DIREKT Privacy Model¶
Principles¶
Purpose limitation, minimization, transparency, user control, precision minimization, retention and accountable access.
Data subjects¶
Customers, provider representatives/members, field agents, operations staff and people mentioned in reports/evidence.
Purposes¶
Account/security, provider verification, discovery, interaction, support/safety, subscription, legal compliance and product reliability. Marketing is separate consent/purpose.
Location¶
- customer current location used transiently for search;
- manual area available;
- provider service area may be public;
- exact private provider base/visit data restricted;
- public premises requires consent and suitability;
- analytics uses coarse geography.
Evidence¶
Only reviewers/authorized staff see necessary evidence. Public users see derived claims. Evidence is not used for advertising or unrelated AI training.
Rights operations¶
Access, correction, deletion/retention restriction and consent withdrawal processes must be defined with legal review and authenticated handling.
Vendors¶
Maintain subprocessor/integration register, data shared, location/retention, contracts and deletion process.
Policy versioning¶
Record accepted terms/privacy version, language, time and lawful basis/consent where applicable.
Phase 9 commercial privacy boundary¶
Commercial storage and projections exclude payment credentials, account/PIN/card values, raw webhook bodies, interaction contact values, handoff consent, private evidence, storage object keys and trust-review rationale. Webhooks persist bounded metadata and fingerprints only. Android recovery stores opaque request/invoice identifiers, integer minor-unit amount, currency, revision and safe state/error metadata. The operations portal consumes the versioned backend API only. Commercial status cannot alter trust, publication, ranking, reviews, complaints, appeals or incidents.