Echoes of Us – Privacy Policy for Partner Organizations (Tenants)
Rooted in OCAP® Principles and Anonymous-by-Design Framework
1. Purpose
This Privacy Policy outlines how Educators Toolbox ("the Technology Provider") protects user privacy and data under the OCAP® Principles — Ownership, Control, Access, and Possession — within the Echoes of Us platform. Educators Toolbox is the sole host and custodian of all chatbot data and infrastructure. Partner Organizations ("Tenants") participate by embedding the Echoes of Us chat widget or link on their websites, enabling community access to the hosted platform. The Policy ensures that all parties operate under an Anonymous-by-Design and Indigenous data sovereignty framework.
1.1 Jurisdiction and OCAP® Harmony
In the event of a conflict between OCAP® principles and applicable Canadian privacy law (including PIPEDA or provincial equivalents), Educators Toolbox and the Governance Committee will collaborate in good faith to resolve such conflicts in a manner that upholds Indigenous data sovereignty while remaining compliant with Canadian law.
2. Roles and Responsibilities
Educators Toolbox (Technology Provider):
Hosts and operates the entire Echoes of Us chatbot system. Maintains secure, encrypted Canadian-based infrastructure. Enforces end-to-end data encryption and privacy by design. Collects only aggregate usage metrics for billing and transparency. Upholds OCAP® principles and collaborates with the Governance Committee for audits and oversight.
Partner Organization (Host/Tenant):
Embeds the Echoes of Us widget or link on its website. Ensures the page displaying the widget uses HTTPS and contains no third-party trackers or analytics scripts. Represents community interests and supports privacy awareness but does not store, process, or access any user data. Bears limited responsibility for ethical implementation and preventing misuse of the widget.
End Users (Community Members):
Engage anonymously using a private passphrase stored locally on their device. Choose whether anonymous conversation data can be used to improve AI learning. Retain ownership and control over their data under OCAP®.
3. Anonymous-by-Design Privacy Model
Echoes of Us never requests or stores personal identifiers. Each session is tied to a self-created passphrase stored locally on the user's device. Lost passphrases cannot be recovered. Conversations are anonymous and cannot be linked to a real identity or Tenant.
4. Data Use Preferences
End Users select "Opt-In" or "Opt-Out" for anonymous data contribution to AI improvement. Preferences can be changed anytime, and both options maintain full anonymity.
5. Data Storage and Security
All data is encrypted in transit and at rest within Educators Toolbox's secure hosting environment. Data is stored exclusively in Canadian data centers under OCAP®-compliant custodianship. Tenants do not handle or store any data. The chat widget transmits only secure, encrypted session data to Educators Toolbox servers. In the event of a data breach, Educators Toolbox will notify affected Tenants and the Governance Committee as soon as feasible, and in no event later than required under applicable Canadian law. A record of any incident will be retained for a minimum of 24 months. To the fullest extent permitted by law, Educators Toolbox's liability for any privacy or data security incident shall be limited in accordance with the limitations of liability set forth in the Terms of Service.
6. Oversight and Governance
Oversight is provided by the First Nations Data Governance Committee, established by the Advisory Circle (100% Indigenous members). The Committee oversees anonymization, ethical use, billing transparency, and Indigenous data governance compliance.
7. Data Use and Access (Aligned with Billing Model)
Usage metrics are tracked only at the Tenant level and are fully aggregated. Metrics may include total conversation counts, active anonymous sessions, and average message volumes. For clarity, "aggregate usage metrics" means non-identifiable statistical data, such as total session counts or message volumes, which cannot be used to identify individual users or link data to any Tenant or community. Tenants receive summary-level reports for transparency; no individual user information is ever shared or visible.
8. Secure Embedding Requirements
Tenants agree to embed the Echoes of Us widget only on HTTPS-secured pages. Avoid using analytics, tracking, cookies, or heatmap tools on the same page. Not alter or intercept widget code or communication. Educators Toolbox may audit widget placement and disable access if a configuration violates privacy or OCAP® standards.
8.1 Data Processing and Subprocessors
Educators Toolbox may engage trusted cloud infrastructure or technology partners (such as Microsoft Azure or equivalent providers) to support hosting, encryption, or AI model processing. All such subprocessors are bound by written agreements ensuring equal or greater protection of privacy, confidentiality, and data sovereignty in compliance with OCAP® principles and Canadian law. Educators Toolbox remains responsible for their compliance.
9. Suspension and Termination
Educators Toolbox may suspend or revoke Tenant access if widget implementation compromises privacy, breaches this Policy, or violates Indigenous data sovereignty. Suspension does not remove the Tenant's financial obligations.
10. Indemnity and Legal Responsibility
Educators Toolbox assumes responsibility for hosting, securing, and operating the chatbot system. Tenants are responsible only for ethical widget placement and ensuring no trackers or data leaks occur from their website. Tenants indemnify Educators Toolbox against damages resulting from misuse, modification, or unethical deployment of the widget.
11. Dispute Resolution
Disputes will follow this sequence: 1) Good-faith negotiation; 2) Mediation; 3) Binding arbitration under the laws of British Columbia, Canada.
12. Retention, Deletion, and Continuity
Only aggregated usage metrics are retained for billing and governance reporting. All identifiable or sensitive data is deleted within 30 days of termination or withdrawal. If Educators Toolbox ceases operations, all data will be securely destroyed or transferred to the Governance Committee's custody.
13. Maintenance and Review
This Policy is reviewed annually in collaboration with the First Nations Data Governance Committee to ensure ongoing compliance with OCAP® principles and evolving privacy standards.
14. Acknowledgment of OCAP® and Sovereignty
All parties acknowledge that data belongs to First Nations users and their communities. OCAP® principles take precedence over external privacy laws where conflicts arise. Educators Toolbox and Tenants act as custodians, not owners, of all data and cultural knowledge.
15. Acceptance of Privacy Policy (Digital Acknowledgment)
By checking the acknowledgment box during onboarding, the Partner Organization (Tenant) confirms that it: Has reviewed and accepts this Privacy Policy; Understands that Educators Toolbox is the sole data host and custodian; Commits to embedding the widget securely and ethically; and Agrees that digital acknowledgment forms a legally binding acceptance of this Policy. A current copy of this Privacy Policy will always be accessible in the Tenant onboarding and administration portal.
16. Force Majeure and Policy Hierarchy
Educators Toolbox shall not be liable for any delay, interruption, or security incident arising from causes beyond its reasonable control, including but not limited to natural disasters, cyberwarfare, or catastrophic system failures. In the event of any inconsistency between this Privacy Policy and the Terms of Service, the Terms of Service shall govern.
Policy Version and Review
Policy Version: 1.0
Annual Review Date: November 1, 2025