1. Overview & Scope
Welcome to the DirConnect Directory Sharing & Disclosure Policy. This document outlines how we collect, use, share, and disclose personal information and business data on our platform β DirConnect.com (the "Platform").
At DirConnect, transparency is a core value. We believe you have the right to understand how your information is handled, who it may be shared with, and under what circumstances disclosures are made. This policy applies to all users of our Platform, including:
- Registered users who create accounts, post reviews, or search for businesses.
- Business owners who list or manage their business profiles on our directory.
- Visitors who browse listings without creating an account.
- Partners and advertisers who work with us to promote content or services.
Important: This policy is intended to be read alongside our Privacy Policy and Terms of Service. Together, these documents form the foundation of our commitment to data protection and transparency.
2. Information We Collect
To provide and improve our directory services, we collect information in several categories. Understanding what we collect is essential to understanding what we may share or disclose.
2.1 Information You Provide Directly
| Information Type | Examples | Purpose | Requirement |
|---|---|---|---|
| Account Information | Name, email, phone number, profile photo | Account creation and verification | Required |
| Business Details | Business name, address, category, hours, website | Creating and managing listings | Required |
| Reviews & Content | Text reviews, star ratings, photos, videos | Community-generated content | Optional |
| Communications | Support tickets, inquiry messages, feedback | Custome support and improvement | Optional |
| Payment Info | Payment method details (for premium plans) | Processing paid subscriptions | Required* |
* Payment information is processed by our secure payment partner and is never stored on our servers in raw form.
2.2 Information Collected Automatically
When you interact with our Platform, certain data is collected automatically through standard web technologies:
- Device & Browser Information: IP address, browser type, operating system, device identifiers.
- Usage Data: Pages visited, search queries, click patterns, time spent on pages.
- Location Data: Approximate location derived from IP address or GPS (with your consent).
- Cookies & Tracking: First-party and third-party cookies for functionality, analytics, and advertising.
3. Internal Data Sharing
Within DirConnect, information may be shared across teams and departments to ensure quality service delivery and continuous improvement. Internal sharing is governed by strict access controls and data minimization principles.
3.1 Teams That Access Data
- Customer Support Team: Access to your account details, communications history, and listing information to resolve inquiries and provide assistance.
- Content Moderation Team: Access to user-generated content (reviews, photos) to ensure compliance with our Community Guidelines and to prevent fraud or misinformation.
- Engineering & Data Science: Access to anonymized and aggregated data for platform improvements, performance optimization, and analytics.
- Business Development: Access to business owner information for outreach related to premium listing opportunities (with opt-in consent).
- Legal & Compliance: Access as necessary to respond to legal obligations, investigations, or policy enforcement.
Access Control: All employees access data on a need-to-know basis. Access is logged, monitored, and subject to regular audits. Employees who violate data handling policies are subject to disciplinary action.
3.2 Subsidiaries & Affiliated Companies
DirConnect may share information with our parent companies, subsidiaries, and affiliated entities within the DirConnect Group. These entities are bound by the same data protection standards and confidentiality obligations outlined in this policy.
4. Third-Party Sharing
We may share your information with carefully vetted third-party service providers who help us operate the Platform, deliver services, and improve our offerings. Each third-party relationship is governed by a data processing agreement (DPA) that specifies the purpose, scope, and security requirements.
4.1 Service Provider Categories
| Category | Providers | Data Shared | Purpose |
|---|---|---|---|
| Cloud Hosting | AWS, Google Cloud | Application data, backups, logs | Platform infrastructure & hosting |
| Payment Processing | Stripe, PayPal | Transaction details, billing info | Processing premium subscriptions |
| Email & SMS | SendGrid, Twilio | Email addresses, phone numbers | Transactional & notification messages |
| Analytics | Google Analytics, Mixpanel | Usage patterns, device data | Platform analytics & insights |
| Map Services | Google Maps, Mapbox | Location data, search queries | Location-based search & directions |
| Review Verification | Better Business Bureau APIs | Business identifiers | Verifying business authenticity |
4.2 Data Processors vs. Data Controllers
Under data protection laws (GDPR, CCPA, etc.), it is important to distinguish between how our third-party partners use your data:
- Data Processors act solely on our instructions and do not use your data for their own purposes. This includes hosting, email delivery, and analytics providers.
- Joint Controllers share responsibility for specific data processing activities. If applicable, we will clearly identify joint controller relationships and the basis for them.
