Privacy Policy

1. Introduction

Sooda ("we," "us," or "our") is a K-beauty community platform operated by sapienta. This Privacy Policy describes how we collect, use, share, and protect your personal information when you use our services, including our Discord community, website, TikTok integrations, and rewards program (collectively, the "Service").

This policy is designed to comply with applicable data protection laws, including:

• Korea — Personal Information Protection Act (PIPA)
• Philippines — Data Privacy Act of 2012 (DPA)
• Indonesia — Personal Data Protection Law (PDP Law)
• Vietnam — Decree 13/2023/ND-CP on Personal Data Protection
• European Economic Area / United Kingdom — General Data Protection Regulation (GDPR)

By using the Service, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

2.1 Information You Directly Provide

Discord Account Information

• Discord username, display name, and user ID
• Profile preferences (skin type, beauty interests)
• Messages and content posted in our community channels

TikTok Account Information

• TikTok username, display name, and user ID (when you connect your account)
• Public profile information accessible through the TikTok API

Contact and Redemption Information

• Email address (for reward redemptions and communications)
• Shipping address (for physical reward fulfillment)
• Phone number (if required for delivery)

2.2 Automatically Collected Information

Community Activity Data

• Message activity and participation levels in Discord
• Event attendance and engagement
• Content interactions (reactions, replies)

Points and Rewards Data

• Bubbles (points) balance and transaction history
• Reward redemption records
• Achievement and milestone data

Usage and Technical Data

• IP address and approximate location
• Browser type and device information
• Pages visited and features used
• Timestamps and session duration

2.3 Information from Third Parties

We may receive information about you from third-party platforms you connect to the Service, such as Discord and TikTok, in accordance with the permissions you grant and those platforms' privacy policies.

3. How We Use Your Information

3.1 Core Service Operations

• Operating and maintaining the Sooda community platform
• Managing your account and Bubbles balance
• Processing reward redemptions and fulfillment
• Communicating with you about the Service, updates, and events
• Providing customer support

3.2 Improvement and Analytics

• Analyzing usage patterns to improve the Service
• Developing new features and content
• Conducting research and analysis on community engagement

3.3 Fraud Prevention and Safety

• Detecting and preventing fraudulent activity, abuse, or violations of our Terms of Service
• Ensuring the security and integrity of the Service
• Enforcing our community guidelines

3.4 What We Don't Do

• We do not sell your personal information to third parties
• We do not use your data for targeted advertising
• We do not create advertising profiles based on your activity
• We do not share your information with data brokers

3.5 Legal Bases for Processing (GDPR)

If you are located in the EEA/UK, we process your data on the following legal bases:

• Consent: When you connect third-party accounts or opt in to communications
• Contract: To provide the Service and fulfill reward redemptions
• Legitimate Interest: For analytics, fraud prevention, and service improvement
• Legal Obligation: To comply with applicable laws and regulations

4. How We Share Information

4.1 No Selling of Personal Data

We do not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration.

4.2 Service Providers

We share information with the following categories of service providers:

4.3 Legal Disclosures

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Sooda, our users, or the public.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of the transaction. We will notify you via the Service or email before your information becomes subject to a different privacy policy.

4.5 Aggregated Data

We may share aggregated, de-identified data that cannot reasonably be used to identify you for analytics, research, or business purposes.

5. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption: Data is encrypted in transit (TLS) and at rest
• Access Controls: Strict role-based access to personal data
• Monitoring: Continuous monitoring for unauthorized access or anomalies

While we strive to protect your personal information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

5.1 Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users and relevant regulatory authorities within the timeframes required by applicable law (e.g., 72 hours under GDPR, as required under PIPA, DPA, and PDP Law).

6. Data Retention

We retain your data only as long as necessary for the purposes described in this policy.

