privacy-policy - Dimension Portal

PRIVACY POLICY
Dimension Portal Platform
Effective Date: November 30, 2025
Last Updated: December 18, 2025

1. INTRODUCTION

1.1 Who We Are
This Privacy Policy describes how Dimension Group Limited (“we,” “us,” “our”), a company incorporated in New Zealand, collects, uses, and protects your personal information when you use the Dimension Portal platform.

Company Details:
Dimension Group Limited
Care of TIM FLEMING ASSOCIATES LIMITED
Level 2, 24 Augustus Terrace
Parnell, Auckland, 1052
New Zealand

1.2 What This Policy Covers
This Privacy Policy applies to:

Website: dimensionportal.io
Mobile Applications: iOS and Android apps
Festival Services: In-person marketplace, NFC bracelets, and event features
Related Services: Vendor dashboards, media streaming, and messaging

1.3 Your Consent
By using Dimension Portal, you consent to the collection and use of your information as described in this Privacy Policy. If you do not agree, please do not use our services.

1.4 Age Requirement
Dimension Portal is intended for users 18 years of age or older. We do not knowingly collect personal information from individuals under 18. If you become aware that a minor has provided us with personal information, please contact us immediately.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account Registration:

Full name
Email address
Phone number (optional)
Username and password (encrypted)
Date of birth (age verification)
Profile photo (optional)

Vendor Registration (Additional):

Business name and legal entity type
Business registration number (if applicable)
Tax ID / IRD number (New Zealand)
Bank account details for payouts
Product listings (photos, descriptions, pricing)
Business address and contact information

Payment Information:

Credit/debit card details (processed by Stripe, Inc. – we do NOT store card numbers)
Bank transfer details (for Dimension Dollar refunds)
POLi Payment credentials (processed by POLi Payments)
Transaction history and purchase records

Communications:

Messages sent via our end-to-end encrypted messaging system (see Section 2.6)
Customer service inquiries and support tickets
Vendor-customer communications (order confirmations, refund requests)

2.2 Information Collected Automatically

Device Information:

IP address and approximate geolocation (city/country level, derived from IP address)
Device type, operating system, and version (iOS/Android)
Mobile device identifiers (for crash reporting purposes only)
Browser type and version
App version and build number

Usage Data:

Pages visited and features used
Time spent in app/on website
Search queries and filter preferences
Vendor stores visited and products viewed
Cart additions and checkout behavior
Quest progress and achievements

Casting Data (Google Cast/Chromecast):
When using casting features to stream media to external devices, we collect:

Cast session information (device name, connection status)
Media playback position for resumption
This data is processed locally and not stored on our servers.

Location Data:

Current Status: Active GPS location tracking is NOT currently enabled in the mobile application.
Future Plans: Location-based features for festival navigation may be introduced in future updates. If implemented, you will be notified and asked for explicit permission before any location data is collected.
IP-Based Location: We derive approximate city/country location from your IP address for security and analytics purposes.

2.3 NFC Bracelet Data
When you use an NFC bracelet at festivals:

Bracelet ID: Unique identifier linked to your account
Registration Status: Whether your bracelet has been linked to your account
Tap Events: Timestamp, vendor ID, and transaction amount (when you tap to pay)
Entry/Exit Logs: Festival venue access times (security and capacity management)

Important Note: Bracelet-stored balance functionality has been disabled. All Dimension Dollar balances are stored securely in your account, not on the physical bracelet. NFC bracelets are used for identification and transaction authorization only.

Security Measures:

Bracelet data is encrypted using AES-256
Only you and authorized vendors can access payment credentials
Bracelets are automatically deactivated 24 hours after festival ends

2.4 Camera and Photo Access
We request camera access for:

QR Code Scanning: Scanning payment QR codes for peer-to-peer transfers
Profile Photos: Uploading profile images
Product Images: Vendors uploading product photos

Permissions Required:

iOS: “Camera” and “Photo Library” access
Android: “Camera” and “Storage” permissions

You Control Access: You can revoke permissions in device settings at any time.

