Via Hive – Cookie & Data Retention Policy (VH-CDR-2025-R3)

Effective Date: October 2025 Next Review: October 2026
Jurisdiction: United States (Florida HQ) + Global Equivalents (GDPR, CCPA, PIPEDA, LGPD, PDPA)
Document ID: VH-CDR-2025-R3

1 · Purpose & Authority

This Policy explains how Via The Hive LLC (“Via Hive,” “we,” “us,” or “our”) collects, stores, and manages cookies, SDK identifiers, pixels, telemetry beacons, and similar technologies, and how long personal and system data are retained.
It is governed by and incorporated into the Via Hive Legal Overview (VH-LO-2025-R8) and Privacy Policy (VH-PP-2025-R18).
Geolocation and marketing-preference cookies are processed only after explicit user consent under Privacy Policy § 2.1 (Location & Marketing Consent).

2 · Scope of Application

Applies to all Via Hive platforms (Hive Client App, Hive Provider App, via-hive.com, admin and nation dashboards) and to all third-party integrations (Stripe, AWS, Checkr, Google, Meta SDKs, Mailgun, Zoho).
Coverage extends to users and partners in the U.S., EU/EEA, U.K., Canada, Brazil, Singapore, Australia, and any other active market.

3 · Legal Basis for Processing

Processing relies on Contractual Necessity, Legitimate Interest, Consent, and Legal Obligation consistent with FTC, GDPR, CCPA, LGPD, and PDPA standards.
Location and marketing tracking technologies operate solely on the basis of user consent and can be withdrawn at any time.

4 · Types of Cookies & Tracking Technologies

Category	Description	Typical Retention
Essential	Login, session, escrow, security.	Session / 30 days
Performance & Analytics	Aggregated traffic, crash logs, conversion rates.	24 months
Preference	Language, theme, region.	12 months
Advertising & Marketing	Campaign measurement (Meta, Google Ads).	6–18 months
Geolocation Cookies	Enable map positioning and proximity features after Location Consent.	Until withdrawn or account deletion + 30 days
Security Tokens / Device IDs	Fraud detection & multi-device auth.	36 months or until account closure
AI Interaction Logs	Smart matching & moderation training.	12 months then anonymized

Note: This policy also applies to SDK identifiers and telemetry signals that behave like cookies.

5 · Consent Management & User Controls

On first use, users see a banner with “Accept All,” “Reject Non-Essential,” and “Customize.”
Preferences can be changed anytime under Settings → Privacy & Cookies → Privacy & Notifications Dashboard.
Withdrawal does not retroactively affect lawful processing.
Geolocation and marketing cookies are disabled within 24 hours of revocation and deleted within 30 days.
No non-essential tracking for children under 13 (COPPA compliant).

6 · Data Categories & Retention Periods

Data Category	Purpose	Retention	Legal Basis
User Account Data	Identification & support	Until closure + 3 yrs	Contract
Financial & Transaction Records	Escrow & tax audits	7 yrs	Legal Obligation
GPS & Shift Logs	Work verification	24 months then aggregated	Legitimate Interest
Chat & Media History	Dispute resolution	36 months then deleted	Contract
Device Identifiers & Security Logs	Fraud control	24 months	Legitimate Interest
AI Training Data	AI optimization	12 months then aggregated	Legitimate Interest / Consent
Marketing Subscription Data	Offers & newsletters	Until unsubscribe + 30 days	Consent
Location & Telemetry Data	Nearby services & safety features	Until withdrawn or account deletion + 30 days	Consent

Retention Schedule Review: All periods are reviewed annually by the Data Protection Officer.

7 · Employee & Contractor Data

Processed under the same privacy and retention standards as user data, except where labor law requires different timeframes.

8 · Cross-Border Data Transfers

Handled via Standard Contractual Clauses (EU), UK IDTA, PIPEDA, LGPD Arts 33-35, and PDPA safeguards.

9 · Data Deletion, Access & Portability

Requests via [email protected] or /legal/privacy-request → fulfilled within 30–45 days per GDPR Art 12 / CCPA §1798.130.

10 · Third-Party Processors

(Identical to R1; vendors bound by DPAs and annual audits.)

11 · Security & Data Integrity

AES-256 encryption, TLS 1.3, RBAC, MFA, daily backups, 90-day disaster recovery, and AI-based intrusion alerts.

12 · Data Breach Response Protocol

Contain → Notify within 72 h → Remediate within 7 days → File risk register.

13 · Automated Decision Making & Profiling

AI recommendations never fully automated; human oversight available on request.

14 · International Law Alignment

(Matrix identical to R1; global frameworks covered.)

15 · Metadata & Structured Data Disclosure

Via Hive publishes a machine-readable JSON-LD metadata schema identifying this policy as a Cookie / Privacy document for search-engine and app-store compliance.

16 · Updates & Version Control

Tracked in the Via Hive Legal Change Log (via-hive.com/legal).
Current Version: VH-CDR-2025-R3.

17 · Contact Information

Data Protection Officer → [email protected] 📍 Miami-Dade County FL 33131 USA
EU/UK Representative → Designated under GDPR Art 27 (available via same email).

18 · Certification Statement

This Policy forms part of the Via Hive Legal Framework (VH-LO-2025-R8) and is binding on all users, providers, employees, and affiliates world-wide.
Authorized Signatory: _______________________
Title: Chief Executive Officer, Via The Hive LLC