PRIVACY POLICY
Vent

Effective date: November 10 2024

Vent is committed to protecting privacy, confidentiality, and dignity. This Privacy Policy explains how information is handled in accordance with the Bermuda Personal Information Protection Act 2016 (PIPA) and the General Data Protection Regulation (GDPR).

​

LEGAL FRAMEWORK AND COMPLIANCE

​

Vent aligns its privacy practices with the following laws and principles:

• Bermuda Personal Information Protection Act 2016 (PIPA)
• General Data Protection Regulation (EU) 2016/679 (GDPR)

Vent applies these laws based on their shared principles of fairness, transparency, data minimization, security, and accountability.

Vent is not a healthcare provider.
Vent does not provide diagnosis or treatment.
HIPAA principles are applied as best practice for confidentiality and safeguards, where relevant, but Vent is not a HIPAA covered entity.

​

CORE PRIVACY PRINCIPLE

In line with PIPA section 6 and GDPR Article 5(1)(c), Vent limits the collection of personal information to what is necessary for platform operation and safety.

Vent is designed to support emotional expression without identity.

​

INFORMATION YOU MAY PROVIDE

​

You may choose to submit written content describing emotions, thoughts, or experiences.

Under PIPA section 6(1)(a) and GDPR Article 5(1)(a), Vent processes information fairly and lawfully.

You should not share:

• Names
• Addresses
• Phone numbers
• Email addresses
• Workplaces
• Locations
• Any information identifying another person

This protects you and others.

​

INFORMATION VENT DOES NOT COLLECT

​

In line with PIPA section 6(1)(c) and GDPR Article 5(1)(c), Vent does not collect unnecessary personal data.

Vent does not collect:
• Real names for anonymous use
• User profiles tied to identity
• Advertising identifiers
• Marketing data
• Behavioral tracking data

Vent does not create identity profiles.

​

TECHNICAL AND OPERATIONAL DATA

​

Vent may collect limited technical information required for security and system reliability.

This aligns with PIPA section 6(1)(b) and GDPR Article 6(1)(f), which allow processing for legitimate operational interests.

Examples include:
• Device category
• Browser type
• Approximate region

Technical data remains separate from vent submissions.
Vent avoids linking emotional content to technical identifiers.

​

DATA STORAGE AND SECURITY SAFEGUARDS

​

Vent applies appropriate safeguards as required under:
• PIPA section 7
• GDPR Article 32

These safeguards include:
• Secure storage environments
• Restricted internal access
• Operational monitoring for misuse

Vent uses reasonable administrative, technical, and organizational measures to protect data against loss, misuse, or unauthorized access.

​

ANONYMITY AND CONFIDENTIALITY

​

Vent protects anonymity by design.

In accordance with PIPA section 6(1)(d) and GDPR Article 5(1)(f), Vent limits access to information and prevents unauthorized disclosure.

Vent does not attempt to re-identify anonymous submissions.

​

USE OF ANONYMIZED AND AGGREGATED INSIGHTS

​

Vent may process anonymized and aggregated data in line with:
• PIPA section 6(1)(e)
• GDPR Recital 26

Anonymized data does not identify individuals and falls outside the scope of personal data protection laws.

Qualified mental health professionals may review aggregated trends to inform care strategies and wellbeing initiatives.

They do not receive:
• Names
• Identifiers
• Contact information
• Individual records

The focus remains on patterns, not people.

​

CONTENT MODERATION AND SAFETY

​

Vent moderates content to protect users and comply with legal obligations.

This aligns with:
• PIPA section 6(1)(a) fairness principle
• GDPR Article 5(1)(a) lawfulness and fairness

Content may be restricted or removed if it includes:
• Doxxing
• Attempts to identify individuals
• Threats or encouragement of harm
• Illegal activity

​

DATA RETENTION

​

Vent retains data only for as long as necessary, in line with:
• PIPA section 6(1)(f)
• GDPR Article 5(1)(e)

Retention practices aim to limit long-term exposure and reduce risk.

​

USER RIGHTS UNDER PIPA AND GDPR

​

Where applicable, users have rights under:
• PIPA sections 10 to 14
• GDPR Articles 12 to 23

These rights include:
• Access to personal data
• Correction of inaccurate data
• Erasure where legally permitted
• Objection to certain processing

Because Vent limits identifiable data, some rights may not apply in practice.

Vent responds to valid requests in accordance with legal timelines.

​

INTERNATIONAL DATA TRANSFERS

​

Vent operates across multiple jurisdictions.

Data handling practices apply consistent protection standards in line with:
• PIPA section 15
• GDPR Chapter V

Appropriate safeguards apply to cross-border data handling.

​

LIMITATIONS AND LEGAL DISCLOSURE

​

Vent may disclose information where required by law or to prevent serious harm.

Such disclosure follows legal process and is limited to what is required, consistent with PIPA and GDPR obligations.

​

CHANGES TO THIS POLICY

​

Vent may update this policy to reflect legal or operational changes.

Continued use of the platform indicates acceptance of updates.

​

CONTACT AND PRIVACY ENQUIRIES

Questions or concerns about privacy should be directed through official Vent support channels.

Vent approaches privacy with care, restraint, and accountability.