2.5 Analytics and Crash Reporting

Sentry (Crash Reporting & Performance Monitoring):

We use Sentry to collect crash reports and performance metrics
Data collected includes:
- Error logs and stack traces
- App performance metrics (load times, responsiveness)
- Session tracking (duration, screens visited)
- Screenshots at time of crash (production only)
- Device information (OS version, device model, app version)
Sentry data is only collected in production builds, NOT during development
Purpose: To identify and fix bugs, improve app stability and performance
Privacy: Sentry is contractually bound to protect your data
More information: https://sentry.io/privacy/

Website Cookies:

Essential Cookies: Session management, login authentication
Analytics Cookies: Anonymized traffic data for website improvement
Preference Cookies: Language, currency, and theme preferences

Mobile App Tracking:

In-app analytics for feature usage and session duration
Crash reports via Sentry (see above)

Third-Party Services:

Stripe: Payment processing cookies (see Stripe Privacy Policy)
Cloudflare: CDN and security cookies

Cookie Control:

Website: Use cookie banner to opt-out of non-essential cookies
Mobile App: Disable analytics in “Settings” → “Privacy” → “Analytics”

2.6 Encrypted Messaging Data

What We Collect:

Metadata: Sender ID, recipient ID, timestamp, message size
Encrypted Content: Message text encrypted with RSA encryption using the recipient’s public key

What We CANNOT Access:

Message content (only sender and recipient can decrypt)
Photos or files shared (end-to-end encrypted)

Automatic Deletion:

Unread messages: Stored encrypted on servers for max 24 hours, then permanently deleted
Read messages: Deleted 24 hours after first read by recipient
After deletion: No recovery possible – messages are permanently erased

Metadata Retention:

Message metadata (timestamp, sender/recipient IDs) anonymized after 90 days
Used only for abuse detection and platform improvements

3. HOW WE USE YOUR INFORMATION

3.1 Providing Services

Core Platform Functions:

Creating and managing your account
Processing Dimension Dollar purchases and refunds
Facilitating marketplace transactions between customers and vendors
Providing access to media content (including casting to external devices)
Enabling end-to-end encrypted messaging
Tracking quest progress and achievements
Managing NFC bracelet registration and payments

Vendor-Specific:

Processing payouts to vendor bank accounts
Displaying vendor stores and product listings
Generating sales reports and analytics
Managing inventory and order fulfillment

3.2 Communication
We may contact you for:

Transactional Emails: Order confirmations, payout notifications, password resets
Service Updates: App updates, new features, festival announcements
Marketing Communications: Newsletters, event promotions (opt-out available)
Security Alerts: Suspicious login attempts, account changes

Unsubscribe: Click “Unsubscribe” in any marketing email or adjust preferences in “My Account” settings.

3.3 Security and Fraud Prevention
We use your information to:

Detect and prevent fraudulent transactions
Monitor for suspicious account activity (e.g., rapid refund requests)
Verify vendor identities and business legitimacy
Prevent abuse of messaging system (spam, harassment)
Enforce Terms of Service and ban violators

Automated Fraud Detection:

Machine learning models analyze transaction patterns
Flagged accounts may be temporarily suspended pending review

3.4 Analytics and Improvements

Platform Optimization:

Analyzing feature usage to improve user experience
A/B testing new designs and workflows
Identifying and fixing bugs or crashes (via Sentry crash reports)
Optimizing app performance and load times

Anonymized Aggregated Data:

Total vendor sales (no individual vendor identification)
Popular product categories and price ranges
Average festival attendance and engagement metrics
Quest completion rates and difficulty balancing

Example: “80% of users complete Quest #5 within 30 minutes” (no individual users identified).

3.5 Legal Compliance
We may use or disclose your information to:

Comply with New Zealand law and regulations
Respond to court orders, subpoenas, or government requests
Enforce our Terms of Service or investigate violations
Protect our rights, property, or safety (or that of others)
Prevent illegal activity (fraud, money laundering, tax evasion)

4. HOW WE SHARE YOUR INFORMATION

4.1 We Do NOT Sell Your Data
Dimension Group does NOT sell, rent, or trade your personal information to third parties for marketing purposes.

