Via Hive LogoVia Hive
COMPANY

Privacy Policy

Last Updated: October 26, 2025
COMPANY

Via Hive — Global Privacy Policy

Document ID: VH-PP-2025-R17
 Version Title: Quantum Privacy Layer Edition
 Effective Date: October 26 2025  Next Review: October 2027
 Jurisdiction: Miami-Dade County (Florida USA)  Global Compliance: GDPR · CPRA · DSA · LGPD · PIPEDA · PDPA · POPIA · ISO 27701 · ISO 31700 · ISO 42001 · SOC 2 Type II · Quantum Readiness

1 · Scope & Acceptance

Applies to Clients, Providers, Visitors, Administrators, Affiliates, and Employees of Via The Hive LLC (“Via Hive,” “we,” “us,” “our”).
  By accessing or using any Via Hive service, you agree to this Policy and all referenced legal documents in the Via Hive Legal Overview (VH-LO-2025-R7).
  Via Hive acts as Data Controller and, where appropriate, Data Processor.

1.1 · Biometrics / KYC & Background Verification (Providers Only)

Data Collected: facial image templates, government ID documents, Social Security Number (SSN), Employer Identification Number (EIN), business license data, bank account holder information, and address records.
 Purpose: identity verification, fraud prevention, licensing validation, background screening, and secure payout authorization.
 Vendors: Checkr (Background & Criminal Screening) · Stripe (KYC & Payout Verification) · AWS (Secure Storage).
 Process:

  • Providers submit SSN and ID for Checkr screening.

  • EIN and licenses validated against state databases.

  • Stripe verifies bank ownership and name match before fund release.

  • Facial scan confirms identity against government ID.
         Legal Basis: Contract performance + Legitimate Interest (fraud prevention) + Explicit Consent (biometrics).
         Retention: Biometric templates ≤ 30 days post-verification; background reports 5 yrs; KYC/payout records 7 yrs.
         Opt-Out: Declining verification disables Provider features.
         Compliance: GDPR Art 6(1)(b,f) · CPRA §1798.100 · NIST SP800-63 · ISO 27701 §7.4.

2 · Notice at Collection

We collect identifiers, professional, financial, biometric, device, usage, and communication data only as necessary to deliver and secure the platform.

3 · Data Residency

Primary AWS regions: us-east-1 · us-west-2 · eu-central-1.
  All storage AES-256 encrypted · cross-zone replicated · no off-jurisdiction storage.

4 · Legal Bases & Retention Matrix

Processing Activity

Lawful Basis

Retention

Account & Verification

Contract

Account + 3 yrs

Payments & Tax

Legal Obligation

7 yrs

Safety & Fraud

Legitimate Interest

24 mo

Marketing / Cookies

Consent

Until withdrawn

AI Training / Testing

Legitimate Interest + Consent

≤ 12 mo (anonymized)

5 · Joint Controller Disclosure

Via Hive, Stripe Inc. (payments) and Checkr Inc. (screening) act as Joint Controllers under GDPR Art 26.

6 · Cross-Border Transfers & Safeguards

Standard Contractual Clauses (EU) · UK IDTA · LGPD Arts 33-35.
  Annual Data Transfer Impact Assessment (DTIA).
  All vendors ISO 27001 + SOC 2 Type II audited.

7 · Data Retention Policy

Category

Retention

Disposal

Identity / Professional

Account + 3 yrs

Delete

Financial / Tax

7 yrs

Archive → Delete

GPS / Shift Logs

24 mo

Aggregate

Chat / Media

36 mo

Delete

Background Reports

5 yrs

Delete

AI Training

≤ 12 mo

Anonymize

8 · Automated Decision-Making & AI Explainability

AI assists with matching and fraud checks under human supervision.
  Manual review available on request; algorithms audited for bias and explainability (EU AI Act Arts 13-15).

9 · Algorithmic Impact Assessment

Public summary → /legal/aia-summary.pdf

10 · Cookies & Telemetry

Essential cookies without consent. Analytics/ads require opt-in.
  Full Cookie Policy → /legal/cookies

11 · Security Controls

AES-256 · TLS 1.3 · MFA · RBAC · Zero-Trust · Pen Tests ×2/yr · SOC 2 Type II verified.

12 · Breach Response

Contain → Notify ≤ 72 h → Remediate ≤ 7 days.
  Annual report → /legal/security-report

13 · User Rights & Requests

Access · Correction · Deletion · Portability · Restriction.
  Submit via app or /legal/privacy-request (verified by MFA + ID).

14 · Accessibility

ADA / WCAG 2.2 AA compliant. Alternate formats → /legal/accessibility

15 · Sub-Processor Notice

30-day email notice before vendor changes. Current list → /legal/sub-processors

16 · RoPA & DPIA Summaries

RoPA Index → /legal/ropa-index · DPIA → /legal/dpia-summary.pdf

17 · Human Rights & Ethics

Aligned with UN Guiding Principles · ILO Standards. Reports → [email protected]

18 · Cyber-Insurance

$5 million A-rated cyber liability coverage.

19 · ESG & Vendor Sustainability

Vendor

ESG Score 2025

Scope 3 Offset

AWS

AA (Carbon Neutral)

100 %

Stripe

A

90 %

Checkr

A-

80 %

Zoho

A

95 %

20 · Supervisory Contacts

EU – CNIL · UK – ICO · CA – OPC · US – CPPA (linked in portal).

21 · Certification & Audit

ISO 27701 (Privacy Mgmt) · ISO 42001 (AI Gov) · SOC 2 Type II. Next audit Q3 2026.

22 · Transparency Reports

Security → /legal/security-report · ESG → /legal/esg-report · Human Rights → /legal/human-rights

23 · AI Governance Framework

Quarterly bias audits · Human-in-loop oversight · Incident review ≤ 48 h · Public AI Ethics → /legal/ai-ethics

24 · Data Protection Officer (DPO)

Privacy Lead → [email protected]

25 · Audit Register

Audit log → /legal/audit-register · Retained 5 yrs · Quarterly review by CISO + DPO.

26 · AI Incident Portal

Public AI incident reporting → /legal/ai-incident-report · Triaged ≤ 48 h · Summarized quarterly.

27 · Data Protection Impact Assessment Index

Lists high-risk activities (KYC, Biometrics, AI, Geolocation). → /legal/dpia-index

28 · Data Subject Verification Framework

ID check + device auth + activity challenge → /legal/data-request-verification

29 · AI Model Version Registry

Tracks dataset, bias report & explainability summary → /legal/ai-model-registry

30 · Privacy Governance Board Report

Quarterly executive oversight · Annual public report → /legal/privacy-governance-report

31 · Quantum Privacy & Blockchain Audit Layer

Zero-Knowledge Consent Ledger (ZKCL) with quantum-safe hashes (SHA-512/512 + QRNG).
  Summary → /legal/zk-consent-ledger-summary.pdf

32 · Predictive Data Integrity Monitoring

AI agents monitor log integrity and flag anomalies within 5 min to SOC + DPO dashboard.

33 · Future-Proof Compliance Roadmap

Align with ISO 42006 (AI Ethical Auditing) · OECD AI Principles 2027 · Quantum risk assessment annually.

34 · Public Transparency Dashboard

Live metrics on data requests, breaches, AI bias → /transparency (auto-updates 24 h).

35 · Version Control & Change Log

All releases R1 → R17 archived → /legal/version-control · Material updates announced via email + in-app.

 

© 2025 Via Hive. All rights reserved.
AccessibilitySitemap