Privacy Policy — AiN Collective Platform

1. Who we are

AiN Collective (“AiN,” “we,” “our,” or “us”) is a trade name of Automotive Impact Network, LLC, a Colorado limited liability company.

This Privacy Policy describes how AiN Collective and its product brands handle personal information across the AiN Collective ecosystem, including:

• ShopGiv (consumer mobile app and shopgiv.com) — donation platform
• My Refer Buddy (mobile app) — B2B vendor-to-vendor customer referral system
• ShopGiv Wellbeing (mobile + web) — AI coaching and Expert Reviewer network
• Stranded Motorist Fund (SMF) — vehicle repair assistance program
• Trifecta — oil change fundraising platform
• CSR (Corporate Social Responsibility) — corporate matching programs
• Employee Benefits (EB) — employee hardship assistance funds
• AiN Collective Portal (internal_manager_app) — administrative web portal
• Marketing websites: aincollective.com, shopgiv.com, adamandson.com

Unless a specific product publishes its own separate privacy notice, this Policy applies to all of the above (collectively, the “Services”).

ShopGiv Wellbeing data is covered in this Policy with a Wellbeing-specific subsection in §3.

2. Information we collect

We collect information in three ways: (a) information you provide directly, (b) information collected automatically, and (c) information from third parties.

2.1 Information you provide

Account information (all products): name (first / last / business name), email address, phone number, mailing address, password (stored only as a salted hash via AWS Cognito), date of birth or birth year (Wellbeing — for age verification + Teen Mode), pronouns (Wellbeing, optional), referral source (how you heard about us).

Identity & verification:AWS Cognito user ID (“sub”), federated identity tokens (Apple Sign-in, Google Sign-in if enabled), email verification codes, multi-factor authentication state.

Payment information: we do not store full payment card numbers. Card data is collected by Stripe directly via Stripe Elements / Apple Pay / Google Pay and tokenized. We retain Stripe customer IDs, payment method IDs, and the last four digits / card brand for receipts. For Apple in-app purchases (ShopGiv Wellbeing Premium), we store the Apple original transaction ID and product ID; Apple holds the payment method.

Transaction & donation records: receipt photos, OCR-extracted line items, vendor identity, transaction date, donation amount, charity allocation, tax-receipt number.

Vehicle & repair information (ShopGiv Estimate Review, ShopGiv Wellbeing Expert Reviewer): vehicle year, make, model, mileage, VIN, uploaded estimate documents (PDFs and photos), customer notes, reviewer responses.

Communications: messages sent through SMF case-worker chat, Clubs (member-only group messaging), MRB referral conversations, Wellbeing AI coach chat, support inquiries, contact-form submissions on marketing sites.

Health, financial, and personal-life information (ShopGiv Wellbeing only): when you use the Wellbeing AI coaching service you may share information about your physical health (food logs, workouts, sleep), mental wellbeing (mood, daily check-ins, safety incidents), financial situation (income snapshots, debts, financial goals), career goals, relationships, family members, life events, and other adult-life topics. This information is sensitive. It is used to personalize coaching responses and is never sold. See §4 for sharing limits.

Vendor / partner / nonprofit business information: business name, EIN / tax ID, banking / Stripe Connect account, business address, location coordinates, hours, services offered, social-impact tier classification, BBB / B-Corp credential data, vendor membership in trust programs.

Club membership data:membership applications (role title, company, industry, location, “why join” statement), confidentiality acknowledgements, IP address + user-agent captured at acknowledgement, post / comment / reaction content, RSVP responses, sponsorship listings.

Marketing-consent records(per vendor): per-vendor email and SMS opt-in state, consent source (“Transaction” / “Explicit” / “Import”), consent timestamp, revocation timestamp.

Access-request submissions: when you self-serve request access to an organization, we record requester name, email, phone, organization name, and explanatory message.

2.2 Information collected automatically

Device identifiers: Apple IDFV / Android Advertising ID (NOT used for cross-app tracking — NSPrivacyTracking=false on iOS), device model, OS version, app version, time zone, language, push-notification token (Firebase / APNs).

