Drafted 2026-05-02 — pending publication. This document has been drafted but not yet adopted as live policy. It is published here for review only. Effective date will be set on publication.

Privacy Policy

Effective date: [TO BE SET ON PUBLICATION]

Download as PDF

1. Overview and scope

Expert Connect is a direct marketplace for paid video consultations between clients and domain experts. This Privacy Policy explains how Expert Connect collects, uses, shares, stores, and protects personal information when you use our website, create an account, browse profiles, create projects, book consultations, join video calls, receive payouts, or contact support.

This Privacy Policy applies to people who use Expert Connect as clients, experts, or visitors. It also applies to information we collect through our website, account systems, booking workflows, payment flows, support interactions, and related services.

2. Who we are

Expert Connect provides the platform infrastructure for discovery, scheduling, payment, and quality enforcement for expert consultations. If you have questions about this Privacy Policy or want to exercise your privacy rights, you can contact us at support@expert-connect.co.

3. Information we collect from experts

When you create or use an expert account, we may collect the following categories of personal information:

  • Identity: name, email address, avatar photo.
  • Professional: job title, company, seniority level, industry, LinkedIn URL, Twitter URL, personal website URL.
  • Work history: past employers, job titles, employment dates, role descriptions, company domains.
  • Expertise: function tags, domain tags, region tags, industry tags.
  • Contact: phone number, country code, SMS opt-in preference.
  • Financial: Stripe Connect account ID and payout status. We do not store bank account numbers or routing numbers — these are held by Stripe.
  • Availability: weekly office hours, timezone, booking lead time preferences.
  • Content: bio text, thought leadership documents (PDFs), article links.
  • Preferences: profile privacy settings, name visibility settings, notification preferences.

4. Information we collect from clients

When you create or use a client account, we may collect the following categories of personal information:

  • Identity: name, email address, avatar photo.
  • Professional: job title, company, industry.
  • Contact: phone number, country code, SMS opt-in preference.
  • Financial: Stripe customer ID and saved payment method tokens. We do not store full credit card numbers — these are handled by Stripe.
  • Content: project descriptions, screening questions, booking notes.
  • Preferences: name and company visibility settings, notification preferences, advance notice preferences.

5. Information generated through use of the platform

We also create and store information as part of operating the marketplace. This includes:

  • Consultation records: used for scheduling, payment processing, status tracking, audit trail purposes, dispute review, and to make a client's own consultation history available to that client account or client organization and its authorized users.
  • Consultation recordings and transcripts: captured by default for each consultation unless the client turns recording off for that consultation, and used for the purposes described in Section 10.
  • Consultation derivatives: if and when generated, summaries, embeddings, tags, classifications, and similar AI-derived data generated from consultation recordings and transcripts, used for the purposes described in Section 10.
  • Proposed times: used to support scheduling negotiation between clients and experts.
  • Ratings and reviews: used to generate quality signals and improve marketplace trust.
  • Reports: used for trust and safety review, enforcement, and account moderation.
  • Expert strikes: used for quality enforcement and suspension decisions.
  • Search embeddings: numerical vector representations derived from expert profile text, used for expert discovery and search relevance.
  • Company cache: company metadata enrichment information from People Data Labs, maintained with a 90-day freshness window.

We also collect standard HTTP request logs through our hosting provider (Vercel), including IP address, request URL, timestamp, and browser user agent. Authentication session tokens are managed by Clerk.

6. AI-derived data and automated processing

Expert Connect uses certain AI and machine-learning tools to support profile setup, search, project creation, and consultation transcription.

  • LinkedIn and resume parsing: uploaded PDF documents may be processed by Anthropic Claude to extract structured profile data such as work history, biography details, and tags. Extracted data is presented to you for review and editing before it is saved to your profile. Consultation content is not sent to Anthropic.
  • Project brief generation: text prompts submitted by clients may be processed by Anthropic Claude to generate a project title and description. Generated content is presented for review and editing before it is published. Consultation content is not sent to Anthropic.
  • Expert profile embeddings: concatenated profile text may be processed by VoyageAI to create a numerical vector used for search and ranking. These embeddings are mathematical representations, not readable text, and are used solely for search relevance. Consultation content is not sent to VoyageAI.
  • Auto-tagging: profile text may be processed using VoyageAI and cosine similarity to suggest taxonomy tags. Consultation content is not sent to VoyageAI.
  • Consultation transcription: consultation audio captured during recorded consultations is processed by Deepgram (via our video provider) to generate a transcript, with vendor-side PII and PCI redaction enabled. The resulting transcript is stored alongside the recording for the purposes described in Section 10.

