR Compliance: For EU/UK users, we enter into Data Processing Agreements (DPAs) with processors as required by GDPR Article 28.
8.3 Business Partners
API Partners:
- If you access the Platform through partner integrations
- Limited information sharing as needed for the integration
Affiliate Programs (if applicable):
- Referral partners receive limited information if you arrived through their referral link
8.4 Search Engines & Web Crawlers
Your public information (reviews, ratings, display name) is accessible to:
- Search engines (Google, Bing, Yahoo, etc.)
- Web crawlers and indexing bots
- AI systems and data aggregators (for indexing, not AI training)
We allow search engine indexing based on our legitimate interests to:
- Increase visibility of Provider information
- Help users discover reviews through search
- Promote transparency in the SBA lending market
- Support consumer protection and informed decision-making
Right to Object: You may request to opt out of search engine indexing under certain circumstances (see Section 12 - Your Privacy Rights). However:
- We may decline such requests where our legitimate interests in transparency, consumer protection, and freedom of expression override your individual privacy interests
- Each request is evaluated on a case-by-case basis
- Already-indexed content will remain in search engine caches
- Your reviews will remain visible on VerSquare
8.5 Aggregated & Anonymized Data
We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you:
- Market research and trends
- Industry reports and white papers
- Platform usage statistics
- Data shared with researchers or partners
This data is not considered "personal information" under most privacy laws.
8.6 Legal & Compliance Disclosures
We may disclose your information when required or permitted by law:
Legal Process:
- In response to subpoenas, court orders, or legal process
- To comply with law enforcement requests
- As required by applicable law or regulation
Rights Protection:
- To protect the rights, property, and safety of VerSquare, our users, and the public
- To enforce our Terms of Service or policies
- To detect, prevent, or address fraud, security, or technical issues
- To investigate violations or potential violations
Regulatory Authorities:
- Financial services regulators
- Consumer protection agencies
- Data protection authorities
8.7 Corporate Transactions
In connection with:
- Mergers or acquisitions
- Sale of all or part of our business or assets
- Reorganization or bankruptcy
- Other corporate transactions
Your information may be transferred to the acquiring entity. We will notify you via email and/or Platform notice before your information is transferred and becomes subject to a different privacy policy.
8.8 With Your Consent
We may share your information with third parties when you explicitly consent to such sharing.
8.9 LinkedIn Integration
If you connect your LinkedIn account to VerSquare:
- We receive information from LinkedIn (per your privacy settings)
- You may have the option to share VerSquare content on LinkedIn
- LinkedIn may collect information about your use of VerSquare (see their privacy policy)
8.10 Information We Do NOT Share with Providers
Providers cannot access:
- Your email address or phone number (unless you explicitly request to be introduced to a Provider, in which case we may share your contact information with that Provider at your request)
- Your IP address or device information
- Your account password
- Your private profile information
- Your verification documentation
- The identity of users who flag their content
- Your browsing or search history on VerSquare
9. Public vs. Private Data
Understanding what information is public vs. private is critical for your privacy.
9.1 Public Data (Visible to All)
| Data Type | Visibility |
|---|---|
| Display name (First Name + First Letter of Last Name) | Public - unless you choose anonymous review |
| Review text | Public - Never include personal information you want private |
| Star ratings | Public |
| Review photos | Public - Ensure no sensitive information is visible |
| Review date | Public |
| "Edited" indicator | Public (if you edit your review) |
9.2 Private Data (Not Publicly Visible)
| Data Type | Who Can Access |
|---|---|
| Full name | VerSquare only - Used for verification purposes |
| Email address | VerSquare only - Not shared with Providers or public (unless you request introduction) |
| Password | Encrypted - Even VerSquare cannot see your password |
| IP address | VerSquare only - Used for fraud detection |
| Device information | VerSquare only - Used for fraud detection |
| Verification documents | VerSquare only - Never shared with Providers |
| Search history | VerSquare only - Not shared with anyone |
| Browsing history | VerSquare only - Used for analytics |
| Saved Providers | VerSquare only - Not publicly visible |
| Deal information | VerSquare only - Aggregate data only, not traceable |
9.3 Protecting Your Privacy
To protect your privacy:
- Choose whether to display your name (First Name + First Letter of Last Name) or review anonymously
- Do not include personal contact information (phone, email, address) in reviews
- Do not upload photos containing sensitive personal information
- Be mindful that public content can be viewed, copied, and republished by anyone
Note: Even if you choose to review anonymously, determined individuals may be able to identify you through review content details. Be cautious about what you disclose.