4.3 International Transfers
Some of our service providers operate outside your country of residence. When data is transferred internationally, we ensure appropriate safeguards are in place, including:
- EU Standard Contractual Clauses (SCCs)
- Privacy Shield certification (where applicable)
- Binding Corporate Rules (BCRs) for intra-group transfers
- Adequacy decisions by relevant data protection authorities
5. Public Disclosure
As a business directory, certain information must be publicly visible to fulfill our core purpose of connecting users with businesses. The following categories of information may be displayed publicly on our Platform:
5.1 Business Listing Information
When a business owner submits a listing, the following information becomes part of our public directory:
- Business name, logo, and description
- Physical address, phone number, and email contact
- Operating hours, website URL, and social media links
- Categories and tags for classification
- Photos and media uploaded by the business owner
Business owners can control the visibility of certain fields through their listing dashboard. However, core identification information (name, address, category) is necessary for the listing to function as a directory entry.
5.2 User-Generated Content
Content created by users β including reviews, ratings, Q&A contributions, and photos β may be publicly displayed alongside business listings. By posting content, you acknowledge that it will be visible to other users and may be indexed by search engines.
Your Control: You can edit or request removal of your own reviews and contributions at any time through your account settings. Once removed, cached or indexed copies by third-party services (e.g., search engines) may take time to update.
5.3 Aggregate & Statistical Data
We may publish aggregate statistics and trend reports derived from Platform data. These reports are anonymized and do not contain individually identifiable information. Examples include:
- Industry trend reports and market insights
- Category popularity rankings
- Geographic distribution of listings
- Seasonal business activity patterns
6. Business Listing Data
Special provisions apply to data submitted by business owners who maintain listings on DirConnect. This section covers how listing-specific data is handled, shared, and disclosed.
6.1 Ownership Verification
To maintain directory integrity, we verify business ownership before granting management access. During verification, we may share identifying information with verification service providers to confirm:
- Business registration status
- Domain ownership (for website verification)
- Phone number or email domain alignment
Verification data is stored securely and is not publicly disclosed.
6.2 Enhanced & Premium Listings
Businesses that opt into enhanced or premium listing plans may share additional data to unlock features such as:
- Priority placement in search results
- Highlight badges and promotional features
- Analytics dashboards with performance metrics
- Direct messaging with directory users
Enhanced listing data (e.g., promotional banners, special offers) is displayed according to the business owner's settings and payment tier.
6.3 Listing Removal & Deactivation
Business owners may request listing removal at any time. Upon removal:
- The listing will be taken down from public search within 24 hours
- Associated reviews and Q&A entries may remain as historical records (anonymized where possible)
- Backed-up data is retained per our data retention schedule
7. User Reviews & Content
User-generated content β particularly reviews, ratings, and Q&A contributions β is the backbone of our directory. We have clear policies around how this content is shared, disclosed, and managed.
7.1 Review Publishing
When you submit a review, it is subject to our automated moderation system and, in some cases, manual review before publication. Published reviews are:
- Publicly visible on the associated business listing
- Attributed to your display name (chosen by you)
- Indexed by search engines and may appear in search results
- Eligible for aggregation in star ratings and review summaries
7.2 Review Authenticity
We employ automated systems and human moderators to detect and prevent:
- Fabricated or incentivized reviews
- Competitor sabotage or malicious rating manipulation
- Bot-generated or spam content
- Hate speech, harassment, or illegal content
When suspicious activity is detected, we may share relevant data with legal authorities or affected businesses as necessary to investigate and resolve the issue.
7.3 Business Responses
Business owners can respond publicly to reviews on their listings. These responses become part of the public record and are governed by the same Community Guidelines as user reviews.
8. Legal Disclosures
DirConnect may disclose information when required by law, regulation, or legal process. We take legal disclosure obligations seriously and seek to protect user privacy wherever possible.
8.1 When Disclosure May Occur
We may disclose information without prior notice when we believe in good faith that disclosure is necessary to:
- Comply with legal obligations: Respond to subpoenas, court orders, search warrants, or other legally valid requests from governmental authorities.
- Enforce our terms: Investigate, prevent, or take action regarding suspected illegal activity, fraud, or violations of our Terms of Service.
- Protect rights & safety: Protect the rights, property, or personal safety of DirConnect, our users, businesses, or the public.
- Exercise legal rights: Exercise, establish, or defend our legal rights in proceedings or potential proceedings.
8.2 Our Approach to Legal Requests
When we receive a legal request for user data, we follow a rigorous process:
- Validation: We verify the legitimacy and scope of every legal request.
- Minimization: We respond with only the data that is legally required, challenging overbroad requests when possible.
- Notification: Where legally permitted, we will notify affected users about government requests for their data.
- Transparency Reporting: We publish a semi-annual transparency report summarizing the volume and nature of legal requests received.
Transparency Report: Our most recent transparency report covers the period JulyβDecember 2024. We received 23 legal requests for user data and complied in full with 18, partially with 3, and challenged 2 through legal channels.
9. Advertising & Analytics
We use advertising and analytics technologies to fund our platform and improve the user experience. This section explains how data related to advertising is collected, shared, and disclosed.
