Via Hive — Global Privacy Policy
Document ID: VH-PP-2025-R18
Version Title: Quantum Privacy Layer Edition
Effective Date: October 26 2025 Next Review: October 2027
Jurisdiction: Miami-Dade County (Florida USA) Global Compliance: GDPR · CPRA · DSA · LGPD · PIPEDA · PDPA · POPIA · ISO 27701 · ISO 31700 · ISO 42001 · SOC 2 Type II · Quantum Readiness
1 · Scope & Acceptance
Applies to Clients, Providers, Visitors, Administrators, Affiliates, and Employees of Via The Hive LLC (“Via Hive,” “we,” “us,” “our”).
By accessing or using any Via Hive service, you agree to this Policy and all referenced legal documents in the Via Hive Legal Overview (VH-LO-2025-R7).
Via Hive acts as Data Controller and, where appropriate, Data Processor.
1.1 · Biometrics / KYC & Background Verification (Providers Only)
Data Collected: facial image templates, government ID documents, Social Security Number (SSN), Employer Identification Number (EIN), business license data, bank account holder information, and address records.
Purpose: identity verification, fraud prevention, licensing validation, background screening, and secure payout authorization.
Vendors: Checkr (Background & Criminal Screening) · Stripe (KYC & Payout Verification) · AWS (Secure Storage).
Process:
-
Providers submit SSN and ID for Checkr screening.
-
EIN and licenses validated against state databases.
-
Stripe verifies bank ownership and name match before fund release.
-
Facial scan confirms identity against government ID.
Legal Basis: Contract performance + Legitimate Interest (fraud prevention) + Explicit Consent (biometrics).
Retention: Biometric templates ≤ 30 days post-verification; background reports 5 yrs; KYC/payout records 7 yrs.
Opt-Out: Declining verification disables Provider features.
Compliance: GDPR Art 6(1)(b,f) · CPRA §1798.100 · NIST SP800-63 · ISO 27701 §7.4.
2 · Notice at Collection
We collect identifiers, professional, financial, biometric, device, usage, and communication data only as necessary to deliver and secure the platform.
2.1 · Location & Marketing Consent
If you provide consent during registration or within your account settings, Via Hive may collect:
-
Location data — to recommend nearby providers, show live service status, and comply with jurisdictional safety features.
-
Marketing contact preferences — to send limited promotional updates, service announcements, and offers.
You can withdraw either consent at any time through the app’s Privacy & Notifications Settings or by emailing [email protected].
Declining these consents does not affect your ability to use essential Via Hive services.
3 · Data Residency
Primary AWS regions: us-east-1 · us-west-2 · eu-central-1.
All storage AES-256 encrypted · cross-zone replicated · no off-jurisdiction storage.
4 · Legal Bases & Retention Matrix
Location data and marketing communications are processed only on the basis of user consent under GDPR Art 6(1)(a) and equivalent international provisions. Revocation automatically disables associated processing within 24 hours.
5 · Joint Controller Disclosure
Via Hive, Stripe Inc. (payments) and Checkr Inc. (screening) act as Joint Controllers under GDPR Art 26.
6 · Cross-Border Transfers & Safeguards
Standard Contractual Clauses (EU) · UK IDTA · LGPD Arts 33-35.
Annual Data Transfer Impact Assessment (DTIA).
All vendors ISO 27001 + SOC 2 Type II audited.
7 · Data Retention Policy
Location & Marketing Data: Retained until the user revokes consent or deletes the account, whichever occurs first. Upon revocation, data is permanently deleted within 30 days.
8 · Automated Decision-Making & AI Explainability
AI assists with matching and fraud checks under human supervision.
Manual review available on request; algorithms audited for bias and explainability (EU AI Act Arts 13-15).
9 · Algorithmic Impact Assessment
Public summary → /legal/aia-summary.pdf
10 · Cookies & Telemetry
Essential cookies without consent. Analytics/ads require opt-in.