4.2 Service Providers
We share data with trusted third-party service providers who help us operate the platform:

Payment Processing:

Stripe, Inc.: Credit card processing, fraud detection, PCI compliance
- Data Shared: Name, email, payment details, transaction amounts
- Privacy Policy: https://stripe.com/privacy
POLi Payments: Bank transfer processing (New Zealand)
- Data Shared: Bank account details, transaction amounts
- Privacy Policy: https://www.polipayments.com/Privacy

Cloud Infrastructure:

Amazon Web Services (AWS): Server hosting, data storage, backups
- Data Stored: All user data, encrypted messages (pre-deletion), product images
- Region: Sydney, Australia (ap-southeast-2)
- Security: AES-256 encryption at rest, TLS 1.3 in transit

Crash Reporting & Analytics:

Sentry: Crash reporting and performance monitoring
- Data Shared: Error logs, device info, app performance metrics
- Privacy Policy: https://sentry.io/privacy/

Email Services:

SendGrid / Mailgun: Transactional emails (order confirmations, password resets)
- Data Shared: Email address, name, order details

All service providers:

Are contractually required to protect your data
Cannot use your data for their own purposes
Must comply with GDPR, CCPA, and New Zealand Privacy Act

4.3 Vendors and Other Users

Vendor Access to Customer Data:
When you purchase from a vendor, they can see:

Your username (not full name or email)
Order details: Products, quantities, total price
Transaction timestamp: When purchase occurred

Vendors CANNOT Access:

Your email address or phone number
Your payment details or Dimension Dollar balance
Your location or device information
Your other purchases from different vendors

Peer-to-Peer Transfers:
When you send Dimension Dollars to another user:

Recipient sees your username only
No personal contact information shared

4.4 Public Information

Publicly Visible:

Your username (displayed in leaderboards, quest completions)
Profile photo (if uploaded)
Vendor store information (if you’re a vendor): Business name, logo, product listings

NOT Public:

Email address, phone number, or full name
Payment details or wallet balance
Private messages or transaction history

4.5 Business Transfers
If Dimension Group is acquired, merges with another company, or sells assets:

Your data may be transferred to the new owner
You will be notified via email 30 days before the transfer
The new owner must honor this Privacy Policy (or obtain your consent for changes)

4.6 Legal Disclosures
We may disclose your information:

To comply with legal obligations (court orders, tax authorities)
To protect our rights or property (fraud investigations)
In emergencies to protect safety (e.g., credible threat of violence)

Government Requests:

We will notify you if legally permitted
We may challenge overly broad or unjustified requests

5. DATA RETENTION

5.1 Active Accounts
While your account is active:

Account information: Retained indefinitely
Transaction history: Retained for 7 years (tax compliance)
Quest progress: Retained until account deletion
Encrypted messages: Deleted 24 hours after being read (see Section 2.6)
Crash reports: Retained for 90 days

5.2 Account Deletion
When you delete your account:

Personal information (name, email, phone): Permanently deleted within 30 days
Transaction data: Anonymized (not deleted) for financial and tax records
- Example: “User #12345 purchased Product #789 for 50 DD” (your name removed)
Vendor payout records: Retained for 7 years (required by New Zealand tax law)
Messages: Already deleted per 24-hour auto-deletion policy
Dimension Dollars: Forfeited (unless refunded before deletion)

Anonymization Process:

Your username becomes “Deleted User #[random ID]”
Email, phone, and name replaced with “[REDACTED]”
Transaction history preserved for vendor payouts and tax compliance

5.3 Inactive Accounts
If you don’t log in for 3+ years:

We will email you at 2.5 years of inactivity
If no response, account may be deleted after 3 years
Unused Dimension Dollars forfeited

