Global Privacy Policy

1. INTRODUCTION AND SCOPE

We at Shobbl Incorporated ("Shobbl," "we," "us," or "our") are committed to minding and protecting the privacy and personal information of all those who interact with our Services ("Users") and Users who register an account for and access our Services ("Customers") or further set up a creator page and/or licensed product listing ("Creators") (together referred throughout our policies by the terms "you" and "your").

We adjust what data we collect from you for compliance with the requirements of each supranational entity, country, state, province, territory, overseas territory, dependency, special administration region, municipality, local government, or indigenous jurisdiction you operate within (each identified jurisdiction you are accessing us from together referred to throughout our policies by the term "Compliance Region").

This Privacy Policy outlines how we collect, use, process, share, and protect personal information when you:

• Interact with our websites that reference or link to this Policy.
• Utilize our products, services, software, technology platform, or mobile applications, where we manage your personal data.
• Communicate with us or receive messages from us.
• Opt in to receive our newsletters, updates, or other notices.
• Act as a vendor, supplier, or service provider for us.
• Sign up for, participate in, or attend our events, programs, promotions, or contests.
• Take part in surveys, research, or similar data collection initiatives conducted by us.
• Visit our offices as a service provider, customer, or guest at an event hosted or co-hosted by us.

Our platform serves as a marketplace connecting independent creators with users and customers, providing tools for content distribution, community engagement, payment processing, and creator monetization. We recognize the trust you place in us with your sensitive personal and financial information, and we take this responsibility seriously.

By using our services, you acknowledge that you have read, understood, and agree to the collection and processing of your personal information as described in this Policy. If you do not agree with these practices, please discontinue use of our platform and services.

2. INFORMATION WE COLLECT

We collect specific categories of personal information in order to provide our marketplace services, ensure platform security and legal compliance, process payments, and to enhance your user experience ("UX"). The specific information collected depends on how you interact with our platform, where you are from, your real or inferred age, and which services you use.

2.1 Information You Provide Directly

Shobbl operates with a "Regional Compliance" strategy in order to enhance the privacy rights of our users by mitigating international compliance entanglements; we collect only the information necessary for the capacity of service we provide for your Compliance Region.

2.3 Information from Third Parties

We may receive information about you from external sources for the purpose of improving our services as well as platform security.

3. HOW WE USE YOUR INFORMATION

We process your personal information for specific, legitimate purposes that enable us to improve the security and quality of our services. Our processing activities are based on appropriate legal grounds as required by applicable privacy laws relevant to your Compliance Region.

3.1 Platform Operations and Service Delivery

3.2 Creator Services and Monetization

For Creators using our platform, we process information to provide specialized services including:

• Revenue analytics and performance reporting
• Audience insights and engagement metrics
• Tax document generation and compliance reporting
• Creator verification and credibility assessment
• Content optimization recommendations

3.3 Community Features and Engagement

We use information to facilitate community interactions, including forum management, event coordination, Creator to User connections, and content discovery recommendations. This processing is based on our legitimate interest in providing the best service we possibly can.

3.4 Legal Compliance and Regulatory Requirements

4. INFORMATION SHARING AND DISCLOSURE

We maintain strict controls over how personal information is shared and disclosed. We do not sell personal information to third parties for marketing purposes. Information sharing occurs only in specific circumstances necessary for platform operations, legal compliance, or with your explicit consent.

4.1 Service Providers and Business Partners

We engage trusted third-party service providers to help deliver our services:

4.2 Legal and Regulatory Disclosures

We may disclose personal information when required by law or to protect legitimate interests:

• To comply with legal process (subpoenas, court orders, search warrants)
• To comply with regulatory investigations or examinations
• To prevent fraud, illegal activity, or violations of our terms of service
• To protect the safety and security of our users and platform
• To process business transfers, acquisitions, or restructuring

4.3 User Interactions

Certain information is shared to enable and enhance user interactions in accordance with applicable privacy settings and regional compliance requirements:

• Published content, interactions, and associated metadata are visible to users as permitted by privacy settings, age-gating controls, and regional compliance standards.
• Necessary purchase details, such as transaction information, are shared with sellers and creators to support order processing, fulfillment, and dispute resolution.
• Aggregated and anonymized audience analytics may be provided to content owners to help them understand engagement trends and improve their offerings.

