Privacy Policy

1. Definitions & Interpretation

"Personal Data" means any information relating to an identified or identifiable natural person, as defined under the PDPO. "Anonymized Data" means data that has been irreversibly stripped of personally identifiable information and cannot be linked back to you. "AI Training" means the process of using data to train, develop, calibrate, validate and improve machine learning models, algorithms, recommendation engines, natural language processing systems and automation features. "Processor" means a third party who processes personal data on our behalf. "Services" means all websites, applications, platforms, APIs, features and services offered by SlashHub.

2. Data We Collect

2.1 Information You Provide Directly. We collect personal data that you voluntarily provide when you: (a) create or update an account (name, email address, phone number, profile information); (b) post jobs, apply for jobs, create projects or submit proposals; (c) communicate with other users through our messaging systems; (d) upload documents, files, images or other content; (e) make payments or receive payouts (billing information, bank account details, payment history); (f) complete surveys, provide feedback or participate in promotions; (g) contact our support team or Data Protection Officer; (h) register for events or webinars.

2.2 Information We Collect Automatically. When you access or use our Services, we automatically collect: (a) device information (IP address, browser type and version, operating system, device identifiers); (b) usage data (pages visited, features used, time spent, clicks, navigation patterns, referral URLs); (c) session recordings and interaction data to improve user experience; (d) location data (approximate location derived from IP address, or precise location if you enable GPS for attendance features in TimePlate); (e) cookies and similar tracking technologies (see Section 8 for details).

2.3 Information From Third Parties. We may receive personal data from third-party sources including: (a) payment processors (Stripe) for transaction verification; (b) identity verification services; (c) social media platforms if you choose to link your account; (d) business partners and referral sources; (e) publicly available sources.

3. How We Use Your Data

3.1 We use your personal data for the following purposes: (a) to provide, operate, maintain and improve our Services; (b) to process transactions, send invoices, receipts and payment notifications; (c) to communicate with you about your account, our Services, updates, security alerts and administrative messages; (d) to personalize your experience, recommend relevant jobs, freelancers or features; (e) to train, develop and improve our AI models, machine learning algorithms and automation systems (see Section 5 for full details); (f) to detect, prevent and address fraud, abuse, security incidents and technical issues; (g) to comply with legal obligations under the PDPO, the Inland Revenue Ordinance, the Companies Ordinance, the Employment Ordinance and other applicable Hong Kong laws; (h) to enforce our Terms of Service, including resolving disputes and investigating potential violations; (i) to conduct analytics, research and reporting to understand usage patterns and improve our Services; (j) to send marketing communications (where you have consented or where permitted by law), with the option to opt out at any time.

3.2 Legal Basis for Processing (where applicable). We process your personal data on the following bases: (a) performance of a contract (to provide our Services to you); (b) compliance with legal obligations; (c) our legitimate interests (to improve our Services, prevent fraud, ensure security); (d) your consent (for certain marketing activities and cookies).

4. Data Sharing & Disclosure

4.1 We do not sell your personal data to third parties for their own marketing purposes. We do not rent, trade or otherwise transfer your personal data for monetary consideration.

4.2 We may share your personal data with the following categories of recipients: (a) Service Providers and Processors: trusted third parties who assist us in operating our Services, including cloud infrastructure providers (Google Cloud, Hong Kong-based), payment processors (Stripe), AI inference providers, analytics providers, customer support platforms, email delivery services and document storage providers. All processors are contractually bound by Data Processing Agreements that require them to maintain the confidentiality, security and integrity of your data and to process it only for the specific purposes we instruct; (b) Other Users: when you use our marketplace or collaboration features, certain information (your profile name, skills, portfolio) is visible to other users as necessary for the functioning of the Services; (c) Legal and Regulatory Authorities: where required by law, court order, subpoena, or government request, or where we believe in good faith that disclosure is necessary to protect our rights, property or safety, or the rights, property or safety of others; (d) Business Transfers: in the event of a merger, acquisition, reorganization or sale of all or substantially all of our assets, your personal data may be transferred to the acquiring entity, subject to this Policy.

4.3 We implement appropriate contractual, technical and organizational measures to ensure that any third party recipient of your personal data provides a standard of protection comparable to that required by the PDPO.

5. Data Processing for AI & Machine Learning

5.1 Scope of AI Training. We use anonymized and aggregated data derived from your usage of our Services to train, develop, calibrate, validate and improve our AI models, machine learning algorithms, recommendation systems, natural language processing engines, automation features and predictive analytics. The types of data used for AI training include but are not limited to: content you create (job posts, proposals, messages, task descriptions, project briefs), interaction patterns (features used, workflows, search queries), project data (milestones, deadlines, status updates), attendance data (shift patterns, clock-in times), and financial data (invoice templates, expense categories).

5.2 De-Identification Process. Before any data is used for AI training, we may apply automated de-identification and aggregation processes at our sole discretion designed to remove, mask or otherwise eliminate personally identifiable information (PII). This may include: stripping names, email addresses, phone numbers and other direct identifiers; generalizing location data; aggregating transactional and financial data; removing free-text fields that may contain personal information.

5.3 License Grant. By using our Services, you irrevocably grant SlashHub a non-exclusive, worldwide, transferable, sub-licensable, perpetual, irrevocable and royalty-free license to use, reproduce, modify, adapt, publish, create derivative works from, distribute, sell and otherwise exploit any and all data derived from your usage, whether anonymized, aggregated or otherwise, for any purpose whatsoever, including but not limited to AI model training, service improvement, product development, research, commercialization and marketing. You acknowledge that this license survives termination of your account and cannot be revoked.

