Below you will find a document with our Privacy Policy for you to review.
PRIVACY POLICY
Humanda™, LLC — humandasolutions.com
Effective Date
Wednesday May 6, 2026
Last Reviewed
Wednesday May 6, 2026
Applies To
humandasolutions.com and all associated Platform services
Contact
IMPORTANT: BY USING THE PLATFORM OR SUBMITTING ANY PERSONAL INFORMATION TO US, YOU AGREE THAT ALL PERSONAL INFORMATION YOU SUBMIT MAY BE PROCESSED BY US IN THE MANNER AND FOR THE PURPOSES DESCRIBED IN THIS POLICY.
This Privacy Policy ("Policy") describes how Humanda™, LLC, a New Mexico limited liability company ("Humanda," "we," "us," or "our"), collects, uses, discloses, retains, and protects personal information in connection with the Humanda Platform, the Behavioral Virtual Data Room ("B-VDR") environment, and the website at humandasolutions.com (collectively, the "Platform").
This Policy applies to all persons who access or use the Platform in any capacity, including Seller entities, Buyer entities, Business Brokers, Investment Bankers, M&A Advisors, and employees of Seller entities who use the Platform's workforce management portal (collectively, "Users").
Humanda maintains separate privacy notices where required by specific product lines or applicable law. Where a product-specific notice exists, it governs over this general Policy with respect to that product.
We adopt this Policy to comply with applicable law. Nothing in this Policy shall be interpreted to limit rights granted to you by applicable law. If you have questions about your rights, contact us at support@humandasolutions.com.
Humanda continually improves its methods of service delivery and updates the Platform. Because of these ongoing changes, changes in applicable law, and the evolving nature of data protection requirements, our data privacy practices may change over time.
We encourage you to review this Policy periodically. If we make material changes, we will update the Effective Date above and, where feasible and required by law, provide you with additional notice — such as a prominent statement on the Platform or an email notification to registered Users. For material changes affecting how we process personal information of EU/EEA or South African data subjects, we will provide at least thirty (30) days advance notice.
Continued use of the Platform following the effective date of any updated Policy constitutes your acceptance of the updated terms.
THIS IS THE MOST IMPORTANT SECTION FOR UNDERSTANDING HOW HUMANDA HANDLES DATA. We operate in two different legal roles depending on whose data is involved.
3.1 Humanda as Controller / Business (Platform User Data)
When Humanda collects personal information directly from Users — such as account registration data, login credentials, verification information, and usage data — Humanda acts as the Data Controller (under GDPR), the Business (under CCPA/CPRA), and the Responsible Party (under POPIA). Humanda determines the purposes and means of processing this data.
3.2 Humanda as Processor / Service Provider (Workforce Data)
When Seller entities submit Workforce Data to the Platform — including human capital metrics, behavioral data, goal-tracking data, and organizational analytics relating to their employees — Humanda acts as the Data Processor (under GDPR), the Service Provider (under CCPA/CPRA), and the Operator (under POPIA). In this capacity, Humanda processes Workforce Data solely on the documented instructions of the Seller, who remains the Data Controller / Business / Responsible Party for that data.
HUMANDA DOES NOT SELL PERSONAL INFORMATION. Humanda does not sell, rent, share for cross-context behavioral advertising, or otherwise transfer personal information to third parties for their independent commercial benefit, as those terms are defined under CCPA/CPRA, GDPR, POPIA, or any other applicable data protection law. This applies to both Platform User Data and Workforce Data.
3.3 The B-VDR Model — What This Means in Practice
Humanda's core product is the Behavioral Virtual Data Room ("B-VDR") — a seller-controlled, transaction-specific access environment. Clients purchase access to a B-VDR environment. The Human Capital Health Report ("HCHR") and related Analytics Outputs are accessible within the B-VDR and are not sold as standalone data products. This architecture means:
4.1 Information You Provide Directly
When you register for or use the Platform, we collect personal information you provide, including:
(a) ACCOUNT REGISTRATION: Full name, business entity name, job title, business email address, business telephone number, jurisdiction of organization, and account credentials;
(b) BUYER VERIFICATION: For Buyer accounts — entity type, M&A role declaration, principal identity (for brokers), and intended transaction purpose as completed in the Buyer Verification Attestation;
(c) SELLER ONBOARDING: For Seller accounts — authorized representative information, employer entity details, and data processing agreement acceptances;
(d) EMPLOYEE PORTAL: For employees of Seller entities — name, job title, department, role, goal submissions, behavioral inputs, and performance data entered through the employer-provided workforce management portal;
(e) COMMUNICATIONS: Content of support requests, correspondence, feedback, and other communications you send to Humanda.