Location information: with your permission, we collect precise GPS coordinates (ACCESS_FINE_LOCATION on Android, NSLocationWhenInUseUsageDescription on iOS) to surface nearby vendors, run vendor-discovery search, calculate distance for Stranded Motorist Fund routing, and run map-based features. Approximate (city-level) location is also derived from IP. We do not collect location in the background. Foreground-only via NSLocationWhenInUseUsageDescription / ACCESS_FINE_LOCATION.

Inferred approximate home location(aggregate telemetry): Our analytics infrastructure may infer approximate location of a user’s home address (to neighborhood resolution, typically 0.5–1.5 miles) when sufficient telemetry from address-bound features is observed. This inference is not stored as a discrete field but may exist as an aggregate property of telemetry records.

Usage & interaction data: pages visited, screens viewed, buttons tapped, search queries, search-result clicks, feature flags exercised, conversation length / depth (Wellbeing), AI coach handoffs, donation-flow drop-offs.

Diagnostic data: crash reports (Sentry), structured server-side logs, API request metadata (headers, timestamps, IP address, request paths). Logs are retained 30 days for application diagnostic logs (CloudWatch + Sentry); up to 7 years for audit logs, security-incident logs, and tax-relevant access logs as required by law.

Audio recordings (when you use voice features): voice messages dictated through speech_to_text on iOS run on-device; on Android via the speech-to-text API. Only resulting text is retained server-side; raw audio is never stored on AiN servers.

Crisis-signal classification (ShopGiv Wellbeing only): each inbound user message is inspected by a two-stage classifier — a cheap keyword regex first; only on positive keyword hit do we issue a low-token confirmation call to Anthropic Claude (haiku model). Categories include suicidal ideation / self-harm, sexual or domestic abuse, child-safety, and acute medical or substance-emergency phrases. On a positive trigger we (a) write a SafetyIncident row with the trigger message excerpt, severity, action taken, resources shown, and originating coach type; (b) force the AI coach into a baseline wellness tone for that turn; (c) surface grounding language for 988 (Suicide & Crisis Lifeline), RAINN (Sexual Assault), Crisis Text Line, DV-SAFE (Domestic Violence), SAMHSA (Substance), and 911. Where applicable state law imposes a duty to warn (mental-health imminent-risk), §4.4 governs disclosure. Triggered incidents drive the 24-hour and 7-day follow-up cadence run by the Wellbeing coach (lib/crisis-followup.js).

Tone-adjustment classification (ShopGiv Wellbeing only): each user message is also pattern-matched for explicit tone-adjustment phrases (e.g. “hit me harder,” “ease up,” “be real,” “I need a hug”). Hits adjust your humor preference for the current session and persist to your profile only after a rolling 7-day threshold (3+ escalate or 2+ soften). Match history is stored on UserProfile.toneAdjustmentHistory and trimmed to a 7-day window; older entries are pruned.

Conversation style profile (ShopGiv Wellbeing only): we run a passive heuristic over your most recent ~30 chat messages (no AI call) to derive a style profile — formality (casual / professional / mixed), average message length, emoji use, humor reception, greeting preference, profanity tier (none / light / medium / heavy), and a slang list. The profile is stored on UserProfile.styleProfile and used to mirror your tone in coach replies. Refreshed every ~10 user messages.

Running gags / inside-joke memory (ShopGiv Wellbeing only): humor patterns the user repeats over chat (the conversation summarizer emits a [GAG] tag when one stabilizes) are stored on UserProfile.personalContext.runningGags with a 90-day rolling TTL and a hard cap of 50 entries. Each entry is dropped if not re-referenced within 90 days, or evicted oldest-first when the cap is hit. No content beyond the gag string itself is retained.

Personality engagement caps (ShopGiv Wellbeing only, Free tier): a per-user-per-day counter (personality_engagement_daily) tracks specific personality features — e.g. group-chime and A/B-compare interactions — and enforces daily ceilings on the Free tier (currently 5/day for group-chime and 3/day for A/B-compare). Premium IAP raises or removes these caps. The counter resets daily and stores no message content.

Lock-screen push redaction (ShopGiv Wellbeing only, Adult Mode): when Adult Mode is enabled, a per-user toggle adultModeLockScreenRedact (default on) causes the server to strip the body of adult-mode push notifications before delivery to APNs / FCM, so adult-language coach pings do not appear on a locked device. The toggle is exposed in app Settings.

