Privacy Policy

---

Privacy Policy for Homeless X Media

Effective Date: April 6, 2026
Policy Version: 2.1

1. Our Ethical Mandate and Scope

Homeless X Media (“HXM,” “the Organization,” “we,” “us,” or “our”) operates at the intersection of high-impact journalism and humanitarian advocacy. Unlike traditional media outlets, HXM frequently interacts with individuals experiencing extreme housing instability, mental health challenges, and systemic marginalization.

This Privacy Policy is not merely a legal checkbox; it is a foundational document governing our moral contract with our subjects and our digital audience. This policy applies to all HXM-branded platforms, including our primary website, mobile applications, social media presence (specifically our "X" integration), and our physical field reporting operations. By engaging with our content or participating in our media projects, you acknowledge the data practices described herein.

2. The "Vulnerability-First" Data Collection Framework

HXM acknowledges that "consent" is a complex concept for individuals in crisis. Our data collection is governed by a Vulnerability-First framework, ensuring that we do not exploit the digital footprint of those we document.

2.1 Media Subject Data (Field Reporting)

When our journalists and filmmakers engage with the homeless community, we collect "Primary Narrative Data." This includes:

• Visual and Auditory Biometrics: High-definition video, RAW photographic files, and ambient audio recordings. These are classified as sensitive biometric data under the GDPR.
• Contextual Life Data: Information regarding an individual’s path to homelessness, including medical history, domestic situations, and interactions with the justice system.
• Geographic Identifiers: Precise locations of encampments or temporary shelters. To protect subjects from harassment or sweeps, we apply "Geographic Scrubbing" to metadata before publication unless the location is a matter of urgent public advocacy.

2.2 User and Subscriber Data

For our digital audience, we collect:

• Account Information: Name, email, and encrypted passwords for members-only content.
• Financial Data: For donors, we process data through PCI-compliant gateways. HXM never stores full credit card numbers on its own servers.
• Technical Identifiers: IP addresses, device IDs, and "X" (formerly Twitter) handle information if you use social login or sharing features.

3. Deep-Dive: Biometric Data and Facial Recognition

HXM is committed to the "Right to be Forgotten" in a visual context.

• Facial Hashing: We do not use facial recognition to track individuals across different stories. We use hashing only to ensure that we have a record of who has signed a digital release form without storing their name in the same database as their image.
• Post-Publication Redaction: If a subject’s life circumstances change (e.g., they secure stable housing and employment) and they feel a past HXM documentary hinders their progress, they may petition our "Ethics Board" for image blurring or video removal. We weigh the journalistic value against the individual's right to re-entry into society.

4. Journalistic Exemption and Legal Bases

While HXM complies with the GDPR and CCPA, we also operate under Journalistic Exemptions.

• Article 85 (GDPR): This allows us to process personal data for "journalistic purposes" even without explicit consent in cases of high public interest (e.g., exposing municipal corruption in housing).
• Legitimate Interests: For our digital operations, we process data to maintain site security, prevent DDOS attacks, and analyze which stories move the needle on public policy.
• Vital Interests: In rare cases, we may share location data with emergency medical services if a subject is in immediate life-threatening danger during an interview.

5. Data Processing for Social Media (The "X" Media Clause)

As "Homeless X Media," our integration with the X platform is extensive.

• API Usage: When you interact with our content on X, we may collect data on retweets, likes, and mentions to gauge the "Social Sentiment Score" of a specific campaign.
• Public Data Scraping: We may archive public posts regarding homelessness to identify trends. This data is anonymized before being used in our annual "State of the Streets" reports.
• Third-Party Tracking: Note that X (Twitter) has its own tracking pixels. If you click an HXM link on X, both HXM and X Corp may track that conversion.

6. The "Digital Shadow" and Data Minimization

We practice strict Data Minimization.

• Raw Footage Retention: We retain unedited footage for 7 years for archival and historical purposes. However, this data is stored in "Cold Storage" (offline) to prevent data leaks.
• Cookie Policy: We do not use "invasive" advertising cookies. Our cookies are restricted to "Functional" (keeping you logged in) and "Analytical" (standard Google Analytics with IP-anonymization turned on).

7. Global Data Sovereignty (Transfers and Storage)

Your data may be stored on servers located in the United States, the EU, or Singapore.

• Privacy Shield & SCCs: We utilize Standard Contractual Clauses to ensure that if data moves from the EU to our US headquarters, it receives "essentially equivalent" protection.
• Cloud Security: We use Tier-1 cloud providers (AWS/Google Cloud) with AES-256 encryption for all data at rest.

8. Your Rights: The "Power to the Subject" Clause

HXM offers a "Transparency Portal" for any individual who has been featured in our media.

1. The Right to Context: You have the right to know how your story is being framed.
2. The Right to Revoke: You may revoke a media release within 30 days of signing, provided the content has not yet entered the distribution phase.
3. CCPA "Do Not Sell": HXM explicitly states: We do not sell, rent, or trade your personal data to any third-party brokers. Our "sale" of data is zero.

