# Privacy Policy > **`Last updated: June 23, 2025`** ## Important Age Requirement Notice **This service is intended for users who are 13 years of age or older.** By using this service, you confirm that you are at least 13 years old. If you are under 13 years of age, you are not permitted to use this service and must not provide any personal information to us. If we learn that we have collected personal information from a child under 13 years of age, we will delete that information immediately. Parents or guardians who believe their child under 13 has provided personal information to us should contact us immediately at [support@mrichard333.com](mailto:support@mrichard333.com). ## Overview Your privacy is very important to us. This Privacy Policy explains how MRichard333 Cybersecurity & Fraud-Prevention, a Canadian registered non-profit organization ("we," "us," or "our") collects, uses, and protects your personal information when you use our HumHub-powered community platform. ### Our Privacy Principles: - Minimum tracking approach - High level of privacy protection - Less data collection than major platforms - Respect for your privacy rights - Strong support for our community members - We are against data selling - Strict COPPA compliance for children's privacy protection ## Data Controller Information **Service Provider:** MRichard333 Cybersecurity & Fraud-Prevention\ **Organization Status:** Canadian Registered Non-Profit Organization\ **Platform:** Powered by HumHub GmbH & Co. KG\ **Website:** [chat.mrichard333.com](http://chat.mrichard333.com)\ **Contact:** [support@mrichard333.com](mailto:support@mrichard333.com)\ **Address:** 1210 rue de la pointe-aux-lievres G1L 4L9 Quebec, QC, Canada **HumHub Software Provider:**\ HumHub GmbH & Co. KG\ Tassiloplatz 28\ 81541 Munich, Germany\ Phone: +49 89 416156938\ Email: [info@humhub.com](mailto:info@humhub.com)\ Website: [www.humhub.org](http://www.humhub.org) ## Information We Collect ### Account Information When you register for an account, we collect: - Username and display name - Email address - Password (encrypted and hashed) - Date of birth (for age verification - required for COPPA compliance) - Profile information you choose to provide - Registration date and IP address (for age verification and security) ### Automatically Collected Information - Browser type and version - Operating system - IP address (used for age verification patterns and security) - Date and time of access - Pages visited on our platform - Referrer information - Device identifiers (for security and age verification purposes) ### Content You Create - Posts, comments, and messages - Photos and files you upload - Profile customizations - Activity within groups and spaces - Educational content and contributions ### Age Verification Data To comply with COPPA, we collect and process: - Date of birth information during registration - Age verification responses and confirmations - IP address patterns that may indicate age misrepresentation - Behavioral patterns consistent with age verification ## How We Use Your Information We use your personal information to: - Provide and maintain our community platform - Create and manage your user account - Verify user age and maintain COPPA compliance - Enable communication with other community members - Send important service notifications - Improve our platform and user experience - Ensure platform security and prevent abuse - Detect and prevent under-13 access attempts - Comply with legal obligations, including COPPA - Respond to parental requests regarding child privacy ### COPPA Compliance Uses Specifically for COPPA compliance, we use information to: - Verify that all users are 13 years of age or older - Detect potential under-13 account creation attempts - Respond to parental deletion requests - Maintain records of age verification procedures - Ensure no personal information is retained from children under 13 ## Newsletter and Communications By registering, you agree to receive: - Welcome and onboarding emails - Important service updates and security notifications - Community newsletters (you can unsubscribe anytime) - COPPA compliance communications when necessary - Age verification requests if needed **For users under 18:** Communications will include additional privacy information and parental involvement encouragement. ## Cookies and Tracking We use cookies to enhance your experience on our platform. Our cookies help with: - Keeping you logged in - Remembering your preferences - Analyzing platform usage (anonymously) - Age verification and security monitoring - Detecting suspicious account creation patterns ### Third-Party Cookies: - Google Fonts may occasionally appear as a tracker (approximately 1 in 100 times) - We recommend using browser tracker blocking for enhanced privacy - We do not use cookies to target children under 13 You can disable cookies in your browser settings, though some platform features may not work properly. ### Cookie Categories: - **Essential Cookies:** Required for platform functionality - **Security Cookies:** Used for fraud prevention and age verification - **Analytics Cookies:** Anonymous usage statistics (no personal identification) - **Preference Cookies:** Remember your settings and preferences ## Data Sharing and Disclosure **We do NOT sell your personal data to third parties under any circumstances.