Privacy Policy

Privacy

How SHELTR-AI Protects Your Data and Privacy

Effective: January 25, 2025Last Updated: January 25, 2025
Privacy First

We collect only necessary data and use privacy-preserving technologies where possible.

AI Transparency

Clear disclosure of how AI systems use your data and make decisions affecting you.

Blockchain Balance

Transparency through blockchain while protecting personal information through careful design.

1. Introduction

SHELTR-AI Technologies Inc. ("Company", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our blockchain-based charitable giving platform ("Platform").

By using the Platform, you consent to the data practices described in this policy. If you do not agree with our data practices, please do not use the Platform.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

  • Identity Information: Name, email address, phone number, date of birth
  • Financial Information: Bank account details, payment information, transaction history
  • Verification Documents: Government-issued ID, proof of address, income verification
  • Biometric Data: Facial recognition data for identity verification (with consent)
  • Location Data: GPS coordinates for shelter proximity and service delivery
  • Communication Data: Messages, support tickets, feedback

2.2 Blockchain and Wallet Information

  • Wallet Addresses: Public blockchain addresses associated with your account
  • Transaction Data: On-chain transaction records (publicly visible on blockchain)
  • Token Holdings: SHELTR and SHELTR-S token balances and transaction history
  • Smart Contract Interactions: Records of contract executions and governance participation

2.3 Technical and Usage Data

  • Device Information: Device type, operating system, browser type, unique device identifiers
  • Usage Analytics: Pages visited, features used, time spent on platform, click patterns
  • Performance Data: Error logs, crash reports, system performance metrics
  • Cookies and Tracking: Session data, preferences, authentication tokens

2.4 AI and Machine Learning Data

  • Behavioral Patterns: User interaction patterns for personalization
  • Preference Data: Donation preferences, service interests, communication styles
  • Predictive Insights: Risk assessments, fraud detection indicators
  • Training Data: Anonymized data used to improve AI models

3. How We Use Your Information

3.1 Platform Operations

  • Facilitate donations and token transactions
  • Verify user identity and prevent fraud
  • Process payments and maintain financial records
  • Provide customer support and technical assistance
  • Maintain platform security and integrity

3.2 AI-Powered Services

  • Personalization: Customize user experience and recommendations
  • Matching Algorithms: Connect donors with appropriate recipients
  • Fraud Detection: Identify suspicious activities and prevent abuse
  • Impact Analytics: Measure and report on charitable impact
  • Automated Support: Provide AI-powered customer assistance

3.3 Compliance and Legal

  • Comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations
  • Meet tax reporting and financial compliance requirements
  • Respond to legal requests and court orders
  • Enforce Terms of Service and platform policies

4. AI System Data Practices

4.1 AI Decision Making

Our AI systems make decisions regarding:

  • Donor-Recipient Matching: Algorithms suggest optimal donation targets based on need, location, and donor preferences
  • Fraud Detection: Automated systems flag suspicious transactions for human review
  • Risk Assessment: AI evaluates transaction risk and applies appropriate security measures
  • Content Moderation: Automated systems review user-generated content for policy violations

4.2 AI Training and Improvement

  • We use aggregated, anonymized data to train and improve AI models
  • Personal data is never used directly in machine learning training without explicit consent
  • AI models are regularly audited for bias and fairness
  • Users can opt out of AI-based decision making where legally required

4.3 AI Transparency Rights

You have the right to:

  • Understand how AI systems affect your platform experience
  • Request human review of AI-driven decisions
  • Appeal automated decisions that significantly impact you
  • Access information about AI model logic (where technically feasible)

5. Blockchain and Transparency

5.1 On-Chain Data

Certain information is recorded permanently on the blockchain and cannot be deleted:

  • Transaction amounts and timestamps
  • Wallet addresses involved in transactions
  • Smart contract execution records
  • Token distribution and governance votes

5.2 Privacy-Preserving Techniques

  • Pseudonymization: Personal identifiers are replaced with cryptographic hashes
  • Data Minimization: Only essential data is recorded on-chain
  • Zero-Knowledge Proofs: Verify identity without revealing personal information (planned)
  • Encrypted Storage: Sensitive off-chain data is encrypted at rest and in transit

6. Information Sharing and Disclosure

6.1 Service Providers

We share information with trusted third-party service providers:

  • Cloud Infrastructure: Google Cloud Platform for hosting and data processing
  • Payment Processors: Visa and other payment networks for transaction processing
  • Identity Verification: KYC/AML service providers for compliance
  • Analytics Providers: Privacy-compliant analytics for platform improvement

6.2 Legal Requirements

We may disclose information when required by law:

  • Court orders and legal subpoenas
  • Government investigations and regulatory requests
  • Tax reporting and financial compliance
  • Emergency situations involving immediate danger

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the business transaction, subject to the same privacy protections.