10. International Data Transfers
10.1 Global Operations
VerSquare is based in the United States. Your information may be transferred to, stored, and processed in:
- The United States
- Other countries where we, our affiliates, or our service providers operate
These countries may have data protection laws that differ from those in your country of residence.
10.2 Transfers from the EU/UK/Switzerland
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure that transfers of your personal information to countries outside the EEA/UK/Switzerland are protected by appropriate safeguards:
Standard Contractual Clauses (SCCs):
- We use European Commission-approved Standard Contractual Clauses with data recipients in countries without adequacy decisions
- SCCs are legal contracts ensuring data protection standards equivalent to GDPR
EU-US Data Privacy Framework:
- We may transfer data to the United States under the EU-US Data Privacy Framework (DPF), adopted by the European Commission in July 2023 as the replacement for the invalidated Privacy Shield
- Our service providers may be DPF-certified and have self-certified their compliance with the DPF Principles
- You may view the list of DPF-certified companies at: https://www.dataprivacyframework.gov/
Adequacy Decisions:
- We may transfer data to countries deemed "adequate" by the European Commission
- Direct transfers permitted without additional safeguards
Your Consent:
- In some cases, we may ask for your explicit consent to transfer your data internationally
Additional Safeguards:
- Encryption in transit and at rest
- Access controls and authentication
- Regular security assessments
- Contractual obligations on recipients
You may contact us for more information about the safeguards we use for international transfers and to obtain a copy of the SCCs.
11. Data Retention
11.1 General Retention Principle
We retain your personal information only as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
11.2 Retention Periods by Data Category
| Data Category | Retention Period | Rationale |
|---|---|---|
| Active account data | Duration of account | Service provision |
| Deleted account data | 30-90 days | Account recovery period, then deletion |
| Published reviews | Indefinitely or until deleted | Platform value, may be anonymized instead of deleted |
| Transaction/verification data | 7 years | Legal compliance (financial records) |
| Marketing communications | Until consent withdrawn | Consent-based retention |
| Security logs | 1-2 years | Security and fraud prevention |
| Customer support records | 3 years | Legal compliance, quality assurance |
| Payment data (if applicable) | Per payment processor policy | Typically 7 years for tax compliance |
| Legal hold data | Duration of legal matter | Legal obligation |
11.3 Account Deletion
When you delete your account:
- Your account is immediately deactivated
- Your personal information is deleted within 30-90 days
- Your published reviews may be anonymized (see Section 11.4)
- Some information may be retained for legal compliance, fraud prevention, or dispute resolution
11.4 Review Retention After Account Deletion
Published reviews are valuable public content. After account deletion:
Default - Anonymization:
- Your reviews remain published
- Your display name is replaced with "Anonymous User" or similar
- Your email and personal information are deleted
- Review content remains to preserve platform value and consumer information
Exceptions to Anonymization (Full Deletion Not Available):
- Legal obligations (court orders, regulatory requirements)
- Fraud prevention (if your account was involved in fraudulent activity)
- Dispute resolution (if there's an active dispute involving your content)
- Freedom of expression and public interest in consumer information
Note: We can perform full deletion of reviews on a case-by-case basis when legally required, but we do not offer this as a standard option. Anonymization balances individual privacy rights with the public interest in maintaining consumer review information.
