Home Legal & Policies Data Sharing & Disclosure

Data Sharing & Disclosure

Effective Date: January 15, 2025 Last Updated: November 04, 2025 Version: 4.2.1

Table of Contents

  1. Scope & Purpose
  2. Data We Collect & Process
  3. Third-Party Sharing & Partners
  4. Legal & Regulatory Disclosures
  5. User Rights & Opt-Out Mechanisms
  6. Cross-Border Data Transfers
  7. Data Retention & Deletion
  8. Policy Updates & Contact

1. Scope & Purpose

This Data Sharing & Disclosure Policy outlines how Aevum Encyclopedia collects, processes, shares, and discloses user information across our platform, mobile applications, and API services. As a global knowledge platform leveraging AI-driven research tools, we are committed to transparency, regulatory compliance, and user sovereignty over personal data.

Important: This policy applies to all registered contributors, subscribers, API developers, and anonymous visitors interacting with aevum-encyclopedia.com and its associated subdomains.

2. Data We Collect & Process

We process data to maintain editorial integrity, enhance AI knowledge graphs, and deliver personalized learning experiences. Categories include:

Data Category Purpose Shared With
Account & Profile Data Authentication, contributor verification, editorial roles Internal systems, identity providers
Usage & Behavioral Data Search optimization, AI model training, UX improvements Analytics partners, ML infrastructure providers
Editorial & Contribution Data Peer review workflows, version control, citation tracking Review boards, content moderation tools
Device & Network Logs Security, fraud prevention, compliance auditing CDN providers, DDoS protection services

3. Third-Party Sharing & Partners

We do not sell user data. Sharing occurs only under strict contractual obligations, data processing agreements (DPAs), and purpose limitation principles. Current partners include:

  • Cloud Infrastructure: AWS, Cloudflare, Fastly (hosting, CDN, edge caching)
  • AI & NLP Services: Proprietary model hosting, vector database providers for semantic search
  • Analytics & Product: Privacy-compliant telemetry, session replay tools (anonymized)
  • Payment & Billing: Stripe, PayPal (PCI-DSS compliant, tokenized processing)
  • Academic & Verification: ORCID, CrossRef, institutional SSO providers (with explicit consent)

All third parties are vetted for GDPR, CCPA/CPRA, and ISO 27001 compliance. Sub-processors are disclosed in our Sub-Processor Register.

4. Legal & Regulatory Disclosures

We may disclose personal data when required by law, regulation, or legitimate legal process. This includes:

  • Compliance with court orders, subpoenas, or government requests that meet applicable legal standards
  • Protection of Aevum Encyclopedia’s rights, property, or safety, and that of our users
  • Prevention of fraud, abuse, or unauthorized access to our knowledge infrastructure
  • Enforcement of our Terms of Service or Community Guidelines

We endeavor to notify affected users of legally permissible disclosures unless prohibited by law or safeguarded by protective orders.

5. User Rights & Opt-Out Mechanisms

Depending on your jurisdiction, you may exercise the following rights:

  • Access & Portability: Export your data in standard JSON/CSV formats via the Dashboard
  • Rectification: Update profile, contribution, or account preferences
  • Erasure: Request deletion of personal data (subject to legal retention obligations)
  • Restriction & Objection: Opt out of AI training datasets, analytics processing, or marketing communications
  • Automated Decision-Making: Request human review where AI-driven editorial scoring affects contributor status

Right requests are processed within 30 days. Verification may be required for security purposes.

6. Cross-Border Data Transfers

Aevum Encyclopedia operates globally. Data may be transferred to and processed in countries outside your residence, including the United States, European Economic Area, and select Asian hosting regions. We safeguard transfers via:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Supplementary technical measures: end-to-end encryption, field-level masking, and access governance
  • Regular third-party audits and transparency reports

If your jurisdiction restricts international transfers, please contact our Data Protection Office for localized processing options.

7. Data Retention & Deletion

We retain data only as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type:

  • Account Data: 24 months after inactivity, unless contributing actively
  • Editorial History: Retained indefinitely for version control & academic integrity
  • Usage Telemetry: 12 months (aggregated/anonymized thereafter)
  • Payment Records: 7 years per financial regulatory requirements

Upon deletion requests, personal identifiers are pseudonymized or securely erased within 45 days.

8. Policy Updates & Contact

This policy is reviewed annually or when material changes occur to our data practices. Material updates will be communicated via platform notification, email, or in-app banner 30 days before implementation. Continued use constitutes acceptance of revised terms.

For inquiries, Data Subject Requests, or concerns regarding data sharing:

Data Protection & Legal Team

We are committed to transparent communication. Reach out for support, compliance queries, or data requests.

Contact DPO →