** We may share your information only in these limited circumstances: ### Authorized Sharing: - With HumHub GmbH & Co. KG for platform operation and support - With service providers who help us operate the platform (under strict confidentiality agreements) - With educational institutions for institutional users (with appropriate consents) ### Legal Requirements: - When required by law or to respond to legal process - To protect the rights, safety, or property of our users or the public - In connection with a business transfer (merger, acquisition, etc.) - To comply with COPPA enforcement and investigation requests ### COPPA-Specific Sharing: - With parents/guardians upon verified request for their child's information - With law enforcement in cases of fraudulent deletion requests - With regulatory authorities for COPPA compliance verification **We will never share any information collected from children under 13, as we do not knowingly collect such information.** ## Enhanced COPPA Compliance Measures ### Strict Under-13 Prohibition - Our platform is designed exclusively for users 13 and older - We employ multiple verification methods to prevent under-13 registration - Any discovered under-13 accounts are immediately deleted - We maintain documentation of all age verification procedures ### Parental Rights and Verification Process **For Suspected Under-13 Accounts:** Parents/guardians may request account deletion, but must provide: 1. Government-issued photo identification 2. Official document proving parental relationship 3. Completed Parental Verification Affidavit 4. Phone verification 5. 24-48 hour verification period **Anti-Fraud Measures:** - Multiple deletion requests trigger enhanced review - Suspicious requests require notarized documentation - All requests are logged and monitored - False requests may be reported to authorities ### No Collection from Children Under 13 We do not collect any personal information from children under 13, including: - Names, addresses, phone numbers, or email addresses - Photos, videos, or audio recordings - Location information - Any identifying information whatsoever If we discover any such information has been collected, it is immediately and permanently deleted. ## Your Privacy Rights Under GDPR, PIPEDA, and applicable privacy laws, you have the right to: ### Standard Privacy Rights: - **Access:** Request a copy of your personal information - **Correction:** Update or correct inaccurate information - **Deletion:** Request deletion of your personal information - **Portability:** Request transfer of your data in a structured format - **Restriction:** Limit how we process your information - **Objection:** Object to processing based on legitimate interests - **Withdraw Consent:** Withdraw consent for data processing at any time ### How to Exercise Your Rights: To exercise any of these rights, contact us at [support@mrichard333.com](mailto:support@mrichard333.com) with: - Your full name and username - Specific request details - Verification of your identity - Preferred method of response We will respond to your request within 30 days under GDPR and within a reasonable timeframe under PIPEDA. ### Parental Rights for Minors (13-17): Parents/guardians of users aged 13-17 may: - Request information about their child's account - Request account deletion - Receive copies of privacy notices - Be involved in certain account decisions **Note:** We encourage open communication between parents and teenage users about online privacy and safety. ## Data Security We implement comprehensive security measures to protect your information: ### Technical Safeguards: - Industry-standard encryption for data transmission and storage - Secure server infrastructure with regular security updates - Multi-factor authentication options - Regular security audits and vulnerability assessments - Intrusion detection and monitoring systems ### Administrative Safeguards: - Limited access to personal information on a need-to-know basis - Employee training on privacy and security practices - Regular review of data handling procedures - Incident response procedures for potential breaches ### Physical Safeguards: - Secure data centers with restricted access - Environmental controls and monitoring - Backup systems and disaster recovery procedures Despite these measures, no internet transmission is completely secure. We cannot guarantee absolute security but are committed to protecting your information to the best of our ability. ## Data Retention We retain your personal information only as long as necessary for the purposes outlined in this policy: ### Account Information: - Active accounts: Retained while account remains active - Inactive accounts: Deleted after 2 years of inactivity (with prior notice) - Deleted accounts: Most data deleted immediately, some retained for 30 days for recovery ### Content and Communications: - User-generated content: Retained while account is active - Private messages: Retained for 1 year unless deleted by user - Support communications: Retained for 3 years ### Legal and Security Data: - Security logs: Retained for 1 year - Legal compliance data: Retained as required by applicable law - COPPA verification records: Retained for duration required by law ### Special Circumstances: - Under-13 data: Deleted immediately upon discovery - Parental requests: Processed within 48 hours - Legal holds: Retained as required by legal obligations ## International Data Transfers As a Canadian organization using HumHub software from Germany, your data may be transferred and processed in: - Canada (primary data processing) - Germany (HumHub platform support) - Other jurisdictions where our