Global Privacy Policy

1. INTRODUCTION AND SCOPE

We at Shobbl LLC ("Shobbl," "we," "us," or "our") are committed to minding and protecting the privacy and personal information of all those who interact with our Services ("Users") and Users who register an account for and access our Services ("Customers") or further set up a creator page and/or licensed product listing ("Creators") (together referred throughout our policies by the terms "you" and "your").

We adjust what data we collect from you for compliance with the requirements of each supranational entity, country, state, province, territory, overseas territory, dependency, special administration region, municipality, local government, or indigenous jurisdiction you operate within (each identified jurisdiction you are accessing us from together referred to throughout our policies by the term "Compliance Region").

This Privacy Policy outlines how we collect, use, process, share, and protect personal information when you:

• Interact with our websites that reference or link to this Policy.
• Utilize our products, services, software, technology platform, or mobile applications, where we manage your personal data.
• Communicate with us or receive messages from us.
• Opt in to receive our newsletters, updates, or other notices.
• Act as a vendor, supplier, or service provider for us.
• Sign up for, participate in, or attend our events, programs, promotions, or contests.
• Take part in surveys, research, or similar data collection initiatives conducted by us.
• Visit our offices as a service provider, customer, or guest at an event hosted or co-hosted by us.

Our platform serves as a marketplace connecting independent creators with users and customers, providing tools for content distribution, community engagement, payment processing, and creator monetization. We recognize the trust you place in us with your sensitive personal and financial information, and we take this responsibility seriously.

By using our services, you acknowledge that you have read, understood, and agree to the collection and processing of your personal information as described in this Policy. If you do not agree with these practices, please discontinue use of our platform and services.

2. INFORMATION WE COLLECT

We collect specific categories of personal information in order to provide our marketplace services, ensure platform security and legal compliance, process payments, and to enhance your user experience ("UX"). The specific information collected depends on how you interact with our platform, where you are from, your real or inferred age, and which services you use.

2.1 Information You Provide Directly

Shobbl operates with a "Regional Compliance" strategy in order to enhance the privacy rights of our users by mitigating international compliance entanglements; we collect only the information necessary for the capacity of service we provide for your Compliance Region.

2.3 Information from Third Parties

We may receive information about you from external sources for the purpose of improving our services as well as platform security.

3. HOW WE USE YOUR INFORMATION

We process your personal information for specific, legitimate purposes that enable us to improve the security and quality of our services. Our processing activities are based on appropriate legal grounds as required by applicable privacy laws relevant to your Compliance Region.

3.1 Platform Operations and Service Delivery

3.2 Creator Services and Monetization

For Creators using our platform, we process information to provide specialized services including:

• Revenue analytics and performance reporting
• Audience insights and engagement metrics
• Tax document generation and compliance reporting
• Creator verification and credibility assessment
• Content optimization recommendations

3.3 Community Features and Engagement

We use information to facilitate community interactions, including forum management, event coordination, Creator to User connections, and content discovery recommendations. This processing is based on our legitimate interest in providing the best service we possibly can.

3.4 Legal Compliance and Regulatory Requirements

4. INFORMATION SHARING AND DISCLOSURE

We maintain strict controls over how personal information is shared and disclosed. We do not sell personal information to third parties for marketing purposes. Information sharing occurs only in specific circumstances necessary for platform operations, legal compliance, or with your explicit consent.

4.1 Service Providers and Business Partners

We engage trusted third-party service providers to help deliver our services:

4.2 Legal and Regulatory Disclosures

We may disclose personal information when required by law or to protect legitimate interests:

• To comply with legal process (subpoenas, court orders, search warrants)
• To comply with regulatory investigations or examinations
• To prevent fraud, illegal activity, or violations of our terms of service
• To protect the safety and security of our users and platform
• To process business transfers, acquisitions, or restructuring

4.3 User Interactions

Certain information is shared to enable and enhance user interactions in accordance with applicable privacy settings and regional compliance requirements:

• Published content, interactions, and associated metadata are visible to users as permitted by privacy settings, parental controls, and regional compliance standards.
• Necessary purchase details, such as transaction information, are shared with sellers and creators to support order processing, fulfillment, and dispute resolution.
• Aggregated and anonymized audience analytics may be provided to content owners to help them understand engagement trends and improve their offerings.