4.2 Information Collected Automatically
When you use the Platform, we automatically collect certain technical and usage information, including:
(a) USAGE DATA: Pages visited, features used, actions taken, session duration, and navigation patterns;
(b) DEVICE AND TECHNICAL DATA: IP address, browser type and version, operating system, device identifiers, and referring URL;
(c) LOG DATA: Server logs recording login and logout events, access timestamps, and error events;
(d) AUDIT LOG DATA: For VDR-related activity — all access events, Seller authorization actions, Buyer approvals, document views, and Analytics Output generation events. These logs are retained for regulatory and compliance purposes.
4.3 Information from Third Parties
Where permitted by applicable law, we may receive personal information about you from third-party sources, including identity verification services used to validate Buyer eligibility, and business registration data used to verify entity information provided at registration.
4.4 Sensitive Personal Information
Humanda does not intentionally collect sensitive categories of personal information (such as health data, biometric data, racial or ethnic origin, political opinions, religious beliefs, financial account numbers, or precise geolocation data) through the Platform in the ordinary course of business. If any Seller inadvertently includes sensitive personal information within Workforce Data submitted to the Platform, such data is processed in accordance with this Policy and the applicable Data Processing Agreement. Sellers are responsible for ensuring that the submission of sensitive personal information to the Platform complies with applicable law.
5.1 Platform User Data — Purposes and Lawful Bases
We use Platform User Data for the following purposes:
Account Management
Creating, maintaining, and authenticating user accounts; managing access permissions and role assignments.
Buyer Verification
Verifying Buyer eligibility, confirming M&A participant status, and maintaining access control integrity.
Service Delivery
Providing, operating, maintaining, and improving the Platform and B-VDR functionality.
Audit and Compliance
Maintaining immutable audit logs of VDR access and Seller authorizations for regulatory and legal purposes.
Communications
Sending service updates, security alerts, legal notices, and support responses.
Security and Fraud Prevention
Detecting, preventing, and responding to unauthorized access, security incidents, and fraudulent activity.
Legal Compliance
Complying with applicable laws, regulations, court orders, and government requests.
Agreement Enforcement
Enforcing our Terms of Use, SaaS Agreement, and other Platform policies.
5.2 Lawful Bases (GDPR)
For EU/EEA Users, our lawful bases for processing Platform User Data are:
(a) CONTRACTUAL NECESSITY (Article 6(1)(b)): Processing necessary to perform our contract with you — including account creation, service delivery, and support;
(b) LEGITIMATE INTERESTS (Article 6(1)(f)): Processing for our legitimate interests in operating a secure B2B platform, preventing fraud and unauthorized access, and improving our services, where such interests are not overridden by your data protection rights;
(c) LEGAL OBLIGATION (Article 6(1)(c)): Processing required to comply with applicable legal obligations, including data breach notification requirements and regulatory record-keeping;
(d) CONSENT (Article 6(1)(a)): Where we rely on consent, you have the right to withdraw it at any time by contacting support@humandasolutions.com.
5.3 What We Do Not Do
Humanda does not use Platform User Data for: (a) selling to third-party data brokers or aggregators; (b) cross-context behavioral advertising; (c) profiling individual users for purposes unrelated to Platform security and access management; or (d) any purpose materially inconsistent with the purposes stated in this Policy.
Workforce Data submitted by Seller entities is processed by Humanda solely as a Service Provider / Processor / Operator acting on the Seller's documented instructions. The Seller is the Data Controller of all Workforce Data relating to its employees.
Humanda's processing of Workforce Data is governed by:
Employees whose personal information is included in Workforce Data should direct all privacy rights requests — including requests for access, correction, deletion, or restriction — to their employer (the Seller entity) in the first instance. The Seller is responsible for providing employee-facing privacy notices, handling Data Subject rights requests, and ensuring that the submission of employee data to the Platform complies with applicable employment and privacy law.
Employees may also contact Humanda at support@humandasolutions.com for assistance in identifying the relevant Seller or understanding how the Platform operates.
We disclose personal information only in the following circumstances:
1. SERVICE PROVIDERS AND SUB-PROCESSORS: We share information with vetted third-party service providers who assist in operating the Platform — including cloud infrastructure providers, security monitoring services, and authentication providers — subject to written confidentiality and data processing obligations. These providers are authorized to process personal information only as necessary to provide services to Humanda.
