MatchMyBiz Privacy Policy (GDPR + CCPA Compliant)
Effective Date: March 18, 2026
Version: 2.1
This Privacy Policy explains how MatchMyBiz (“Company,” “we,” “us,” or “our”) collects, uses, processes, discloses, and safeguards personal data in connection with the MatchMyBiz platform (the “Platform”).
This Policy is designed to comply with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and similar data protection laws.
1. Categories of Personal Data Collected
We may collect the following categories of data:
• Identification Data: name, email address, company name, job title, country.
• Business Information: listings, HS codes, trade descriptions, certifications, uploaded documents.
• Communication Data: messages exchanged on the Platform and related attachments.
• Technical Data: IP address, device information, browser type, cookies, analytics data.
• Payment Data: billing details processed through third-party payment providers (we do not store full card data).
• Subscription Data: subscription plan, billing status, renewal and cancellation status, invoice references, and limited payment-related metadata returned by our payment processor.
2. Legal Bases for Processing (GDPR)
Where GDPR applies, we process personal data under the following legal bases:
• Contractual Necessity: to provide Platform services and manage accounts.
• Legitimate Interests: to improve services, prevent fraud, and ensure platform security.
• Legal Obligation: to comply with trade, tax, sanctions, and regulatory requirements.
• Consent: where required (e.g., marketing communications or certain cookies).
3. California Privacy Rights (CCPA/CPRA)
California residents have the right to:
• Request disclosure of categories and specific pieces of personal information collected.
• Request deletion of personal information, subject to statutory exceptions.
• Request correction of inaccurate personal information.
• Opt out of the sale or sharing of personal information (MatchMyBiz does not sell personal information).
• Not be discriminated against for exercising privacy rights.
Requests may be submitted via the contact method provided on the Platform.
4. Data Sharing and Disclosure
We may disclose personal data to:
• Cloud hosting providers and infrastructure vendors (e.g., hosting and database services).
• Payment processors for subscription billing.
Our payment processors may receive billing contact information, transaction details, subscription identifiers, and other information necessary to process recurring payments, prevent fraud, and provide invoices or billing support.
• Analytics and security service providers.
• Government or regulatory authorities when required by law.
We do not sell personal information.
5. International Data Transfers
Personal data may be processed in the United States and other jurisdictions.
Where required, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms for cross-border transfers.
6. Data Retention
We retain personal data for as long as necessary to provide services, comply with legal obligations, resolve disputes, and enforce agreements.
Retention periods may vary depending on account status, legal requirements, and regulatory obligations.
Billing and subscription records may be retained for accounting, tax, fraud prevention, dispute resolution, and compliance purposes even after an account is closed, subject to applicable law.
7. Security Measures
We implement administrative, technical, and organizational safeguards designed to protect personal data, including encryption, access controls, and monitoring.
No system can guarantee absolute security.
8. Data Subject Rights (GDPR)
Individuals located in the European Economic Area (EEA), UK, or similar jurisdictions have the right to:
• Access their personal data.
• Request correction or deletion.
• Restrict or object to processing.
• Data portability.
• Lodge a complaint with a supervisory authority.
9. Automated Decision-Making
We may use automated systems for matching, ranking, fraud detection, and moderation. These systems are subject to human oversight where appropriate.
Users may contact us for additional information regarding automated processing.
10. Children’s Privacy
The Platform is intended for business users aged 18 and older. We do not knowingly collect personal data from minors.
11. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via the Platform or email where appropriate.