Skip to main content
OSOM Talent

OSOM Talent Privacy Policy

[ATTORNEY REVIEW REQUIRED BEFORE PRODUCTION USE]

Public-facing privacy policy. This is a compliance-aware production draft prepared from primary-source research on federal privacy law, Arizona statutes (Arizona has no comprehensive privacy law, A.R.S. § 18-552 breach notification is the principal state requirement), the California Consumer Privacy Act (CCPA / CPRA) as the de facto national baseline that any platform serving California-resident Workers must satisfy, the Illinois Biometric Information Privacy Act (BIPA, relevant if face recognition is ever used), and benchmark gig-economy privacy notices (DoorDash, Uber, Lyft, Amazon Flex, Instacart). It is NOT legal advice and is NOT enforceable as-is. Have qualified Arizona counsel review before publication.

Effective Date: [CONFIRM WITH COUNSEL: set actual launch date] Last Updated: [CONFIRM WITH COUNSEL: set actual launch date] Version: 1.0-DRAFT

1. Who We Are

OSOM Talent LLC ("OSOM," "we," "us," or "our") is an Arizona limited liability company doing business as OSOM Talent and OSOM Street Team. We operate a marketplace (the "Service") that connects Clients with independent-contractor Workers to perform marketing services, including street-team distribution of printed materials, photography, videography, DJ services, brand-ambassador work, and event staffing.

This Privacy Policy explains how we collect, use, share, and protect personal information when you use the Service.

If you do not agree with this Policy, do not use the Service.

2. Scope and Application

2.1. This Policy applies to personal information processed in connection with our websites, mobile applications, and related services.

2.2. Categories of individuals covered: prospective and current Workers (Talent / Distributors), prospective and current Clients and their representatives, Platform administrators, recipients of distributed marketing materials who interact with our opt-out mechanisms, and visitors to our websites.

2.3. Not covered: Information processed by independent third-party service providers under their own privacy notices (e.g., Stripe for payment processing, Checkr or similar for background checks, Google for Maps/Places/Routes services). Their notices govern your interaction with them.

3. Personal Information We Collect

We collect the following categories of personal information:

3.1. Account Information: name, email, phone number, password (stored hashed), profile photo, role (Admin / Client / Worker), and (for Workers) selected categories of work, languages spoken, and qualifications.

3.2. Identity and Eligibility Verification Information: for Workers: date of birth (to verify ≥18), government-issued ID images, taxpayer identification information for IRS Form 1099 reporting (Form W-9 data, name, business name, address, TIN or SSN), bank account or payment-method information for direct deposit, and the results of any background check we obtain through a consumer reporting agency.

3.3. Client Business Information: business name, address, contact persons, billing information, industry, business license information where required for restricted categories, and tax identification.

3.4. Campaign and Engagement Content: campaign briefs, task instructions, route data, content files (artwork to be distributed, music tracks, photos to be reproduced), and communications between Clients and Workers through the Service.

3.5. Submission Content: proof-of-work uploads, including photos and videos, written notes, and the GPS coordinates associated with each submission.

3.6. Location Data, Active-Task Only. While a Worker is logged in and performing an accepted task ("Active-Task Window"), the Service collects the Worker's device location periodically and at completion. We do not collect a Worker's location when the Worker is not in an Active-Task Window. The Active-Task Window begins when the Worker accepts and starts a task, and ends 10 minutes after the Worker submits proof of completion (the "trailing verification window") or when the Worker manually ends the task, whichever is earlier.

3.7. Approximate-Location Data for Matching: when a Worker is browsing available tasks, we may use the Worker's approximate location (typically ZIP-code level) to surface relevant opportunities. Workers may turn this off; the Service will then show all opportunities in our coverage area.

3.8. Communications Data: emails to support, in-app messages, SMS notifications, recorded phone calls (where lawful under Arizona's one-party consent rule, A.R.S. § 13-3005, and where we have provided notice).