2. SELLER-AUTHORIZED VDR DISCLOSURES: Workforce Data is disclosed to Buyers only upon the Seller's specific, documented authorization through the Platform's B-VDR access control system. Each disclosure is logged, timestamped, and traceable to a Seller authorization action.
3. LEGAL REQUIREMENTS: We may disclose personal information when required by applicable law, valid court order, subpoena, or lawful government request. Where legally permitted, we will provide you with prior notice of such required disclosure.
4. PROFESSIONAL ADVISORS: We may share information with legal counsel, auditors, and other professional advisors under confidentiality obligations, as necessary to obtain professional advice or in connection with legal proceedings.
5. BUSINESS TRANSFERS: In connection with a merger, acquisition, reorganization, or sale of all or substantially all of our assets, personal information may be transferred to the acquiring entity, subject to the acquiring entity's agreement to comply with this Policy or provide equivalent protection.
6. CONSENT: We may disclose personal information with your prior written consent for purposes not otherwise covered by this Policy.
WE DO NOT SELL OR SHARE PERSONAL INFORMATION FOR CROSS-CONTEXT BEHAVIORAL ADVERTISING. We do not disclose personal information to data brokers, advertising networks, or analytics providers for independent commercial use.
8.1 California Residents (CCPA / CPRA)
California residents have the following rights under the CCPA as amended by the CPRA:
(a) RIGHT TO KNOW: The right to request disclosure of the categories and specific pieces of personal information we have collected, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share such information;
(b) RIGHT TO DELETE: The right to request deletion of personal information we have collected, subject to certain exceptions;
(c) RIGHT TO CORRECT: The right to request correction of inaccurate personal information;
(d) RIGHT TO OPT-OUT OF SALE/SHARING: The right to opt out of the sale or sharing of personal information. Humanda does not sell or share personal information for cross-context behavioral advertising;
(e) RIGHT TO LIMIT SENSITIVE PI USE: The right to limit the use and disclosure of sensitive personal information to purposes necessary for providing the requested services;
(f) RIGHT TO OPT-OUT OF AUTOMATED DECISION-MAKING: The right to opt out of profiling that produces legal or similarly significant effects;
(g) RIGHT TO NON-DISCRIMINATION: The right not to receive discriminatory treatment for exercising your privacy rights.
To exercise California rights, contact us at support@humandasolutions.com. We will respond within forty-five (45) days, extendable by an additional forty-five (45) days where reasonably necessary.
8.2 EU / EEA Residents (GDPR)
EU/EEA residents have the following rights under the GDPR:
(a) RIGHT OF ACCESS (Article 15): The right to obtain confirmation of whether we process your personal data and to receive a copy;
(b) RIGHT TO RECTIFICATION (Article 16): The right to have inaccurate personal data corrected;
(c) RIGHT TO ERASURE (Article 17): The right to have personal data deleted where it is no longer necessary, consent is withdrawn, or processing is unlawful;
(d) RIGHT TO RESTRICTION (Article 18): The right to restrict processing in certain circumstances;
(e) RIGHT TO DATA PORTABILITY (Article 20): The right to receive your personal data in a structured, commonly used, machine-readable format;
(f) RIGHT TO OBJECT (Article 21): The right to object to processing based on legitimate interests or for direct marketing purposes;
(g) RIGHTS RELATED TO AUTOMATED DECISION-MAKING (Article 22): The right not to be subject to solely automated decisions that produce legal or similarly significant effects;
(h) RIGHT TO LODGE A COMPLAINT: The right to lodge a complaint with a supervisory authority in your EU Member State. In the United Kingdom, this is the Information Commissioner's Office (ICO) at ico.org.uk.
To exercise GDPR rights, contact us at support@humandasolutions.com. We will respond within thirty (30) days.
8.3 South African Residents (POPIA)
South African data subjects have the following rights under POPIA:
(a) RIGHT TO BE NOTIFIED: The right to be notified that personal information is being collected and the purpose thereof;
(b) RIGHT OF ACCESS (Section 23): The right to request access to personal information held by Humanda;
(c) RIGHT TO CORRECTION OR DELETION (Section 24): The right to request correction or deletion of personal information that is inaccurate, irrelevant, excessive, or out of date;
(d) RIGHT TO OBJECT (Section 11(3)): The right to object to the processing of personal information;
(e) RIGHT TO SUBMIT COMPLAINTS: The right to submit a complaint to the Information Regulator of South Africa at inforegulator.org.za or by email to complaints.IR@justice.gov.za.
Humanda's Information Officer is contactable at support@humandasolutions.com. We will respond to POPIA rights requests within thirty (30) days.
