← Back to home

Privacy Policy

VADE Platform LLC Last updated: April 25, 2026 Version: 2.0 Live at: https://vadeplatform.com/privacy

This Privacy Policy explains how VADE Platform LLC (“VADE Platform,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards your information when you use the VADE Platform software-as-a-service offering and its associated products, including without limitation OnGround™, OnStudio™, OnFlow™, OnVolt™, OnClimate™, OnProperty™, and the VerifiedPros directory (collectively, the “Service”).

This Policy applies to consumers, business users, paid subscribers, and visitors. Capitalized terms not defined here have the meaning given in our Terms of Service.

1. Quick Summary

  • We collect information you provide (account, billing, listing content), information generated by your use of the Service (analytics, device, location), and information from public records (license and credentialing data) and trusted partners.
  • We use this information to operate, secure, and improve the Service; to process payments; to communicate with you; to comply with law; and, with your consent where required, for limited marketing.
  • We do not sell your personal information within the meaning of the California Consumer Privacy Act, the Virginia Consumer Data Protection Act, or any analogous state law.
  • We share information with service providers (e.g., AWS, Stripe), with other parties at your direction (e.g., when you submit a lead inquiry to a Listed Business), and as required by law.
  • You have rights to access, correct, delete, port, and limit the use of your personal information. Section 8 explains how to exercise them.
  • We retain audit logs for 7 years (accounting and compliance), account data for the life of your subscription plus 90 days, and certain financial data for 7 years per accounting standards.
  • For questions, contact privacy@vadeplatform.com or VADE Platform LLC, 42022 196th Avenue SE, Enumclaw, WA 98022.

2. Categories of Personal Information We Collect

We collect the following categories of personal information (terminology aligned with Cal. Civ. Code § 1798.140 and equivalent state statutes):

Category (CCPA § 1798.140(v)) Examples Source
Identifiers Name, email, postal address, phone, account ID, IP address You; your device
Customer records (Cal. Civ. Code § 1798.80) Billing name and address, payment-card last 4 digits (full PAN held by Stripe, never by us) You; Stripe
Protected classifications None collected. We do not knowingly collect race, religion, sexual orientation, gender identity, disability, or other protected-class information. n/a
Commercial information Subscription tier, transaction history, usage patterns You; the Service
Biometric information None collected. n/a
Internet/network activity Pages visited, search queries within the Service, clicks, time spent, referrer The Service; cookies
Geolocation General (city/region) for IP-derived analytics; precise GPS only with permission and only for OnGround™ field-time tracking You; your device
Sensory information Photos and files you upload (no audio/video by default) You
Professional / employment-related Business name, license number, credentials, NPI (for Listed Businesses) You; public records
Education information None collected. n/a
Inferences Aggregated usage patterns, feature preferences, suggested categories The Service
Sensitive personal information (CPRA Cal. Civ. Code § 1798.140(ae)) Account login credentials (encrypted; we never see plaintext password). Precise geolocation, only with permission, only for OnGround™. You

We do not knowingly collect personal information from individuals under 13 (see Section 11).

3. How We Collect Information

  1. Directly from you — when you create an account, claim a listing, post a review or photo, submit a contact form, or interact with our support team.

  2. Automatically — when you visit or use the Service. We use server logs, cookies, and similar technologies (Section 9).

  3. From third parties

    • Public records. License, registration, and credential data from agencies including the Washington State L&I and the federal CMS NPPES NPI registry. These records are public by law.
    • Service providers. Authentication providers, payment processors (Stripe), and infrastructure providers may transmit information to us about your interactions.
    • Other users. Reviewers may post information about a Listed Business.

4. How We Use Your Information

We use the information described in Section 2 to:

  1. Provide, operate, and maintain the Service;
  2. Process subscriptions, billing, and refunds;
  3. Authenticate you and enforce account security (including MFA);
  4. Communicate with you about your account, the Service, transactional matters, and (with your consent or under permitted-marketing rules) about new features, offers, or related products;
  5. Generate reports, dashboards, and analytics for Subscribers’ use of their own data;
  6. Improve the Service, develop new features, and conduct research using de-identified data;
  7. Detect, prevent, and respond to fraud, security incidents, and abuse;
  8. Comply with legal obligations and respond to lawful requests;
  9. Establish, exercise, or defend legal claims;
  10. Operate the VerifiedPros directory, including matching Consumer searches to Listed Businesses and routing lead inquiries.

For California residents, our purposes for collection align with the categories disclosed in Cal. Civ. Code § 1798.100(a)(1)–(3).