service providers are located We ensure appropriate safeguards for international transfers through: - Adequacy decisions recognized by privacy authorities - Standard contractual clauses approved by privacy authorities - Binding corporate rules where applicable - Your explicit consent where required All international transfers comply with GDPR Article 44-49 requirements and Canadian privacy law standards. ## Third-Party Services and Links Our platform may contain links to third-party websites, services, or applications. This privacy policy does not apply to these third-party services. We recommend reviewing their privacy policies before providing any personal information. ### Third-Party Services We Use: - **HumHub Platform:** Core community platform software - **Email Services:** For sending notifications and communications - **Security Services:** For fraud prevention and platform security - **Analytics Tools:** For anonymous usage statistics (no personal identification) We carefully select third-party providers and require them to maintain appropriate privacy and security standards. ## Changes to This Privacy Policy We may update this privacy policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes: - We will notify all users via email and platform announcement - We will post the updated policy on our website - We will highlight material changes - We will provide a 30-day notice period before changes take effect - For users under 18, we will encourage parental review of changes Your continued use of the platform after changes take effect constitutes acceptance of the updated policy. ## Contact Information If you have questions, concerns, or requests regarding this privacy policy or our privacy practices, please contact us: **Primary Contact:** Email: [support@mrichard333.com](mailto:support@mrichard333.com) Response Time: Within 48 hours for privacy-related inquiries **Mailing Address:** MRichard333 Cybersecurity & Fraud-Prevention 1210 rue de la pointe-aux-lievres Quebec, QC G1L 4L9 Canada **For COPPA-Related Inquiries:** Subject Line: "COPPA Privacy Request" Email: [support@mrichard333.com](mailto:support@mrichard333.com) Phone: Available upon request for verified parental inquiries **For Data Protection Officer Inquiries:** Email: [support@mrichard333.com](mailto:support@mrichard333.com) (Available for GDPR-related questions and requests) ## Regulatory Compliance This privacy policy is designed to comply with: - Children's Online Privacy Protection Act (COPPA) - United States - General Data Protection Regulation (GDPR) - European Union - Personal Information Protection and Electronic Documents Act (PIPEDA) - Canada - California Consumer Privacy Act (CCPA) - California, United States - Other applicable privacy laws where our users are located We regularly review our compliance with these regulations and update our practices as needed. ## Technical Service Levels Section ### 21\. TECHNICAL SERVICE LEVELS AND PLATFORM AVAILABILITY **Service Level Commitments** As a Canadian non-profit organization providing community services, we strive to maintain reliable platform availability while acknowledging resource limitations: **Uptime Targets:** - Target availability: 99% monthly uptime (excluding scheduled maintenance) - Scheduled maintenance: Maximum 4 hours per month with 48-hour advance notice - Emergency maintenance: May occur without notice for security or critical issues **Response Time Goals:** - Support ticket acknowledgment: Within 48 hours during business days - Critical security issues: Within 24 hours - COPPA-related requests: Within 24 hours (as legally required) - General inquiries: Within 72 hours during business days **Performance Standards:** - Target page load time: Under 5 seconds for standard pages - File upload limits: 2MB per file, 100MB total per user - Concurrent user capacity: Designed for up to 1,000 simultaneous users **Data Protection and Backup:** - Automated daily backups of all user data and content - Weekly full system backups retained for 30 days - Monthly archive backups retained for 1 year - Backup testing performed quarterly **Maintenance and Updates:** - Security updates: Applied within 48 hours of availability - Platform updates: Scheduled monthly with user notification - Maintenance windows: Typically Sunday 2:00-6:00 AM EST - Emergency maintenance: Users notified via email and platform announcements **Service Limitations:** - Best-effort service delivery based on volunteer availability - No guarantee of uninterrupted service - Resource constraints may affect performance during peak usage - Third-party dependencies may impact service availability **Incident Response:** - Service status updates posted at \[status page or main site\] - Critical incidents communicated via email to all users - Post-incident reports provided for major outages - User data protection prioritized during all incidents **Disclaimer:** These are target goals, not guarantees. As a non-profit organization, our technical capabilities are subject to resource availability and volunteer capacity. --- ## Accessibility Compliance Section ### 22\. ACCESSIBILITY COMPLIANCE AND INCLUSIVE DESIGN **Accessibility Commitment** MRichard333 Cybersecurity & Fraud-Prevention is committed to ensuring our educational platform is accessible to all users, including those with disabilities. We strive to comply with accessibility standards while acknowledging our resource limitations as a non-profit organization. **Accessibility Standards** We work toward