5.4 Status of Anonymized Data. Once data has been de-identified and aggregated, it no longer constitutes personal data under the PDPO and we may use, retain and exploit it for any purpose without restriction, indefinitely. You acknowledge that you have no rights in or to such data.

5.5 AI Output Disclaimer. AI-generated outputs are provided as-is for informational purposes only. They may contain errors, inaccuracies or omissions. You are solely responsible for reviewing and validating any AI-generated content before using or acting upon it. We disclaim all liability arising from your use of or reliance on AI-generated outputs.

6. Data Retention

6.1 We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, to provide our Services, to comply with our legal obligations, to resolve disputes and to enforce our agreements.

6.2 Specific retention periods: (a) Account Data: retained for the duration of your account plus 90 days after termination, after which it is deleted or anonymized; (b) Transaction Data: retained for 7 years as required by the Hong Kong Inland Revenue Ordinance for business records; (c) Communications: retained for 2 years for support and dispute resolution purposes; (d) Usage Logs: retained for 12 months for analytics and security purposes; (e) Anonymized AI Training Data: retained indefinitely as it no longer constitutes personal data.

6.3 Upon termination of your account, we will delete or anonymize your personal data within 90 days, except where retention is required by law or for legitimate business purposes such as fraud prevention, dispute resolution, and enforcement of our terms.

7. Your Rights Under the PDPO

7.1 Under the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486), you may have certain rights regarding your personal data held by us. We will evaluate requests on a case-by-case basis and may, at our sole discretion, grant or deny such requests. We reserve the right to charge a reasonable administrative fee for processing any request, including access requests.

7.2 To make a request, please contact us at hello@slashhub.space. We will respond within the timeframes prescribed by the PDPO (generally 40 calendar days). We may require proof of identity and specific details, and we may extend the response period where permitted by law. We reserve the right to deny requests that are manifestly unfounded, excessive, repetitive, or where we are unable to verify your identity.

7.3 For the avoidance of doubt, rights of access, correction and deletion do not extend to anonymized or aggregated data used for AI model training, as such data is no longer personal data under the PDPO (see Section 5.4).

8. Cookies & Tracking Technologies

8.1 We use cookies, web beacons, pixel tags, local storage and similar tracking technologies to enhance your experience, analyze usage patterns, remember preferences and provide personalized content.

8.2 Categories of cookies we use: (a) Essential/Strictly Necessary Cookies: required for core functionality including authentication, session management and security. These cannot be disabled. (b) Performance & Analytics Cookies: collect information about how you use our Services (pages visited, time spent, error messages) to help us improve. We use first-party analytics and may use third-party analytics providers. (c) Functional Cookies: remember your preferences, language choice and region to provide a personalized experience. (d) Targeting/Advertising Cookies: used to deliver relevant advertisements and measure their effectiveness. We use these only where you have consented.

8.3 You can control cookie preferences through your browser settings. Most browsers allow you to block or delete cookies. However, disabling essential cookies may affect the functionality of our Services. For detailed instructions, visit your browser's help documentation.

8.4 By continuing to browse our website, you consent to the use of essential, performance and functional cookies in accordance with this Policy. Where we use targeting or advertising cookies, we will seek your separate consent.

9. Security Measures

9.1 We implement comprehensive technical and organizational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. These measures include:

(a) Encryption: all data in transit is encrypted using TLS 1.3; data at rest is encrypted using AES-256; (b) Access Controls: strict role-based access controls with least-privilege principle, multi-factor authentication for administrative access, and regular access reviews; (c) Infrastructure Security: our infrastructure is hosted on Google Cloud Platform with industry-standard physical and network security; (d) Employee Training: all employees undergo annual data protection and security awareness training; (e) Incident Response: we maintain a documented incident response plan that includes notification procedures, containment strategies and recovery processes; (f) Regular Audits: we conduct regular security audits, vulnerability assessments and penetration testing; (g) Data Minimization: we collect and retain only the personal data necessary for the purposes described in this Policy.

9.2 Despite these measures, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security of your personal data. You use our Services at your own risk.

10. International Data Transfers

10.1 Your personal data may be transferred to and processed in jurisdictions outside Hong Kong where our service providers and processors operate. These jurisdictions currently include the United States (cloud infrastructure, payment processing), Singapore (backup and disaster recovery), and Japan (certain AI processing).

10.2 Where we transfer your personal data outside Hong Kong, we ensure that: (a) the transfer complies with the requirements of the PDPO; (b) appropriate safeguards are in place, including Standard Contractual Clauses or equivalent data protection agreements with the recipient; (c) the recipient is contractually obligated to provide a standard of protection comparable to that required by the PDPO.

10.3 By using our Services, you consent to the transfer of your personal data to jurisdictions outside Hong Kong as described in this Section.

11. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such information promptly. If you believe that a child under 18 has provided us with personal data, please contact our Data Protection Officer immediately.

12. Changes to This Privacy Policy

12.1 We may update this Privacy Policy at any time at our sole discretion without prior notice. Changes become effective immediately upon posting the updated Policy on our website.

12.2 Your continued use of our Services after any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you must immediately stop using our Services.

13. Contact

If you have any questions about this Privacy Policy, please contact us at hello@slashhub.space. We may respond at our convenience and reserve the right not to respond to inquiries that we deem, in our sole discretion, to be frivolous, vexatious or made in bad faith.