5. How We Share Information

We do not sell your personal information. Specifically, we do not sell or “share for cross-context behavioral advertising” within the meaning of the California Consumer Privacy Act, the California Privacy Rights Act, or any analogous state law.

We disclose personal information for the following business purposes:

  1. Service providers / processors. We use trusted third parties to operate the Service:
Provider Purpose Type of data
Amazon Web Services, Inc. Hosting, compute, storage, RDS database All categories
Cloudflare, Inc. Static asset CDN; R2 object storage Photos, files
Stripe, Inc. Payment processing Billing, payment methods
Resend, Inc. Transactional email Email address, transactional content
Twilio Inc. Transactional SMS Phone number, transactional content
Google LLC Calendar, Maps integrations As you authorize
Intuit Inc. QuickBooks integrations As you authorize
Sentry (Functional Software, Inc.) Error monitoring and performance analytics Anonymized error reports

A current and complete subprocessor list is maintained at https://vadeplatform.com/subprocessors.

  1. At your direction. When you submit a contact form, lead inquiry, or claim request, we transmit the information you provide to the relevant Listed Business, partner, or government agency.

  2. Public-records data flow. Information you submit that is also a public record (e.g., your business license number) may be matched against and displayed alongside official public-records data.

  3. Aggregated and de-identified information. We may share statistical or aggregated data that cannot reasonably identify you.

  4. Legal requirements. We may disclose information if required by law, court order, subpoena, or other legal process, or to protect the rights, property, or safety of VADE Platform LLC, our users, or the public.

  5. Business transfers. In the event of a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred. We will notify you and the acquiring party will be bound by privacy commitments at least as protective as those in this Policy.

6. Cross-Context Behavioral Advertising; Targeted Advertising; Profiling

We do not engage in cross-context behavioral advertising as defined in Cal. Civ. Code § 1798.140(k); we do not engage in targeted advertising as defined in Va. Code Ann. § 59.1-575 and analogous state laws; and we do not engage in profiling in furtherance of decisions that produce legal or similarly significant effects as those terms are used in C.R.S. § 6-1-1303(20), Conn. Gen. Stat. § 42-515(20), or analogous state laws.

If our practices change, we will (a) update this Policy, (b) provide an opt-out link prominently in the Service per Cal. Civ. Code § 1798.135 and analogous state requirements, and (c) honor universal opt-out signals, including the Global Privacy Control (“GPC”) browser signal, where required.

7. Cookies and Tracking Technologies

We use the following categories of cookies and similar technologies:

  1. Strictly necessary — for authentication, session management, security, and load balancing. These cannot be disabled while using the Service. Examples: HTTP-only rg_session JWT cookie.

  2. Functional — for remembering preferences (language, theme, notification preferences). You may disable these in your account settings.

  3. Analytics — Sentry for error monitoring and our own first-party analytics for product improvement. We do not use third-party advertising cookies.

We do not respond to “Do Not Track” browser signals as such, but we honor Global Privacy Control signals where state law (CA, CO, CT, etc.) requires.

8. Your Privacy Rights

This Section 8 describes the rights available to all users under U.S. state privacy laws as of the effective date. We extend the most protective standard to all users where feasible.

8.1 Rights at a glance

You have the right to:

  • Know / access. Confirm whether we process your personal information and obtain a copy.
  • Correct. Request correction of inaccurate information.
  • Delete. Request deletion (subject to lawful retention exceptions, e.g., audit logs, financial records, security investigations).
  • Port. Receive a copy of your information in a portable, machine-readable format (CSV/JSON) and, where technically feasible, transmit it to another service.
  • Opt out of sale and sharing. As stated, we don’t sell or share for cross-context behavioral advertising. If we ever do, you may opt out via a link prominently displayed in the Service.
  • Opt out of profiling for significant decisions. As stated, we don’t engage in this profiling. If we ever do, you may opt out.
  • Limit use of sensitive personal information. You may request that we limit the use of sensitive personal information (defined in Cal. Civ. Code § 1798.140(ae)) to purposes necessary to provide the Service.
  • Appeal. If we deny your request, you may appeal to privacy@vadeplatform.com; if you disagree with our appeal decision, you may complain to your state’s attorney general.
  • Designate an authorized agent. You may use an authorized agent to make a request on your behalf where state law permits.
  • Be free from retaliation. We will not deny you the Service, charge different prices, or provide a different level of service for exercising your privacy rights, except where the difference is reasonably related to the value of the data per Cal. Civ. Code § 1798.125(b).

