Privacy Policy
1. Introduction
TradeProof ("we," "us," or "our") operates the contractor license and insurance compliance platform at tradeproof.net. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our website, API, and related services (collectively, the "Service").
By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, password (hashed), and organization details when you create an account.
- Billing Information: Payment details processed securely by Stripe. We do not store full credit card numbers on our servers.
- Support Communications: Messages, tickets, and feedback you submit through our support system.
- Insurance Certificates: Documents and data you upload for insurance compliance tracking.
2.2 Information Collected Automatically
- Usage Data: API call logs, pages viewed, features used, and interaction timestamps.
- Device Information: Browser type, operating system, IP address, and device identifiers.
- Cookies: See our Cookie Policy for details.
2.3 Information from Third Parties
- Public License Data: We collect contractor license information from publicly available state licensing board databases to power our lookup service. This data is published by government agencies and is in the public domain.
- Payment Processor: Stripe provides us with transaction confirmations and subscription status.
2.4 Important Distinction: Public Records vs. User Account Data
TradeProof processes two fundamentally different categories of data:
- Public government records (contractor license data scraped from state licensing boards): This data is publicly available from government sources and is exempt from CCPA deletion rights under Cal. Civ. Code 1798.140(v)(2). We do not add non-public personal information (home addresses, Social Security numbers, etc.) to these records.
- User account data (your email, password, billing information, organization data): This data is subject to CCPA and applicable privacy laws. You may request access, correction, deletion, and portability of this data at any time.
2.5 Compliance Index (Inferences)
TradeProof generates a proprietary "Compliance Index" -- an automated numerical estimate derived from publicly available government records. Under the CCPA/CPRA, this index may constitute an "inference" drawn from personal information. Contractors may request disclosure of their Compliance Index and request its deletion by contacting [email protected]. Deletion of the index does not affect the underlying public license records, which remain available from government sources.
3. How We Use Your Information
We use your information to:
- Provide, maintain, and improve the Service
- Process transactions and manage your subscription
- Send transactional emails (compliance alerts, status changes, billing confirmations)
- Respond to support requests and communications
- Monitor and prevent fraud, abuse, and security threats
- Comply with legal obligations
- Generate aggregated, anonymized analytics to improve the Service
4. How We Share Your Information
We do not sell your personal information. We may share information with:
- Service Providers: Stripe (payments), Resend (email delivery), and hosting providers who process data on our behalf under contractual obligations.
- Within Your Organization: Organization administrators and members can see shared data within their TradeProof organization as configured by your admin.
- Webhook Recipients: If your organization configures webhooks, license status data will be delivered to the endpoints you specify.
- AI Platform Integrations: If you connect TradeProof to a third-party AI platform (e.g., Anthropic Claude via the TradeProof MCP connector), the queries you submit and the responses we return pass through that platform under its own privacy terms. See Section 12 for details.
- Legal Requirements: When required by law, subpoena, court order, or to protect our rights, safety, or property.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to you.
5. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service. After account deletion:
- Account data is deleted within 30 days
- API usage logs are retained in anonymized form for up to 12 months
- Billing records are retained as required by tax and accounting regulations
- Audit logs may be retained for up to 24 months for compliance purposes
6. Data Security
We implement industry-standard security measures including:
- Encryption of data in transit (TLS/HTTPS)
- Hashed passwords using bcrypt
- HMAC-signed webhook deliveries
- API key authentication with scoped permissions
- Role-based access controls within organizations
No method of transmission or storage is 100% secure. We cannot guarantee absolute security but will promptly notify affected users of any breach as required by applicable law.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you
- Correct inaccurate information
- Request deletion of your personal information
- Object to or restrict processing
- Data portability (receive your data in a structured format)
- Withdraw consent where processing is based on consent
To exercise these rights, contact us at [email protected]. We will respond within 30 days (or sooner if required by applicable law). See also our CCPA Notice for California-specific rights.
8. Children's Privacy
The Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will delete it promptly.
9. Where We Operate
TradeProof operates exclusively in the United States as of April 2026. All customer data — account profiles, usage logs, billing records, watchlist contents, and uploaded documents — is processed and stored on infrastructure physically located in the United States. We do not currently offer the Service to residents of the European Economic Area, the United Kingdom, or other regions outside the United States, and we do not transfer customer data outside the United States.
If you are located outside the United States and inadvertently created an account, please contact [email protected] to request deletion. For our complete list of US-based service providers, see our Sub-Processors page.
10. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance.
11. Contact Us
TradeProof Privacy Inquiries
Email: [email protected]
Website: tradeproof.net
12. AI Platform Integrations & MCP Connectors
TradeProof publishes Model Context Protocol (MCP) connectors that let third-party AI platforms (for example, Anthropic Claude) call our public API on your behalf. These connectors are optional. You must explicitly authorize them from your TradeProof account before any data flows.
12.1 What data is shared
When you use a TradeProof connector inside an AI platform, the following data passes through that platform:
- Your prompt or query as interpreted by the AI platform's model (e.g., "look up license #C12345 in California")
- The structured arguments the model derives from your query and sends to TradeProof tools (state, license number, business name, etc.)
- The license, insurance, and coverage data we return — which is drawn from public state licensing records and may include business names, license status, classifications, expiration dates, and workers' compensation coverage
- Connection metadata such as session identifiers and tool-call timestamps
We do not share your TradeProof account password, billing information, organization member lists, internal audit logs, or saved searches with the AI platform.
12.2 Authentication and authorization
Connector access uses either an API key you generate inside TradeProof or, where supported, an OAuth 2.0 authorization flow. In both cases the credential is bound to your TradeProof organization and inherits the scopes, tier limits, IP allowlists, and rate limits configured for that organization. You can revoke a connector at any time from the API Keys or Connected Apps page in your TradeProof account.
12.3 Sub-processors
When you enable an AI platform connector, that platform acts as a sub-processor for the data described in 12.1. Each platform operates under its own privacy policy and security commitments — TradeProof does not control how the platform stores, retains, or uses prompts and responses inside its own systems. Review the relevant platform's privacy policy before enabling a connector. Currently supported platforms:
- Anthropic (Claude) — anthropic.com/privacy
12.4 Data we do not see
TradeProof receives only the structured tool calls the AI model sends to our API. We do not receive the user's full conversation with the AI platform, prior turns, system prompts, or any data the user shares with the platform that does not result in a tool call to TradeProof.
12.5 FCRA reminder
Section 13 of our Terms of Service and the FCRA disclaimer in this policy apply equally to data accessed via AI connectors. Data must not be used for employment screening, credit decisions, tenant screening, or any purpose governed by the Fair Credit Reporting Act, regardless of whether the request originated from the TradeProof web app, the API, or an AI platform connector.