Full Cookie Policy → /legal/cookies
“Geolocation cookies and telemetry are activated only after explicit Location Consent under Section 2.1.”
11 · Security Controls
AES-256 · TLS 1.3 · MFA · RBAC · Zero-Trust · Pen Tests ×2/yr · SOC 2 Type II verified.
12 · Breach Response
Contain → Notify ≤ 72 h → Remediate ≤ 7 days.
Annual report → /legal/security-report
13 · User Rights & Requests
Access · Correction · Deletion · Portability · Restriction · Consent Management.
Users may exercise all privacy rights—including the right to withdraw Marketing or Location consent—through the in-app Privacy & Notifications Dashboard or via /legal/privacy-request (verified by MFA + ID).
Upon verified request, Via Hive will respond within 30 days (extendable once for complex cases under GDPR Art 12 §3).
Withdrawal of consent automatically disables related processing (e.g., geolocation or marketing communications) within 24 hours and triggers permanent deletion of associated data under Section 7.
These rights apply equally to Clients, Providers, and Visitors world-wide subject to local law.
14 · Accessibility
ADA / WCAG 2.2 AA compliant. Alternate formats → /legal/accessibility
15 · Sub-Processor Notice
30-day email notice before vendor changes. Current list → /legal/sub-processors
16 · RoPA & DPIA Summaries
RoPA Index → /legal/ropa-index · DPIA → /legal/dpia-summary.pdf
17 · Human Rights & Ethics
Aligned with UN Guiding Principles · ILO Standards. Reports → [email protected]
18 · Cyber-Insurance
$5 million A-rated cyber liability coverage.
19 · ESG & Vendor Sustainability
20 · Supervisory Contacts
EU – CNIL · UK – ICO · CA – OPC · US – CPPA (linked in portal).
21 · Certification & Audit
ISO 27701 (Privacy Mgmt) · ISO 42001 (AI Gov) · SOC 2 Type II. Next audit Q3 2026.
22 · Transparency Reports
Security → /legal/security-report · ESG → /legal/esg-report · Human Rights → /legal/human-rights
23 · AI Governance Framework
Quarterly bias audits · Human-in-loop oversight · Incident review ≤ 48 h · Public AI Ethics → /legal/ai-ethics
24 · Data Protection Officer (DPO)
Privacy Lead → [email protected]
25 · Audit Register
Audit log → /legal/audit-register · Retained 5 yrs · Quarterly review by CISO + DPO.
26 · AI Incident Portal
Public AI incident reporting → /legal/ai-incident-report · Triaged ≤ 48 h · Summarized quarterly.
27 · Data Protection Impact Assessment Index
Lists high-risk activities (KYC, Biometrics, AI, Geolocation). → /legal/dpia-index
28 · Data Subject Verification Framework
ID check + device auth + activity challenge → /legal/data-request-verification
This verification framework also applies to requests involving geolocation data and marketing preference records collected under user consent in Sections 2.1 and 4.
29 · AI Model Version Registry
Tracks dataset, bias report & explainability summary → /legal/ai-model-registry
30 · Privacy Governance Board Report
Quarterly executive oversight · Annual public report → /legal/privacy-governance-report
31 · Quantum Privacy & Blockchain Audit Layer
Zero-Knowledge Consent Ledger (ZKCL) with quantum-safe hashes (SHA-512/512 + QRNG).
Summary → /legal/zk-consent-ledger-summary.pdf
32 · Predictive Data Integrity Monitoring
AI agents monitor log integrity and flag anomalies within 5 min to SOC + DPO dashboard.
33 · Future-Proof Compliance Roadmap
Align with ISO 42006 (AI Ethical Auditing) · OECD AI Principles 2027 · Quantum risk assessment annually.
34 · Public Transparency Dashboard
Live metrics on data requests, breaches, AI bias → /transparency (auto-updates 24 h).
35 · Version Control & Change Log
All releases R1 → R18 archived → /legal/version-control · Material updates announced via email + in-app.