Privacy Policy — HSAM.net

hsam.net / privacy-policy

Privacy Policy

HSAM.net is maintained by the Institute for Civil Memory, the nonprofit section of GLC / Gwyn Legacy. This policy explains how data may be collected, used, protected, retained, deleted, and shared across websites, applications, APIs, PWAs, dashboards, mobile apps, prototypes, research-oriented tools, and client services.

Last Updated: May 8, 2026

Who this policy covers

This Privacy Policy applies to HSAM.net, the Institute for Civil Memory, GLC / Gwyn Legacy public surfaces, prototypes, dashboards, research-oriented services, educational tools, and support channels where this policy is linked.

Institute for Civil Memory is the nonprofit section of GLC / Gwyn Legacy focused on public memory, civil record, research literacy, and historically durable knowledge infrastructure.

Information we may receive

  • Contact form details, support messages, email communications, and business inquiries.
  • Account data, authentication records, role information, preferences, and service records where accounts exist.
  • Project data, uploaded files, documents, notes, prompts, datasets, prototype feedback, dashboard activity, and client-provided materials.
  • Technical logs, device/browser data, IP address, timestamps, diagnostic records, security events, API usage, and operational telemetry.
  • Analytics, cookies, local storage, session storage, and preference data.
  • Health, research, clinical, or prototype data only when voluntarily submitted or handled under a specific project relationship.
Sensitive information

Do not submit highly sensitive data, medical emergencies, safety emergencies, or crisis information through general website forms or public channels.

How information is used

Data may be used to operate websites and services, respond to requests, provide support, manage accounts, deliver client work, improve reliability, secure systems, maintain records, debug issues, document project history, and comply with applicable obligations.

Information provided through this website, application, dashboard, prototype, or service is for general informational, operational, research, or business purposes only. It is not medical, legal, financial, emergency, or professional clinical advice unless separately agreed in a written contract.

Storage, security, and retention

Data may be stored in website systems, application databases, logs, backups, project workspaces, email systems, support queues, analytics tools, and service-provider platforms. Practical safeguards may include access controls, least-privilege permissions, backups, monitoring, encryption where applicable, and administrative review.

Retention depends on the nature of the relationship, legal or operational needs, backup cycles, security logs, and client instructions. Deletion or export requests may be submitted through the contact or support routes, subject to identity verification, legal limits, backup retention, and active service obligations.

When data may be shared

Information may be shared with service providers, infrastructure vendors, professional advisors, payment providers where applicable, security providers, analytics providers, or project collaborators as needed to operate services. Information may also be disclosed when required by law, to protect rights and safety, or with participant, client, or user direction.

HSAM.net and the Institute for Civil Memory do not sell personal information as a core business model. Privacy rights requests may be submitted through the Contact or Support pages and will be reviewed based on the user, service, relationship, and applicable law.

HIPAA, research, and prototype boundaries

Some services or prototypes may involve health, research, wellness, memory, clinical, operational, or sensitive project contexts. Unless separately agreed in writing, general website interactions are not medical care, clinical advice, emergency support, or a covered healthcare relationship.

A Business Associate Agreement may be available for eligible HIPAA-regulated workflows before Protected Health Information is processed, transmitted, stored, or accessed through covered services. This policy does not claim universal HIPAA compliance.

Access, deletion, and contact

Privacy requests may be submitted through Contact or Support. Please include enough context to locate the relevant service or project, but do not include emergency details or unnecessary sensitive information.

Request handling

Requests are reviewed through the live Contact and Support routes. Identity verification, service scope, legal obligations, active contracts, security needs, and backup retention may affect fulfillment.