EASiHub Privacy Policy

Document Type: Tier 1 - Foundation (Binding)
Effective Date: January 15, 2025
Last Updated: January 15, 2025
Version: 2.0
Binding Status: Contractual Terms

Table of Contents

  1. Executive Summary
  2. Information We Collect
  3. How We Use Your Information
  4. Data Sharing and Disclosure
  5. Your Privacy Rights and Controls
  6. Data Retention and Security
  7. International Data Transfers
  8. Children's Privacy
  9. Changes to This Privacy Policy
  10. Contact Information

Executive Summary

This Privacy Policy explains how EASiHub collects, uses, and protects your information across our hybrid community + marketplace ecosystem. We operate with privacy by design principles, transparent AI processing, and user control over cross-service data sharing.

Key Points

  • Cross-service data sharing requires explicit consent through our Data Bridge framework
  • AI processing is informational only with no training by default unless you opt in
  • Live sub-processor list includes all AI/LLM vendors with full transparency
  • Per-purpose retention limits with comprehensive user deletion rights
  • Regional compliance with GDPR/UK GDPR, CCPA/CPRA frameworks

Regional Supplements

1. Information We Collect

1.1 Account and Profile Information

Direct Information You Provide

  • Name, email address, professional credentials and experience
  • Authentication information and account preferences
  • Payment information for marketplace transactions (processed by licensed third-party processors)
  • Professional licenses, certifications, and qualifications
  • Communication preferences and accessibility needs

Community Content

  • Forum posts, comments, questions and answers
  • Professional insights and knowledge contributions
  • Voting activity and content interactions
  • Private messages and direct communications

Marketplace Activity

  • Professional service descriptions and proposals
  • Project portfolios and work samples
  • Client reviews and professional feedback
  • Service agreements and payment history

1.2 Automatically Collected Information

Technical Data

  • IP address, browser type, device information
  • Usage patterns, page views, and feature interactions
  • Performance data and error reports
  • Security logs and fraud prevention signals

AI Interaction Data

  • Queries and prompts submitted to AI features
  • AI-generated responses and user feedback
  • Feature usage patterns and preferences
  • Training contribution preferences (opt-in only)

External Content Feeds

Articles, events, bulletins, and job listings surfaced from external sources are provided for convenience only and may be inaccurate, incomplete, or outdated. EASiHub does not verify, endorse, or guarantee third-party content. Users must independently verify before relying on external information.

2. How We Use Your Information

2.1 Core Service Delivery

Community Services (Free)

  • Facilitate professional discussions and knowledge sharing
  • Enable content discovery and topic recommendations
  • Provide moderation and community safety features
  • Generate AI-powered content suggestions and summaries
  • Support professional networking and relationship building

Marketplace Services (Commission-Based)

  • Match clients with qualified independent professionals
  • Process payments through licensed third-party processors acting as escrow agents
  • Enable project management and milestone tracking
  • Provide AI-assisted job posting and proposal enhancement
  • Support dispute resolution and quality assurance

Cross-Service Integration

  • Unified authentication and account management through SSO
  • Professional reputation synchronization (with consent)
  • Integrated notifications and communication systems
  • Enhanced AI personalization across services (with consent)

2.2 AI Processing Framework

AI Features and Safeguards

  • Content summarization and enhancement for readability
  • Professional matching algorithms and recommendations
  • Co-pilot assistance for job posts, proposals, and responses
  • Moderation assistance for content review and safety
  • Search optimization and results ranking

Critical AI Limitations

  • All AI outputs are informational only and may contain errors
  • Human review required for all professional and business decisions
  • Users remain fully responsible for all AI-assisted content
  • No automated decision-making with legal or significant effects
  • Professional judgment must override AI recommendations in all cases

Training Data Controls

  • Default: NO training data contribution - your content is not used for AI training
  • Explicit opt-in required for any training data contributions
  • Granular controls for different content types and AI providers
  • Immediate withdrawal option with prospective effect
  • Enterprise exclusions available for organizational accounts

2.3 Legal Bases for Processing (GDPR Article 6)

  • Contract Performance: Account management, service delivery, payment processing
  • Legitimate Interests: Platform improvement, security, fraud prevention, analytics
  • Consent: Marketing communications, optional AI features, cross-service data sharing, training contributions
  • Legal Obligations: Compliance with laws, professional standards, court orders

3. Data Sharing and Disclosure

3.1 Cross-Service Data Sharing (Data Bridge)

Consent-Based Sharing Framework

Cross-service data sharing requires explicit user consent for each service and data type combination. Users control sharing preferences and can revoke consent at any time.