11.5 Retention for Legal Compliance
We may retain information beyond the standard retention periods when:
- Required by law (e.g., financial records, tax documents)
- Necessary for legal proceedings
- Subject to legal hold
- Needed to protect our legal rights
11.6 Backup Retention
Information may persist in backup systems for up to 90 days after deletion from production systems. Backups are securely stored and not used for operational purposes.
12. Your Privacy Rights
You have certain rights regarding your personal information. The specific rights available depend on your location.
12.1 Rights for All Users
Access Your Information:
- View and download your account information
- Access your posted reviews and profile data
Correct Your Information:
- Update inaccurate or incomplete information via account settings
Delete Your Account:
- Request account deletion at any time
Opt-Out of Marketing:
- Unsubscribe from marketing emails via the unsubscribe link
- Manage communication preferences in account settings
Manage Cookies:
- Control cookie preferences via our cookie consent tool
- Browser settings to block or delete cookies
12.2 Additional Rights for EU/UK/Swiss Users (GDPR)
Right of Access (Article 15):
- Request a copy of the personal information we hold about you
- Understand how we process your information
Right to Rectification (Article 16):
- Correct inaccurate personal information
- Complete incomplete information
Right to Erasure / "Right to be Forgotten" (Article 17):
- Request deletion of your personal information
- Exceptions apply: Legal obligations, fraud prevention, freedom of expression, public interest, legal claims
Right to Restrict Processing (Article 18):
- Limit how we use your information in certain circumstances
- (e.g., while we verify accuracy or respond to your objection)
Right to Data Portability (Article 20):
- Receive your personal information in a structured, machine-readable format (JSON or CSV)
- Transmit your information to another service provider (where technically feasible)
Right to Object (Article 21):
- Object to processing based on legitimate interests
- Object to direct marketing (absolute right - we will stop immediately)
- Object to profiling for direct marketing
Rights Related to Automated Decision-Making (Article 22):
- Right not to be subject to purely automated decisions with significant effects
- Right to human review of automated decisions
- Right to explanation of decision logic
Right to Withdraw Consent:
- Withdraw consent at any time (does not affect lawfulness before withdrawal)
- Easy withdrawal mechanisms (e.g., account settings, unsubscribe links)
Right to Lodge a Complaint:
- File a complaint with your national data protection authority
- EU users: Find your authority at https://edpb.europa.eu/about-edpb/board/members_en
- UK users: Information Commissioner's Office (ICO) at https://ico.org.uk/
12.3 Additional Rights for California Residents (CCPA/CPRA)
Right to Know:
- Categories of personal information collected
- Purposes of collection and use
- Categories of sources
- Categories of third parties with whom we share information
- Specific pieces of personal information we have collected
Right to Delete:
- Request deletion of your personal information
- Exceptions apply (legal obligations, fraud prevention, transactions, internal uses)
Right to Correct:
- Request correction of inaccurate personal information
Right to Opt-Out of Sale/Sharing:
- Opt-out of "sale" or "sharing" of personal information for cross-context behavioral advertising
- We honor Global Privacy Control (GPC) signals
Right to Limit Use of Sensitive Personal Information:
- Limit use and disclosure of sensitive personal information beyond what is necessary
Right to Non-Discrimination:
- We will not discriminate against you for exercising your privacy rights
- No denial of services, different pricing, or reduced quality
Shine the Light Law:
- California residents may request information about personal information shared with third parties for their direct marketing purposes (if applicable)
12.4 Additional Rights for Other US States
Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws grant rights similar to CCPA (know, delete, correct, opt-out).
Specific state requirements may vary. Contact us to exercise your rights.
12.5 How to Exercise Your Rights
Account Settings:
- Access, correct, and manage many preferences directly in your account settings
Email:
- Send requests to support@versquare.com
Include in Your Request:
- Your name and email address associated with your account
- Specific right you wish to exercise
- Details to help us locate your information
- Preferred format for data portability (if applicable)
12.6 Verification Process
To protect your privacy, we must verify your identity before responding to rights requests.