5. INTERNATIONAL DATA TRANSFERS

Our services operate across multiple jurisdictions and may transfer personal information internationally.

5.1 Transfer Mechanisms

To ensure the security and compliance of personal data transferred internationally, we implement the following safeguards:

• Standard Contractual Clauses (SCCs): For transfers from the European Union (EU), European Economic Area (EEA), or other regions requiring specific safeguards, we utilize Standard Contractual Clauses approved by the relevant authorities to ensure data protection compliance.
• Adequacy Decisions: Where applicable, we utilize adequacy determinations issued by relevant authorities to transfer data between jurisdictions recognized as providing an adequate level of data protection.
• Data Processing Agreements (DPAs): We require third-party service providers and partners involved in processing personal data to enter into comprehensive Data Processing Agreements that align with applicable data protection laws, including GDPR and other regional regulations.
• Technical and Organizational Safeguards: We employ adequate measures, such as encryption of data in transit and at rest, secure protocols, and access controls, to protect personal data during transfer and throughout its lifecycle.

5.2 Data Processing Locations

Your information may be processed by relevant authorities based on our legal requirements for your Regional Compliance outcome. Our headquarters is located in the United States. We host and process data using certified cloud infrastructure providers in the United States and in other regions where we operate our services, consistent with our agreements and applicable law. Subprocessors and hosting arrangements are described in our vendor disclosures as updated from time to time.

6. DATA RETENTION

We retain the Personal Data which we have legally obtained to fulfill the purposes for which it was collected, in order to comply with legal obligations, to resolve disputes, and to enforce our agreements.

6.1 Retention Periods by Category

6.2 Data Deletion

When retention periods expire or upon receiving valid deletion requests, we implement secure deletion procedures, including:

• Secure overwriting of data storage media
• Destruction of cryptographic keys for encrypted data
• Coordinated deletion across backup systems and archives
• Verification of complete data removal

7. SECURITY AND PROTECTION MEASURES

We implement enterprise-grade security measures to protect personal information against unauthorized access, disclosure, alteration, or destruction. Our security program is designed to meet industry standards and regulatory requirements for the regions in which we offer service.

If you wish to report a security violation or inadequacy, please email security@shobbl.com.

7.1 Technical Safeguards

• Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
• Access Controls: Multi-factor authentication, role-based access, principle of least privilege
• Network Security: Firewalls, intrusion detection, DDoS protection
• Data Loss Prevention: Automated monitoring, data classification, egress controls
• Secure Development: Security code reviews, vulnerability testing, secure SDLC

7.2 Security Measures

• Security Training: We conduct regular privacy and security training sessions for all personnel.
• Background Checks: We implement comprehensive screening and vetting processes for employees with data access.
• Incident Response: We maintain a 24/7 security operations center and establish clear incident response procedures.
• Vendor Management: We perform security assessments, enforce contractual obligations, and conduct ongoing monitoring of our third-party services, sellers, and creators.

7.3 Compliance Certifications

We aim to achieve or maintain the following security certifications and compliance standards:

• SOC 2 Type II: Annual audits of security, availability, and confidentiality controls (in progress)
• PCI DSS Level 1: Payment card industry compliance for financial data protection (in progress)
• ISO 27001: Information security management system certification (in progress)
• GDPR Compliance: Adherence to European data protection regulations (in progress)

8. YOUR PRIVACY RIGHTS AND CHOICES

We provide comprehensive tools and mechanisms for users to control their personal information and exercise privacy rights as required by applicable laws.

8.1 Privacy Rights

You have the following rights with regards to your personal information:

You may email any privacy-related request to privacy@shobbl.com where we have (1) month to service your needs in accordance with applicable privacy laws.

8.2 Communication Preferences

You can manage our marketing communications through the following options:

• Email: Use the unsubscribe links in our promotional messages.
• Account Settings: Adjust your communication preferences in your account settings.
• Mobile Applications: Modify push notification settings in our mobile apps.
• Manual Opt-Out: Contact us at privacy@shobbl.com for assistance with manual opt-out.