Photos / video: receipt photos, repair-estimate uploads, profile photos, club post attachments, vendor / partner cover images.

Cookies & similar technologies (marketing sites): we do not run cross-site behavioral advertising, third-party analytics cookies, or advertising trackers on our marketing sites. Essential session cookies only.

2.3 Information from third parties

Identity providers: AWS Cognito user pool, Apple Sign-in, Google Sign-in (if enabled).

Payment processors: Stripe (charge status, payment method, dispute / refund events via webhooks); Apple App Store Server (subscription status, renewal events for Wellbeing Premium); Google Play Billing (if enabled for Android in-app purchases).

Mapping / geocoding: Google Maps (place lookup, geocoding from address to coordinates and vice-versa).

AI service providers: Anthropic Claude (AI coaching, social-impact classification, estimate-review AI draft generation, transaction OCR augmentation, real-time crisis-signal keyword-match confirmation, conversation summarization). Conversation content is sent to Anthropic for inference. Anthropic operates under our enterprise API agreement which prohibits training on customer-submitted data. Conversation content is retained by Anthropic for up to 30 days for trust-and-safety review only, then deleted (pending Anthropic enterprise contract written confirmation; counsel review).

Vendor / partner referrals: when a vendor or partner refers you, we receive a record that you came from them.

BBB credential data: vendor BBB Trust Credential lookups (for the Trust badge).

Trust / verification providers: B Corp lookup, Social Impact AI evaluation results.

Email-suppression list: bounces, spam complaints, hard-fail records from AWS SES.

Public records: business registration data we surface for vendor profiles.

3. How we use information

We use the information listed in §2 to:

1. Operate the Services — create and authenticate accounts, route requests, store and surface vendor / partner / nonprofit listings, process searches, deliver chat messages and notifications.
2. Process donations and transactions — submit transactions to vendors, run OCR on receipts, calculate donation amounts, route donations to designated nonprofits, generate tax receipts.
3. Process payments and subscriptions — charge cards, process Apple IAP, run Stripe Connect payouts to vendors, process refunds, handle disputes.
4. Provide AI coaching and Expert Review (Wellbeing) — generate coaching responses, surface relevant follow-up actions, run image / voice classification, summarize conversations across coaches when you opt-in, detect crisis signals in real time and surface 988 / RAINN / Crisis Text Line / DV-SAFE / SAMHSA / 911 grounding language, run 24-hour and 7-day post-incident follow-ups, mirror conversation tone (humor / formality / profanity tier / slang) for personalization, and gate certain personality features by daily Free-tier caps.
5. Provide vehicle estimate reviews — route uploads to qualified shop reviewers, generate AI draft estimates for reviewer use, deliver final reviews to customers.
6. Operate referral and matching features — connect vendors to vendors (MRB), connect customers to vendors (ShopGiv), run social-impact tier classification, surface BBB / B Corp / social-impact trust badges.
7. Send transactional communications — receipts, tax statements, shipping / status updates, password resets, security alerts, account changes, MFA codes.
8. Send marketing communications — only with appropriate consent (per vendor; revocable at any time). Vendors and the platform respect each consent record separately.
9. Personalize the experience — surface nearby vendors, recommend coaches, tailor coaching tone (humor preference, life context, key relationships), suggest relevant content.
10. Detect, prevent, and respond to abuse, fraud, and security incidents — spam scoring, suspicious-account review, rate limiting, suspension, ban, IP / user-agent capture for clubs-application audit, payment-dispute investigation.
11. Comply with legal obligations — tax-receipt issuance, Stripe SCA / KYC, age verification (Wellbeing 18+ default; Teen Mode 16-17 with restricted topic scope), record-retention requirements, GDPR / CCPA data-subject requests.
12. Improve and develop the Services — debug, run quality reviews, track product analytics, evaluate AI coaching quality, surface manager-funnel coverage analyses, audit feature adoption.
13. Conduct research and reporting — only in aggregated / de-identified form (e.g. impact-snapshot reporting; wellbeing-index org snapshots).

We do not use your personal information, conversation content, or transaction data to train any AI model — first-party or third-party — under our current contracts (pending Anthropic enterprise contract written confirmation).