Verification Methods:
- Email confirmation (to the email address on file)
- Account login verification
- Matching information you provide with information we have on file
- Additional verification for sensitive requests (e.g., deletion, data portability)
If we cannot verify your identity, we may decline your request.
12.7 Authorized Agents (California)
California residents may designate an authorized agent to submit requests on your behalf.
Agent Requirements:
- Provide written authorization signed by you
- We may require you to verify your identity directly
- We may require the agent to provide proof of authorization
12.8 Response Timelines
- GDPR: We respond to requests within 30 days (may extend by 60 days for complex requests)
- CCPA/US State Laws: We respond within 45 days (may extend by 45 days with notice)
We will confirm receipt of your request and provide a response within the applicable timeframe.
12.9 Appeals (US State Laws)
If you are unsatisfied with our response to your rights request, you may appeal by contacting us at support@versquare.com with "Appeal" in the subject line.
We will respond to appeals within 45-60 days (varies by state).
12.10 No Fees
We do not charge fees for exercising your privacy rights, except:
- Manifestly unfounded or excessive requests (we may charge a reasonable fee or refuse)
- Repeated requests for copies of the same information (we may charge reasonable administrative costs)
13. Cookies & Tracking Technologies
13.1 What Are Cookies?
Cookies are small text files stored on your device (computer, phone, tablet) that help websites remember information about your visit.
Other tracking technologies include:
- Web beacons/pixels: Small images embedded in web pages or emails
- Local storage: HTML5 local storage
- Mobile identifiers: Device advertising IDs (IDFA, AAID)
13.2 How We Use Cookies
We use cookies and similar technologies for:
- Essential functionality (login, security, preferences)
- Performance and analytics (usage statistics, error tracking)
- Personalization (tailored content and recommendations)
- Advertising (targeted ads, retargeting) [if applicable]
13.3 Cookie Categories
13.3.1 Strictly Necessary Cookies (Essential)
Purpose: Enable core Platform functionality Cannot be disabled (required for the Platform to work)
Examples:
- Authentication cookies (keep you logged in)
- Security cookies (detect fraudulent activity)
- Load balancing cookies (distribute traffic)
- Session cookies (remember your actions during a single session)
Legal Basis: Legitimate interest (essential for service provision)
13.3.2 Functional Cookies
Purpose: Remember your preferences and choices Optional (Platform works without these, but user experience may be reduced)
Examples:
- Language preference
- Region/location settings
- Accessibility preferences
- Font size or display preferences
Legal Basis: Legitimate interest or consent (depending on jurisdiction)
13.3.3 Analytics/Performance Cookies
Purpose: Help us understand how users interact with the Platform Requires consent in EU/UK and some other jurisdictions
Examples:
- Usage statistics and popular pages
- Error tracking and debugging
- Performance monitoring
- A/B testing
Data Collected: Page views, clicks, time on site, referral sources, device/browser info
Legal Basis: Consent (GDPR) or legitimate interest (with opt-out)
13.4 Third-Party Cookies
Some cookies are set by third-party services we use:
- Analytics providers
- Advertising networks
- LinkedIn [if you use LinkedIn integration]
- Support tools
These third parties have their own privacy policies governing their use of your information.
Important: We do not control third-party cookies. Review their privacy policies independently.
13.5 Cookie Consent & Management
Cookie Consent Tool: When you first visit our website, you'll see a cookie banner allowing you to:
- Accept all cookies
- Reject non-essential cookies
- Customize cookie preferences (granular consent by category)
Managing Cookie Preferences:
- Platform Settings: Manage cookie preferences in your account settings or via the cookie consent tool (accessible in the website footer)
- Browser Settings: Most browsers allow you to:
- Block cookies entirely
- Block third-party cookies
- Delete existing cookies
- Receive notifications when cookies are set
Browser Instructions:
- Chrome: Settings > Privacy and Security > Cookies and other site data
- Firefox: Settings > Privacy & Security > Cookies and Site Data
- Safari: Preferences > Privacy > Cookies and website data
- Edge: Settings > Privacy, search, and services > Cookies and site data
Mobile Devices:
- iOS: Settings > Privacy > Tracking (Limit Ad Tracking)
- Android: Settings > Privacy > Ads (Opt out of Ads Personalization)
Consequences of Disabling Cookies:
- Essential cookies: Platform may not function properly
- Functional cookies: Preferences won't be remembered
- Analytics cookies: We can't improve the Platform based on usage data
- Advertising cookies: You'll still see ads, but they won't be personalized
13.6 Do Not Track (DNT)
Some browsers offer a "Do Not Track" (DNT) signal. We honor Global Privacy Control (GPC) signals as an opt-out of sales/sharing under California law.
