Privacy Policy

Effective Date: November 4, 2025

The National Information Exchange Agency ("NIEA," "we," "us," or "our") is committed to protecting your privacy and handling your personal information with the highest standards of care, transparency, and security. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your information when you use our mobile application, website, and related services (collectively, the "Platform"). By accessing or using the Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

1. Information We Collect

We collect information you provide directly, information generated through your use of the Platform, and information from third-party sources to deliver our services effectively.

1.1 Information You Provide

• Account Registration: Name, email address, username, password, professional background, skills, interests, and contribution areas.
• Profile Information: Profile images, biographical details, educational history, work experience, and other voluntary information you choose to share.
• Identity Verification: Government-issued identification documents, biometric data (when explicitly consented), and verification credentials for participation in NIEA programs including the Knowledge Exchange Platform and United Net Income (UNI) system.
• Communications: Messages, support requests, feedback, forum posts, and other content you submit through the Platform.
• Contribution Data: Knowledge contributions, educational content, skills assessments, project participation, and verified impact documentation recorded in the Bank of Human History & Interaction (BHHI).
• Financial Information: Payment methods, billing information, and transaction details for premium services (processed securely through third-party payment processors).

1.2 Information Collected Automatically

• Device Information: Device type, operating system, browser type, mobile device identifiers (IDFA, Android ID), IP address, and hardware model.
• Usage Data: Pages viewed, features accessed, time spent on the Platform, navigation paths, search queries, and interaction patterns.
• Location Information: Approximate location based on IP address; precise geolocation only if you grant explicit permission through device settings.
• Log Data: Access times, error logs, system activity, and performance metrics collected through AWS CloudWatch and other monitoring services.
• Cookies and Tracking Technologies: Session tokens, authentication cookies, analytics cookies, and local storage data to maintain your session and preferences.

1.3 Information from Third Parties

• OAuth Authentication: Profile information from Google Sign-In and Sign in with Apple when you choose to authenticate using these services.
• Verification Services: Identity verification data from authorized third-party verification providers.
• Analytics Providers: Aggregated usage statistics and performance metrics from third-party analytics services.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Platform Operations

• Create, maintain, and authenticate your account across mobile and web platforms
• Provide access to the Knowledge Exchange Platform, BHHI, and UNI systems
• Process and verify your identity for participation in verified programs
• Enable secure information exchange and contribution tracking
• Calculate and distribute United Net Income based on verified contributions
• Facilitate communication between users and NIEA representatives

2.2 Personalization and Improvement

• Customize your experience based on your role, membership level, and interests
• Provide relevant opportunities, resources, and community connections
• Analyze usage patterns to improve Platform functionality and user experience
• Develop new features and services aligned with user needs
• Conduct research on the Envalumental Economy and economic impact of verified contributions

2.3 Communications

• Send transactional emails (account verification, password resets, security alerts)
• Provide customer support and respond to your inquiries
• Deliver notifications about Platform updates, new features, and policy changes
• Send promotional communications about NIEA programs (with your consent; opt-out available)
• Notify you of new opportunities, community events, and UNI distributions

2.4 Security and Compliance

• Detect, prevent, and respond to fraud, abuse, security incidents, and illegal activity
• Verify identity and eligibility for participation in verified programs
• Enforce our Terms of Service and other policies
• Comply with legal obligations, court orders, and governmental requests
• Protect the rights, property, and safety of NIEA, our users, and the public

2.5 Analytics and Research

• Generate aggregated statistics and reports (anonymized and de-identified)
• Measure the economic impact of the Envalumental Economy
• Conduct research to support NIEA's mission as a public utility
• Share anonymized insights to demonstrate the value of verified contribution systems

3. Legal Basis for Processing (GDPR & International Users)

For users in the European Economic Area, United Kingdom, and other jurisdictions with comprehensive data protection laws, we process your personal information based on the following legal grounds:

• Consent: You have given explicit consent for specific processing activities (e.g., marketing communications, precise location tracking).
• Contract Performance: Processing is necessary to provide the services you requested and fulfill our Terms of Service.
• Legal Obligation: Processing is required to comply with applicable laws, regulations, and legal processes.
• Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., security, fraud prevention, Platform improvement) and does not override your fundamental rights and freedoms.