7. Data Security

7.1 Technical Safeguards

  • Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
  • Access Controls: Role-based access with multi-factor authentication
  • Network Security: Firewalls, intrusion detection, and DDoS protection
  • Regular Audits: Security assessments and penetration testing
  • Incident Response: 24/7 monitoring and rapid response procedures

7.2 Organizational Safeguards

  • Employee privacy training and background checks
  • Principle of least privilege for data access
  • Regular security awareness programs
  • Vendor security assessments and contracts

8. Your Privacy Rights

8.1 Access and Control

You have the right to:

  • Access: Request copies of your personal information
  • Rectification: Correct inaccurate or incomplete data
  • Deletion: Request deletion of your data (subject to legal and blockchain limitations)
  • Portability: Export your data in a machine-readable format
  • Restriction: Limit how we process your information
  • Objection: Object to certain types of data processing

8.2 Blockchain Limitations

Note that data recorded on the blockchain cannot be deleted or modified. We minimize on-chain personal data to preserve your "right to be forgotten" where possible.

8.3 Exercising Your Rights

To exercise your privacy rights, contact us at privacy@sheltr-ai.com. We will respond within 30 days and may require identity verification.

9. International Data Transfers

The Platform operates globally, and your information may be transferred to and processed in countries other than your residence. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) for EU data transfers
  • Adequacy decisions where available
  • Privacy frameworks like EU-US Data Privacy Framework
  • Binding Corporate Rules for internal transfers

10. Data Retention

We retain personal information for as long as necessary to:

  • Provide platform services
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Maintain security and fraud prevention

Specific retention periods:

  • Account Data: Until account closure plus 7 years for financial records
  • Transaction Data: Permanently on blockchain, 10 years off-chain
  • Communications: 3 years for support tickets and correspondence
  • Analytics Data: 2 years in anonymized form

11. Children's Privacy

The Platform is not intended for users under 18. We do not knowingly collect personal information from children. If we become aware of such collection, we will take steps to delete the information.

12. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Authentication, security, and basic functionality
  • Analytics Cookies: Usage statistics and performance monitoring
  • Preference Cookies: Language, theme, and user settings
  • Marketing Cookies: Personalized content and advertisements (with consent)

You can control cookies through your browser settings, but disabling essential cookies may affect platform functionality.

13. Privacy by Design

SHELTR is built with privacy-by-design principles:

  • Data Minimization: Collect only necessary information
  • Purpose Limitation: Use data only for stated purposes
  • Privacy-Preserving Defaults: Most privacy-friendly settings by default
  • Transparency: Clear communication about data practices
  • User Control: Meaningful choices and consent mechanisms

14. Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable laws. Material changes will be communicated through:

  • Email notifications to registered users
  • Platform notifications and announcements
  • Website banners and alerts

The "Last Updated" date at the top of this policy indicates when changes were made.

15. Contact Information

For privacy-related questions, concerns, or requests, contact us:

  • Privacy Officer: privacy@sheltr-ai.com
  • Data Protection Officer: dpo@sheltr-ai.com
  • General Inquiries: hello@sheltr-ai.com
  • Address: SHELTR-AI Technologies Inc., Toronto, Ontario, Canada

16. Regulatory Compliance

This Privacy Policy is designed to comply with:

  • GDPR: European Union General Data Protection Regulation
  • CCPA: California Consumer Privacy Act
  • PIPEDA: Personal Information Protection and Electronic Documents Act (Canada)
  • SOX: Sarbanes-Oxley Act financial data requirements
  • PCI DSS: Payment Card Industry Data Security Standard

Your Privacy Matters

We are committed to protecting your privacy and being transparent about our data practices. If you have any questions or concerns about this Privacy Policy or our data handling practices, please don't hesitate to contact our Privacy Officer.