5. INTERNATIONAL DATA TRANSFERS

Our services operate across multiple jurisdictions and may transfer personal information internationally.

5.1 Transfer Mechanisms

To ensure the security and compliance of personal data transferred internationally, we implement the following safeguards:

• Standard Contractual Clauses (SCCs): For transfers from the European Union (EU), European Economic Area (EEA), or other regions requiring specific safeguards, we utilize Standard Contractual Clauses approved by the relevant authorities to ensure data protection compliance.
• Adequacy Decisions: Where applicable, we utilize adequacy determinations issued by relevant authorities to transfer data between jurisdictions recognized as providing an adequate level of data protection.
• Data Processing Agreements (DPAs): We require third-party service providers and partners involved in processing personal data to enter into comprehensive Data Processing Agreements that align with applicable data protection laws, including GDPR and other regional regulations.
• Technical and Organizational Safeguards: We employ adequate measures, such as encryption of data in transit and at rest, secure protocols, and access controls, to protect personal data during transfer and throughout its lifecycle.

5.2 Data Processing Locations

Your information may be processed by relevant authorities based on our legal requirements for your Regional Compliance outcome. Our headquarters is located in the United States, while our primary Data Centers are managed by ??? in ???.

6. DATA RETENTION

We retain the Personal Data which we have legally obtained to fulfill the purposes for which it was collected, in order to comply with legal obligations, to resolve disputes, and to enforce our agreements.

6.1 Retention Periods by Category

6.2 Data Deletion

When retention periods expire or upon receiving valid deletion requests, we implement secure deletion procedures, including:

• Secure overwriting of data storage media
• Destruction of cryptographic keys for encrypted data
• Coordinated deletion across backup systems and archives
• Verification of complete data removal

7. SECURITY AND PROTECTION MEASURES

We implement enterprise-grade security measures to protect personal information against unauthorized access, disclosure, alteration, or destruction. Our security program is designed to meet industry standards and regulatory requirements for the regions in which we offer service.

If you wish to report a security violation or inadequacy, please email security@shobbl.com.

7.1 Technical Safeguards

• Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
• Access Controls: Multi-factor authentication, role-based access, principle of least privilege
• Network Security: Firewalls, intrusion detection, DDoS protection
• Data Loss Prevention: Automated monitoring, data classification, egress controls
• Secure Development: Security code reviews, vulnerability testing, secure SDLC

7.2 Security Measures

• Security Training: We conduct regular privacy and security training sessions for all personnel.
• Background Checks: We implement comprehensive screening and vetting processes for employees with data access.
• Incident Response: We maintain a 24/7 security operations center and establish clear incident response procedures.
• Vendor Management: We perform security assessments, enforce contractual obligations, and conduct ongoing monitoring of our third-party services, sellers, and creators.

7.3 Compliance Certifications

We aim to achieve or maintain the following security certifications and compliance standards:

• SOC 2 Type II: Annual audits of security, availability, and confidentiality controls (in progress)
• PCI DSS Level 1: Payment card industry compliance for financial data protection (in progress)
• ISO 27001: Information security management system certification (in progress)
• GDPR Compliance: Adherence to European data protection regulations (in progress)

8. YOUR PRIVACY RIGHTS AND CHOICES

We provide comprehensive tools and mechanisms for users to control their personal information and exercise privacy rights as required by applicable laws.

8.1 Privacy Rights

You have the following rights with regards to your personal information:

You may email any privacy-related request to privacy@shobbl.com where we have (1) month to service your needs in accordance with applicable privacy laws.

8.2 Communication Preferences

You can manage our marketing communications through the following options:

• Email: Use the unsubscribe links in our promotional messages.
• Account Settings: Adjust your communication preferences in your account settings.
• Mobile Applications: Modify push notification settings in our mobile apps.
• Manual Opt-Out: Contact us at privacy@shobbl.com for assistance with manual opt-out.

8.3 Jurisdictional Rights & SCCs

Shobbl offers extensive jurisdictional privacy rights as identified by your Compliance Region and any applicable laws therein, as further specified through our Privacy Addendum for International Data Transfers & Standard Contractual Clauses (SCCs).

We honor similar privacy rights as required by applicable laws in the jurisdictions where we operate.

9. COOKIES POLICY

Shobbl seeks your informed consent for the use of non-essential cookies and similar technologies, as outlined in our Cookies Notice.