Note: There is no universal standard for how to respond to DNT signals. We respond to GPC but may not respond to DNT signals from all browsers.
13.7 Cookie Retention
Cookies have different lifespans:
- Session cookies: Deleted when you close your browser
- Persistent cookies: Remain on your device for a set period (varies by cookie)
Our cookie retention periods:
- Essential cookies: Duration of session or up to 1 year
- Functional cookies: Up to 1 year
- Analytics cookies: Up to 2 years
- Advertising cookies: Up to 90 days (if applicable)
14. Security Measures
14.1 Our Commitment to Security
We take the security of your personal information seriously and implement reasonable administrative, technical, and physical safeguards to protect your data.
14.2 Technical Security Measures
Encryption:
- In Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher (Transport Layer Security)
- At Rest: Sensitive data stored on our servers is encrypted using AES-256 encryption standards
Access Controls:
- Role-based access control (RBAC) - employees access only data necessary for their job functions
- Multi-factor authentication (MFA) for administrative access
- Strong password requirements
- Least privilege principle
Network Security:
- Firewalls protecting our servers and networks
- Intrusion detection and prevention systems
- Regular security monitoring and logging
- DDoS (Distributed Denial of Service) protection
Infrastructure Security:
- SOC 2 Type II compliant infrastructure
- Regular security audits and penetration testing
- Automated vulnerability scanning
- Security patch management
Secure Coding Practices:
- Regular code reviews and security audits
- Input validation and sanitization (prevent SQL injection, XSS attacks)
- Security testing throughout development lifecycle
14.3 Organizational Security Measures
Employee Training:
- Regular security and privacy training for all employees
- Confidentiality agreements signed by all employees with data access
- Background checks for employees with access to sensitive data
Access Policies:
- Need-to-know basis access
- Regular access reviews and audits
- Immediate revocation of access for departing employees
Incident Response:
- Documented incident response plan
- Designated incident response team
- Regular drills and testing
14.4 Physical Security Measures
Data Centers:
- Our data is hosted with reputable third-party cloud providers with enterprise-grade security
- These providers maintain:
- Physical access controls (badge readers, biometric scanners)
- 24/7 monitoring and security personnel
- Environmental controls (temperature, humidity, fire suppression)
- Redundancy and backup power systems
14.5 Third-Party Security
Service Provider Security:
- We vet service providers for appropriate security measures
- We enter into contracts requiring data protection and security
- We conduct periodic security assessments of critical vendors
14.6 Security Limitations & User Responsibilities
No Guarantee of Absolute Security: Despite our efforts, no system is 100% secure. We cannot guarantee that:
- Unauthorized access will never occur
- Data breaches will never happen
- Transmissions over the internet are completely secure
Your Responsibilities:
- Strong Passwords: Create a strong, unique password for your VerSquare account (combination of letters, numbers, symbols)
- Password Security: Never share your password with anyone
- Multi-Factor Authentication: Enable MFA if available (enhanced security)
- Phishing Awareness: Be cautious of phishing emails attempting to steal your credentials
- Secure Devices: Protect your devices with passwords, PINs, or biometric locks
- Logout: Log out of your account when using shared or public devices
- Report Suspicious Activity: Notify us immediately if you suspect unauthorized access to your account
We will never ask for your password via email or phone.
