Account information: Name, email address, password (stored as a bcrypt hash), and role.
Business data (sellers): Financial files (CSV, QuickBooks exports), revenue and profit figures, employee counts, asking prices, and business descriptions that you upload or enter.
Verification data: EIN, state of incorporation, contractor license numbers — collected solely to verify listing authenticity and not shared with third parties beyond verification service providers.
Usage data: Pages viewed, searches performed, and listing interactions — collected via server logs for platform improvement.
We do not sell personal data to third parties or use it for targeted advertising.
Financial files you upload are processed by our AI pipeline and then stored encrypted at rest. Raw financial files are accessible only to:
AI-generated summaries (teasers and CIMs) are anonymised to remove personally identifiable business information before being shown to buyers.
When a buyer signs an NDA on the Platform, their name, email, and the date of signing are recorded and may be shared with the seller and their broker as evidence of the executed agreement. Buyers who violate NDA terms may have this information disclosed as required by law or legal proceedings.
Account data is retained for the lifetime of your account plus 90 days after deletion. Financial files associated with sold or withdrawn listings are deleted after 12 months unless you request earlier deletion. Verification records are retained for 7 years to comply with anti-fraud regulations.
Depending on your jurisdiction, you may have the right to:
To exercise these rights, email privacy@mainstreet.ai. We will respond within 30 days.
We use industry-standard security measures including HTTPS encryption in transit, encrypted storage at rest, HMAC-signed session tokens, and access controls. No security system is impenetrable; we will notify you within 72 hours of discovering a breach affecting your data.
For privacy inquiries: privacy@mainstreet.ai