Data Sources & Compliance
Datatrent operates transparently. This page describes where our business contact records originate, the lawful basis for processing them, the privacy frameworks we follow, and how a business contact can exercise their rights including opting out.
1. Where our data originates
Datatrent records consist of business contact information sourced from public business filings (state business registries) and lawful business data sources. We do not aggregate consumer or personal profiles.
Public state business registries
The foundation of every record we provide is the filing made by the business entity itself with the relevant U.S. Secretary of State (or equivalent agency) at the time the entity was formed. These filings are public business records under the laws of each state of registration and are made available by the state for public inspection.
Examples of sources we use or are evaluating:
- Florida — Division of Corporations (Sunbiz) bulk SFTP feed
- Other U.S. states — Secretary of State bulk download portals and APIs, as we expand coverage
Public business-record fields typically include: entity name and type, filing date, registered agent, principal business address, and the business contact (officer, manager, or member) as listed by the entity.
Licensed third-party business enrichment
For business contacts listed in state filings who do not have publicly available business phone or business email information, we obtain that information from licensed third-party business data providers. These providers source from public business records, commercial directories, and verified business contributor networks.
We require our third-party providers to represent that their business data has been lawfully obtained and that they have the right to license it to Datatrent.
Voice-confirmed records (Premium tier)
Premium records — marked "Confirmed Intent" in our product — include a recorded telephone conversation with the business, conducted with the business contact authorized to speak on the business's behalf. Our voice verification process is designed to comply with U.S. federal and state telemarketing law, two-party recording-consent standards, and the legitimate B2B outreach practices expected of a reputable data provider.
Before placing a call
- The business phone number is scrubbed against the National Do Not Call Registry. Numbers listed on the federal DNC are not called for voice verification and are excluded from our Premium pipeline.
- Numbers are scrubbed against applicable state Do Not Call lists.
- Numbers in our internal suppression list (prior opt-out, prior refusal, prior request from the business contact, or known wrong-number) are not called.
- Calls are scheduled only within 8:00 AM and 9:00 PM at the recipient's local time, per FTC Telemarketing Sales Rule requirements.
- Calls are placed by trained human operators. Datatrent does not use autodialers, predictive dialers, or prerecorded voice messages.
During the call
- The operator identifies themselves, identifies Datatrent, and states the purpose of the call
- The operator discloses that the call is being recorded and obtains the business contact's verbal consent before any recording begins. Datatrent follows two-party (all-party) consent standards — the stricter recording-consent rule — regardless of the jurisdiction of either the caller or the business contact.
- If the business contact declines to consent to recording, declines to participate, requests no further contact, or asks the operator to call back later, the call ends immediately, no recording is retained, and the number is added to our internal suppression list.
- If the business contact consents, the operator verifies the business contact's role at the business and asks which services or providers the business is currently seeking — this answer becomes the "intent" of the record.
What customers receive — and what they do NOT receive
Customers who purchase a Premium record receive an intent field — a categorized summary of the services the business expressed interest in (for example, "business insurance, payment processing") — plus a verification flag and timestamp.
Customers do NOT receive the audio recording, the full transcript, verbatim statements, or any other contents of the conversation. The recording is retained internally by Datatrent solely for verification, quality assurance, regulatory audit, and dispute resolution. Releasing the audio to customers would be an unjustified disclosure, and Datatrent does not do this.
Recording handling and retention
- Recordings are encrypted at rest and access is restricted to authorized Datatrent personnel.
- Recordings are retained for a maximum of 24 months from the date of the call, after which they are securely deleted, unless a longer retention period is legally required (e.g., active legal hold or regulatory request).
- Recordings are not transferred, sold, or licensed to any third party.
Business contact rights regarding the recording
At any time, the business contact whose voice was recorded may request:
- A copy of the recording
- Immediate deletion of the recording from Datatrent's systems
- Full removal of the associated record from our dataset (suppression and opt-out)
- Correction of any associated metadata, including the intent field
Requests are sent to info@datatrent.com with subject "Recording request" or "Opt-out request". We respond within the timeframes required by applicable state privacy law (typically 45 days, with possible extension).
2. Lawful basis for processing
We rely on the following legal bases for collecting, processing, and providing the data, depending on the data type and jurisdiction:
- Public records exemption — business entity filings are public records under the laws of each state of registration
- Legitimate business interest — facilitating lawful B2B introductions between newly-formed businesses and service providers they may need
- Contractual necessity — providing the services purchased by our B2B customers
- Express consent — for voice-confirmed records, the recorded telephone call serves as documentation of the business's affirmative interest, given by the authorized business contact
3. B2B data considerations
Datatrent provides business contact information — data about business entities and the contact a business has designated to receive business inquiries (officers, managers, members) in their business capacity. Several U.S. state privacy laws (such as the CCPA/CPRA and VCDPA) historically provided partial exemptions for information collected about individuals acting in a B2B context. Some of those exemptions have evolved or expired.
Regardless of whether a strict legal exemption applies, Datatrent treats business contact information with appropriate care and respects subject rights including the right to know, correct, delete, and opt out, as described below.
4. Privacy law compliance
We design our policies and operations to comply with applicable U.S. state privacy laws, including:
- California — CCPA / CPRA
- Virginia — VCDPA
- Colorado — CPA
- Connecticut — CTDPA
- Utah — UCPA
- Texas — TDPSA
- Other state laws as they take effect
This includes honoring subject rights — right to know, correct, delete, opt out of sale or sharing — within statutory timeframes, typically 45 days with a possible 45-day extension where permitted.
5. Important — we are NOT a Consumer Reporting Agency
Datatrent is NOT a Consumer Reporting Agency under the Fair Credit Reporting Act (FCRA).
Our data may not be used to make decisions about consumer credit, employment, tenancy, insurance underwriting, or other "permissible purposes" defined by FCRA. These uses require a Consumer Reporting Agency, which Datatrent is not. Customers using our data for FCRA-regulated purposes expose themselves to significant legal liability.
See our Acceptable Use Policy for the full list of prohibited uses.
6. Data Processing Agreement (DPA)
For enterprise customers and customers subject to specific data protection obligations (e.g., Gramm-Leach-Bliley Act for financial institutions, or GDPR for EU operations), Datatrent offers a Data Processing Agreement on request.
Email info@datatrent.com with subject "DPA request" and include your business name, jurisdiction, and intended use.
7. Subject rights and opt-out process
If you are a business contact whose information appears in Datatrent records, you have the right to:
- Know what business contact information we have associated with you
- Correct inaccurate information
- Delete your information from our records
- Opt out of the sale or sharing of your information
- Not be discriminated against for exercising these rights
How to exercise your rights
Email info@datatrent.com with subject "Opt-out request" or "Privacy Request" and include:
- Your full name
- The business name(s) associated with you (if known)
- The state of business registration (if known)
- Which right you wish to exercise (know / correct / delete / opt out)
- Any business phone numbers or business email addresses you'd like us to suppress
We will respond within 45 days, with a possible 45-day extension where permitted by law. We may need to verify your identity before completing your request to protect your information.
8. Updates to data sources and policies
We periodically add new data sources, including additional state registries and additional licensed enrichment providers. When we do, we update this page. The "Last updated" date at the top reflects the most recent material change.
We also monitor changes to applicable privacy and consumer-protection law and update our practices accordingly.
Questions, opt-out, or DPA requests
Email: info@datatrent.com
Mail: Soto Digital Holding LLC, Saint Cloud, FL, United States