3.9. Device, Log, and Usage Data: IP address, browser type, operating system, device identifiers, language, referring URL, pages viewed, features used, timestamps, and similar standard server log information.

3.10. Cookies and Similar Technologies: see Section 9.

3.11. Recipient and Opt-Out Information: for residents who request inclusion in our internal do-not-distribute list: street address, ZIP, optional requester name, and email or phone (if provided for confirmation).

3.12. Information You Volunteer: anything you choose to upload, post, or send us beyond what is required.

3.13. Information We Do Not Collect.

(a) We do not collect Worker location outside the Active-Task Window. There is no "always-on" location tracking of Workers.

(b) We do not currently use face-recognition, fingerprint-recognition, or other biometric identifiers under the Illinois Biometric Information Privacy Act definition. If we ever do (e.g., for in-app identity verification), we will update this Policy, provide separate notice, and obtain written consent before collection.

(c) We do not sell personal information to third parties for monetary consideration.

(d) We do not use cross-context behavioral advertising or share personal information with third parties for their independent advertising purposes.

4. How We Use Personal Information

We use personal information to:

4.1. Provide and operate the Service: including account creation and authentication, campaign matching, task assignment, proof-of-work review, payment processing, ratings, and Worker–Client communications.

4.2. Verify identity and eligibility: including FCRA-compliant background checks for Workers, age verification, and Client business verification.

4.3. Process payments and report taxes: including issuing IRS Form 1099-NEC for Workers and remitting applicable Arizona Transaction Privilege Tax.

4.4. Improve and develop the Service: including aggregate analytics, debugging, security monitoring, and feature development.

4.5. Communicate with you: transactional emails (account verification, password reset, payment notices, agreement requests), service announcements, and (where you have opted in) marketing emails. You can unsubscribe from marketing emails at any time using the link in the email.

4.6. Honor opt-out requests from distribution recipients: by scrubbing our internal do-not-distribute list against assignment routes before tasks are issued.

4.7. Detect, investigate, and prevent fraud, abuse, or violations of our Terms: including reviewing GPS data for falsification, reviewing proof-of-work for tampering, and investigating reported safety incidents.

4.8. Comply with legal obligations: including responding to subpoenas and other valid legal process, complying with tax-reporting law, and responding to regulatory inquiries.

4.9. Enforce our agreements and protect our rights: including pursuing collections, defending claims, and exercising our rights under the Worker Agreement, Client Services Agreement, and Terms of Service.

5. How We Share Personal Information

We share personal information only as described in this Section:

5.1. Within the Service. Workers and Clients see each other's information only as required for an active engagement (e.g., a Client sees a Worker's first name, last initial, profile photo, and approved proof of work for the Client's own campaign; a Worker sees a Client's brand and campaign brief and any Client contact information necessary to complete the task).

5.2. Service Providers (Data Processors). We share with vendors that process information on our behalf under written contracts that restrict their use of the information to providing services to us:

(a) Supabase, Inc.: database, authentication, file storage hosting. (b) Vercel, Inc.: Service hosting. (c) Google LLC: Maps, Places, Directions, and Routes APIs (used server-side wherever feasible to limit direct user-Google data flow). (d) Payment processors (e.g., Stripe), payment processing and tax-form generation. (e) Background-check providers (e.g., Checkr, Sterling), FCRA-compliant background checks for Workers. (f) Identity-verification providers: government-ID review. (g) Email and SMS providers: transactional and (with opt-in) marketing communications. (h) Customer-support providers: help-desk operations. (i) Analytics providers: Service usage analytics, configured to limit cross-site tracking.

A current list of major Service Providers is available at [CONFIRM WITH COUNSEL: sub-processor URL]. We will update this list as our processor relationships change.

