Privacy Policy — ContractorsBoard.org — CCPA/CPRA & State Privacy Laws

Privacy Policy

How contractorsboard.org/ Handles Personal Data — U.S. State Privacy Laws

What personal data we collect, why, how long we keep it, who we share it with, and your rights under U.S. state privacy laws — CCPA/CPRA (California), VCDPA (Virginia), CPA (Colorado), CTDPA (Connecticut), UCPA (Utah), TDPSA (Texas), OCPA (Oregon) and a growing list — plus the federal Children’s Online Privacy Protection Act (COPPA).

Effective date: January 1, 2026
Last reviewed: April 2026
Controller: contractorsboard.org/ Editorial
⚠ We do not hold any license records or complaint files

contractorsboard.org/ is an editorial directory. We do not hold, process, or store any contractor license record, bond, insurance record, complaint file, or disciplinary record. Those records are held by the state contractor licensing boards. For license status or to file a complaint, use your state board’s official tools.

What is in this notice

  1. Scope and controller
  2. Personal information we collect
  3. Why we collect it
  4. Who we share it with
  5. “Sale” / “share” disclosure
  6. Retention
  7. Your rights under state laws
  8. Exercising rights
  9. Children — COPPA
  10. Security
  11. Changes
  12. Contact

1. Scope and Controller

This Privacy Policy applies to contractorsboard.org/. The "business" / "controller" is contractorsboard.org/ Editorial, contactable at info@contractorsboard.org. This notice does not apply to any state contractor licensing board, NASCLA, OSHA, the FTC, or any other body we link to. Each is its own controller with its own privacy policy.

2. Personal Information We Collect

CategoryExamplesSource
IdentifiersIP address, device ID, browser user agentAutomatic when you visit
Internet / network activityPages viewed, time on page, referrer, internal searchesAutomatic
Contact dataEmail address, name (if provided), message contentYou — only if you email us
Cookies / similar techSee Cookie PolicyAutomatic; managed by the cookie banner
Approximate locationCity and state inferred from IPAutomatic
What we do NOT collect

We do not collect your name, mailing address, Social Security number, payment-card data, contractor license number, bond details, or any board record. If you accidentally include any such data in an email to us, we delete it on receipt and ask you to take board-specific questions to the board itself.

3. Why We Collect It

  • To operate the site — serve pages, remember cookie preferences, protect against abuse
  • To understand which state guides are useful — aggregated, anonymous analytics
  • To respond to you when you email us a correction or inquiry
  • To display non-personalized or personalized advertising depending on your consent
  • To detect and prevent fraud, scraping, and attacks
  • To comply with legal obligations — lawful subpoenas, court orders, and government requests

4. Who We Share It With

  • Service providers / processors — hosting, CDN/security (Cloudflare), analytics (Google Analytics 4), advertising (Google AdSense), email — under written agreements meeting the “service provider” / “processor” definitions under CCPA/CPRA, VCDPA, CTDPA, CPA, UCPA, TDPSA, and OCPA
  • Authorities — when required by law, valid legal process, or to protect rights and safety
  • Successors — in a merger, acquisition, or sale; we require the successor to honor this notice

5. “Sale” and “Sharing” Disclosure

We do not “sell” personal information for money

However, the broad definitions of “sale” under California’s CCPA/CPRA and “sharing” under the CPRA (for cross-context behavioral advertising) can cover the disclosure of cookie-based identifiers to third-party advertising partners (e.g., Google AdSense) when you have not opted out. To the extent any of our cookie-based advertising falls within those definitions, you can opt out via the Global Privacy Control (GPC) signal (which we honor as a “Do Not Sell or Share” request), the cookie banner, the “Do Not Sell or Share My Personal Information” footer link where displayed, or Google’s opt-out at adssettings.google.com.

6. How Long We Keep It

CategoryRetention period
Web server & security logs30 days
Aggregated GA4 analytics14 months
Email correspondence24 months from last interaction
Cookie consent records12 months from your choice
Rights-request audit trail3 years (state AG enforcement window)

7. Your Rights Under State Privacy Laws

StateLawKey rights
CaliforniaCCPA (Cal. Civ. Code §1798.100 et seq.) as amended by CPRAKnow, access, delete, correct, opt-out of sale/share, limit sensitive PI, non-discrimination
VirginiaVCDPAAccess, correct, delete, portability, opt-out of targeted advertising, sale, and certain profiling
ColoradoCPAAccess, correct, delete, portability, opt-out; universal opt-out signal recognition
ConnecticutCTDPAAccess, correct, delete, portability, opt-out; GPC recognition
UtahUCPAAccess, delete, portability, opt-out of targeted advertising and sale
TexasTDPSAAccess, correct, delete, portability, opt-out
OregonOCPAAccess, correct, delete, portability, opt-out; third-party-list disclosure
Other statesIowa, Indiana, Tennessee, Montana, Delaware, New Jersey, New Hampshire, Maryland, Minnesota, and a growing listSimilar core rights; effective dates and thresholds vary

If your state is not listed, you may still email us and we will give the same core rights as a matter of policy.

8. How to Exercise Your Rights

Email info@contractorsboard.org with the subject “Privacy rights request” and the right you are exercising. We respond within 45 days (extendable by 45 days when necessary, with notice) as required by most state laws. We may need to verify your identity using information already in our records. You may use an authorized agent; for California agent requests, we require written authorization.

9. Children — COPPA

The site is intended for adults verifying contractors and is not directed at children under 13. Under the federal Children’s Online Privacy Protection Act (COPPA) and its implementing rule (16 CFR Part 312), we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to us, email us with the subject “COPPA / child data” and we will delete it.

10. Security

We use technical and organizational measures appropriate to the limited categories of personal information we process — TLS/HTTPS in transit, encryption at rest where applicable, access controls, vendor due diligence, and a breach-response procedure aligned with state breach-notification statutes (e.g., Cal. Civ. Code §1798.82) and FTC data-security guidance.

11. Changes to This Notice

We update this notice when our practices or U.S. law change. The “Last reviewed” date at the top reflects the current version. Material changes are flagged on the site for 30 days.

12. Contact

For any privacy question or rights request: info@contractorsboard.org

You may also complain to the Federal Trade Commission (FTC) at reportfraud.ftc.gov, your state Attorney General, or (in California) the California Privacy Protection Agency at cppa.ca.gov.

Exercise a Privacy Right

Email us with the subject “Privacy rights request”. We respond within 45 days.

📧 info@contractorsboard.org