Live consultations are not subject to real-time AI surveillance. Expert Connect does not use AI to monitor, listen to, or analyze the substance of consultations as they happen. AI processing of consultation content occurs only after the consultation ends, on stored recordings or transcripts.

Future expansion of AI processing on consultation content. The Terms of Service permit Expert Connect to use Consultation Content internally to operate, develop, train, evaluate, secure, support, and improve the platform and its features, including matching, ranking, search, trust and safety, quality scoring, and customer-facing AI features. Beyond transcription, those uses are not currently in operational deployment. Before introducing additional consultation-content processing — for example, summaries, embeddings, classifications, model training, or customer-facing AI features informed by prior consultations — Expert Connect will update this Privacy Policy and notify users in accordance with the changes process described in Section 17.

Customer-facing AI features. If Expert Connect introduces customer-facing AI features informed by generalized patterns and learnings derived from prior consultations, those outputs will be designed not to disclose verbatim excerpts, client identity, expert identity, or other information reasonably capable of identifying a particular consultation to another client.

Vendor use of consultation content. Expert Connect uses third-party vendors to provide services such as recording, transcription, storage, client-specific access, and dispute or trust-and-safety support. Consultation content is shared with such vendors only for those service purposes, as described in this Privacy Policy. If Expert Connect later puts additional contractual restrictions in place for such vendors, it may update this Privacy Policy accordingly.

7. How we use information

We use personal information to operate, secure, and improve Expert Connect. Depending on how you use the platform, we may use information to:

  • Create and manage user accounts and authenticate sessions.
  • Enable profile creation, expert discovery, and search relevance.
  • Facilitate booking requests, scheduling, screening questions, and consultation workflows.
  • Process payments, holds, captures, refunds, transfers, and expert payouts.
  • Send transactional emails and service notifications.
  • Support calendar integrations where enabled.
  • Enforce marketplace rules, trust and safety standards, and quality controls.
  • Investigate reports, disputes, no-shows, circumvention, and potential MNPI issues.
  • Maintain records for audit, tax, legal, security, and operational purposes.
  • Generate and maintain expert search embeddings, tags, and company enrichment data.
  • Operate, develop, train, evaluate, secure, and improve the platform and its features, including matching, ranking, trust and safety, quality scoring, and customer-facing AI features (see Section 6 and Section 10 for the consultation-content uses).
  • Respond to support requests and privacy rights requests.
  • Comply with legal obligations and cooperate with lawful requests.

8. How we share information

We share information only as needed to operate the platform, process payments, support video consultations, provide infrastructure, and comply with law. We do not sell personal information.

  • Clerk (authentication and user management) — receives email, name, OAuth tokens, and session cookies.
  • Supabase (database and file storage) — receives profile and transactional data stored through the platform, including avatars and thought-leadership PDFs experts upload to their profile, and consultation recordings and transcripts copied from our video provider for retention and access purposes.
  • Stripe (payment processing and payouts) — receives payment method tokens, transaction metadata, and Stripe Connect information. Full card numbers do not touch our servers.
  • Daily.co (video consultations, recording, and initial recording storage) — receives room metadata, participant join and leave events, and, for recorded consultations, the audio and video of the consultation. Daily.co generates recordings and orchestrates transcription on Expert Connect's behalf; recordings and transcripts are then copied to Expert Connect-controlled storage shortly after each consultation as described in Section 10.
  • Deepgram (speech-to-text transcription) — receives consultation audio transmitted via Daily.co for the purpose of generating WebVTT transcripts. Vendor-side PII and PCI redaction is enabled.
  • Resend (transactional email) — receives email addresses, names, and consultation details such as scheduled time and duration.
  • VoyageAI (search embeddings and auto-tagging) — receives concatenated expert profile text including name, title, company, bio, work history, and tags. Consultation content is not sent to VoyageAI.
  • People Data Labs (company enrichment) — receives company domain names only. No personal data is shared.
  • Anthropic (AI-powered PDF parsing and project-brief generation) — receives PDF documents submitted for parsing and text prompts submitted for generation. Consultation content is not sent to Anthropic.
  • Recal.dev (calendar integration) — receives OAuth tokens for connected Google or Microsoft calendars and busy-block metadata. Event titles and attendees are not shared.
  • OpenStreetMap Foundation (Nominatim) (city and timezone lookup during onboarding) — receives the city query string a user types in the location field. No data processing agreement is offered by this public service.
  • Svix (webhook delivery infrastructure) — receives webhook event payloads delivered between Clerk, Stripe, and Expert Connect for user lifecycle and payment events.
  • Google (favicon CDN) — when company logos are displayed in the platform, the user's browser loads favicons directly from Google's public favicon service. Google receives the company domain string and standard browser request metadata (such as IP address and user agent). No personal information from your account is sent.
  • Vercel (hosting and serverless infrastructure) — receives HTTP requests and server logs.
  • Sentry (error monitoring and session replay, by Functional Software, Inc.) — receives crash reports, request metadata, release and environment identifiers, and Clerk user IDs. For sessions that encounter errors, Sentry also receives anonymized session playback with all text and input fields masked and all media blocked. Sentry does not receive email addresses, names, IP addresses, cookies, or user-typed content.