14.7 Security Incident Reporting
If you believe you've discovered a security vulnerability in the Platform, please report it to:
Security Email: support@versquare.com
Please provide:
- Description of the vulnerability
- Steps to reproduce (if applicable)
- Potential impact
Responsible Disclosure:
- We request you do not publicly disclose vulnerabilities until we've had reasonable time to address them
- We will acknowledge receipt within 48 hours
- We will work with you to understand and address the issue
15. Children's Privacy
15.1 Age Restriction
VerSquare is not directed to children under the age of 18. Our Platform is designed for adults seeking information about SBA lenders and financial services.
We do not knowingly collect personal information from individuals under 18 years of age.
15.2 Age Verification
To use the Platform and create an account, you must confirm you are at least 18 years old.
15.3 Parental Notice
If you are a parent or guardian and believe your child under 18 has provided us with personal information, please contact us immediately at support@versquare.com.
We will promptly:
- Investigate the matter
- Delete the child's information from our systems
- Terminate the associated account
15.4 COPPA Compliance (US)
We comply with the Children's Online Privacy Protection Act (COPPA):
- We do not knowingly collect information from children under 13
- We do not have actual knowledge of collecting information from children under 13
- If we learn of such collection, we will delete the information immediately
15.5 GDPR Compliance (EU/UK)
Under GDPR, children under 16 (or lower age set by member states, minimum 13) require parental consent for information society services.
Our 18+ age requirement exceeds this threshold, ensuring compliance.
16. Data Breach Notification
16.1 Breach Prevention
We implement robust security measures (see Section 14) to prevent data breaches. However, no system is entirely immune.
16.2 Breach Response Plan
If a data breach occurs, we have an incident response plan to:
- Contain the breach and prevent further unauthorized access
- Assess the scope and impact of the breach
- Determine what information was affected
- Notify affected individuals and authorities as required by law
- Take corrective measures to prevent future breaches
16.3 Notification Requirements
GDPR (EU/UK Users):
- We will notify the appropriate supervisory authority within 72 hours of becoming aware of a breach (if feasible)
- We will notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms
- Notification will include:
- Nature of the breach
- Categories and approximate number of individuals affected
- Likely consequences
- Measures taken or proposed to address the breach
- Contact information for further inquiries
US State Laws (California, Virginia, etc.):
- We will notify affected individuals without unreasonable delay and in accordance with state law requirements
- Notification methods: Email, written notice, or substitute notice (if contact information is unavailable)
- We may also notify relevant state attorneys general and consumer reporting agencies
16.4 Your Role
If you suspect your account has been compromised:
- Change your password immediately
- Enable multi-factor authentication (if available)
- Review your account activity for unauthorized actions
- Contact us at support@versquare.com with details
17. Third-Party Services
17.1 Third-Party Websites
The Platform may contain links to third-party websites, including:
- Provider websites
- Partner sites
- News articles or resources
We are not responsible for:
- The privacy practices of third-party websites
- The content or accuracy of third-party websites
- Your interactions with third-party websites
You should review the privacy policies of third-party websites before providing them with personal information.
17.2 Provider Services
When you engage with Providers through the Platform:
- Providers are independent businesses, not our agents or employees
- Providers have their own privacy policies and terms
- Any information you provide directly to Providers is governed by their privacy policies, not ours
- We are not responsible for Provider data practices
You should review Provider privacy policies before engaging their services or sharing personal information.
17.3 LinkedIn Integration
If you connect your LinkedIn account or use LinkedIn login features:
- LinkedIn may collect information about your use of VerSquare
- This information is governed by LinkedIn's privacy policy
- Your LinkedIn activity may be visible to your connections on LinkedIn
Review LinkedIn privacy settings to control what information is shared.
17.4 Third-Party Analytics & Advertising
We use third-party analytics and advertising services (see Section 13 - Cookies). These services have their own privacy policies that govern their data practices.
