Legal
Privacy Policy
Last Updated: 16 April 2026 · Effective Date: 16 April 2026
This Privacy Policy describes how the Socium project ("Socium," "we," "us," or "our"), operating the website sociumtoken.ai (the "Website"), collects, uses, discloses, and protects your personal data. This policy applies to all visitors and addresses obligations under the EU GDPR, the ePrivacy Directive, the CCPA/CPRA, and other applicable US state privacy laws.
1. Who We Are
Socium is the team operating sociumtoken.ai and developing the $SOCI token and the MyStage.ai creator economy platform.
Contact for privacy matters: [email protected]
General contact: [email protected]
A formal operating entity is being established. Once registered, this Privacy Policy will be updated with the entity's name and registered details.
2. Personal Data We Collect
a) Data you provide directly
| Category | Examples | When Collected |
|---|---|---|
| Contact information | Email address | When you join our waitlist or subscribe to our newsletter |
b) Data collected automatically
| Category | Examples | When Collected |
|---|---|---|
| Device and usage data | Browser type, OS, screen resolution, device category | Automatically via Google Analytics 4, subject to consent |
| Interaction data | Pages viewed, scroll depth, outbound clicks, session duration | Via Google Analytics 4, subject to consent |
| Approximate location | Country, region, city (derived from anonymized IP) | Via Google Analytics 4, subject to consent |
| Traffic source data | Referring URL, UTM campaign parameters | Via Google Analytics 4, subject to consent |
| Cookie identifiers | Google Analytics Client ID (pseudonymous) | Via cookies, subject to consent |
c) Data we do NOT collect
We do not collect full IP addresses, financial data, wallet addresses, payment information, government-issued identification, biometric data, or any special categories of personal data under GDPR Article 9.
3. Purposes and Legal Basis for Processing
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Sending newsletter and project updates | Email address | Consent (Art. 6(1)(a)) |
| Website analytics and performance improvement | Device data, usage data, approximate location, cookie identifiers | Consent (Art. 6(1)(a)) |
| Ensuring website security and preventing abuse | Server logs (temporary) | Legitimate interest (Art. 6(1)(f)) |
| Complying with legal obligations | Any data as required by law | Legal obligation (Art. 6(1)(c)) |
4. Recipients and Third-Party Processors
| Recipient | Purpose | Safeguards |
|---|---|---|
| Google LLC (Google Analytics 4) | Website analytics | EU-U.S. Data Privacy Framework; Standard Contractual Clauses |
| Newsletter service provider | Email delivery and list management | EU-U.S. DPF and/or SCCs as applicable |
| Vercel Inc. | Website hosting and content delivery | EU-U.S. DPF; SCCs |
| Sanity | Headless content management system (API-based) | Contractual safeguards; no client-side data collection |
We do not sell, rent, or trade your personal data.
5. International Data Transfers
Some of our service providers are based outside the EEA, including in the United States. We rely on the EU-U.S. Data Privacy Framework adequacy decision (10 July 2023) and Standard Contractual Clauses as supplementary safeguards.
You may request a copy of the relevant safeguards by contacting [email protected].
6. Data Retention
| Data Category | Retention Period |
|---|---|
| Email address (newsletter/waitlist) | Until you unsubscribe or withdraw consent, plus up to 30 days for technical removal |
| Google Analytics data | 14 months (configured in our GA4 property) |
| Server logs | 30 days |
7. Your Rights Under the GDPR (EEA Residents)
- Right of access (Art. 15) — obtain confirmation of whether we process your data and request a copy
- Right to rectification (Art. 16) — correct inaccurate or incomplete personal data
- Right to erasure (Art. 17) — request deletion of your personal data, subject to legal exceptions
- Right to restriction of processing (Art. 18)
- Right to data portability (Art. 20)
- Right to object (Art. 21) — object to processing based on legitimate interest
- Right to withdraw consent (Art. 7(3)) — at any time
To exercise any of these rights, contact [email protected]. We will respond within 30 days.
8. Your Rights Under US State Privacy Laws
California Residents (CCPA/CPRA)
- Right to Know — categories and specific pieces of personal information collected
- Right to Delete — request deletion of your personal information
- Right to Correct — request correction of inaccurate personal information
- Right to Opt-Out of Sale/Sharing — via our cookie consent banner or Global Privacy Control (GPC) signal
- Right to Non-Discrimination
Virginia, Colorado, Connecticut, Utah, Texas, and other US state residents with comprehensive privacy laws may have similar rights. Contact [email protected] to exercise them.
9. Children's Privacy
Our Website is not directed to children. We do not knowingly collect personal data from anyone under age 16 (GDPR threshold) or under 13 (US COPPA threshold). Contact us at [email protected] if you believe we have inadvertently collected data from a child.
10. Security Measures
We implement appropriate technical and organizational measures including HTTPS/TLS encryption, access controls, and secure hosting infrastructure. No method of transmission over the internet is completely secure.
11. Data Breach Notification
In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we will notify affected users without undue delay in accordance with GDPR Article 34, and the relevant supervisory authority within 72 hours where required by Article 33.
12. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. We will update the “Last Updated” date when we do so.
13. Contact Us
For any questions, requests, or complaints regarding this Privacy Policy:
Email: [email protected]