DIREKT Privacy Model

Principles

Purpose limitation, minimization, transparency, user control, precision minimization, retention and accountable access.

Data subjects

Customers, provider representatives/members, field agents, operations staff and people mentioned in reports/evidence.

Purposes

Account/security, provider verification, discovery, interaction, support/safety, subscription, legal compliance and product reliability. Marketing is separate consent/purpose.

Location

  • customer current location used transiently for search;
  • manual area available;
  • provider service area may be public;
  • exact private provider base/visit data restricted;
  • public premises requires consent and suitability;
  • analytics uses coarse geography.

Evidence

Only reviewers/authorized staff see necessary evidence. Public users see derived claims. Evidence is not used for advertising or unrelated AI training.

Rights operations

Access, correction, deletion/retention restriction and consent withdrawal processes must be defined with legal review and authenticated handling.

Vendors

Maintain subprocessor/integration register, data shared, location/retention, contracts and deletion process.

Policy versioning

Record accepted terms/privacy version, language, time and lawful basis/consent where applicable.

Phase 9 commercial privacy boundary

Commercial storage and projections exclude payment credentials, account/PIN/card values, raw webhook bodies, interaction contact values, handoff consent, private evidence, storage object keys and trust-review rationale. Webhooks persist bounded metadata and fingerprints only. Android recovery stores opaque request/invoice identifiers, integer minor-unit amount, currency, revision and safe state/error metadata. The operations portal consumes the versioned backend API only. Commercial status cannot alter trust, publication, ranking, reviews, complaints, appeals or incidents.