LEGAL

Privacy Policy

Last updated: February 28, 2026 · Effective immediately

1. Overview

NeverBrokered, Inc. ("NeverBrokered," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our platform at neverbrokered.com and related services.

By using the platform, you consent to the data practices described in this policy. If you do not agree, please discontinue use immediately.

2. Information We Collect

A. Account Information

  • Name, email address, and password
  • Role selection (buyer or seller)
  • Profile information (industry preferences, budget range, location)

B. Business and Financial Information

  • Business listings: revenue, EBITDA, asking price, industry, location, employee count, descriptions
  • Financial documents uploaded to the platform (P&L statements, tax returns, balance sheets)
  • Proof-of-funds documentation submitted for buyer verification
  • Offer amounts, deal terms, and transaction-related communications

C. Communications

  • Messages exchanged through the Deal Room
  • AI copilot conversation history
  • Support requests and feedback

D. Usage and Analytics Data

  • Pages visited, features used, and actions taken
  • Device information (browser type, operating system, screen size)
  • IP address and approximate geographic location
  • Referral source and session duration

E. Payment Information

Payment processing is handled by Stripe, Inc. We do not store credit card numbers, bank account details, or other payment credentials on our servers. Stripe's privacy policy governs payment data: stripe.com/privacy.

3. How We Use Your Information

We use collected information to:

  • Operate and maintain the platform
  • Provide algorithmic listing discovery and scoring features
  • Process subscriptions and payments
  • Generate AI-powered informational content (valuations, scores, analyses)
  • Facilitate direct communication between users
  • Send platform notifications, updates, and security alerts
  • Analyze usage patterns to improve features and user experience
  • Enforce our Terms of Service and prevent fraud
  • Comply with legal obligations

We do not sell your personal information to third parties for advertising purposes.

4. Information Sharing and Disclosure

We may share your information with:

A. Other Platform Users

When you engage in a deal, certain information (listing details, messages, shared documents) is visible to the counterparty. Information shared in the Deal Room is accessible to both parties in that deal.

B. Service Providers

  • Hosting and infrastructure (Vercel, Supabase)
  • Payment processing (Stripe)
  • AI services (Anthropic) — for copilot and analysis features
  • Analytics (self-hosted, privacy-focused)

C. Referral Partners

If you voluntarily request a referral to a third-party service (e.g., SBA lender, M&A attorney, escrow service), we may share your contact information and relevant deal details with that provider. We will inform you before any such sharing occurs.

D. Legal Compliance

We may disclose information if required by law, subpoena, court order, or government request, or when we believe disclosure is necessary to protect our rights, prevent fraud, or ensure user safety.

5. Data Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS/HTTPS on all connections)
  • Encryption at rest for stored data
  • Row-level security (RLS) on database tables ensuring users can only access their own data
  • Authentication via secure JWT tokens
  • Regular security reviews and access controls
  • Third-party payment processing (no card data on our servers)

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Retention and Deletion

  • Active accounts: Data is retained for the duration of your account
  • Deleted accounts: Account data is deleted within 30 days of an account deletion request, except where retention is required by law
  • Financial documents: Automatically deleted 90 days after the associated deal is closed or cancelled. Users may request earlier deletion at any time. Documents include P&Ls, tax returns, bank statements, and lease agreements. All financial documents are encrypted at rest (AES-256) and in transit (TLS) on Supabase/AWS infrastructure.
  • Document access controls: Financial documents are only accessible to the uploading user and counterparties explicitly granted access. Platform administrators may access files only for support or dispute resolution, with all access audit-logged.
  • No third-party sharing: Financial documents are never sold, shared with third parties, or used for marketing purposes
  • Deal room messages: Retained for both parties as long as either party maintains an active account
  • Analytics data: Aggregated and anonymized after 12 months
  • Legal holds: Data subject to legal proceedings may be retained as required

To request account deletion or data export, contact us at privacy@neverbrokered.com.

7. Cookies and Tracking Technologies

We use the following:

  • Essential cookies: Required for authentication, security, and core platform functionality. Cannot be disabled.
  • Analytics: Self-hosted, privacy-focused event tracking to understand feature usage and improve the platform. No data is shared with third-party advertising networks.
  • Stripe: Stripe may set cookies as part of payment processing. See Stripe's cookie policy.

We do not use third-party advertising trackers, retargeting pixels, or sell tracking data. We do not participate in cross-site tracking or advertising networks.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Request your data in a machine-readable format
  • Opt-out: Opt out of non-essential communications

To exercise any of these rights, email privacy@neverbrokered.com. We will respond within 30 days.

9. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete, and the right to opt out of the sale of personal information.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

10. Children's Privacy

NeverBrokered is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected information from a minor, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or platform notification. Continued use after changes constitutes acceptance of the revised policy.

12. Contact Us

For privacy-related questions or data requests:
privacy@neverbrokered.com

NeverBrokered, Inc.

Read our Terms of Service →|Data Processing Agreement →