5.3. Legal Disclosures. We may disclose personal information when we believe in good faith that disclosure is necessary to (a) comply with applicable law or valid legal process (subpoena, search warrant, court order); (b) enforce our Terms or other agreements; (c) protect the rights, property, or safety of OSOM, our users, or others; (d) respond to claims of intellectual-property infringement; or (e) prevent or investigate possible fraud or other unlawful activity.

5.4. Business Transfers. If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our assets, personal information may be transferred as part of that transaction, subject to the acquirer's commitment to honor this Policy (or to provide notice and choice before changing it materially).

5.5. With Your Consent. We may share personal information for any other purpose with your consent.

5.6. Aggregated and De-Identified Data. We may share aggregated or de-identified information that cannot reasonably be used to identify you for any purpose.

6. Retention

6.1. We retain personal information for as long as necessary to provide the Service, comply with legal obligations (including tax-recordkeeping and IRS Form 1099-NEC requirements that require multi-year retention), resolve disputes, and enforce agreements.

6.2. Specific retention periods:

(a) Worker account, W-9, and 1099 information: retained for at least 7 years after last activity to satisfy IRS recordkeeping rules (26 U.S.C. § 6001 and IRS guidance). (b) Submission Content and GPS data: retained for 3 years after the relevant campaign closes, then aggregated or deleted. (c) Background-check reports: retained per FCRA recordkeeping requirements and consumer-reporting-agency vendor agreements; consumer reports themselves are typically not stored by Platform beyond the relevant adverse-action window. (d) Communications and support tickets: retained for 5 years after closure. (e) Cookies: see Section 9. (f) Do-not-distribute opt-out list: retained indefinitely until removed in writing by the property owner. (g) Closed accounts: minimal record retained for at least 3 years to detect re-registration attempts and to satisfy legal claim periods.

6.3. After the retention period, we delete, de-identify, or anonymize personal information unless a legal hold requires retention.

7. Security

7.1. We implement administrative, technical, and physical safeguards designed to protect personal information. These include role-based access controls in our database (Supabase Row Level Security policies), TLS encryption of data in transit, encryption at rest for sensitive fields (Supabase storage and database disk encryption), audit logging of administrator actions, secret-key restriction of payment-processor and Google-API access, multi-factor authentication for administrator accounts, and periodic security review.

7.2. No security measure is perfect. Despite our efforts, no security control can guarantee absolute protection. You are responsible for maintaining the secrecy of your account credentials and notifying us promptly of any unauthorized access.

7.3. Breach Notification. If we discover a security breach involving unencrypted personal information of an Arizona resident, we will notify affected individuals as required by A.R.S. § 18-552 (Arizona's data-breach notification statute), generally without unreasonable delay, and not later than 45 days after determination of the breach, subject to the statute's exceptions for law-enforcement requests and risk-based assessment. We will also notify regulators where required.

8. Your Rights and Choices

8.1. Access, Correct, Delete, Export. You may request access to the personal information we hold about you, request correction of inaccurate information, request deletion (subject to retention obligations in Section 6), or request a portable export. To exercise any right, contact us at info@osomtalent.com. We will respond within 45 days; we may extend by an additional 45 days for complex requests, with notice.

8.2. California Residents, CCPA / CPRA Rights. If you are a California resident, you have the following rights regardless of where the Service is operated:

(a) Right to know what personal information we have collected about you, the sources, the purposes, and the categories of recipients. (b) Right to delete personal information, subject to exceptions (legal compliance, fraud prevention, internal lawful uses). (c) Right to correct inaccurate personal information. (d) Right to opt-out of sale or sharing of personal information for cross-context behavioral advertising. We do not sell personal information and do not share it for cross-context behavioral advertising. No opt-out is required because there is nothing to opt out of, but you may submit a request to confirm. (e) Right to limit use of sensitive personal information. We use sensitive personal information (e.g., government IDs, financial account information) only for the purposes described in Section 4 and only as necessary to provide the Service; we will not use it for inferring characteristics about you. (f) Right to non-discrimination for exercising your rights. We will not deny services, charge different prices, or provide a different level or quality of services because you exercised a right under the CCPA.