4. How we share information

We share information only as listed below.

4.1 With other users / business participants on the platform

• Vendors receive customer information you submit to them (name, email, phone, transaction details, marketing-consent state).
• Partners (nonprofits) receive aggregate donation reporting; individual donor identity is shared only when the donor opts in (e.g. a “send my contact info to the nonprofit” toggle on the donation flow).
• Clubs — members of a club see other members’ application content (role, company, industry) and post / comment / reaction activity within that club.
• My Refer Buddy — referrer vendors and referree vendors see the customer’s name, email, phone, and referral context.
• Stranded Motorist Fund — case-worker access to applicant and contact-inquiry messages within a given application; admin-portal access to status history and audit logs.
• Expert Reviewer Network (Wellbeing repair-review) — assigned reviewer sees the estimate documents, vehicle details, and customer notes you submit.

4.2 With service providers

We share the minimum information needed to operate the Services with the following providers:

Each provider operates under its own privacy policy and a written data-processing agreement (DPA).

4.3 With charity partners

When you make a donation, we share the donation amount and aggregate impact data with the designated nonprofit partner. We do not share your contact information unless you explicitly opt in.

4.4 For legal reasons and safety

We may share information when we believe in good faith that disclosure is needed to (a) comply with a subpoena, court order, or other legal process; (b) protect rights, property, or safety of AiN, our users, or the public; (c) investigate fraud or violations of our Terms of Service; (d) comply with a regulatory inquiry.

For Wellbeing’s safety-incident triage: if a coach detects an imminent risk-of-harm signal in a chat, an internal admin-review queue is generated. Where applicable state law imposes a duty to warn (e.g. mental-health imminent-risk-of-harm signals), AiN may disclose chat content to relevant authorities. Counsel approves the escalation rule (pending counsel review).

4.5 Business transfers

If AiN is acquired or merges with another entity, your information may transfer to the successor, subject to this Policy or a successor policy with comparable protections. We will notify users prior to such a transfer.

4.6 We do not sell your personal information

We do not sell your personal information to third parties. For California residents (and other states’ equivalents), we do not “sell” or “share” personal information for cross-context behavioral advertising as those terms are defined under the CCPA / CPRA.

5. Data retention and deletion

We retain personal information for as long as needed to provide the Services and for legitimate business or legal purposes. Specific retention rules:

• Account information: retained while your account is active. On deletion request, see §5.1.
• Transaction and donation records: 7 years (US standard per IRC §6501).
• Wellbeing chat messages: up to 2 years from last message activity, subject to user-deletion request.
• Estimate review uploads: up to 7 years (matches transaction record retention).
• Marketing consent records: retained even after revocation, as proof of the revocation, for the period required by TCPA / CAN-SPAM / GDPR consent-evidence rules.
• Crash reports / diagnostic logs: 30 days (CloudWatch + Sentry).
• Email-suppression list: retained indefinitely (operationally necessary to honor unsubscribes).

5.1 Account deletion

Authenticated users can request deletion from in-app Settings → Account → Delete Account (the GDPR User Erasure pipeline, gated on Features:UserErasure). When you submit a deletion request, we:

1. Mark the account inactive immediately.
2. Sweep PII columns across all owning surfaces (User row, Address, Wellbeing User + UserProfile + ConversationMessage + RepairReview, MRB referrals you submitted, marketing-consent rows, etc.).
3. Delete your AWS Cognito identity (irreversible).
4. Retain a tombstone audit row (UserErasureRequest) recording the deletion event.

Some records are retained in scrubbed / pseudonymized form where required by law (donations for tax records, financial transactions for AML / KYC, suppression-list entries to honor unsubscribe).

You may also request deletion by emailing privacy@aincollective.com.

6. Your rights and choices

Depending on where you live, you have rights to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Delete your information (subject to the retention exceptions in §5).
• Port your information in a machine-readable format.
• Restrict or object to certain processing.
• Withdraw consent at any time (where processing is based on consent).
• Opt out of marketing communications (per-vendor email + SMS toggles + global “unsubscribe” links).
• Opt out of “sales” or “sharing” of personal information (we do not sell or share — see §4.6).
• Opt out of profiling that produces legal or significant effects (Wellbeing AI coaching is not used for legally-significant decisions).
• Disable device permissions (location, camera, microphone, photos) at any time through your device settings — note that disabling certain permissions will limit features (e.g. disabling location disables nearby-vendor search).

