Plain-English summary first. Bold paragraph is the operative text. Pre-launch, pending counsel review for state-specific compliance (CCPA / VCDPA / CPRA).
1. What we collect
Account details, job content (scope, photos, video), bids, communications, payment info for contractors, and standard log/cookie data.
We collect: (a) information you provide, name, email, phone, address, ZIP, business name, license number, insurance certificate details, payment method (contractors), job scope text, photos and video; (b) information generated by use of the Service, bid history, message logs, ratings; and (c) device/log data, IP address, browser, pages viewed, timestamps.
2. What we don’t do
- We do not sell personal information.
- We do not share your contact info with contractors until you accept a bid (homeowners) or are introduced to a job (contractors).
- We do not process homeowner payments, we never see your bank account, full card number, or routing details.
- We do not run third-party advertising trackers across the Service.
3. How we use it
To operate the marketplace: route jobs to eligible contractors, record bids, support payments to Ocoro (contractors only), provide customer support, prevent fraud, comply with law, and improve the Service. We may send transactional emails (job alerts, bid receipts) and product emails. You can opt out of product emails at any time; transactional emails are required for the Service.
4. Sharing
- Contractors receive a homeowner’s scope, ZIP-level location, and uploaded media when a job is routed to them. Full address and direct contact information are exchanged only after a bid is accepted.
- Homeowners see contractor business name, license info, ratings, and the bid’s structured fields.
- Service providers (hosting, email, payments, ID/license verification, cloud storage) process data on our behalf under written agreements.
- Law enforcement requests are honored only when legally compelled, and we will notify you unless prohibited.
- Business changes, if Ocoro is acquired or merged, your data transfers under the same protections.
5. License & insurance verification
For contractors, Ocoro runs its own AI verification agent that reads uploaded license cards and Certificates of Insurance and cross-checks the extracted data against state contractor-board records and federal exclusion lists (OFAC consolidated screening list, SAM.gov excluded-parties list). We do not outsource verification to third-party vendors. Verification is re-run annually and on any reported policy or license change. Suspicious or low-confidence results are flagged for human review.
6. Retention
Verification artifacts, uploaded license images and Certificates of Insurance, are retained for the life of the contractor’s account plus 7 years after closure, as required by tax and contract-record laws applicable to a marketplace. Verification result records (pass / fail / expired, with timestamps and the structured JSON our AI agent produced) are retained indefinitely as part of the platform’s audit trail.
Account and job records are retained for the life of the account and 7 years after closure. Photos and video on job postings are retained for the life of the job listing plus 12 months. You may request deletion at any time via privacy@ocoromarket.com; some records may be retained where required by law.
7. Your rights
Depending on your state of residence (CA, CO, CT, VA, UT, TX and others), you may have the right to: (a) access the data we hold about you, (b) correct inaccuracies, (c) request deletion, (d) opt out of certain uses, (e) appeal a denied request. Submit a request at privacy@ocoromarket.com. We respond within 30 days.
8. Cookies
We use first-party cookies for authentication, theme preference, and basic analytics. We do not run third-party advertising trackers. You can disable cookies in your browser; some Service features will not work without authentication cookies.
9. Children
The Service is not directed to children under 13 and we do not knowingly collect data from them.
10. Security
We use industry-standard safeguards: encryption in transit (TLS 1.2+), encryption at rest, access controls, and regular review. No system is perfectly secure; we will notify affected users of any material breach as required by law.
11. International
The Service is operated from the United States and is not currently offered to residents of the EU, UK, or EEA.
12. Changes
Material changes to this policy will be communicated via email and on the Service at least 14 days before taking effect.