9.1 Ad Serving & Targeting
Our Platform may display advertisements from third-party advertising partners. These partners may use cookies, device identifiers, and similar technologies to:
- Serve ads relevant to your interests and location
- Measure the effectiveness of ad campaigns
- Limit the number of times you see a particular ad
- Prevent fraud and abuse
9.2 Data Used for Advertising
| Data Type | Source | Used For | Opt-Out Available |
|---|---|---|---|
| Search Behavior | Your search queries and category browsing | Contextual ad relevance | Yes |
| Location Data | IP-based or GPS-based location | Local business promotions | Yes |
| Device Identifiers | Mobile ads ID, browser fingerprint | Frequency capping & attribution | Yes |
| Interest Categories | Inferred from browsing patterns | Personalized ad serving | Yes |
9.3 Analytics Providers
We use analytics services to understand how users interact with our Platform. Analytics data is typically anonymized and aggregated. Our primary analytics partners include Google Analytics and Mixpanel, both operating under strict data processing agreements.
You can opt out of analytics tracking by adjusting your cookie preferences or using browser privacy controls.
10. Your Data Rights
Depending on your jurisdiction, you may have specific legal rights regarding your personal data. DirConnect is committed to honoring these rights and providing mechanisms to exercise them.
10.1 Rights Available to You
- Right to Access: Request a copy of all personal data we hold about you, in a commonly used electronic format.
- Right to Rectification: Request correction of inaccurate or incomplete personal data.
- Right to Erasure: Request deletion of your personal data, subject to legal and contractual obligations.
- Right to Restrict Processing: Request that we limit how we process your data in certain circumstances.
- Right to Data Portability: Receive your data in a machine-readable format and transfer it to another service provider.
- Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
- Right to Non-Discrimination: You will not be penalized for exercising any of your data protection rights.
10.2 How to Exercise Your Rights
To exercise any of the above rights, you can:
- Use the self-service data panel in your account settings (for access, export, and deletion requests)
- Send a request to our Data Protection Officer at dpo@dirconnect.com
- Submit a request through our online data request form
We will respond to all valid requests within 30 days. In complex cases, we may extend this by an additional 30 days with notification.
11. Data Security
Protecting your data from unauthorized access, disclosure, alteration, or destruction is a top priority. We implement industry-standard technical and organizational measures to safeguard information.
11.1 Security Measures
- Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256) on our servers.
- Access Controls: Role-based access control (RBAC), multi-factor authentication (MFA) for staff, and principle of least privilege.
- Network Security: Web Application Firewall (WAF), DDoS protection, intrusion detection/prevention systems.
- Vulnerability Management: Regular penetration testing, vulnerability scanning, and security audits by third-party firms.
- Incident Response: Documented incident response plan with 24/7 monitoring and breach notification procedures.
- Data Backup: Automated backups with geographic redundancy and tested recovery procedures.
11.2 Data Breach Notification
In the unlikely event of a data breach affecting your personal information, we will:
- Investigate and contain the breach immediately
- Notify affected individuals without undue delay (within 72 hours where required by law)
- Report to relevant supervisory authorities as required
- Provide guidance on steps individuals can take to protect themselves
12. Children's Privacy
DirConnect Directory is designed for adults and businesses. We do not knowingly collect personal information from children under the age of 13 (or the applicable age of digital consent in your jurisdiction).
- If you are under 13, please do not provide personal information through our Platform.
- Parents or guardians who believe their child has provided personal data should contact us at privacy@dirconnect.com.
- We will promptly delete any children's personal data that we discover and take reasonable steps to verify deletion.
13. Policy Changes
We may update this Sharing & Disclosure Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We are committed to making these updates transparent.
13.1 How We Notify You
- Minor changes: Updates to this page with a revised "Last Updated" date at the top of the page.
- Material changes: Email notification to registered users and a prominent notice on our Platform at least 30 days before the new policy takes effect.
- Continued use: By continuing to use our Platform after changes take effect, you acknowledge and agree to the updated policy.
Recommendation: We encourage you to review this policy periodically. You can find the current version at any time at dirconnect.com/sharing-and-disclosure.
13.2 Version History
| Version | Date | Summary of Changes |
|---|---|---|
| 2.1 | January 15, 2025 | Added transparency report reference; updated third-party provider list |
| 2.0 | October 1, 2024 | Major revision: comprehensive rewrite for clarity and regulatory alignment |
| 1.3 | March 12, 2024 | Added CCPA-specific disclosures and opt-out mechanisms |
| 1.0 | January 1, 2023 | Initial publication of the Sharing & Disclosure Policy |
14. Contact Us
If you have any questions, concerns, or requests related to this Sharing & Disclosure Policy, or if you wish to exercise any of your data rights, please don't hesitate to reach out to our team.
Get in Touch with Our Privacy Team
We're here to help with any questions about how we handle your data.
San Francisco, CA 94102