18. Automated Decision-Making
18.1 Use of Automated Systems
We use automated decision-making systems and artificial intelligence (AI) for certain purposes, including:
Fraud Detection & Prevention:
- Automated scoring of review authenticity
- Pattern recognition to identify fake reviews
- Risk assessment for user accounts and Provider profiles
- Anomaly detection (suspicious behavior, fraudulent patterns)
Content Moderation:
- Automated flagging of potentially violating content
- Spam detection
- Detection of prohibited content (hate speech, personal information, etc.)
- Screening for harmful or illegal material
Personalization:
- Personalized Provider recommendations
- Customized search results based on your interests and past behavior
- Tailored content on the Platform
Platform Optimization:
- Rating and ranking calculations for Providers
- Quality and credibility scoring for reviews
- A/B testing for feature optimization
18.2 Human Oversight
We do not make solely automated decisions with significant legal or similarly significant effects on you.
For important decisions (e.g., account termination, content removal), we provide human review and oversight:
- Automated systems flag content or accounts for review
- Human moderators review flagged content and make final decisions
- You can appeal decisions and receive human review
18.3 Logic of Automated Decision-Making
Fraud Detection: Our fraud detection algorithms analyze multiple data points:
- IP address patterns (e.g., multiple accounts from same IP)
- Device fingerprinting (e.g., same device creating multiple accounts)
- Writing style analysis (e.g., similar language across reviews)
- Timing patterns (e.g., coordinated review posting)
- Account behavior (e.g., rapid review posting, unusual activity)
Scoring: Reviews and accounts receive fraud risk scores. High-risk items are flagged for human review.
Content Moderation: Our moderation AI screens content for:
- Prohibited keywords and phrases
- Sentiment analysis (detecting harmful or abusive tone)
- Image content analysis (detecting inappropriate visuals)
- Pattern matching (comparing against known violating content)
Flagging: Content with high risk scores is flagged for human moderator review.
Personalization: Our recommendation algorithms consider:
- Your search history and clicked Providers
- Your saved Providers
- Your review history and ratings
- Similar users' behavior (collaborative filtering)
- Provider characteristics (location, services, ratings)
Output: Personalized recommendations and search result ordering.
18.4 Your Rights (GDPR - EU/UK Users)
Under GDPR Article 22, you have rights related to automated decision-making:
Right to Human Review:
- Request human review of automated decisions affecting you
- Challenge decisions made by automated systems
Right to Explanation:
- Understand the logic behind automated decisions
- Receive meaningful information about how algorithms work
Right to Object:
- Object to automated decision-making in certain circumstances
How to Exercise These Rights: Contact us at support@versquare.com with:
- Description of the automated decision you're concerned about
- Request for human review or explanation
- Any additional context
We will respond within 30 days under GDPR timelines.
18.5 Non-Discrimination
Our automated systems are designed to be fair and non-discriminatory. We:
- Do not use protected characteristics (race, gender, religion, etc.) in decision-making
- Regularly audit algorithms for bias and discriminatory outcomes
- Provide human oversight to catch and correct errors
If you believe you've been subject to discriminatory automated decision-making, please contact us.
19. Your Choices & Controls
You have control over your personal information and how we use it.