4. How We Share Your Information

We do NOT sell your personal information to third parties. We share your information only in the following circumstances:

4.1 Service Providers and Business Partners

We engage trusted third-party service providers to assist in Platform operations. These providers are contractually obligated to maintain confidentiality and security:

• Amazon Web Services (AWS): Cloud infrastructure, data storage (S3, DynamoDB), computing services (Lambda), and content delivery (CloudFront)
• Authentication Services: Google OAuth, Sign in with Apple for secure authentication
• OpenAI: AI-powered chat and knowledge assistance (content is processed but not used for model training)
• Analytics Providers: Usage analytics and performance monitoring (anonymized data only)
• Communication Services: Email delivery, push notifications, and customer support tools
• Payment Processors: Secure processing of financial transactions for premium services
• Identity Verification Providers: Third-party verification services for secure identity confirmation

4.2 Legal Requirements and Protection

We may disclose your information when required or permitted by law:

• To comply with legal obligations, court orders, subpoenas, or governmental requests
• To enforce our Terms of Service and other policies
• To protect the rights, property, safety, and security of NIEA, our users, and the public
• To prevent or investigate potential fraud, security incidents, or illegal activity
• To respond to emergency situations involving imminent harm

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of the transaction. We will provide notice and ensure continued protection under this Privacy Policy or a substantially similar policy.

4.4 Aggregated and De-Identified Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. This includes statistical reports, research findings, and economic impact studies related to the Envalumental Economy and NIEA's public utility mission.

4.5 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing, such as connecting your account with partner organizations or participating in collaborative programs.

5. Data Security

We implement comprehensive administrative, technical, and physical security measures to protect your personal information:

5.1 Technical Safeguards

• Encryption: Data in transit encrypted using TLS 1.2+ (HTTPS); data at rest encrypted using AES-256 encryption
• Authentication: Secure JWT token-based authentication with bcrypt password hashing (12+ rounds)
• Access Controls: Role-based access controls (RBAC) limiting data access to authorized personnel and systems
• Infrastructure Security: AWS security features including VPC isolation, security groups, IAM policies, and CloudWatch monitoring
• Application Security: Regular security audits, vulnerability scanning, and penetration testing
• Data Segregation: Separate storage for sensitive identity verification data with enhanced security controls

5.2 Organizational Safeguards

• Strict internal policies limiting employee access to personal information on a need-to-know basis
• Confidentiality agreements and security training for all personnel with data access
• Incident response procedures for security breaches and data incidents
• Regular review and updating of security policies and practices

While we implement industry-leading security measures, no system is completely secure. We cannot guarantee absolute security but are committed to continuous improvement and prompt response to any security incidents.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

6.1 Retention Periods

• Active Accounts: Retained for the duration of your account plus reasonable time for backup and archival purposes
• Deleted Accounts: Most personal information deleted within 90 days of account deletion request; some data retained longer for legal compliance (financial records, legal obligations)
• Identity Verification Records: Retained for up to 7 years to comply with identity verification regulations and prevent fraud
• Transaction Records: Financial and UNI distribution records retained for up to 7 years for tax and accounting compliance
• Communication Records: Support requests and communications retained for up to 3 years for quality assurance and dispute resolution
• BHHI Contributions: Verified contribution records may be retained indefinitely as part of the permanent historical record, but can be anonymized upon request
• Log Data: System logs and usage data retained for up to 90 days unless needed for security investigation or legal compliance

6.2 Deletion and Anonymization

Upon account deletion or expiration of retention periods, we securely delete or anonymize your personal information using industry-standard data destruction methods. Anonymized data may be retained indefinitely for research and statistical purposes.

7. Your Rights and Choices

You have significant rights regarding your personal information. We respect and facilitate the exercise of these rights.

