1. Information We Collect
Account information: Name, email address, password (stored as a bcrypt hash), and role.
Business data (sellers): Financial files (CSV, QuickBooks exports), revenue and profit figures, employee counts, asking prices, and business descriptions that you upload or enter.
Verification data: EIN, state of incorporation, contractor license numbers — collected solely to verify listing authenticity and not shared with third parties beyond verification service providers.
Usage data: Pages viewed, searches performed, and listing interactions — collected via server logs for platform improvement.
2. How We Use Your Information
- To operate the Platform and provide AI valuation and CIM generation services;
- To verify business listings and detect fraud;
- To facilitate communication between buyers and sellers (via our inquiry system — we do not share direct contact details until both parties consent);
- To improve our AI models and Platform features (using aggregated, anonymised data only);
- To send transactional emails (account activity, inquiry notifications).
We do not sell personal data to third parties or use it for targeted advertising.
3. Financial Data Handling
Financial files you upload are processed by our AI pipeline and then stored encrypted at rest. Raw financial files are accessible only to:
- The seller who uploaded them;
- The broker representing the seller (if applicable);
- MainStreet staff for platform support and fraud review.
AI-generated summaries (teasers and CIMs) are anonymised to remove personally identifiable business information before being shown to buyers.
4. NDA and Confidential Information
When a buyer signs an NDA on the Platform, their name, email, and the date of signing are recorded and may be shared with the seller and their broker as evidence of the executed agreement. Buyers who violate NDA terms may have this information disclosed as required by law or legal proceedings.
5. Data Retention
Account data is retained for the lifetime of your account plus 90 days after deletion. Financial files associated with sold or withdrawn listings are deleted after 12 months unless you request earlier deletion. Verification records are retained for 7 years to comply with anti-fraud regulations.
6. Your Rights (GDPR / PIPEDA / CCPA)
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you;
- Request correction of inaccurate data;
- Request deletion of your data (subject to legal retention obligations);
- Object to or restrict certain processing;
- Data portability (receive your data in a machine-readable format).
To exercise these rights, email privacy@mainstreet.ai. We will respond within 30 days.
7. Security
We use industry-standard security measures including HTTPS encryption in transit, encrypted storage at rest, HMAC-signed session tokens, and access controls. No security system is impenetrable; we will notify you within 72 hours of discovering a breach affecting your data.
8. Contact
For privacy inquiries: privacy@mainstreet.ai