Global Privacy Policy & Data Sovereignty Architecture

1. Legislative Compliance and Policy Declaration

At Siesoul Social Inc. (a Delaware corporation), protecting user data integrity and enforcing cryptographic privacy is a non-negotiable architectural requirement. This exhaustive Privacy Policy details the exact forensic nature of the Personally Identifiable Information (PII) we passively and actively collect, our methodological utilization of such data, our retention algorithms, and your absolute sovereign rights over your data.

This document enforces strict compliance with paramount 2026 digital sovereignty mandates, explicitly including the European Union General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the UK Data Protection Act (DPA), and global App Store privacy enforcement guidelines dictated by Apple Inc. and Google LLC.

2. Explicit Categories of Data Processed

We categorically partition and process the following datasets solely to maintain platform functionality, ensure cybersecurity, and legally fulfill commercial contracts:

• Biographical & Contact Data: Immutable first names, last names, corporate affiliations, and heavily verified primary electronic mail addresses (e.g., used for communications via care@siesoul.social).
• Cryptographic & Authentication Data: Salted password hashes, session-specific JSON Web Tokens (JWT), and OAuth2 provisioning tokens. We strictly do not store plaintext passwords.
• Telemetry & Session Forensics: Granular IP addresses, precise geolocation (country/state level for tax remittance compliance), User-Agent attributes, specific device hardware identifiers, and time-stamped interaction algorithms utilized strictly to detect DDoS and unauthorized access attempts.
• Financial Processing Data: Handled securely via tokenization. Raw Primary Account Numbers (PAN), CVVs, and expiring card timelines are securely firewalled off our active servers and handled explicitly by our PCI-DSS compliant Merchant of Records (Stripe, Lemon Squeezy, Apple, or Google).

3. International Data Transfers and Processing Locations

Siesoul Social Inc. deploys globally redundant infrastructure. Data generated by users located within the European Economic Area (EEA), the UK, and Switzerland may be transmitted securely to, and algorithmically processed in, the United States.

To ensure strict legal compliance regarding transatlantic data flow, Siesoul Social Inc. processes such cross-border transfers strictly relying on standard contractual clauses (SCCs) endorsed by the European Commission, reinforced by the EU-US Data Privacy Framework, maintaining an equivalent level of cryptographic and legislative protection as mandated within the EU.

4. Third-Party Vendor Ecosystem and Legal Liability

We transmit minimized, mission-critical datasets to authorized sub-processors to enable hosting, communication, and economic functions:

• Financial Processors (Stripe, Lemon Squeezy, Apple, Google): For executing legally binding transactions, global dispute resolution, and automated sales/VAT tax recalculations.
• App Store Operators (Apple & Google): For executing in-app subscriptions, telemetry parsing, and managing hardware-bound cryptographic identities.

Mandatory Sub-Processor Vetting: Siesoul Social Inc. actively enforces rigorous contractual data protection addendums (DPAs) with all vendors. We legally mandate that any authorized third-party processor or partner operates in strict adherence to the data protection, consumer privacy, and cybersecurity laws exclusively applicable within their respective country of jurisdiction.

5. Total Data Sovereignty: User Rights & Right to Erasure

Under strict enforcement of the GDPR and CCPA/CPRA, you possess the unabridged right to assert absolute control over your digital identity. You retain the absolute right to:

• The Right of Access & Portability: To demand a structured, machine-readable export of all PII housed on Morzt architectures.
• The Right to Rectification & Restriction: To immediately correct falsely reported metrics or throttle specific machine-learning algorithmic processing of your data.
• The Right to Object & "Do Not Sell" Mandate: We explicitly declare that Siesoul Social Inc. DOES NOT AND WILL NOT SELL your personal data to data brokers or advertising conglomerates. You retain the right to formally object to any telemetric processing.
• The Right to be Forgotten (Account Deletion): You may instantaneously initiate full, forensic account deletion directly from within the Siesoul Social mobile application or via the web dashboard. Upon cryptographic execution, all associated Identifiable Data is permanently wiped from our active databases within a rigid 7-day latency window, excluding specific transactional histories mandated for preservation under federal anti-money laundering (AML) and IRS tax retention statutes.

To exercise these rights, submit a formal legal request to our compliance team exclusively via hi@siesoul.social.

6. Age Verification, Minor Data Compliance & COPPA

Siesoul Social is strictly engineered for utilization by individuals possessing the legal capacity to form binding contracts (typically 18 years of age, or 13 years with rigorously verified guardian consent depending on jurisdiction). Because Siesoul Social is a professional and personal social connection network designed to help users find the right people via AI, and explicitly NOT a dating app, it is governed by standard social network COPPA protocols.

In direct adherence with 2026 overarching App Store regulatory mandates, including COPPA in the United States, Siesoul Social actively integrates with the Apple and Google Age Signal infrastructures. We deploy filtering heuristics to prevent the unauthorized collection of juvenile PII. If we confirm we have inadvertently collected data from a recognized minor void of parental authorization, we will permanently purge the data without delay. Parents may contest or inspect accounts strictly via care@siesoul.social.