compliance with: - Web Content Accessibility Guidelines (WCAG) 2.1 Level AA - Section 508 of the Rehabilitation Act (United States) - Accessibility for Ontarians with Disabilities Act (AODA) standards - Other applicable accessibility legislation in user jurisdictions **Current Accessibility Features** Our platform includes: - Keyboard navigation support for all interactive elements - Screen reader compatibility with major assistive technologies - Alternative text for images and visual content - Sufficient color contrast ratios for text readability - Resizable text up to 200% without loss of functionality - Clear heading structure for navigation - Descriptive link text and form labels **Ongoing Accessibility Improvements** We continuously work to enhance accessibility through: - Regular accessibility audits and testing - User feedback integration for accessibility improvements - Training for content creators on accessible content practices - Collaboration with accessibility experts and disabled user communities - Platform updates that improve accessibility features **Accessibility Support** For users requiring accessibility assistance: - Contact: [support@mrichard333.com](mailto:support@mrichard333.com) - Subject Line: "Accessibility Support Request" - Response time: Within 48 hours for accessibility-related inquiries - Alternative formats: Available upon request for important documents - Technical assistance: Provided for users with disabilities **User Responsibilities** Users contributing content are encouraged to: - Provide alternative text for images they upload - Use clear, descriptive language in posts and comments - Structure content with appropriate headings when possible - Ensure uploaded documents are accessible when feasible - Report accessibility barriers they encounter **Accessibility Feedback** We welcome feedback about accessibility barriers: - Email: [support@mrichard333.com](mailto:support@mrichard333.com) with "Accessibility Feedback" in subject - Response commitment: Within 48 hours - Resolution timeline: Reasonable efforts to address within 30 days - Escalation process: Available for urgent accessibility needs **Third-Party Accessibility** For third-party content and integrations: - We select vendors with strong accessibility practices when possible - External links and embedded content may not meet our accessibility standards - Users are encouraged to report inaccessible third-party content - We work with vendors to improve accessibility when feasible **Accessibility Compliance Limitations** As a non-profit organization: - We strive for compliance but cannot guarantee perfect accessibility - Resource constraints may limit the speed of accessibility improvements - Some legacy content may not meet current accessibility standards - Technical limitations of the HumHub platform may affect some accessibility features **Legal Compliance** This accessibility commitment is designed to comply with: - Americans with Disabilities Act (ADA) requirements - Canadian accessibility legislation (AODA, etc.) - International accessibility standards where applicable - Educational accessibility requirements for institutional users **Continuous Improvement** We commit to: - Annual accessibility reviews and updates - User feedback integration for accessibility improvements - Staff and volunteer training on accessibility best practices - Collaboration with disability advocacy organizations - Regular updates to accessibility features and policies --- ## Privacy Policy Addition - Accessibility and Technical Data ### Additional Data Collection for Accessibility and Technical Services **Technical Performance Data** To maintain service levels and improve platform performance, we may collect: - Page load times and performance metrics (anonymized) - Error logs and technical diagnostics - Browser compatibility information - Connection speed and stability data - Feature usage statistics for optimization **Accessibility Data** To improve accessibility and comply with accessibility standards, we may collect: - Assistive technology usage information (screen readers, etc.) - Accessibility feature usage statistics - User preference settings for accessibility features - Feedback on accessibility barriers and improvements - Anonymous data about accessibility compliance metrics **Use of Technical and Accessibility Data** This data is used solely to: - Improve platform performance and reliability - Enhance accessibility features and compliance - Identify and resolve technical issues - Optimize user experience for all users - Comply with accessibility legislation requirements **Data Protection for Technical Information** - All technical data is anonymized when possible - No personal identification linked to performance metrics - Accessibility data privacy protected according to applicable laws - Retention limited to operational necessity (typically 1 year) - Shared only with technical service providers under strict confidentiality --- ## Effective Date and Version Control This privacy policy is effective as of June 22, 2025. **Version History:** - Version 1.0: June 22, 2025 - Initial comprehensive policy **Document Control:** - Last reviewed: June 22, 2025 - Next scheduled review: December 22, 2025 - Review frequency: Every 6 months or as needed for regulatory changes --- **Acknowledgment:** By using our platform, you acknowledge that you have read, understood, and agree to the terms of this privacy policy. If you do not agree with these terms, please do not use our services.