19.1 Account Information
Access & Update:
- Log in to your account settings to view and update your personal information
- Correct inaccuracies or update outdated information
Account Deletion:
- Request account deletion at any time (see Section 11.3 for details)
- Use account settings or contact support@versquare.com
19.2 Communication Preferences
Marketing Emails:
- Opt-Out: Click "Unsubscribe" at the bottom of any marketing email
- Manage Preferences: Adjust email preferences in account settings
- Opt-In Requirement: We only send marketing emails to users who have opted in
Platform Notifications:
- Manage notification preferences in account settings
- Choose which notifications you receive (e.g., Provider responses, new reviews)
Transactional Emails:
- Cannot opt out (essential for account security and service updates)
- Examples: Password resets, security alerts, Terms/Privacy Policy changes
19.3 Cookie Preferences
Manage Cookies:
- Use our cookie consent tool (website footer) to customize cookie preferences
- Accept or reject non-essential cookies by category
- Change your preferences at any time
Browser Controls:
- Block or delete cookies using browser settings (see Section 13.5)
19.4 Personalization & Recommendations
Opt-Out of Personalization:
- Disable personalized recommendations in account settings (if available)
- Note: This may reduce the relevance of search results and content
19.5 Search Engine Indexing
Request Evaluation for Opt-Out:
- Contact us to request that your public reviews be evaluated for exclusion from search engine indexing (see Section 12)
- Requests will be evaluated on a case-by-case basis, balancing your privacy rights against our legitimate interests in transparency and consumer protection
- Note: Already-indexed content may remain in search engine caches
19.6 LinkedIn Connection
Disconnect LinkedIn:
- Disconnect your linked LinkedIn account in account settings
- Note: This does not delete information already shared with LinkedIn
20. Changes to This Policy
20.1 Right to Modify
We may update this Privacy Policy from time to time to reflect:
- Changes to our data practices
- New features or services
- Legal, regulatory, or operational developments
- Industry best practices
20.2 Notification of Changes
When we make changes, we will:
- Update the "Last Updated" date at the top of this Privacy Policy
- Notify you via email (to the address associated with your account)
- Display a notice on the Platform
- For material changes, provide advance notice (typically 30 days)
20.3 Material Changes
Material changes include:
- New purposes for data collection or use
- Sharing data with new categories of third parties
- Reduction of your privacy rights
- Changes to data retention periods
- Changes requiring new consent under applicable law
For material changes requiring consent, we will seek your affirmative consent before implementing the change.
20.4 Your Acceptance
Your continued use of the Platform after changes become effective constitutes your acceptance of the updated Privacy Policy.
If you do not agree to the changes, you may:
- Stop using the Platform
- Delete your account before the changes take effect
- Object to the changes (for EU/UK users under GDPR)
20.5 Policy Version History
We maintain an archive of previous versions of this Privacy Policy for reference. Contact us if you would like to review a prior version.
21. Contact Information
21.1 Privacy Inquiries
For questions, concerns, or complaints about this Privacy Policy or our privacy practices, contact us:
Privacy Department
Email: support@versquare.com
Mail: Search Assistant, Inc. Attn: Privacy Department 6595 Roswell Rd Suite G #5313 Atlanta, GA 30328
21.2 Supervisory Authority (EU/UK Users)
Right to Lodge a Complaint:
If you are located in the EU or UK and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your national data protection authority.
EU Data Protection Authorities: https://edpb.europa.eu/about-edpb/board/members_en
UK Information Commissioner's Office (ICO): https://ico.org.uk/make-a-complaint/
Address: Information Commissioner's Office Wycliffe House, Water Lane Wilmslow, Cheshire SK9 5AF United Kingdom
21.3 California Privacy Rights (California Residents)
To Exercise Your CCPA/CPRA Rights:
VerSquare operates exclusively online and provides the following methods to submit privacy requests:
Email: support@versquare.com
Include in Your Request:
- Your name and email address associated with your account
- Specific right you wish to exercise (know, delete, correct, opt-out)
- Sufficient details to help us locate your information
We will respond to verified requests within 45 days.
Shine the Light Law: California residents may request information about personal information shared with third parties for direct marketing purposes by emailing support@versquare.com with "California Shine the Light Request" in the subject line.
21.4 Response Time
We strive to respond to privacy inquiries within:
- 48 hours: Acknowledgment of receipt
- 30 days: Substantive response (GDPR standard)
- 45 days: Substantive response (CCPA standard)
Complex requests may require additional time (we will notify you of any extensions).
Acknowledgment & Consent
BY USING THE PLATFORM, YOU ACKNOWLEDGE THAT:
- You have read and understood this Privacy Policy in its entirety
- You understand how we collect, use, and share your personal information
- You consent to our data practices as described in this Privacy Policy
- You understand your privacy rights and how to exercise them
- You have been given an opportunity to ask questions or seek clarification
IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, PLEASE DO NOT USE THE PLATFORM.