To exercise California rights, contact us at the email above or call [CONFIRM WITH COUNSEL: toll-free number]. We will verify your identity using account information.

8.3. Authorized Agents. California residents may use an authorized agent to make requests. The agent must provide signed written authorization and we may require the underlying resident to verify the request.

8.4. Workers Performing Services Outside Arizona. If you are a Worker performing services for the Service from outside Arizona, you may have rights under your state's privacy laws (e.g., Colorado, Connecticut, Virginia, Utah, Texas comprehensive privacy laws as of 2026). To exercise those rights, contact us at the email above and identify the relevant state law.

8.5. Communications Preferences. You can opt out of marketing emails by clicking the unsubscribe link in any marketing email. You cannot opt out of transactional emails required to operate the Service (e.g., agreement requests, payment notices, security alerts) as long as you maintain an active account.

8.6. Distribution Recipients, Opt-Out Request. Residents of any address served by OSOM Street Team may request inclusion on our internal do-not-distribute list at [CONFIRM WITH COUNSEL: opt-out URL]. Inclusion takes effect within 10 business days and remains in effect indefinitely until removed in writing.

8.7. Workers, Public Featured-Talent Showcase Opt-Out. Workers whose profiles are approved and who have earned a strong client-rating average (currently 4.0★ across 3+ verified bookings) may be featured on the public OSOM Talent homepage and in marketing newsletters. The featured display includes the Worker's first name, headline, primary category, avatar, and rating aggregate, no last name, no contact information, no client-specific feedback. Workers may opt out at any time from the Eligible for public "Featured Talent" checkbox on the profile editor at /app/profile. Opt-out is effective immediately and prevents future featuring (already-published newsletters or cached homepage versions may persist for up to 24 hours).

9. Cookies, Tracking Technologies, and Do Not Track

9.1. We use cookies and similar technologies (web beacons, local storage) for:

(a) Strictly necessary: authentication, session management, security. (b) Functional: remembering preferences, language, role. (c) Analytics: measuring Service usage at an aggregate level.

9.2. No third-party advertising cookies. We do not use cookies for cross-context behavioral advertising.

9.3. Browser Controls. Most browsers allow you to refuse, accept, or delete cookies. Refusing strictly-necessary cookies will impair Service functionality.

9.4. Global Privacy Control (GPC) and Do Not Track. Because we do not engage in cross-context behavioral advertising or sale of personal information, GPC and Do Not Track signals do not change our practices. We honor them where required by law.

10. Children

10.1. The Service is not directed to children under 18. We do not knowingly collect personal information from children under 13 (subject to COPPA) or sign up users under 18 (a Service requirement under our Terms).

10.2. If you believe we have collected personal information from a child under 13, contact us at info@osomtalent.com and we will delete it.

11. International Data Transfers

11.1. The Service is operated from the United States and personal information is processed in the United States.

11.2. If you access the Service from outside the United States, you understand that your information may be transferred to and processed in the United States, where data-protection laws may differ from those of your country of residence. By using the Service, you consent to such transfer.

12. Third-Party Links and Services

12.1. The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy notices before providing them with personal information.

Platform Features and Associated Data (2026 Update)

This section was added to describe data practices for features added as the platform expanded. It is pending counsel review and should be integrated into the numbered sections above on final review.

Bookings and payments. When you book or get paid, payment is processed by Stripe. Card numbers, bank details, and tax identification you provide to Stripe are handled by Stripe under its own privacy terms; we do not store full payment-card or bank-account numbers. We store booking records, amounts, payment status, payout status, and the tax-form status Stripe reports to us. When you pay a deposit, Stripe securely stores a token for your payment method so the remaining balance can be charged automatically when the booking is completed; we keep a reference to that saved method (not the card number) and the results of each charge.