5.4 Vendor Data Retention
Vendor-specific data:

Product listings: Deleted 90 days after account termination
Sales reports: Anonymized and retained for 7 years (tax compliance)
Bank account details: Deleted immediately upon account deletion

5.5 Backup and Disaster Recovery
Server Backups:

We maintain encrypted backups for disaster recovery
Backups retained for 90 days
Deleted data removed from backups after 90 days

6. DATA SECURITY

6.1 Encryption

Data in Transit:

All communications encrypted with TLS 1.3 (website and app)
HTTPS only (no unencrypted HTTP connections)

Data at Rest:

Database encrypted with AES-256 encryption
Encrypted message content stored with individual user keys (end-to-end encryption using RSA)
NFC bracelet data encrypted with unique device keys

Password Security:

Passwords hashed with bcrypt (industry-standard algorithm)
Minimum 8 characters required
We CANNOT recover your password (only reset it)

6.2 Access Controls

Internal Security:

Multi-factor authentication (MFA) for all Dimension Group employees
Role-based access control (employees only see data needed for their job)
Audit logs of all data access (who accessed what and when)

No Employee Access to:

Encrypted message content (mathematically impossible to decrypt)
Your password (only hashed versions stored)
Payment card details (handled by Stripe, not us)

6.3 Third-Party Security Audits

Annual penetration testing by independent security firms
PCI DSS compliance (via Stripe for payment processing)
Regular vulnerability scans and patch management

6.4 Breach Notification
If a data breach occurs:

We will investigate within 24 hours
Affected users notified via email within 72 hours
Regulatory authorities notified if required by law (GDPR, Privacy Act)
Public disclosure on dimensionportal.io if breach affects >1,000 users

Breach Response:

Immediate password reset for affected accounts
Free credit monitoring (if financial data exposed)
Detailed incident report and remediation plan

6.5 Your Security Responsibilities

Protect Your Account:

Use a strong, unique password (not reused from other sites)
Never share your password or login credentials
Log out from shared devices
Report suspicious activity immediately to [email protected]

Planned Security Features:
Two-factor authentication (2FA) is planned for a future update. You will be notified when this feature becomes available.

7. YOUR PRIVACY RIGHTS

7.1 Rights for All Users

Access Your Data:

Request a copy of all personal information we hold
Delivered in portable format (JSON or CSV) within 30 days

Correct Inaccurate Data:

Update your profile in “My Account” settings
Request corrections to vendor payout details via email

Delete Your Account:

Log in to dimensionportal.io
Go to “My Account” → “Account Settings”
Click “Delete Account” and confirm
Data deleted per Section 5.2 (anonymized transaction data retained)

Opt-Out of Marketing:

Click “Unsubscribe” in any marketing email
Adjust preferences in “My Account” → “Notifications”

Data Portability:

Export your data in machine-readable format
Includes: account info, transaction history, quest progress (not encrypted messages – already deleted)

7.2 GDPR Rights (EU/EEA Users)
If you are in the European Union or European Economic Area, you have additional rights:

Right to Be Forgotten:

Request complete deletion of your data (subject to legal retention requirements)
We will confirm deletion within 30 days

Right to Restrict Processing:

Temporarily freeze processing of your data while we verify accuracy or legality

Right to Object:

Object to processing for direct marketing (immediate opt-out)
Object to automated decision-making (e.g., fraud detection algorithms)

Right to Data Portability:

Receive your data in structured, commonly used format (e.g., JSON)
Transfer your data to another service provider

Right to Lodge a Complaint:

Contact your local data protection authority (DPA)
New Zealand DPA: Office of the Privacy Commissioner (www.privacy.org.nz)
EU DPA: Find your country’s authority at https://edpb.europa.eu/

Legal Basis for Processing (GDPR):

Contract Performance: Providing services you requested (marketplace, messaging)
Legitimate Interests: Fraud prevention, security, platform improvements
Consent: Marketing communications (opt-in required)
Legal Obligation: Tax compliance, responding to court orders

7.3 CCPA Rights (California Residents)
If you are a California resident, you have rights under the California Consumer Privacy Act:

Right to Know:

What personal information we collect
Categories of sources (you, devices, third parties)
Business purposes for collection
Third parties we share data with

Right to Delete:

Request deletion of your personal information (subject to exceptions)
We will confirm deletion within 45 days

Right to Opt-Out of Sales:

We do NOT sell your personal information (no opt-out needed)

Right to Non-Discrimination:

We will not deny services, charge different prices, or provide lower quality because you exercised CCPA rights

Authorized Agent:

You may designate an authorized agent to make requests on your behalf
Provide written authorization and verify your identity

CCPA Request Methods:

Email: [email protected] with subject “CCPA Request”
Website: dimensionportal.io/privacy-request

Verification Process:

We will verify your identity using account email or recent transaction details
Requests processed within 45 days (may extend to 90 days for complex requests)

7.4 New Zealand Privacy Act Rights
All New Zealand users have rights under the Privacy Act 2020:

Principle 6 – Access:

Request access to your personal information
We will respond within 20 working days

Principle 7 – Correction:

Request correction of inaccurate information
We will update within 10 working days

Privacy Commissioner Complaints:
If you believe we violated the Privacy Act:

Contact: Office of the Privacy Commissioner
Website: www.privacy.org.nz
Email: [email protected]
Phone: 0800 803 909

7.5 How to Exercise Your Rights

Submit a Request:

Email: [email protected]
Subject: “Privacy Request – [Your Request Type]”
Include: Full name, username, account email
Website Form: dimensionportal.io/privacy-request

Verification:

We will verify your identity before processing requests
May require: Last 4 digits of payment method, recent transaction details, or government ID

Response Time:

Most requests processed within 30 days
Complex requests may take up to 90 days (we will notify you)

8. INTERNATIONAL DATA TRANSFERS

8.1 Where Your Data is Stored

Primary Data Location:

Servers hosted by Amazon Web Services (AWS) in Sydney, Australia (ap-southeast-2)
Backup servers in AWS Singapore (ap-southeast-1)

Cross-Border Transfers:
If you access Dimension Portal from outside New Zealand/Australia:

Your data may be transferred to our servers in Sydney, Australia
Subject to New Zealand privacy laws (among the strongest globally)

8.2 EU/EEA Data Transfers
For EU/EEA users:

Data transferred to Australia (not in EU/EEA)
Safeguards: New Zealand has GDPR adequacy decision (EU recognizes NZ privacy laws as equivalent)
Additional protection: Standard Contractual Clauses (SCCs) with AWS

8.3 California Data Transfers
For California residents:

Data processed in accordance with CCPA requirements
No different treatment than New Zealand users

8.4 Data Sovereignty
Your data is subject to:

New Zealand Privacy Act 2020
AWS data protection agreements
GDPR (if you’re in EU/EEA)
CCPA (if you’re in California)

9. CHILDREN’S PRIVACY

9.1 Age Restriction
Dimension Portal is NOT intended for users under 18 years of age.

We do NOT knowingly collect data from minors:

Account registration requires birthdate verification (18+ only)
Festival attendance restricted to adults (18+)
Age verification enforced at festival entry

9.2 Parental Rights
If you believe a minor has created an account:

Email [email protected] immediately
Provide: Minor’s username, email, and proof of guardianship
We will delete the account within 48 hours

9.3 COPPA Compliance (U.S.)
While we do not target children, if we discover a user under 13 (U.S. law):

Account immediately suspended
All data permanently deleted
Parents notified if contact information available

10. THIRD-PARTY LINKS AND SERVICES

10.1 External Links
Dimension Portal may contain links to:

Vendor websites (if vendors provide external storefronts)
Partner services (ticket sales, accommodation)

We are NOT responsible for:

Privacy practices of third-party websites
Content accuracy or security of external sites
Data collected by linked websites

Recommendation: Review privacy policies of any third-party sites you visit.