Available Sharing Options

  • Professional reputation and history synchronization
  • AI personalization and recommendation enhancement
  • Integrated communication and notification preferences
  • Analytics for platform improvement and user experience

User Controls

  • Granular toggles for each data sharing category
  • Real-time consent withdrawal capabilities
  • Clear audit trail of all sharing permissions
  • Regular consent refresh and re-confirmation

3.2 Third-Party Service Providers

Sub-Processor Categories and Current Providers

Provider Category Examples Purpose Data Types Retention
Cloud Infrastructure AWS, Google Cloud Hosting, storage All platform data As needed
AI/LLM Providers OpenAI, Anthropic, Google AI Content enhancement, matching Queries, content ≤90 days
Payment Processors Stripe, licensed escrow agents Transaction processing Payment info Legal requirements
Analytics Google Analytics (IP anonymized) Platform improvement Usage data 26 months
Communication Email delivery services Notifications Contact info Campaign duration

Appendix B: Live Sub-Processor List

[URL to real-time updated list with processing details, locations, and safeguards]

Sub-Processor Management

  • Contractual data protection requirements for all providers
  • Regular security and privacy assessments
  • 30-day advance notice of material changes to sub-processors
  • User objection rights for new processors
  • Alternative processing options where technically feasible

3.3 Legal and Regulatory Disclosures

Required Disclosures

  • Legal process compliance (subpoenas, court orders)
  • Export control and sanctions screening
  • Financial crime and fraud prevention
  • Professional licensing investigations (when legally required)
  • Emergency situations to protect user safety

Disclosure Procedures

  • Legal review of all requests for validity and scope
  • User notification when legally permitted
  • Disclosure limited to specifically required information
  • Documentation maintained for transparency and accountability

4. Your Privacy Rights and Controls

4.1 Universal Rights (All Users)

Data Subject Rights

  • Access: Request copies of your personal information
  • Correction: Update inaccurate or incomplete information
  • Deletion: Request deletion subject to legal retention requirements
  • Portability: Export your data in standard formats (JSON, CSV)
  • Objection: Object to processing based on legitimate interests
  • Restriction: Request limitation of processing in specific circumstances

4.2 Regional Enhanced Rights

California Residents (CCPA/CPRA)

  • Right to know categories of personal information collected and shared
  • Right to opt-out of sale or sharing (we do not sell personal information)
  • Right to correct inaccurate information
  • Right to limit use of sensitive personal information
  • Non-discrimination protection for exercising privacy rights

EU/UK Residents (GDPR/UK GDPR)

  • Detailed information about legal basis for each processing activity
  • Right to lodge complaints with supervisory authorities
  • Enhanced protections for special categories of personal data
  • Rights related to automated decision-making and profiling
  • Information about international data transfer safeguards

4.3 AI and Training Data Rights

Training Data Controls

  • Complete control over AI training data contributions
  • Granular opt-in for different content types and AI providers
  • Real-time withdrawal of training consent
  • Enterprise-level exclusions for organizational accounts
  • Transparency about which AI providers use training data

AI Processing Rights

  • Right to human review of AI-assisted decisions
  • Right to disable AI features entirely
  • Right to explanation of AI processing logic
  • Right to object to AI-based profiling
  • Right to correction of AI-generated information

5. Data Retention and Security

5.1 Retention Framework

Per-Purpose Retention Schedule

Data Category Retention Period User Control Legal Basis
Account/Authentication Active + 2 years Delete account Contract
Community Content 5 years, then anonymize Edit/delete posts Legitimate interest
Marketplace Records 7 years (tax/legal) Export data Legal obligation
AI Processing Logs ≤90 days Delete on request Consent
Payment/Financial 7 years (compliance) Export records Legal obligation
Analytics Data 26 months, then aggregate Opt-out tracking Legitimate interest

Retention Principles

  • Data retained only as long as necessary for specified purposes
  • Automatic deletion after retention periods expire
  • User ability to request early deletion where legally permissible
  • Regular review and purging of unnecessary data
  • Secure deletion procedures with cryptographic erasure

5.2 Security Measures

Technical Safeguards

  • TLS 1.3 encryption for data in transit
  • AES-256 encryption for data at rest
  • Multi-factor authentication for administrative accounts
  • Regular security assessments and penetration testing
  • Incident response and breach notification procedures

Organizational Safeguards

  • Privacy by design development practices
  • Regular staff training on data protection
  • Data protection impact assessments for new features
  • Third-party security audits and certifications
  • Continuous monitoring and improvement programs