7.1 Access and Portability

• Request a copy of the personal information we hold about you
• Receive your data in a structured, machine-readable format (data portability)
• Access your account information directly through Platform settings

7.2 Correction and Update

• Update your profile information, preferences, and settings at any time
• Request correction of inaccurate or incomplete personal information
• Edit your skills, interests, and contribution areas through your account

7.3 Deletion and Erasure

• Request deletion of your account and associated personal information
• Request anonymization of BHHI contribution records (permanent deletion not available for verified historical records)
• Note: Some information may be retained as required by law or legitimate business purposes (e.g., financial records, fraud prevention)

7.4 Consent Withdrawal and Objection

• Withdraw consent for specific data processing activities (may limit Platform functionality)
• Object to processing based on legitimate interests
• Opt out of marketing communications while continuing to receive essential service communications

7.5 Communication Preferences

• Manage email notification preferences in your account settings
• Opt out of promotional emails using the unsubscribe link in each message
• Control push notification permissions through your device settings
• Note: You cannot opt out of essential transactional communications (security alerts, account verification, legal notices)

7.6 Cookie and Tracking Controls

• Manage cookie preferences through browser settings
• Disable location tracking through device settings
• Opt out of analytics tracking (may affect Platform personalization)

7.7 Exercising Your Rights

To exercise these rights, contact us at us@theniea.com or call (469) 340-7568. We will respond within 30 days (45 days for complex requests). We may require identity verification to protect your privacy.

For users in the EU/EEA/UK, you have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

8. Children's Privacy

The NIEA Platform is not directed to children under 13 years of age, and we do not knowingly collect personal information from children under 13. The Platform complies with the Children's Online Privacy Protection Act (COPPA).

If you are under 18, you may use the Platform only with the involvement, supervision, and approval of a parent or legal guardian. Some NIEA programs, including identity verification and UNI participation, require users to be 18 or older.

If we become aware that we have collected personal information from a child under 13 without proper parental consent, we will take immediate steps to delete that information. If you believe a child has provided us with personal information, please contact us at us@theniea.com.

9. International Data Transfers

NIEA is based in the United States, and your information will be processed, stored, and accessed in the United States where our primary infrastructure (AWS US-East-2 region) is located. If you access the Platform from outside the United States, your information will be transferred to the United States.

We comply with applicable international data protection laws, including the GDPR for European users. When transferring data internationally, we implement appropriate safeguards such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data processing agreements with third-party providers requiring adequate data protection
• Encryption and security measures exceeding international standards
• Compliance with Privacy Shield principles (where applicable)

10. Third-Party Links and Services

The Platform may contain links to third-party websites, applications, and services that are not operated by NIEA. We are not responsible for the privacy practices, content, or security of these third parties.

When you interact with third-party services (e.g., Google OAuth, Sign in with Apple, external resources), their privacy policies and terms govern your use. We encourage you to review the privacy policies of any third-party services before providing your personal information.

11. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of personal information collected, used, and shared
• Right to Delete: Request deletion of personal information (subject to legal exceptions)
• Right to Opt-Out: We do not sell personal information, so no opt-out is necessary
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit: Limit use of sensitive personal information (identity verification data is used only for stated purposes)

To exercise these rights, contact us at us@theniea.com or call (469) 340-7568. We do not charge fees for CCPA/CPRA requests and will respond within 45 days.

12. Nevada Privacy Rights

Nevada residents may opt out of the sale of certain personal information. NIEA does not sell personal information as defined under Nevada law. If our practices change, we will update this Privacy Policy and provide Nevada residents with appropriate opt-out mechanisms.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated Privacy Policy on this page with a revised "Effective Date"
• Sending email notification to your registered email address
• Displaying a prominent notice within the Platform
• For significant changes affecting your rights, requesting your consent where required by law

Your continued use of the Platform after the effective date of changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

14. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

We are committed to resolving privacy concerns promptly and transparently. Most inquiries are answered within 2 business days, with formal rights requests responded to within 30 days.