10.2 Payment Processors

Stripe, Inc.:

Handles all credit/debit card payments
Subject to Stripe Privacy Policy: https://stripe.com/privacy
We do NOT receive or store your full card number (only last 4 digits for display)

POLi Payments:

Processes bank transfers (New Zealand)
Subject to POLi Privacy Policy: https://www.polipayments.com/Privacy

11. CHANGES TO THIS PRIVACY POLICY

11.1 Notification of Changes
We may update this Privacy Policy:

To reflect new features or services
To comply with legal requirements
To improve clarity or transparency

You will be notified:

Material changes: Email notification 30 days before effective date
Minor changes: In-app notification or banner on dimensionportal.io

11.2 Your Options After Changes
If you disagree with changes:

Stop using Dimension Portal before the effective date
Delete your account per Section 7.1
Contact us to discuss concerns: [email protected]

Continued use after effective date = acceptance of changes

11.3 Version History

Current Version: December 18, 2025
Previous Versions: Available at dimensionportal.io/privacy/archive

12. CONTACT US

12.1 Privacy Questions
For questions about this Privacy Policy or our data practices:

Email: [email protected] (Subject: “Privacy Inquiry”)

Mail:
Dimension Group Limited
Care of TIM FLEMING ASSOCIATES LIMITED
Level 2, 24 Augustus Terrace
Parnell, Auckland, 1052
New Zealand

12.2 Data Protection Officer
Privacy Compliance Contact:
Email: [email protected]

12.3 Regulatory Authorities

New Zealand:
Office of the Privacy Commissioner
Website: www.privacy.org.nz
Phone: 0800 803 909

European Union:
Find your local Data Protection Authority: https://edpb.europa.eu/about-edpb/board/members_en

California:
California Attorney General – Privacy Enforcement
Website: https://oag.ca.gov/privacy

13. SPECIFIC PRIVACY DISCLOSURES

13.1 Dimension Dollars Privacy

Transaction Data:

All DD purchases, refunds, and transfers are recorded
Visible in “My Account” → “Wallet” → “Transaction History”
Retained for 7 years (tax compliance)

Vendor Visibility:

Vendors see your username when you purchase from them
Vendors do NOT see your DD balance or other transactions

Refund Processing:

Refund requests logged (amount, timestamp, reason)
Bank account details (for refund deposits) encrypted and deleted after payout

NFC Bracelet Note:

Bracelet-stored balance functionality has been disabled
All balances are stored in your secure account, not on physical bracelets
Bracelets are used for identification and tap-to-pay authorization only

13.2 Media Content Privacy

Viewing Data:

Content watched (titles, episodes, duration)
Watch history visible in “My Account” → “Viewing History”
Used to recommend similar content (opt-out available)

Casting Data:

When casting to Chromecast or other devices, playback position is synced
Cast device names are stored locally for convenience
No casting data is shared with third parties

Data Retention:

Viewing history retained while your account is active
Deleted upon account deletion

13.3 Quest System Privacy

Quest Progress Data:

Tasks completed, timestamps, points earned
Leaderboard display: Username + completion time (opt-out available)

Opt-Out:

Hide your username from leaderboards: “Settings” → “Privacy” → “Hide Leaderboard Name”

13.4 Messaging Privacy

End-to-End Encryption:

Messages encrypted on your device before sending using RSA encryption
Only recipient’s device can decrypt (not even Dimension Group)

Metadata (NOT Encrypted):

Sender/recipient usernames
Message timestamps
Message size (bytes)

Abuse Detection:

Metadata analyzed for spam patterns (e.g., 100+ messages/minute)
Encrypted content NEVER analyzed

Reporting:
If you report a user for harassment:

We review metadata (frequency, timing)
Reported user may be banned based on pattern analysis
We CANNOT read message content to verify claims

14. COOKIES AND TRACKING DETAILS

14.1 Cookie Categories

Strictly Necessary (Cannot be Disabled):

Session cookies (keep you logged in)
CSRF tokens (security against attacks)
Load balancing cookies (distribute traffic across servers)

Performance Cookies (Optional):