---

9. Advanced Security Protocols and Data Integrity

HXM employs a "Defense-in-Depth" strategy to protect the sensitive nature of our storytelling. Because our database contains the locations and identities of vulnerable individuals, our security measures exceed standard commercial requirements.

• Encryption Standards: All data in transit is protected using Transport Layer Security (TLS 1.3). Data at rest—including raw video files and interview transcripts—is encrypted using AES-256, the gold standard for cryptographic protection.
• Access Control (Zero Trust): We implement a "Least Privilege" access model. Only authorized producers and legal counsel have access to unedited field footage. General staff and interns only interact with "Anonymized Production Assets."
• Breach Notification: In the event of a data breach involving personal identifiers or sensitive biometric data, HXM will notify affected individuals and relevant Supervisory Authorities within 72 hours, as mandated by the GDPR, via the most direct communication channel available (email, SMS, or physical outreach to encampment partners).

10. Machine Learning, AI, and Automated Processing

To handle the high volume of media we produce, HXM utilizes Artificial Intelligence (AI) and Machine Learning (ML) tools. However, we apply strict ethical guardrails:

• Automated Transcription: We use AI to transcribe thousands of hours of interviews. These transcripts are processed in a "Closed-Loop" environment—meaning the data is not used to train third-party public AI models (like ChatGPT or Otter.ai).
• AI Anonymization: We are currently testing AI-driven "Auto-Blur" technology to automatically identify and mask faces of bystanders or minors in large-scale protest or encampment footage, ensuring their privacy is protected without human oversight errors.
• No Automated Decision-Making: HXM does not use algorithms to make legal or life-altering decisions about its subjects. All editorial choices regarding who is featured and how they are portrayed are made by human editors.

11. Specific Jurisdictional Disclosures (CCPA, CPRA, and VCDPA)

For our users in the United States, particularly California and Virginia, we provide the following additional disclosures:

11.1 California Consumer Privacy Act (CCPA) / CPRA

• Right to Limit Use of Sensitive Personal Information: You have the right to direct HXM to limit the use of your "Sensitive Personal Information" (e.g., precise geolocation or health data) to only that which is necessary to perform our services.
• Notice of Financial Incentive: HXM does not offer financial incentives in exchange for the retention or sale of personal data.
• "Shine the Light" Law: California residents may request a list of all third parties to which we have disclosed personal information for direct marketing purposes. (Note: HXM’s current list is zero, as we do not disclose data for marketing).

11.2 Virginia Consumer Data Protection Act (VCDPA)

Virginia residents have the right to opt-out of "Profiling" in furtherance of decisions that produce legal or similarly significant effects. HXM confirms it does not engage in such profiling.

12. Children’s Online Privacy Protection Act (COPPA)

HXM is particularly sensitive to the privacy of minors experiencing homelessness.

• Under 13: We do not knowingly collect personal information from children under the age of 13 through our digital platforms.
• In-Field Reporting: If a minor is the subject of a media piece, we require written or recorded "Informed Consent" from a legal guardian. In cases where a guardian is unavailable (e.g., unaccompanied youth), we consult with local child advocacy legal experts before any data or imagery is captured.

13. Data Subject Access Request (DSAR) Procedure

If you wish to exercise your rights (Access, Deletion, or Portability), please follow our standardized DSAR Protocol:

1. Submission: Email tamaleenock739@gmail.com with the subject line "Data Subject Request."
2. Verification: For security, we must verify your identity. This may require you to provide a "Knowledge-Based Verification" (e.g., "On what date and in which city were you interviewed by HXM?").
3. Response Time: We will provide a confirmation within 10 business days and a full resolution within 30 days.
4. No Fee: We do not charge a fee for processing standard requests. However, we reserve the right to charge a "Reasonable Administrative Fee" for unfounded or excessive repeated requests.

14. Retention and Disposal of "Dead Data"

We do not keep data forever. Our "Data Shredding" policy ensures that once a project is archived and the statute of limitations for legal claims has passed (typically 7–10 years depending on the jurisdiction), all non-essential PII is scrubbed.

• Physical Media: Hard drives containing sensitive footage are physically degaussed or shredded at the end of their lifecycle.
• Cloud Data: We use "Permanent Delete" protocols that overwrite the sectors to ensure data cannot be recovered by forensic tools.

15. The Role of the "Data Protection Officer" (DPO)

HXM has appointed a dedicated Data Protection Officer to oversee our compliance. The DPO acts as an independent auditor of our journalistic practices, ensuring that the "Public’s Right to Know" never unnecessarily tramples an individual’s "Right to Privacy."

16. Agreement and Updates

By continuing to use our services, you agree to this Privacy Policy. We reserve the right to modify this document at any time. If we make material changes (e.g., changing how we share data with partners), we will post a prominent notice on our homepage and the "X" platform feed for at least 30 days prior to the change.

17. Final Contact Information

Homeless X Media Legal Department
Attn: Privacy Compliance Office
KAMPALA ,UGANDA
+256751354961

+256789922587
Official Portal: http://homelessxmedia.store

---