7. Your Privacy Rights

7.1 All Users

Regardless of your location, you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your personal information
• Withdraw consent at any time
• Disconnect linked third-party accounts

7.2 Additional Rights by Jurisdiction

Korea (PIPA)

• Right to be informed about data processing
• Right to request suspension of processing
• Right to claim damages for privacy violations

Philippines (DPA)

• Right to be informed
• Right to object to processing
• Right to data portability
• Right to file a complaint with the National Privacy Commission

Indonesia (PDP Law)

• Right to obtain information about data processing
• Right to request correction
• Right to withdraw consent
• Right to request data deletion

Vietnam (Decree 13)

• Right to be informed about data processing activities
• Right to consent and withdraw consent
• Right to access and request copies of personal data
• Right to delete or restrict processing

EEA / United Kingdom (GDPR)

• Right to access, rectification, and erasure
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to lodge a complaint with a supervisory authority

Other Jurisdictions

If you are located in a jurisdiction not listed above, you may still exercise the general rights in Section 7.1. We will respond to your request in accordance with applicable local law.

7.3 How to Exercise Your Rights

To exercise any of your privacy rights, you may:

• Email us at support@sooda.beauty
• Contact us through our Discord server
• Use the account management features in the Service

We will respond to your request within 30 days (or sooner if required by applicable law).

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including South Korea where sapienta is based. We ensure appropriate safeguards are in place for international transfers, including:

• Standard Contractual Clauses (SCCs) for transfers from the EEA/UK
• Adequacy assessments for data transfer destinations
• Contractual obligations with service providers to maintain equivalent levels of protection

Vietnam and Indonesia

For users in Vietnam and Indonesia, we comply with local requirements for cross-border data transfers, including obtaining consent where required and maintaining records of transfer activities as mandated by applicable regulations.

9. TikTok Data Practices

9.1 TikTok API Compliance

Our use of TikTok data complies with TikTok's API Terms and Developer Guidelines. Specifically:

• We only access data you explicitly authorize
• We do not access, collect, or store your TikTok videos, profile picture, bio, followers, private messages, or financial information
• We do not share your TikTok data with third parties for marketing or advertising purposes
• We do not transfer your TikTok data to TikTok or any other platform without your explicit consent
• TikTok data is stored securely and used solely for the stated purposes

9.2 Unlinking Your TikTok Account

You can unlink your TikTok account at any time by:

• Using the account settings in the Service
• Revoking access through TikTok's app settings
• Contacting us at support@sooda.beauty

Upon unlinking, we will delete your TikTok data within 30 days, except where retention is required by law.

10. Cookies and Tracking

We use limited cookies and tracking technologies:

Essential Cookies

• Session management and authentication
• Security and fraud prevention

Analytics

• Anonymous usage statistics to improve the Service

What We Don't Use

• Third-party advertising cookies
• Cross-site tracking
• Social media tracking pixels

You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of the Service.

11. Children's Privacy

11.1 Age Restrictions

The Service is designed for users who meet the minimum age requirements of their jurisdiction. By using the Service, you represent that you meet the applicable age requirement.

11.2 Minors (Ages 13–17)

Users between the ages of 13 and 17 may use the Service with parental or guardian consent where required by applicable law. We recommend that parents and guardians monitor their children's online activities.

11.3 Children Under 13

We do not knowingly collect personal information from children under 13 years of age. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

11.4 Parent and Guardian Rights

If you believe your child has provided us with personal information without your consent, please contact us at support@sooda.beauty and we will take steps to remove the information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Modified" date at the top of this policy
• Notify you through the Service, our Discord server, or email
• Where required by law, obtain your consent before the changes take effect

We encourage you to review this policy periodically to stay informed about how we protect your information.

13. Privacy Contacts

13.1 General Inquiries

For questions or concerns about this Privacy Policy or our data practices, please contact us at:

• Email: support@sooda.beauty
• Discord: Through our community server

13.2 Regulatory Authorities

You may also contact the relevant data protection authority in your jurisdiction:

13.3 Data Protection Officer

For matters requiring a Data Protection Officer (DPO), please contact us at support@sooda.beauty with the subject line "DPO Request."