Privacy Policy

1. A Transparent Approach to Your Digital Identity

At Siesoul Social Inc., we take the protection of your digital identity seriously. This extended Privacy Policy goes beyond generalities to explain exactly what data we collect, exactly why we collect it, and the precise legal rights you hold over your own information, heavily mapped to the rigorous standards of the EU GDPR, UK DPA, and California's CCPA/CPRA.

2. Exactly What We Collect & Why

To make the Siesoul Social app function smoothly, we passively and actively collect the following explicit data categories:

• Biographical Profiles: We collect the names, bios, and profile images you actively upload. Why? So your social connections can actually see who you are.
• Location Telemetry: We collect your rough IP address, but we do not continuously ping your device's exact GPS micro-coordinates. Why? The IP address helps us comply with specific regional tax remittances and serves basic local discovery profiles without draining your battery or tracking your precise movements.
• Cryptographic Identifiers: We utilize salted password hashes (meaning we can never see your actual password) and JSON Web Tokens (JWTs). Why? This is critical infrastructure that securely authenticates your active session and prevents bad actors from highjacking your account.
• Hardware Markers: We occasionally inspect your Device ID or User-Agent. Why? This allows us to instantly flag and block devices known for launching rapid brute-force attacks or spam bots.

3. How We Share Data with Essential Third-Parties

We explicitly will never sell your data to external advertising brokers. However, to keep the lights on, we must route minimized datasets through heavily vetted third-party subprocessors:

• Payment Facilitators (Stripe, Lemon Squeezy, Apple, Google): When you buy a subscription, your financial data (like full credit card PANs) completely bypasses our servers and is injected directly into these PCI-DSS compliant payment gateways. All we see is a randomized token indicating you've paid.
• Hosting Infrastructures: Your profile data is stored on globally encrypted remote cloud servers (e.g., AWS or Supabase) which act as our technical backbone.

4. Global Data Transfer Safeguards

Because Siesoul Social is a U.S. company using global infrastructure, user data generated in the European Economic Area (EEA), the UK, and Switzerland will be securely transferred over to data centers residing in the United States. To keep this strictly legal, we utilize certified Standard Contractual Clauses (SCCs) and fully participate in the EU-US Data Privacy Framework, meaning your data gets the same level of protection in the U.S. as it would sitting in Europe.

5. Total Erasure: The Right to be Forgotten Process

Under robust consumer laws, you have the absolute legal right to instantly request a full machine-readable export of your data, or execute a total account deletion. Here is exactly how our deletion process works:

When you hit "Delete Account" inside the Siesoul Social app, your profile immediately disappears from public view (Day 1). Over the next 7 days, our automated systems begin cryptographically purging your images, chat histories, and profile tables from our active databases. By Day 7, you are permanently scrubbed.

Important Exception: By law, we cannot delete records of actual financial purchases (e.g., a subscription invoice). We must securely retain high-level transactional data to comply with Anti-Money Laundering (AML) directives and U.S. IRS tax obligations.

To explicitly exercise these rights, email: hi@siesoul.social.

6. Stringent Minor Protections (COPPA)

The Siesoul Social platform is engineered entirely for adults. You must be at least 18 years old to join. We actively interface with Apple and Google's store-level Age Signal infrastructures to automatically bounce juvenile installations. If you are a parent and suspect your minor child has bypassed these filters to create an account, notify us at care@siesoul.social. We will perform an immediate forensic wipe of the child's data in compliance with the Children's Online Privacy Protection Act (COPPA).