Privacy Policy

Effective Date: April 1, 2026 · Last Revised: April 2026

Regulatory Compliance Notice: This Privacy Policy is designed to comply with the Trinidad and Tobago Data Protection Act, 2011 (Chapter 22:04) and aligns with data protection frameworks across the CARICOM region, including OECS member states. Where applicable, we also apply the principles of the EU General Data Protection Regulation (GDPR) for users residing in European territories.

Table of Contents

  1. 1. Who We Are
  2. 2. Information We Collect
  3. 3. How We Use Your Information
  4. 4. Legal Basis for Processing
  5. 5. How We Share Your Information
  6. 6. Data Retention
  7. 7. Your Rights
  8. 8. Cookies & Tracking Technologies
  9. 9. Third-Party Services & Integrations
  10. 10. Children's Privacy
  11. 11. International Data Transfers
  12. 12. Security Measures
  13. 13. Changes to This Policy
  14. 14. Contact & Data Controller Information

1. Who We Are

CB Connect (operated by Novelty Web Solutions) is the Data Controller for personal information collected through the dir.caricombusiness.com platform. We are a Caribbean-focused B2B business directory and networking ecosystem headquartered in Trinidad and Tobago. Questions about this Privacy Policy may be directed to privacy@caricombusiness.com.

2. Information We Collect

We collect personal information in the following ways:

Information You Provide Directly

  • Account Registration: Name, email address, password (hashed), phone number, and location.
  • Business Listing: Business name, description, industry, location, contact details, logo, and operational information.
  • Payment Information: Billing address and payment card details (processed securely by Stripe — we do not store full card numbers).
  • Support Communications: Messages, issue descriptions, and conversation history submitted to our support team or CARI AI agent.
  • Quote Requests: Service requirements, contact details, and preferences submitted through the lead generation system.

Information Collected Automatically

  • Usage Data: Pages visited, features used, search terms, time on page, and click patterns.
  • Device & Technical Data: IP address, browser type, operating system, referring URL, and device identifiers.
  • Location Data: Approximate geographic location derived from IP address. Precise location is only collected if you explicitly grant permission.
  • Cookies & Tracking: See Section 8 for a full breakdown of cookies used.

Information from Third Parties

  • Payment Processors (Stripe): Transaction status, subscription tier, and billing details.
  • CRM Integrations (NWS CRM): Lead and appointment data where you have engaged with our partner CRM platform.
  • Authentication Providers: If you sign in via Google or similar OAuth providers, we receive your name and verified email address.

3. How We Use Your Information

We use the personal information we collect for the following purposes:

  • To create and manage your account and business listing.
  • To process payments and manage your subscription.
  • To match quote requests with relevant business partners.
  • To provide, operate, and improve the Platform.
  • To respond to support requests and troubleshoot issues.
  • To send transactional emails (account confirmation, password resets, receipts).
  • To send platform-related communications and service updates (you may opt out of non-essential communications).
  • To detect, prevent, and investigate fraud, abuse, or violations of our Terms of Service.
  • To comply with our legal obligations under applicable Caribbean law.
  • To analyse aggregate usage patterns and improve the Platform's performance and features.

4. Legal Basis for Processing

Under applicable data protection law, we process your personal data on the following legal bases:

  • Contract Performance: Processing necessary to fulfil your account, subscription, and listing services.
  • Legitimate Interests: Platform analytics, fraud prevention, and service improvement, where these interests are not overridden by your rights.
  • Consent: For marketing communications and non-essential cookies — you may withdraw consent at any time.
  • Legal Obligation: Where processing is required to comply with applicable laws or respond to lawful government requests.

5. How We Share Your Information

We do not sell your personal data. We share information only in the following limited circumstances:

  • Business Partners: When you submit a quote request or message a listed business, your contact details are shared with that business for the purpose of fulfilling your request.
  • Service Providers: We engage trusted third-party providers to operate the Platform (Supabase for database hosting, Stripe for payments, OpenAI for AI features, Pinecone for search, NWS for CRM, Resend for email). These providers are contractually bound to handle data only as instructed and in accordance with applicable law.
  • Legal Requirements: Where required by a court order, law enforcement authority, or applicable regulation in Trinidad and Tobago or another relevant jurisdiction.
  • Business Transfers: In the event of a merger, acquisition, or sale of company assets, your personal data may be transferred as part of that transaction, with prior notice to you.

Public listing information (business name, industry, location, description) is intentionally visible to all visitors of the Platform as part of the directory's core function.

6. Data Retention

We retain personal data for as long as your account is active and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce agreements. Specific retention periods:

  • Account Data: Retained for the duration of your account plus 3 years, unless earlier deletion is requested.
  • Payment Records: Retained for 7 years to comply with financial reporting requirements.
  • Support Tickets: Retained for 2 years after resolution.
  • Usage Logs: Retained for 12 months in anonymised or aggregated form.

Upon written request for deletion, we will erase your personal data within 30 days, subject to legal retention obligations.

7. Your Rights

Under applicable Caribbean data protection law, and to the extent afforded by law, you have the following rights:

  • Right of Access: Request a copy of personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data in circumstances where continued processing is not lawfully justified.
  • Right to Restrict Processing: Request that we limit how we use your data in certain circumstances.
  • Right to Data Portability: Request a machine-readable export of your personal data.
  • Right to Object: Object to processing based on legitimate interests, including direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@caricombusiness.com. We will respond within 30 days.

8. Cookies & Tracking Technologies

We use cookies and similar technologies to operate the Platform. For a full breakdown of the cookies we use, please review our Cookie Policy. Essential cookies (required for login and security) cannot be disabled. You may manage preference and analytics cookies through your browser settings or our cookie management tool.

9. Third-Party Services & Integrations

The Platform integrates with the following third-party services. Each has its own privacy policy governing their data practices:

  • Supabase (database hosting) — SOC 2 Type II compliant.
  • Stripe (payment processing) — PCI-DSS Level 1 compliant.
  • OpenAI (AI-powered features) — Data processed per OpenAI's API data policy.
  • Mapbox (geographic search and mapping).
  • NWS CRM (CRM and marketing automation).
  • Resend (transactional email delivery).
  • Pinecone (vector search for AI-powered directory matching).

10. Children's Privacy

The Platform is not directed to children under the age of 18. We do not knowingly collect personal data from minors. If we learn that we have inadvertently collected data from a minor, we will delete it promptly. If you believe a minor has registered on the Platform, please notify us at privacy@caricombusiness.com.

11. International Data Transfers

Your data may be processed on servers located outside your home territory, including in the United States and European Union, by our third-party service providers. When making such transfers, we require that appropriate safeguards are in place (such as data processing agreements incorporating standard contractual clauses) to protect your personal information.

12. Security Measures

CB Connect employs industry-standard security measures to protect your personal data, including:

  • TLS/HTTPS encryption for all data in transit.
  • AES-256 encryption for data at rest via Supabase infrastructure.
  • Row-Level Security (RLS) policies restricting data access by user identity.
  • Regular security audits and vulnerability assessments.
  • Strict access controls limiting employee access to personal data on a need-to-know basis.

No system is perfectly secure. In the event of a data breach that may affect your rights, we will notify affected users within 72 hours of becoming aware, in accordance with applicable law.

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated to you via email with a minimum of 14 days' notice. The "Last Revised" date at the top of this page will always reflect the most recent version.

14. Contact & Data Controller Information

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact our Data Protection Officer:

CB Connect — Data Protection Officer
Novelty Web Solutions
Trinidad and Tobago
privacy@caricombusiness.com

We will acknowledge your request within 5 business days and aim to resolve all enquiries within 30 calendar days.