8.3 Jurisdictional Rights & SCCs

Shobbl offers extensive jurisdictional privacy rights as identified by your Compliance Region and any applicable laws therein, as further specified through our Privacy Addendum for International Data Transfers & Standard Contractual Clauses (SCCs).

We honor similar privacy rights as required by applicable laws in the jurisdictions where we operate.

9. COOKIES POLICY

Shobbl seeks your informed consent for the use of non-essential cookies and similar technologies, as outlined in our Cookies Notice.

10. AGE-BASED PRIVACY AND ACCESS CONTROLS

Standard Platform accounts are intended for users who are at least 16 years old, or older where required by applicable law. We do not permit users below the minimum account age to create or operate Platform accounts.

Certain Platform features, including creator monetization, payout functionality, payment-enabled creator tools, and restricted or adult-oriented environments, require users to be at least 18 years old and may require identity, age, or eligibility verification.

If we determine that an account has been created by a user below the applicable minimum age, or that a user has attempted to access features for which they are not age-eligible, we may restrict or close the account and delete or limit associated personal information as required by law and Platform policy.

11. PAYMENT PROCESSING

Shobbl uses third-party payment and payout providers to support eligible purchases, creator earnings, and permitted payout destinations. Payment-enabled features are subject to age, identity, regional, and content-classification requirements.

How Payments Work

When you make an eligible purchase on Shobbl, your payment is processed through supported payment partners and applied to the eligible product or service:

• Standard-content purchases use the payment methods and partners made available for that environment.
• Restricted or adult-oriented environments are separated from standard payment flows and are not eligible for standard-content checkout.

Payment Flow Diagram:

Eligible Purchase → Supported Payment Partner → Eligible Product or Service

How Payouts Work

When an eligible creator or seller requests a payout:

• Only eligible creator earnings from products, creator pages, memberships, subscriptions, or services on our platform may be paid out.
• Approved creator earnings are processed through supported payout partners where available.
• Payout availability, timing, and supported destinations are subject to eligibility checks, regional availability, and partner requirements.

Payout Flow:

Approved Creator Earnings → Supported Payout Partner → Eligible Payout Destination

Note:

All transactions are tracked and audited for security and compliance. Sellers must complete identity verification (KYC) before receiving payouts.

11.1 Transaction Auditing

Your transactions are monitored and regularly audited by our financial moderation team to prevent fraud and ensure compliance with all applicable Anti-Money Laundering (AML) regulations.

11.2 Seller-Only Know Your Customer (KYC)

Shobbl uses standard platform transaction records and payment-provider records to support purchases, refunds, dispute handling, tax obligations, fraud prevention, and payout eligibility. We verify buyers only when necessary to comply with applicable laws and to support our services.

12. UPDATES TO THIS POLICY

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. When we make material changes, we will:

• Provide at least 30 days' advance notice through email or platform notifications
• Update the "Last Updated" date at the top of this policy
• Highlight significant changes in our notification communications
• Obtain renewed consent for certain changes, as required by law

We encourage you to review this Policy regularly to stay informed about how we protect your personal information.

13. CONTACT INFORMATION AND SUPPORT

14. JURISDICTION-SPECIFIC PROVISIONS

We maintain jurisdiction-specific provisions in a supplemental document. For our comprehensive international data transfer and SCCs privacy policy, please refer to our Supplemental Privacy Addendum: International Data Transfers & Standard Contractual Clauses (SCCs).

14.1 European Economic Area and United Kingdom

For users in the UK, Shobbl does not presently offer service nor does it collect information from those residents. If you are found to be from the UK, your account will be closed and we will remove any information about you from our service.

14.2 Other Jurisdictions

Shobbl currently only offers service to the United States of America, the EU (excluding the UK), and Canada. Shobbl plans to expand into other jurisdictions responsibly as part of its global compliance strategy and will update this privacy policy and its Privacy Addendum(s) accordingly. We comply with applicable privacy laws in all jurisdictions where we operate.

15. OUR RIGHT TO CHANGE THIS POLICY

We reserve the right to amend this Privacy Policy as necessary for any reason, including enhancing clarity or ensuring compliance with applicable laws.

This Privacy Policy reflects our commitment to safeguarding your personal information while supporting the global creative economy through our services. We welcome your feedback and questions about our privacy practices. You can reach us at privacy@shobbl.com.