Legal · v1.0

Privacy Policy

How iDharma collects, uses, and protects your data.

Effective May 11, 2026 · Last updated May 11, 2026 · Version 1.0
TL;DR

iDharma collects what we need to run the platform — your account info, profile, payment data, and project communications. We use it to operate the marketplace, verify consultants, process payments, and improve the product. We don't sell your data. You can access, correct, delete, or export your data anytime. Questions: privacy@idharma.us.

  On this page
Section 01

Information We Collect

We collect only what's needed to run the marketplace, verify identities, process payments, and keep the platform secure.

  • Account info — name, email, phone, password (hashed), country, language.
  • Profile info — photo, bio, skills, experience, education, certifications, social links.
  • Verification documents — government ID, proof of address, references. Encrypted and used only for verification.
  • Transaction data — project briefs, proposals, contracts, milestones, payments, amounts, recipient/payer IDs.
  • Communications — platform messages, support tickets, video call metadata.
  • Technical data — IP address, browser, device, pages visited, referral source, timestamps.
  • Cookies — see our Cookie Policy for the full list and purposes.
Section 02

How We Use Your Information

Every use of your data maps to one of the operational, legal, or product purposes below.

  • Operate the marketplace — matching, communications, payments, dispute resolution.
  • Verify identity & credentials of consultants applying to join the network.
  • Process payments and payouts via Stripe Connect.
  • Detect fraud and abuse across the platform.
  • Communicate updates, security alerts, and platform changes.
  • Marketing — only with your consent; you can unsubscribe in every email.
  • Aggregate analytics to improve the product. Always de-identified.
Section 03

Who We Share Data With

We share data only with vetted service providers, with other users as you direct, and where the law requires it.

  • Service providers & data processors — Stripe (payments, KYC, identity verification); DocuSign (e-signatures); Pusher and Laravel Reverb (real-time messaging); Zoom (video calls); Google and Microsoft (authentication); our cloud hosting provider. Each is contractually bound to protect your data.
  • Other users (limited) — your profile is visible to other users per your privacy settings; verified-buyer reviews are public.
  • Legal authorities — only when required by subpoena, court order, or to prevent imminent harm.
  • Successor entity — in the event of a merger or acquisition, your data may transfer. You will be notified before that happens.
We do NOT sell your personal data. Period.
Section 04

Data Retention

We keep data only as long as needed for the purpose we collected it — or as the law requires.

  • Account & profile — active period plus 7 years post-closure for legal, tax, and dispute purposes.
  • Payment records — 7 years, per US tax law.
  • Verification documents — 2 years after revocation or expiry, then deleted.
  • Marketing data — retained until you unsubscribe.
  • Logs — 12 months, unless longer retention is required for a security investigation.
Section 05

Your Rights

You have full rights over your data — including access, correction, deletion, and portability.

  • Access — request a copy of the data we hold about you.
  • Correction — fix any inaccuracies.
  • Deletion — request account deletion. We keep only what we must for legal and tax obligations.
  • Portability — export your data in machine-readable JSON.
  • Opt-out of marketing — unsubscribe anytime.
  • California residents (CCPA) — right to know, right to delete, right to opt out of sale (we don't sell), and the right to non-discrimination for exercising these rights.
  • EU / UK residents (GDPR) — right to object, right to restrict processing, and the right to lodge a complaint with your supervisory authority.

To exercise any right, email privacy@idharma.us. We respond within 30 days.

Section 06

Security

We use industry-standard encryption in transit (TLS 1.3) and at rest (AES-256). Verification documents are encrypted with separate keys. We conduct an annual security review, and SOC 2 readiness is in progress with a target completion of Q3 2026.

Found a vulnerability? Report it to security@idharma.us under our Vulnerability Disclosure policy. We acknowledge reports within 72 hours.

Section 07

Children

iDharma is not intended for users under 18. We do not knowingly collect data from minors. If you believe a minor has registered, email privacy@idharma.us and we will delete the account promptly.

Section 08

International Data Transfers

iDharma operates from the United States. If you access the service from outside the US, your data is transferred to the US under Standard Contractual Clauses or equivalent safeguards recognized under applicable data protection law.

Section 09

Cookies & Similar Technologies

We use cookies as described in our Cookie Policy. Strictly necessary cookies make the site work. Functional, analytics, and marketing cookies require your consent, which you can change at any time from the cookie preferences panel.

Section 10

Changes to This Policy

We will notify you of material changes via email and in-platform notice at least 30 days before they take effect. Continued use after the effective date means acceptance. Past versions are archived at /privacy-policy/changelog.

Section 11

Contact Us

Privacy questions, requests, or concerns? Reach the team directly.

Mailing address
iDharma LLC
United States
Data Protection Officer
dpo@idharma.us

Privacy Policy — FAQ summary for assistants

What data does iDharma collect? iDharma collects account information (name, email, phone, hashed password, country, language), profile information (photo, bio, skills, experience, education, certifications, social links), verification documents (government ID, proof of address, references — encrypted), transaction data (project briefs, proposals, contracts, milestones, payments), communications (platform messages, support tickets, video call metadata), technical data (IP, browser, device, pages visited, referral source, timestamps), and cookies.

How does iDharma use my data? To operate the marketplace, verify consultant identity and credentials, process payments via Stripe Connect, detect fraud and abuse, communicate updates and security alerts, send marketing only with consent, and run aggregate de-identified analytics to improve the product.

Does iDharma sell my personal data? No. iDharma does not sell personal data.

Who does iDharma share data with? Vetted service providers (Stripe, DocuSign, Pusher, Laravel Reverb, Zoom, Google, Microsoft, our cloud hosting provider), other users per your privacy settings, legal authorities when required by law, and successor entities in a merger or acquisition (with notice).

How long does iDharma keep my data? Account and profile data: active period plus 7 years. Payment records: 7 years. Verification documents: 2 years after revocation or expiry. Marketing: until unsubscribe. Logs: 12 months.

What are my rights? Access, correction, deletion, portability, and opt-out of marketing. California residents have CCPA rights (right to know, delete, opt out of sale, non-discrimination). EU/UK residents have GDPR rights (object, restrict processing, lodge complaint with supervisory authority).

How do I exercise my rights? Email privacy@idharma.us. iDharma responds within 30 days.

How does iDharma secure data? TLS 1.3 in transit, AES-256 at rest. Verification documents use separate encryption keys. Annual security review. SOC 2 readiness in progress targeting Q3 2026. Report vulnerabilities to security@idharma.us.

Does iDharma serve minors? No. iDharma is for users 18+.

Where does iDharma store data? In the United States, with Standard Contractual Clauses or equivalent safeguards for international transfers.

How do I contact iDharma about privacy? Email privacy@idharma.us, or dpo@idharma.us for Data Protection Officer matters. Mailing address: iDharma LLC, Indiana, United States.