8.2 How to exercise your rights

Email privacy@vadeplatform.com with the subject line “Privacy Rights Request — [your request type]” and include enough information for us to verify your identity and locate your account. Or use our online request form at https://vadeplatform.com/privacy-request (when available).

We will respond within 45 days, or within the period required by your state law (15 days under Cal. Civ. Code § 1798.130(a)(2) for confirming receipt; 45 days for substantive response, extendable once by 45 days for complex requests under most state laws).

8.3 Verification

To protect your information, we will verify your identity before fulfilling a request. The verification method depends on the sensitivity of the request — typically email confirmation plus one additional factor (e.g., account login, recent transaction details).

8.4 Authorized agents

You may designate an agent to make requests on your behalf. We may require: (a) written and signed authorization, (b) evidence of the agent’s authority (e.g., a power of attorney), and (c) verification of your own identity. Businesses requesting on behalf of an employee or job applicant must follow the procedures in Cal. Civ. Code § 1798.130.

8.5 State-specific summaries

Below is a summary of the laws under which the rights in Section 8.1 are extended to you. This summary is non-exhaustive and is provided for your convenience. The specific terms of each statute control over this summary.

State / DC Statute In force
California CCPA / CPRA — Cal. Civ. Code §§ 1798.100 et seq. Yes
Virginia VCDPA — Va. Code Ann. §§ 59.1-575 et seq. Yes
Colorado CPA — C.R.S. §§ 6-1-1301 et seq. Yes
Connecticut CTDPA — Conn. Gen. Stat. §§ 42-515 et seq. Yes
Utah UCPA — Utah Code §§ 13-61-101 et seq. Yes
Texas TDPSA — Tex. Bus. & Com. Code §§ 541.001 et seq. Yes
Florida FDBR — Fla. Stat. §§ 501.701 et seq. Yes
Oregon OCPA — Or. Rev. Stat. §§ 646A.570 et seq. Yes
Montana MTCDPA — Mont. Code Ann. §§ 30-14-2801 et seq. Yes
New Hampshire NHDPA — N.H. RSA §§ 507-H:1 et seq. Yes
New Jersey NJDPA — N.J.S.A. §§ 56:8-166.4 et seq. Yes
Delaware DPDPA — Del. Code Ann. tit. 6, §§ 12D-101 et seq. Yes
Iowa IDPA — Iowa Code §§ 715D.1 et seq. Yes
Indiana INCDPA — Ind. Code §§ 24-15-1-1 et seq. Yes (eff. 2026-01-01)
Minnesota MNCDPA — Minn. Stat. §§ 325O.01 et seq. Yes
Maryland MDPCA — Md. Code Ann., Com. Law §§ 14-4601 et seq. Yes (eff. 2025-10-01)
Rhode Island RICDPA — R.I. Gen. Laws §§ 6-48.1-1 et seq. Yes (eff. 2026-01-01)
Kentucky KCDPA — KRS §§ 367.3603 et seq. Yes (eff. 2026-01-01)
Nebraska NCDPA — Neb. Rev. Stat. §§ 87-1101 et seq. Yes (eff. 2025-01-01)
Tennessee TIPA — Tenn. Code Ann. §§ 47-18-3201 et seq. Yes
Washington (My Health My Data) RCW 19.373 Yes (consumer-health-data only)
Washington (general) No comprehensive state privacy law; rights extended voluntarily n/a
District of Columbia No comprehensive D.C. privacy law as of effective date; rights extended voluntarily n/a
Other states Rights extended voluntarily n/a

8.6 Sensitive personal information / consumer health data

For California, Connecticut, Colorado, Oregon, and other states that recognize “sensitive personal information,” we collect only the categories described in Section 2 and use them only for the purposes described in Section 4. You may request that we limit our use of sensitive personal information to purposes necessary to provide the Service.

For Washington residents, the My Health My Data Act (RCW 19.373) recognizes “consumer health data” as a protected category. We do not knowingly collect consumer health data within the meaning of that statute. If you are a Listed Business in a healthcare category, the public-records data we display about you (NPI, taxonomy, credentialing) is sourced from publicly-available registries and is not “consumer health data” under RCW 19.373.

8.7 California “Shine the Light”

California Civil Code § 1798.83 (“Shine the Light”) permits California residents to request, once per year, a list of categories of personal information we have disclosed to third parties for those parties’ direct-marketing purposes. We do not disclose personal information to third parties for their direct-marketing purposes.

8.8 California Notice of Financial Incentive

We do not currently offer financial incentives or price differences in exchange for personal information within the meaning of Cal. Civ. Code § 1798.125(b).