To exercise any of these rights, contact us via §10. We will respond within the timeframe required by applicable law (30 days under GDPR; 45 days under CCPA, extendable by another 45).

You will not be discriminated against for exercising your rights.

6.1 Authorized agents (California residents)

You may designate an authorized agent to make a request on your behalf. We will require proof of the designation and may verify your identity directly.

7. International data transfers

Our infrastructure runs in the United States (AWS US regions). If you access the Services from outside the US, your information will be transferred to and stored in the US. The US has different data-protection laws than your home country, and they may not provide the same level of protection.

For users in the European Economic Area, the United Kingdom, or Switzerland: we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. Anthropic + AWS sub-processor agreements incorporate SCCs (pending Data Privacy Framework registration; counsel review).

8. Children’s privacy

8.1 ShopGiv, ShopGiv website, MRB, Trifecta, SMF, AiN Collective Portal

The Services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, contact us at §10 and we will delete it.

8.2 ShopGiv Wellbeing — adult-life topics + Teen Mode

ShopGiv Wellbeing’s standard mode is 18+ and covers adult-life topics (work, finances, health, relationships, life direction). It is not directed to anyone under 18 in standard mode.

ShopGiv Wellbeing offers a Teen Mode for ages 16-17with topic restrictions and tone adjustments. Teen Mode is enrolled by birth-year self-reporting at signup. The daily lifecycle job auto-graduates accounts to standard mode on the user’s 18th birthday-year.

We do not allow accounts for users under 16 in any mode. Standard mode does not feature pornographic, graphic, or gambling content. Adult-content tones (roast / no_mercy) require an explicit 18+ confirmation.

We do not knowingly collect personal information from users under 16. ShopGiv Wellbeing supports a Teen Mode for users 16-17 with restricted topic scope. Users under 16 attempting to use Wellbeing trigger a minor-suspected workflow flagging the account for review and suspension (pending counsel review).

9. Security

We implement administrative, technical, and physical safeguards designed to protect your information, including:

• TLS 1.2+ encryption in transit
• Encryption at rest (AWS RDS / DynamoDB / S3 default encryption)
• Salted password hashes via AWS Cognito
• Role-based access controls (Cognito groups, platform-admin elevation)
• Audit logging on sensitive admin actions
• Stripe-hosted payment data (we never see full card numbers)
• Secret rotation via AWS Secrets Manager
• Per-environment isolation (dev / staging / prod)

No method of transmission over the Internet or storage is 100% secure. We cannot guarantee absolute security and disclaim that warranty to the extent permitted by law.

If we discover a security incident affecting your information, we will notify you in accordance with applicable law.

10. Contact us

For privacy questions, data-rights requests, or to reach the person responsible for privacy at AiN:

Automotive Impact Network, LLC (d/b/a AiN Collective)
4391 Austin Bluffs Pkwy, Colorado Springs, CO 80918
Email: privacy@aincollective.com
General: info@AINcollective.com
Phone: (719) 463-0050

For EU / UK residents: EU Article 27 representative is not required at AiN’s current scope of EU processing under the “occasional processing” carve-out (pending counsel review).

For California residents, you can submit a verifiable consumer request via the same email above.

11. State-level US privacy notices

California (CCPA / CPRA)

Categories of personal information we collect, sources, business purposes, and sharing partners are described above. Specifically:

• Categories collected (Cal. Civ. Code §1798.140(o)): identifiers, customer records, commercial information, internet/network activity, geolocation, audio/visual, professional/employment, inferences. Sensitive categories (CCPA §1798.140(ae)): account credentials, precise geolocation, contents of communications, health and financial information (Wellbeing only).
• Sources: directly from you, automatically through the Services, and from third parties listed in §2.3.
• Business purposes: as listed in §3.
• Disclosed to: service providers per §4.2.
• Sold or shared: no.
• Right to limit sensitive PI use: contact §10.

