Privacy Policy

Short version: We are a US-based informational website. We do NOT sell services or process loan applications. Visitors can read content freely and may submit comments. This policy explains what we collect, why, how we use it, what rights you have, and how to exercise them.

1. Scope & Applicability

This policy applies to personal information collected through BusinessLoanAtlas.com (the “Site”). It covers visitors from the United States (including all state-level privacy laws) and international visitors. If you interact with the Site only by reading content, the data we collect is limited (see below). If you post comments, additional data is collected to process and moderate those comments.

2. What personal data we collect

We collect only the data reasonably necessary to publish and moderate comments, operate the Site, and comply with legal obligations.

  • Comment data (what you provide): name (required), email address (required), website (optional), and the content of your comment. We may also store the timestamp and comment status (published, pending, spam).
  • Technical & usage data: IP address, user agent string, referrer URL, and basic analytics (page views, device type) collected via server logs and analytics tools to detect abuse and improve the Site.
  • Cookies & local storage: session cookies required for basic site functionality and optional analytics cookies. See the “Cookies” section below for details.
  • Automated & security signals: spam-filtering results (e.g., Akismet), rate-limiting logs, and moderation history (who moderated which comment and when).

3. How we collect comment data on WordPress

When you submit a comment via the Site’s WordPress comment form, WordPress stores your comment content, author name, email, URL, and may store your IP address and browser user agent as part of the comment metadata. Site administrators use this information to moderate, contact the commenter if needed, and prevent spam/abuse. You can configure your browser to avoid auto-filling name/email if you prefer more privacy.

Technical note: WordPress core behavior stores commenter IPs by default; site operators can choose to alter this behavior (e.g., stop storing IPs for new comments via custom code/plugins) — see WordPress guidance.

4. Legal bases & purposes for processing

We process personal data for the following legitimate purposes:

  • To publish and display comments and handle comment moderation and abuse prevention.
  • To maintain site security, detect and prevent fraud or spam, and to comply with applicable laws and court orders.
  • To respond to user requests, legal process, or to exercise our legal rights (e.g., defending against claims).
  • To provide basic analytics to improve site performance.

5. Data sharing — who we disclose data to

We do not sell personal information. We may share data with:

  • Service providers: WordPress hosting provider, comment moderation/anti-spam services (for example Akismet or similar), analytics providers, and email notification providers. These vendors are contractually limited to process data only on our instructions.
  • Legal requests: government authorities, law enforcement, or third parties when required by law or to protect our rights (e.g., subpoenas).

6. Do we sell or share personal information?

No — we do not sell personal information. If you are a California resident and believe otherwise, you may exercise your rights using the instructions below. We will honor requests under the California Consumer Privacy Act (CCPA/CPRA) and other U.S. state privacy laws as applicable. For California-specific rights and definitions, see guidance from the California Attorney General.

7. Your privacy rights — state-level privacy laws (summary and how to exercise)

Several U.S. states have adopted consumer privacy laws that give residents specific rights. Below are common rights and how we support them. If you are a resident of a state with a privacy law (examples below), you may have:

  • Right to access / know: request a copy of the personal information we hold about you and categories of sources, purposes, and recipients.
  • Right to deletion: request deletion of personal information subject to legal exceptions (e.g., archives, legal retention obligations).
  • Right to correction: request correction of inaccurate personal information (VCDPA includes a correction right).
  • Right to opt out of targeted advertising / sale or sharing: depending on your state law, you may opt out of targeted advertising or sales/sharing; we do not sell personal information as defined by CCPA/CPRA, but we honor global privacy signals (see below).

Specific state laws we monitor and implement: California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), and others. These laws differ in scope and effective dates; we evaluate requests in line with the law that applies to you.

How to exercise a privacy request

To submit a request to access, correct, or delete your data, email: privacy@businessloanatlas.com with the subject line “Privacy Request” and include:

  • Your name and the email address used to comment (or other identifying information).
  • A clear description of the request (access, deletion, correction, or do-not-sell).
  • For California/other state requests, indicate the state and attach any proof of residence if required for verification.

We will respond to verifiable requests within the timeframe required by applicable law. To protect your privacy, we will require reasonable verification before fulfilling requests (for example, confirming you control the email address used to comment). If we cannot verify you, we will explain what additional information is needed.

8. Global Privacy Control & “Do Not Sell / Share My Info”

We honor Global Privacy Control (GPC) signals and browser-based signals to opt out where applicable. If you are a resident of a state that allows an opt-out and you have configured a global opt-out mechanism in your browser, we will treat that as a valid request. To submit an explicit opt-out request, email privacy@businessloanatlas.com with “Do Not Sell/Share” in the subject line.

9. Cookies & tracking technologies

We use cookies and similar technologies for:

  • Essential functions (session cookies for comment posting and form validation).
  • Security (rate-limiting, fraud/spam prevention).
  • Optional analytics (visitor counts, performance improvements).

You can control cookies via your browser settings. For analytics cookies, you can opt out via your browser or via our cookie consent tool (if enabled on the Site). The FTC provides general guidance on cookies and tracking and the responsibilities of sites to disclose such practices.

10. Children’s privacy (COPPA)

Our Site is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that we collected personal information from a child under 13 in a way that violates COPPA, we will take steps to delete that information. COPPA imposes strict requirements on online services that collect data from children; operators must obtain verifiable parental consent where applicable. If you believe we have collected data from a child under 13, please contact us immediately.

11. Retention & deletion

We retain comment content and associated metadata for as long as the comment is stored on the Site or as required for legal compliance. If you request deletion, we will remove the publicly visible comment content and purge related personal data from active systems, except where retention is necessary for legitimate business or legal reasons (for example, to retain moderation records, or to defend against legal claims).

12. Security

We employ commercially reasonable technical and organizational measures to protect personal information (HTTPS/TLS, server hardening, regular backups, access controls). While we strive to protect your data, no internet transmission or storage system is 100% secure. If a security incident occurs that affects personal data, we will follow applicable laws for breach notification and will notify affected individuals as required.

13. Third-party links & embedded content

Our articles may link to third-party websites or embed content (for example, YouTube videos). These external sites have their own privacy policies and may collect data about you. We are not responsible for the privacy practices of third parties. When possible we identify embedded content and third-party tools used for analytics or comments moderation.

14. Moderation & public nature of comments

Comments you publish are public and can be viewed by other users and third parties (search engines, archives). Do not include sensitive personal information in comments. We may remove or edit comments that violate our community guidelines. Moderators and administrators can view comment metadata (including IPs) for moderation and abuse prevention.

165. International visitors & GDPR

If you are located in the EU/EEA or the UK, certain rights under the GDPR or UK GDPR may apply (access, rectification, erasure, restriction, portability, objection). We will respond to requests from EU/UK data subjects in line with those regulations where applicable. Note: legal bases and retention may differ for EU visitors.

16. Changes to this policy

We may update this Privacy Policy from time to time to reflect legal changes or operational updates. We will post the revised policy with a new effective date. Material changes will be highlighted on the Site where practical.

17. Appendix — Practical tips for commenters

  • If you want to comment without leaving an email publicly visible, enter a valid email (required) but omit it from your comment body; we will store it for moderation only.
  • To reduce stored personal data: contact us and request deletion of your comment and commenter metadata; note that archived versions may still exist in third-party caches/search engines.