9. Data Security

We implement administrative, technical, and physical safeguards reasonably designed to protect personal information, including:

  • AES-256 encryption for sensitive data at rest (vendor credentials, PII)
  • TLS 1.3 for data in transit
  • AWS RDS encryption at rest for database storage
  • JWT-based authentication with HTTP-only cookies; password hashes use bcrypt with appropriate work factor
  • Multi-factor authentication (MFA) required for sensitive roles
  • Role-based access control (RBAC) enforced at the API layer
  • Engineering staff are denied direct production-data access; access requires a documented break-glass procedure
  • Audit logging of all data mutations with 7-year retention
  • Annual security review and incident-response plan

No method of transmission or storage is 100% secure. If we determine that your personal information has been compromised in a manner that triggers state breach-notification law, we will notify you in accordance with that law.

10. Data Retention

We retain personal information for the periods reasonably necessary to provide the Service and meet our legal obligations, including:

  • Account information — duration of your subscription plus 90 days.
  • Project data and Customer Data — for the life of your account; deleted within 90 days of account closure unless retention is required by law.
  • Financial records (invoices, payment history) — 7 years (per accounting standards and IRS retention guidelines).
  • Audit logs — 7 years.
  • VerifiedPros listings — for the life of the public record; you may close a claimed listing at any time, but the underlying public-record data may continue to appear in the directory if the public record is still active.
  • Reviews — for the life of the listing or until removed under our content policies.

We may retain personal information for longer where required by law (e.g., a litigation hold) or where reasonably necessary to enforce our agreements or protect our rights. We delete or de-identify personal information when retention is no longer required.

11. Children’s Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13 within the meaning of the U.S. Children’s Online Privacy Protection Act, 15 U.S.C. §§ 6501–6506 (“COPPA”). If you are a parent or guardian and believe a child under 13 has provided personal information, contact privacy@vadeplatform.com and we will delete it.

For users between 13 and 18, in compliance with the California Privacy Rights Act and similar state laws, we do not knowingly sell or share personal information of minors under 16 without affirmative consent (which we do not currently solicit because we do not sell or share within the meaning of those laws).

12. International Data Transfers

The Service is hosted in the United States (Amazon Web Services us-west-2, Oregon). If you access the Service from outside the United States, your information will be transferred to and processed in the United States.

We are a U.S. company subject to U.S. law. The U.S. Department of Commerce’s EU-U.S. Data Privacy Framework (and the U.K. Extension and Swiss-U.S. Framework) provide a mechanism for compliant data transfers from the European Economic Area, the United Kingdom, and Switzerland; we are not currently certified under these frameworks. If you are an EU/UK/Swiss user, please contact privacy@vadeplatform.com before transferring personal data.

13. Marketing Communications

If you opt in (or, where state law permits, after we have an existing-customer relationship), we may send you marketing emails about new features, offers, or related products. You may opt out at any time:

  • Email — click “unsubscribe” in any marketing email or change your preferences in your account settings.
  • SMS — reply STOP to any marketing SMS.
  • Phone — we do not currently make marketing calls. If we ever do, you may opt out at the start of the call.

We will continue to send transactional, account, billing, security, and service-required communications as long as you have an active account.

14. Automated Decision-Making and Artificial Intelligence

See Section 18 of our Terms of Service for a full description of how we use automated systems, including machine-learning models, and your rights with respect to them. In summary:

  • We use automated systems for search ranking, content moderation, license-data import, and lead routing.
  • We do not use AI to make “consequential decisions” within the meaning of the Colorado AI Act (C.R.S. § 6-1-1701) or analogous state laws.
  • You may request human review of any automated decision that materially affects your account, listing, or content.
  • We do not use Customer Data to train third-party generative-AI models.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email and through the Service at least 30 days before they take effect. We will maintain a publicly-accessible version history at https://vadeplatform.com/privacy-history. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

16. Contact Us

For privacy questions, requests, or complaints:

VADE Platform LLC Attn: Privacy Officer 42022 196th Avenue SE Enumclaw, WA 98022 Email: privacy@vadeplatform.com Phone: 253-653-5756

For data-protection-officer-equivalent inquiries (where state law requires designation): privacy@vadeplatform.com

For California residents who are not satisfied with our response: California Attorney General, https://oag.ca.gov/privacy/privacy-complaint.

For Colorado residents: Colorado Attorney General, https://coag.gov/file-a-complaint/.

Other state residents may file a complaint with the consumer-protection or attorney-general’s office of your state.

End of Privacy Policy.