6. International Data Transfers

6.1 Transfer Mechanisms

Legal Frameworks for International Processing

  • Standard Contractual Clauses (SCCs) for EU/UK transfers
  • UK International Data Transfer Addendum (IDTA)
  • Data Processing Agreements with enhanced security measures
  • Adequacy decisions where applicable
  • Additional safeguards for high-risk jurisdictions

Processing Locations

  • Primary data processing in US and EU regions
  • AI model processing may occur globally with appropriate safeguards
  • User notification of material location changes
  • Enterprise customers may request regional processing preferences

6.2 Regional Compliance

Multi-Jurisdictional Compliance

  • GDPR and UK GDPR compliance with local data protection measures
  • CCPA/CPRA compliance and emerging US state privacy law alignment
  • PIPEDA (Canada), LGPD (Brazil) compliance frameworks
  • Regular monitoring of regulatory changes globally
  • Proactive compliance updates and user notifications

7. Children's Privacy

EASiHub services are intended for professional users aged 18 and older. We do not knowingly collect personal information from individuals under 18. If we become aware of such collection, we will promptly delete the information and terminate the account.

Age Verification

  • Age verification during account registration
  • Monitoring for potential underage usage
  • Immediate account suspension and data deletion for underage users
  • Parent/guardian notification when applicable

8. Changes to This Privacy Policy

8.1 Update Procedures

Material Changes

  • 14 days advance notice via email and in-product notifications
  • Clear summary of changes and their impact on users
  • Opportunity to review changes before they take effect
  • Right to object or delete account if disagreeing with changes
  • Clickwrap consent required for fundamental changes (Data Bridge, AI training)

Version Control

  • Complete archive of prior versions maintained in Legal Change Log
  • Cryptographic hash and timestamp for each version
  • Change comparison tools for user convenience
  • Immutable historical record for legal compliance

9. Contact Information

9.1 Privacy Support Contacts

General Privacy

  • Privacy Team: privacy@easihub.com
  • Response Time: 5 business days for general inquiries
  • Business Hours: 9 AM - 6 PM EST, Monday-Friday

Specialized Support

9.2 Data Protection Officer

DPO Contact

  • Email: dpo@easihub.com
  • Role: Privacy compliance oversight and user rights coordination
  • Availability: Business hours with priority response for urgent matters

9.3 Privacy Request Processing

Required Information for Requests

  • Identity verification for security (government ID or account verification)
  • Specific nature of your request
  • Account information and relevant details
  • Preferred format for data delivery
  • Contact information for response

Processing Timeline

  • Initial acknowledgment within 5 business days
  • Complete response within 30 days (may extend to 60 days for complex requests)
  • Regular status updates for complex requests
  • No fee for reasonable requests (excessive requests may incur administrative costs)

Privacy Choices and Controls

Your Privacy Choices

You can manage non-essential cookies and similar technologies in our Cookie Preferences. We honor Global Privacy Control (GPC) signals where applicable. If we engage in activities that constitute "sale" or "sharing" under applicable law, you may opt out via Do Not Sell/Share My Personal Information.

Automated Decision-Making and Profiling

We do not make decisions with legal or similarly significant effects solely by automation. Where we use automation for ranking, recommendations, or safety, you may request human review, contest outcomes, or object as permitted by law.

Cross-Service Data Bridge

Cross-service data flows between community and talent features occur only with consent and are governed by our Data Bridge controls. You may withdraw consent at any time in your settings.

Related Documents

Version History

Version Date Summary
1.0 [DATE] Initial Privacy Policy
2.0 January 15, 2025 Enhanced AI transparency, sub-processor details, per-purpose retention, Data Bridge framework, regional supplements

Appendices

Appendix A: Cross-Service Data Bridge Framework

[Detailed technical specification of cross-service consent mechanisms, data flow controls, and user preference management]

Appendix B: Live Sub-Processor List

Real-Time Sub-Processor Directory: [URL to live-updated list]

This appendix maintains current information about all third-party processors including:

  • Company name and contact information
  • Processing purposes and data categories
  • Geographic processing locations
  • Data retention and deletion practices
  • Security certifications and safeguards
  • Training data usage policies (for AI providers)

Appendix C: Detailed Retention Schedule

[Complete retention table with legal basis, business justification, and user control options for each data category]

Last Updated: January 15, 2025
Document ID: privacy-policy-v2.0
Legal Team Contact: privacy@easihub.com