10. CHILDREN'S PRIVACY

Our platform is not intended for children under 13 years of age. We do not retain any information on individuals under 13 without parental consent, except for inferred age to ensure they do not operate an account or access restricted content.

If we discover that we have collected personal information from a child under 13 without parental consent, we will promptly delete that information from our system and close the associated account.

Children aged 13 to 17 must have their accounts managed by a parent or legal guardian. Certain platform interactions may be restricted for them based on the applicable laws of the region from which they access our platform. We implement additional security measures for children, including parental notification systems, and restrict access to certain platform features such as financial transactions, outbound links, or content inappropriate for their age.

11. PAYMENT PROCESSING

Shobbl provides non-custodial USDC "Stablecoin" transactions via third-party services. These include OnRamper, the payment processor chosen by OnRamper, Privy, and any credit card payment providers we evaluate as secure and legally compliant for their respective service areas.

How Payments Work

When you make a purchase on Shobbl, you can pay using a credit card or digital currency. Here's how your payment is processed:

• If you pay with digital currency, your funds are processed through OnRamper and Privy, which securely convert your payment into USDc (a Stablecoin) and then into Shobbl USDc Notes for use on our platform.
• If you pay with a credit card, your payment is processed by our trusted payment partners and converted into Shobbl USDc Notes which are then used for payment.

Payment Flow Diagram:

Purchase (Credit Card or Digital Currency) → OnRamper/Payment Processor → Privy (USDc) → Shobbl (USDc Notes)

How Payouts Work

When you withdraw your earnings as a creator or seller:

• Only Shobbl USDc Notes earned through sale of products, creator pages, or services on our platform may be used for payout.
• Your earned Shobbl USDc Notes are converted back into USDc via Privy.
• If you want to receive traditional currency, USDc is converted through OnRamper and the payment processor they identify to your chosen payout destination.

Payout Flow:

Shobbl (USDc Notes) → Privy (USDc) → OnRamper/Payment Processor → Your Bank or Wallet

Note:

All transactions are tracked and audited for security and compliance. Sellers must complete identity verification (KYC) to withdraw funds.

11.1 Transaction Auditing

Your transactions are monitored and regularly audited by our financial moderation team to prevent fraud and ensure compliance with all applicable Anti-Money Laundering (AML) regulations.

11.2 Seller-Only Know Your Customer (KYC)

Our non-custodial transaction system uses a "closed-loop" virtual currency that represent non-custodial USDc. This virtual currency ("Shobbl USDc Notes") is exempt from buyer-side KYC requirements under FinCEN and EU guidelines. We verify buyers only when necessary to comply with applicable laws and to support our services.

12. UPDATES TO THIS POLICY

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. When we make material changes, we will:

• Provide at least 30 days' advance notice through email or platform notifications
• Update the "Last Updated" date at the top of this policy
• Highlight significant changes in our notification communications
• Obtain renewed consent for certain changes, as required by law

We encourage you to review this Policy regularly to stay informed about how we protect your personal information.

13. CONTACT INFORMATION AND SUPPORT

14. JURISDICTION-SPECIFIC PROVISIONS

We maintain jurisdiction-specific provisions in a supplemental document. For our comprehensive international data transfer and SCCs privacy policy, please refer to our Supplemental Privacy Addendum: International Data Transfers & Standard Contractual Clauses (SCCs).

14.1 European Economic Area and United Kingdom

For users in the UK, Shobbl does not presently offer service nor does it collect information from those residents. If you are found to be from the UK, your account will be closed and we will remove any information about you from our service.

14.2 Other Jurisdictions

Shobbl currently only offers service to the United States of America, the EU (excluding the UK), and Canada. Shobbl plans to expand into other jurisdictions responsibly as part of its global compliance strategy and will update this privacy policy and its Privacy Addendum(s) accordingly. We comply with applicable privacy laws in all jurisdictions where we operate.

15. OUR RIGHT TO CHANGE THIS POLICY

We reserve the right to amend this Privacy Policy as necessary for any reason, including enhancing clarity or ensuring compliance with applicable laws.

This Privacy Policy reflects our commitment to safeguarding your personal information while supporting the global creative economy through our services. We welcome your feedback and questions about our privacy practices. You can reach us at privacy@shobbl.com.