Privacy Policy
Effective Date: July 25, 2025
Last Reviewed: July 25, 2025

Bosmos, Inc. (“Bosmos,” “we,” “our,” or “us”) operates a U.S.-based freelance marketplace and job board (the “Services”). We respect your privacy and have designed this policy to give you confidence in how we collect, use, disclose, and protect your information. This Privacy Policy meets the rigorous standards you would expect from industry-leading technology companies.

1. Scope & Application
This Privacy Policy applies to all information collected through our Services, including websites, mobile applications, and APIs. We provide services solely within the United States and do not intentionally collect personal data from residents of other jurisdictions with specialized privacy frameworks.

2. Definitions
- Personal Data: Any information relating to an identified or identifiable individual.
- Process/Processing: Any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
- Data Controller: Bosmos, which determines the purposes and means of Processing Personal Data.
- Subprocessor: A third party engaged by Bosmos that processes data on our behalf.

3. Information We Collect
We collect only the data necessary to provide and improve our Services:

Account Data:
  - Examples: Name, email, phone number, password hash
  - Purpose: Registration, authentication, support

Profile & Resume Data:
  - Examples: Resume, job history, skills, custom gig requirements
  - Purpose: Matching buyers and sellers, service delivery

Transactional Data:
  - Examples: Order details, payment amounts, dates
  - Purpose: Payment facilitation, accounting, recordkeeping

Verification Data:
  - Examples: Government-issued IDs, tax forms (collected via Stripe Connect)
  - Purpose: Compliance, fraud prevention, payout eligibility

Technical Data:
  - Examples: IP address, device type, browser logs, cookies
  - Purpose: Security, performance monitoring, analytics

Communications Data:
  - Examples: Emails, chat messages between users
  - Purpose: Customer support, dispute resolution, auditing

4. How We Use Personal Data
We process Personal Data for the following purposes, based on contract necessity, legitimate interests, and legal obligations:

- **Service Delivery:** Match buyers with freelancers, process orders, and facilitate payments via Stripe Connect.
- **Risk Management:** Perform identity verification, fraud detection, and dispute resolution.
- **Operational Improvement:** Analyze usage patterns, conduct A/B tests, and improve UX/UI.
- **Communications:** Send transactional messages, service updates, and marketing communications (only with opt‑in).
- **Legal & Compliance:** Comply with tax reporting, financial regulations, and law enforcement requests.

5. Data Sharing & Subprocessors
We share Personal Data only with entities that help us operate the Services and do so under strict contractual confidentiality, security, and data protection obligations.

Example Categories and Providers (non-exhaustive):
- Payment Processing: Stripe Connect
- Infrastructure & Hosting: Cloud hosting providers
- Database & Backend Services: Managed database platforms
- Email & Notifications: Email delivery services
- Analytics & Monitoring: Web analytics and performance tools
- Support & Communication: Customer support platforms

We maintain an internal Subprocessor Registry, available upon request, listing all third parties that process Personal Data on our behalf.

6. Unverified Sellers & Risk Controls
Unverified sellers may propose custom gigs under defined usage limits. To access full platform features and automatic matching, sellers must complete identity and tax verification via Stripe Connect. Bosmos may:
- Delay or withhold payouts and place a reserve (typically 10–30% for up to 30 days).
- Monitor transaction volume and dispute rates, and impose limits or suspensions for high-risk activity.

7. Data Retention & Deletion
We retain Personal Data only as long as necessary for the purposes described, subject to legal requirements:
- Transactional Records: 7 years for tax and audit purposes.
- Account & Profile Data: While the account is active plus 2 years.
- Logs & Diagnostics: 1 year.

You may request deletion of your data by emailing support@bosmos.org. We will honor deletion requests unless retention is required by law.

8. Cookies & Tracking Technologies
We use cookies and similar technologies for:
- Essential Functions: Authentication and session management.
- Performance & Analytics: Usage tracking and platform optimization.
- Marketing: Personalized advertising (only upon your opt‑in via our cookie consent banner).

Manage your preferences through our consent banner or via your browser settings.

9. Security Practices
Bosmos employs industry-standard measures to protect Personal Data:
- **Encryption:** TLS 1.2+ for data in transit; AES-256 for data at rest.
- **Access Controls:** Role-based access, regular audits, and a least-privilege principle.
- **Testing & Audits:** Automated vulnerability scanning, penetration testing, and SOC 2–aligned controls.
- **Incident Response:** A documented policy with 72‑hour notification to affected parties and authorities, as required.

10. User Rights under CCPA
If you are a California resident, you have the right to:
- Know what Personal Data we collect, use, and share.
- Access a copy of your Personal Data.
- Delete your Personal Data, subject to legal exceptions.
- Opt-out of the sale of Personal Data (we do not sell Personal Data).
- Enjoy non-discrimination for exercising your rights.

Please submit requests via support@bosmos.org. We will respond within 45 days, with a possible 45-day extension.

11. Minors
Our Services are for users aged 18 and older. We do not knowingly collect data from individuals under 18.

12. International Data Transfers
While we operate in the U.S., our subprocessors may transfer data across borders. We implement Standard Contractual Clauses or other legal safeguards to ensure data protection.

13. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. The revised policy will be posted with an updated “Effective Date.” Continued use of our Services constitutes acceptance of the updated policy.

14. Contact Us
For questions about this Privacy Policy or your data:
Bosmos, Inc.
311 Nelson St SW, STE 16105
Atlanta, GA 30313
Email: support@bosmos.org
Phone: 888-885-7533