If Expert Connect engages additional vendors to process consultation content on its behalf, those vendors will be added to this list before any consultation content is shared with them, together with a description of the services they provide and the categories of consultation content involved.

We may also share information if required by law, subpoena, court order, or regulatory request, or where necessary to protect rights, safety, platform integrity, or to investigate fraud, abuse, or prohibited conduct.

9. Cookies and similar technologies

Expert Connect uses essential cookies only. We do not use advertising cookies, analytics cookies, or third-party tracking pixels. We do not use Google Analytics, Segment, Mixpanel, or any third-party analytics services.

  • __session: Clerk session token. Essential, HttpOnly, Secure.
  • __clerk_db_jwt: Clerk JSON Web Token. Essential, HttpOnly, Secure.
  • Sentry session replay: for the purpose of debugging errors, a small sample of browser sessions and every session that encounters an error is recorded as anonymized DOM structure. All text and input fields are masked; media is blocked. Recordings are used only for debugging and are not used for advertising, profiling, or cross-site tracking.

We also use browser sessionStorage for temporary onboarding form state. This information is stored only in your browser, is never sent to our servers, and is cleared when the browser session ends. It is not used for advertising or cross-site tracking.

10. Consultation content and client-specific access

Consultation content is captured and used as described in this Section.

Recording and transcription. Consultations are recorded and transcribed by default. At or before booking, the client may turn recording off for that consultation. If recording is turned off for a consultation, that consultation will not be recorded or transcribed through the platform, and no transcript-based processing will occur for that consultation. When a consultation is being recorded, both parties are notified at the start of the consultation. Before a recorded consultation begins, each participant receives a conspicuous on-screen notice that recording and transcription are enabled for that consultation and may decline to join the session. Experts who participate in consultations agree to this recording posture as part of the Terms of Service.

Where recordings and transcripts are stored. Consultation recordings and transcripts are initially generated through our video provider, Daily.co, with audio transmitted to Deepgram for speech-to-text transcription as described in Section 6. Shortly after each consultation, recordings and transcripts are copied to Expert Connect-controlled storage (provided by Supabase) for retention and access purposes.

Client-specific access. Expert Connect may make recordings, transcripts, and related consultation records available to the client account or client organization that booked the consultation and its authorized users. We do not make a cross-client transcript library available, do not disclose Consultation Content from one client's consultation to other clients, and do not sell, license, or repackage Consultation Content as a research product.

Current internal use. Expert Connect's current internal use of consultation content is limited to recording, transcription via Deepgram, secure storage, client-specific access, and dispute and trust-and-safety review. We do not currently process consultation transcripts to generate summaries, embeddings, classifications, or tags, and we do not currently use consultation content to train internal models.

Future internal use. The Terms of Service permit Expert Connect to use Consultation Content internally to operate, develop, train, evaluate, secure, support, and improve the platform and its features. Before introducing additional consultation-content processing beyond what is described above — for example, summaries, embeddings, classifications, model training, or customer-facing AI features informed by prior consultations — Expert Connect will update this Privacy Policy and provide additional notice as appropriate to the change before such processing is deployed.

No real-time monitoring. We do not use AI to monitor, listen to, or analyze the substance of consultations as they happen. AI processing of consultation content occurs only after the consultation ends, on stored recordings or transcripts.

Customer-facing AI features. If Expert Connect introduces customer-facing AI features informed by generalized patterns and learnings derived from prior consultations, those outputs will be designed not to disclose verbatim excerpts, client identity, expert identity, or other information reasonably capable of identifying a particular consultation to another client. Such features are not currently in operational deployment.

