Privacy Policy
Last updated · 2026-05-19 · v0.1 (stub — counsel-reviewed version publishes before GA)
1. What we collect
Account information (name, email), authentication metadata, and, for founders who proceed past intake, identity-verification documents processed by our KYC sub-processor.
2. How we use it
To operate the Platform, comply with KYC/AML obligations, surface approval requests, and produce the audit log.
3. Sub-processors
Listed on our /trust page. 30-day notice before adding new sub-processors.
4. Your rights
Access, rectification, erasure, portability, restriction, and objection rights under GDPR / UK-GDPR. CCPA/CPRA rights for California residents. Email privacy@0h1bai.co to exercise.
5. International transfers
Standard Contractual Clauses (SCCs) for data leaving the EEA / UK.
6. Retention
Account data while your account is active + 12 months. Audit logs retained 7 years per regulatory expectation. KYC documents per the sub-processor's policy and applicable retention rules.
v0.1 stub — counsel-reviewed version publishes before GA.