Humanda uses cookies and similar tracking technologies on the Platform for the following purposes:
Essential / Security Cookies
Required for Platform operation, user authentication, session management, and security. Cannot be disabled.
Functional Cookies
Remember user preferences and settings to improve the user experience. May be disabled without affecting core functionality.
Analytics Cookies
Collect aggregate usage data to help us understand how the Platform is used and improve its performance. We use privacy-respecting analytics tools.
Marketing / Advertising Cookies
NOT USED. Humanda does not use cookies for cross-site behavioral advertising or third-party marketing purposes.
You may manage cookie preferences through your browser settings. Disabling essential cookies will impair Platform functionality. For EU/EEA Users, we obtain consent for non-essential cookies in accordance with GDPR and the ePrivacy Directive.
We retain personal information for the periods necessary to fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce our agreements. The following minimum retention periods apply:
Account Registration Data
Duration of account plus 3 years following account closure, or as required by applicable law.
Audit Log Data (VDR Access / Seller Authorizations)
Minimum 5 years from the date of the logged event. May be retained longer where required by applicable law or legal proceedings.
Buyer Verification Attestations
Minimum 5 years from date of submission.
Workforce Data
Per Seller's instructions as documented in the applicable DPA. Deleted within 60 days of Seller's written deletion request or 30 days post-termination unless legally required to retain.
Communications and Support Records
3 years from the date of the communication.
Legal and Compliance Records
As required by applicable law — minimum 7 years for records subject to financial or employment regulation.
When personal information is no longer required, we securely delete or anonymize it in accordance with our data disposal procedures.
Humanda implements and maintains appropriate technical and organizational security measures designed to protect personal information against unauthorized access, disclosure, alteration, destruction, and loss. Our security measures include, without limitation:
In the event of a Security Incident affecting your personal information, Humanda will notify you in accordance with applicable law — within seventy-two (72) hours of confirmation for GDPR-subject incidents, within forty-five (45) days for CCPA-subject incidents, and promptly for POPIA-subject incidents. Notification will describe the nature of the incident, affected data categories, and measures taken or planned.
No security system is impenetrable. While we work to protect your personal information, we cannot guarantee the absolute security of any data transmission or storage system.
The Platform is operated from the United States. If you access the Platform from outside the United States, your personal information will be transferred to and processed in the United States. We implement appropriate safeguards for international transfers as follows:
(a) EU / EEA TRANSFERS (GDPR): Personal information transferred from the EU/EEA to the United States is protected by Standard Contractual Clauses (SCCs) in the form adopted by the European Commission in June 2021, or by other appropriate transfer mechanisms recognized under GDPR Chapter V. We conduct Transfer Impact Assessments where required.
(b) UK TRANSFERS: Personal information transferred from the United Kingdom is protected by the UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs as applicable.
(c) SOUTH AFRICA TRANSFERS (POPIA): Personal information transferred outside the Republic of South Africa is conducted in compliance with POPIA Section 72, which requires that the recipient country provides an adequate level of protection or that appropriate contractual protections are in place. We ensure that any cross-border transfer of South African data subjects' personal information is subject to binding contractual obligations equivalent to those imposed by POPIA.
(d) OTHER JURISDICTIONS: For transfers from other jurisdictions, we implement safeguards required by applicable local law.
Humanda is committed to compliance with applicable data privacy frameworks governing cross-border data flows. Where Humanda participates in recognized data transfer frameworks, details of such participation will be noted on this page. Users and data subjects may direct unresolved privacy complaints to Humanda at support@humandasolutions.com in the first instance.
The Platform is a business-to-business service and is not directed at individuals under the age of eighteen (18). Humanda does not knowingly collect personal information from minors. If we become aware that we have inadvertently collected personal information from a person under eighteen, we will take prompt steps to delete such information and notify the relevant Seller where applicable.
The Platform may contain links to third-party websites or services. Humanda is not responsible for the privacy practices or content of any third-party website. We encourage you to review the privacy policies of any third-party site before providing personal information to that site. The inclusion of a link does not imply Humanda's endorsement of the linked site.
For privacy inquiries, rights requests, complaints, or questions regarding this Policy, please contact:
Entity
Humanda™, LLC
Privacy / Legal Contact
Website
humandasolutions.com
State of Formation
New Mexico, United States of America
GDPR Response Time
30 days from receipt of request
POPIA Information Officer
Contact via support@humandasolutions.com
POPIA Regulator
Information Regulator of South Africa — inforegulator.org.za
We are committed to working with you to resolve any privacy concerns. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.
Copyright © 2026 Humanda - All Rights Reserved.
Powered by Humanda™
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.