Anonymized traffic data for website improvement

Functional Cookies (Optional):

Language preference (en-US, en-NZ, etc.)
Currency display (NZD, AUD, USD)
Theme preference (dark mode)

14.2 Cookie Lifespan

Cookie Type	Lifespan
Session cookies	Expire when you close browser
Remember Me	30 days
Analytics	2 years
Preferences	1 year

14.3 Do Not Track (DNT)

We honor “Do Not Track” browser signals for analytics cookies
Essential cookies still required for platform functionality

14.4 Mobile App Tracking

iOS:

App Tracking Transparency (ATT) prompt shown on first launch
Deny tracking: Only crash reporting data collected (via Sentry)
No advertising tracking or third-party ad networks

Android:

No third-party ad networks integrated
Crash reporting via Sentry (opt-out available)

Opt-Out:

iOS: “Settings” → “Privacy” → “Analytics” → Toggle off
Android: “Settings” → “Privacy” → “Analytics & Crash Reports” → Toggle off

15. DATA BREACH HISTORY

15.1 Transparency Commitment
We have NOT experienced any data breaches as of December 18, 2025.

If a breach occurs in the future:

Public disclosure at dimensionportal.io/security/incidents
Detailed timeline, affected data, and remediation steps
Annual transparency report published

16. PRIVACY BY DESIGN

16.1 Minimal Data Collection
We only collect data necessary for platform functionality:

No unnecessary tracking: We don’t collect browsing history outside our platform
No facial recognition: Profile photos never analyzed with AI
No voice recording: No audio data collected
No location tracking: GPS features currently disabled

16.2 Privacy-First Features

Anonymous Browsing:

Browse vendors without creating an account (purchase requires account)

Pseudonymous Usernames:

No requirement to use real name (usernames can be pseudonyms)

Selective Sharing:

Choose what profile information is public (username only by default)

Self-Destructing Messages:

All messages automatically deleted 24 hours after reading

16.3 Planned Privacy Enhancements
Roadmap (2026):

Two-factor authentication (2FA) for enhanced account security
Self-destructing account data (auto-delete after 1 year of inactivity with user consent)
Enhanced encryption options for sensitive data

17. CALIFORNIA “SHINE THE LIGHT” LAW

17.1 Disclosure (Cal. Civ. Code § 1798.83)
California residents may request information about our disclosure of personal information to third parties for direct marketing purposes.

Response to “Shine the Light” Requests:

We do NOT share data for third-party direct marketing
If this changes, we will provide opt-out mechanism

How to Request:

Email: [email protected]
Subject: “Shine the Light Request”
Include: Full name, address (for verification)

18. ACCESSIBILITY

18.1 Privacy Policy Accessibility

Available Formats:

Web: dimensionportal.io/privacy (screen reader compatible)
PDF: Downloadable version with accessible formatting
Large Print: Available upon request

Request Alternative Format:

Email: [email protected]
Subject: “Accessible Privacy Policy Request”

SUMMARY OF KEY PRIVACY PRACTICES

✅ We do NOT sell your data – ever.

✅ End-to-end encrypted messaging – we can’t read your messages.

✅ Automatic message deletion – 24 hours after reading.

✅ Anonymized analytics – aggregate data only, no individual tracking.

✅ GDPR/CCPA compliant – full data access, deletion, and portability rights.

✅ Strong encryption – AES-256 at rest, TLS 1.3 in transit, RSA for messages.

✅ Transparent breach policy – 72-hour notification if breach occurs.

✅ Minimal data retention – deleted after account deletion (except anonymized tax records).

✅ Third-party audits – annual security penetration testing.

✅ No location tracking – GPS features currently disabled.

✅ No advertising networks – we don’t serve ads or share data with ad platforms.

✅ Crash reporting only – Sentry used for stability, not behavioral tracking.

✅ Free media content – no paid subscriptions, no payment data for content access.

Last Updated: December 18, 2025
Effective Date: November 30, 2025

By using Dimension Portal, you acknowledge you have read and understood this Privacy Policy.