Privacy Policy

This privacy policy describes how Authority Network America ("ANA") collects, uses, and discloses information in connection with contractorstandards.org and the Authority Network America network of authority sites.

What ANA collects

ANA collects three categories of information.

From contractors who sign the Standards-Pledged Provider Pledge: business name, business address, jurisdiction (state and county), contact email, contact phone, claimed trade(s), claimed credentials (license numbers, certifications, insurance/bond claims as the contractor chooses to publish them), the IP address and timestamp of the pledge signing, and payment information processed by Stripe (we receive only a tokenized customer reference and the success/failure status of each charge — Stripe stores card data, not ANA).

From customers who file a complaint: name, contact email or phone (whichever the customer chooses to provide), narrative description of the alleged violation, copies of supporting documents the customer chooses to attach, and the IP address and timestamp of the submission.

From every visitor to contractorstandards.org and the ANA network: the IP address, user agent, referrer, and request path of each HTTP request, retained in standard web-server access logs for 30 days for security and abuse-prevention purposes. ANA uses Cloudflare for CDN and DDoS protection. ANA does not embed third-party advertising trackers, cross-site tracking pixels, or analytics scripts that profile users.

What ANA does with that information

Contractor information is published on the contractor's individual provider page at /providers//// on contractorstandards.org and surfaced in directory pages across the ANA network. Publication is the entire purpose of the listing — the contractor signs up specifically to be public. Contractor information is not sold, rented, leased, syndicated, or otherwise transferred to third parties for any purpose.

Complaint information is reviewed internally by ANA and shared in summary form with the contractor named in the complaint as part of due-process review. The complainant's contact information is not shared with the contractor without the complainant's explicit permission. Complaint records are retained permanently for revocation history and audit purposes.

Visitor log data is used for security, abuse detection, and operational analytics. It is not joined to contractor or complainant identity. It is not sold or shared with third parties except as required by law (subpoena, court order) or to investigate suspected abuse of the service.

What ANA does NOT do

ANA does not sell visitor data, contractor data, or complaint data to advertisers, lead generators, marketing platforms, data brokers, or any other third party. ANA does not run a customer-acquisition pipeline that resells contractor inquiries. ANA does not share complainant identities with the contractors named in complaints without the complainant's explicit permission. ANA does not maintain user profiles for tracking, retargeting, or behavioral advertising purposes.

How long ANA retains data

• Active contractor listings: retained while the listing is active.
• Lapsed contractor listings: content fields preserved 12 months for reinstatement; deleted after that unless the pledge was revoked.
• Revoked-pledge entries: retained permanently on the public revoked-pledges page (a published consequence of the Pledge).
• Complaint records: retained permanently for audit and revocation history.
• Web-server access logs: retained 30 days, then aggregated counts only.
• Stripe billing records: retained as required by tax and accounting law (typically 7 years).

How customers can request data

A customer may at any time request a copy of any information ANA holds about them by writing to [email protected] from the email address used for the relevant submission. ANA responds within 30 days. Information that cannot be released without compromising another party's interests is summarized rather than reproduced verbatim.

A customer may request deletion of their submission by the same channel. Deletion requests are honored within 30 days for personal-contact-information fields. The factual content of a submitted complaint is retained because revocation determinations and the public record depend on it; identifying information can be redacted but the underlying allegation cannot be deleted retroactively without compromising the audit trail.

How contractors can request data

A contractor may at any time download all data ANA holds about them through the account dashboard or by writing to [email protected] from the contact email of record. Cancellation removes the public listing within 24 hours; the underlying account record is retained 12 months for reinstatement (unless the contractor explicitly requests faster deletion).

Children

ANA's services are not directed to children under 13. ANA does not knowingly collect personal information from anyone under 13. If ANA learns it has collected personal information from a child under 13, that information is deleted.

State-specific rights

The state-specific privacy rights granted by California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), Connecticut Data Privacy Act (CTDPA), Colorado Privacy Act (CPA), and Utah Consumer Privacy Act (UCPA) apply to residents of those states:

• The right to know what personal information ANA has collected about you.
• The right to request deletion of personal information.
• The right to correct inaccurate personal information.
• The right to opt-out of "sale" or "sharing" of personal information (ANA does not sell or share for cross-context advertising — the opt-out is moot in our case).
• The right to non-discrimination for exercising any of these rights.

To exercise any of these rights, write to [email protected] from the email address of record. ANA responds within 45 days.

EU/UK residents

Although ANA is a US-based publisher operating primarily for US contractors and US customers, the GDPR (EU) and UK GDPR may apply when ANA processes personal data of individuals in the EU/UK. ANA's lawful basis for processing is contract performance (for contractors with active subscriptions), consent (for complainants), and legitimate interest (for visitor logs).

Data subjects in the EU/UK have the same access, correction, and deletion rights described above plus the right to data portability and the right to lodge a complaint with a national data-protection authority. ANA does not transfer EU/UK personal data outside the US except as required for service delivery.

Security

ANA stores data on US-hosted servers. Database backups are encrypted at rest. Production access is restricted to authorized personnel. Account passwords are stored hashed (Argon2id). API tokens and credentials are stored in restricted-permission configuration files outside source control. Stripe handles payment-card data under PCI DSS compliance — ANA does not store card numbers.

Changes to this policy

Material changes are announced on this page at least 30 days before they take effect, and notice is sent by email to active contractor accounts.

Contact

[email protected] is the primary channel for any privacy-related question, request, or complaint. ANA will substantively respond within 30 days of any privacy inquiry.

Last updated: 2026-05-04.

The law belongs to the people. Georgia v. Public.Resource.Org, 590 U.S. (2020)