Other states (CO, VA, CT, UT, TX, MT, OR, IA, IN, TN, etc.)

AiN consolidates state-law privacy rights into the universal rights statement in §11. CCPA + CPRA + state-equivalents (CDPA, VCDPA, CTDPA, UCPA, OCPA, MCDPA, etc.) are honored without state-by-state itemization. Specific rights are exercised by emailing privacy@aincollective.com (pending counsel review).

12. EU / UK / Swiss residents (GDPR / UK GDPR)

Controller: Automotive Impact Network, LLC. Registered address: 4424 Valli Vista Rd, Colorado Springs, CO 80915, US.

Legal bases for processing:

• Performance of a contract: providing the Services you requested.
• Consent: marketing communications, cross-coach context-sharing (Wellbeing), location access, optional data fields.
• Legitimate interests: fraud prevention, security, product improvement, internal analytics.
• Legal obligation: tax-receipt issuance, AML / KYC, age verification, mandated reporting.

Your GDPR rights (Articles 15-22): access, rectification, erasure, restriction, portability, object, withdraw consent, lodge a complaint with your local supervisory authority.

Automated decision-making: We do not subject users to decisions based solely on automated processing that produce legal or similarly significant effects.

Retention: see §5.

Transfers: see §7.

13. Cookies and similar technologies (marketing sites)

aincollective.com, shopgiv.com, and adamandson.com use:

• Strictly necessary cookies — required for the site to work (session, CSRF).
• None at this time. We will update this Policy if this changes.

You can manage cookies via your browser settings. Disabling strictly-necessary cookies will break site functionality.

14. Changes to this Policy

We may update this Policy from time to time. The “Last Updated” date at the top reflects the most recent revision. For material changes, we will notify users via email (where we have a current email on file) or in-app notice at least 30 days before the change takes effect. Continued use of the Services after the effective date constitutes acceptance of the revised Policy.

We post historical versions at https://shopgiv.com/privacy/versions/.

Appendix A — Apple App Privacy form mapping (per app)

This appendix mirrors the categories declared in each app’s PrivacyInfo.xcprivacy. Apple App Store Connect’s “App Privacy” form must match exactly; mismatches are a frequent App Review reject.

ShopGiv (community_rfp_app)

Source of truth: apps/community_rfp_app/ios/Runner/PrivacyInfo.xcprivacy. Confirmed match against Apple App Privacy form per #2264 audit.

NSPrivacyTracking=false, NSPrivacyTrackingDomains=[]. Linked-to-user data types: Name, Email, Phone, Physical Address, UserID, DeviceID, Precise Location, Health, Other Financial Info, Sensitive Info, Photos/Videos, Audio Data, Other User Content, Product Interaction, Other Data Types. Unlinked: Crash Data. Purposes: App Functionality (all), Product Personalization (Name, Health, Other Financial Info, Other User Content, Other Data Types).

My Refer Buddy

Source of truth: apps/my_refer_buddy/ios/Runner/PrivacyInfo.xcprivacy.

ShopGiv Wellbeing

ShopGiv Wellbeing ships within the community_rfp_app iOS app, NOT as a separate iOS app. The Wellbeing data scope (Health, Financial, Sensitive Info, AI conversation content) is the most-sensitive on the platform; Apple App Privacy form fields covering Wellbeing are documented in docs/release/app-store-form-values.md (#2336).

Appendix B — Google Play Data Safety form mapping (per app)

Google Play Console’s Data Safety form must mirror the disclosures here.

ShopGiv (community_rfp_app)

Per apps/community_rfp_app/android/app/src/main/AndroidManifest.xml permissions and pubspec.yaml SDK list: precise location (FINE+COARSE), audio recording (RECORD_AUDIO → speech_to_text), push token (firebase_messaging), email + Cognito sub (amazon_cognito_identity_dart_2), photos/files (image_picker + file_picker), GPS-derived address (geocoding). Each declared as “Required for app functionality” + “Encrypted in transit” + “User can request deletion” (post-flag-flip on Features:UserErasure).

My Refer Buddy

Source of truth: apps/community_rfp_app/android/app/src/main/AndroidManifest.xml + docs/release/app-store-form-values.md (#2336) Section C/D Google Data Safety form mapping.