Vendor use of consultation content. Expert Connect may use third-party vendors to support recording, transcription, storage, client-specific access, and dispute or trust-and-safety functions involving consultation content, as described in this Privacy Policy.

11. Data retention

We retain information for as long as needed to operate the platform, maintain transaction records, enforce safety rules, and comply with legal obligations. Our current retention practices are as follows:

  • Active user profiles: retained while the account is active.
  • Deleted accounts: profile is immediately deactivated and personal data is targeted for purge within 30 days, except where retention is required for legal, financial, or safety purposes, or as described elsewhere in this Section and in the Terms of Service.
  • Consultation records: retained as long as reasonably necessary to preserve historical transaction records and to support audit, tax, dispute-resolution, trust and safety, fraud prevention, legal compliance, and platform-integrity needs, including name snapshots used to preserve historical transaction records.
  • Consultation recordings and transcripts: copied from our video provider to Expert Connect-controlled storage (Supabase) shortly after each consultation, and retained for 90 days from the consultation date. After 90 days, recordings and transcripts are deleted, except where retention is required for an active dispute, trust and safety investigation, legal hold, or audit need.
  • Consultation derivatives: if and when consultation derivatives (embeddings, summaries, tags, classifications, and similar AI-derived data generated from consultation content) are produced, they will be retained for so long as they support platform features. Where reasonably possible, derivative data is maintained in a form that does not contain personal identifiers.
  • Model and system improvements: if and when model artifacts, evaluation datasets, or system improvements are derived from consultation content, those may be retained as long as they are in operational use, even after the underlying source content is deleted.
  • Ratings, reports, and expert strikes: retained as long as reasonably necessary for quality enforcement, trust and safety, dispute handling, fraud prevention, legal compliance, and recordkeeping.
  • Company cache: maintained with a 90-day freshness window and refreshed when stale data is accessed.
  • Thought leadership PDFs: retained in storage until the user deletes them or the account is removed.
  • Search embeddings: updated when an expert profile changes and deleted when the expert is removed.

Some records may be retained longer where necessary for tax, payment, dispute, fraud prevention, or legal compliance purposes.

12. Your rights and choices

Depending on your location, you may have rights to access, correct, delete, or receive a copy of your personal information.

  • Access: you can view profile data from your dashboard.
  • Correction: you can edit profile information from your dashboard.
  • Deletion: you can request account deletion through settings or by contacting support. Account deletion results in immediate deactivation and a purge process within 30 days, subject to limited retention exceptions described in Section 11.
  • Data portability: you may request a copy of your personal data in a structured, machine-readable format by contacting support@expert-connect.co.
  • Communications choices: you can manage notification preferences in settings, including available notification channels and SMS opt-in choices.

To exercise privacy rights, contact support@expert-connect.co. We will respond to your request within 30 days.

13. GDPR notice for EEA, UK, and Swiss users

If you are located in the European Economic Area, United Kingdom, or Switzerland, you may have additional rights under applicable data protection law, including the right to access, rectify, erase, restrict processing, object to certain processing, and request data portability.

Our legal bases for processing personal information include contract performance, such as creating accounts, enabling bookings, processing payments, and facilitating consultations, and legitimate interests, such as operating the marketplace, preventing fraud, maintaining platform security, enforcing rules, and improving search and marketplace quality.

You may contact us at support@expert-connect.co to exercise these rights. If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

14. California privacy notice

If you are a California resident, you may have rights under California law regarding access to and deletion of personal information. Expert Connect does not sell personal information.

15. Security measures

We use a combination of technical and organizational measures to protect personal information. These measures include HTTPS across the platform, authentication through Clerk with industry-standard OAuth and session management, database controls through Supabase with Row-Level Security on most tables so users can only access their own data, webhook signature verification (HMAC-SHA256 and Svix) for providers such as Daily.co, Stripe, and Clerk, admin endpoint restrictions, and Stripe tokenization so full card numbers do not touch our servers.

No system is completely secure, and we cannot guarantee absolute security.

16. Children's privacy

Expert Connect is intended only for users who are at least 18 years old. We do not knowingly collect personal information from individuals under 18. If we learn that we have collected personal information from a person under 18, we will take steps to delete that information promptly. If you believe a minor has provided us with personal information, please contact support@expert-connect.co.

17. Changes to this privacy policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a notice on the platform and update the effective date at the top of this page. Your continued use of Expert Connect after the updated Privacy Policy takes effect means you accept the revised policy.

18. Contact

If you have questions, requests, or concerns about this Privacy Policy, contact us at:

Expert Connect
Email: support@expert-connect.co