Payment disputes. If a charge is disputed (a chargeback), we may assemble and submit evidence that the service was delivered, such as the booking record, your acceptance of our Terms and Cancellation Policy, GPS check-in and check-out, and timestamped proof of work, to the card network and our processor in order to respond to the dispute.

Location and proof of work. For workers on an active shift, we collect GPS location at check-in and check-out, with uploaded photos and location pins, and periodic location points (about once a minute) that form a route while the shift is active. We collect this only during an active shift, and we share the route, timestamps, and proof with the client and OSOM as verification that the work was performed. We do not track worker location outside an active shift.

In-app messaging. When you message another user, we store the message content, the participants, and timestamps so the conversation is available to its participants and, where necessary, to administrators for safety and support. Threads become read-only after a job ends but are retained.

SMS and mobile messaging. With your consent, we send account and transactional texts (such as phone-verification codes, booking and payment alerts, and other account notifications) and, with a separate opt-in, promotional texts. We collect your mobile number directly from you when you add and verify it at signup, during a booking, or in your account settings. Consent to receive texts is not a condition of any purchase. Message frequency varies, and message and data rates may apply. Reply STOP to any OSOM Talent text to opt out, or HELP for help; you can also manage SMS categories in your account settings. No mobile information, including your phone number and your SMS opt-in, is sold, rented, or shared with any third party or affiliate for their own marketing or promotional purposes. We share your mobile number only with the messaging provider that delivers these texts on our behalf, and otherwise only as described in this Policy (for example, to comply with law). Text-message opt-in and consent data are never shared with third parties for marketing. Full program details are in our Messaging (SMS) Terms.

Phone calls and the AI assistant. Our public phone line is answered by an automated assistant and may be recorded; a disclosure is provided at the start of the call. We use call information to answer questions, generate estimates, send you a booking link by text if you ask, or connect you to a person. Quoted prices given by phone are estimates.

Push notifications. If you enable them, we store a device subscription token to deliver notifications. You can disable notifications in your browser or device settings.

Ratings, reviews, and public profiles. Ratings, reviews, and worker profile information you choose to publish are displayed publicly on the marketplace. Public talent listings show limited information (such as a first name and last initial) and do not show your contact details.

Languages and other profile details. Languages spoken, and other details that talent and partners choose to add (such as specialties, equipment, and rates), are part of the public marketplace profile so clients can find and filter talent who fit their needs, including by language. This information is self-reported by the talent or partner.

Referrals. If you participate in the referral program, we store your referral code and the referrals attributed to it to calculate rewards. Referral earnings may be reportable income.

In-app help assistant. If you use the in-app help chat, your questions may be sent to a third-party AI provider to generate answers, governed by that provider's data terms. Please do not include sensitive personal or payment information in help chats.

Email marketing. If you subscribe or become a contact, we may send marketing email with a working unsubscribe link, which we honor promptly. Transactional email (such as receipts and account notices) is separate and not governed by the marketing unsubscribe.

Identity verification and background checks (where offered). If we offer identity verification or an optional background check, the document, selfie, or background data is collected and processed by a specialized third-party vendor under its own terms; we receive only a pass/fail or verified status and limited results. Background checks, where offered, are governed by the federal Fair Credit Reporting Act and require your separate consent.

13. Changes to This Policy

13.1. We may update this Policy from time to time. Material changes will be announced by email to the address on file and by in-app notice at least 30 days before they take effect.

13.2. The "Last Updated" date at the top of this Policy reflects the most recent revision.

14. Contact Us

OSOM Talent LLC Attn: Privacy 515 E Grant St, Suite 150, Phoenix, AZ 85004

Email (privacy): info@osomtalent.com Email (general): info@osomtalent.com Telephone: 833-652-6766

If you have a concern that we have not adequately addressed, you may also contact your state attorney general's office or, if you are a California resident, the California Privacy Protection Agency.

END OF PRIVACY POLICY, v1.0-DRAFT `[ATTORNEY REVIEW REQUIRED BEFORE PRODUCTION USE]`