Privacy Policy

Socitic, Inc. ("Socitic", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website or use our platform services.

This policy applies to all users of the Socitic platform — consumers who leave reviews, businesses that manage profiles, and visitors who browse the site. Please read this policy carefully. By using our Service, you consent to the practices described herein.

If you have questions about this Privacy Policy, contact our Data Protection team at privacy@socitic.com.

We collect several types of information to provide and improve our Service:

Account Information: When you register, we collect your name, email address, and password. Businesses additionally provide company name, address, phone number, and verification documents.

Profile Information: Information you voluntarily add to your profile, such as a profile picture, bio, or preferences.

Review & Content Data: Reviews, ratings, photos, and comments you submit to the platform, along with metadata such as timestamp, device type, and location data.

Usage Data: We automatically collect information about how you interact with our Service, including pages visited, features used, search queries, click patterns, and session duration.

Device & Technical Data: IP address, browser type and version, operating system, device identifiers, and cookie data.

Communications: If you contact us via email or our support system, we retain those communications to help resolve your request.

We use cookies and similar tracking technologies to enhance your experience and gather analytics data. The types of cookies we use include:

Essential Cookies: Required for the platform to function. These include session cookies, authentication tokens, and security cookies. You cannot opt out of these.

Analytics Cookies: Help us understand how users interact with our platform. We use this data to improve the Service. These can be disabled in your browser settings.

Preference Cookies: Remember your settings and preferences (e.g., language, notification preferences) to personalise your experience.

Marketing Cookies: Used to show relevant advertisements and measure ad campaign effectiveness. These are only placed with your consent.

You can manage your cookie preferences through your browser settings or our Cookie Preference Centre, accessible from the footer of our website.

We use the information we collect for the following purposes:

• To create and manage your account and verify your identity • To display your reviews, ratings, and profile information on the platform • To detect and prevent fraudulent reviews, spam, and platform abuse • To generate trust scores and business rankings using our AI systems • To send transactional emails (e.g., account verification, review replies) • To send you newsletters and marketing communications (with your consent) • To analyse platform usage and improve our features and performance • To comply with legal obligations and respond to lawful requests from authorities • To enforce our Terms and Community Guidelines • To provide customer support and resolve disputes

We do not sell your personal data to third parties. We may share your information in the following circumstances:

With Service Providers: We share data with trusted third-party vendors who perform services on our behalf, such as cloud hosting (Microsoft Azure), email delivery, analytics, and fraud detection. These providers are contractually bound to protect your data.

Public Information: Reviews, ratings, profile names, and photos you submit are publicly visible on the platform. Exercise care about what personal information you include in your reviews.

Business Profiles: When you interact with a claimed business profile (e.g., the business responds to your review), that business can see your public review and display name.

Legal Requirements: We may disclose your information if required by law, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Socitic, our users, or the public.

Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

We retain your personal data for as long as your account is active or as needed to provide you with our Service. Specifically:

• Account data is retained for the lifetime of your account plus 30 days after deletion • Reviews and public content may remain visible for up to 90 days after account deletion, as other users may have interacted with this content • Analytics and usage logs are retained for 24 months • Legal and compliance records may be retained for up to 7 years as required by law

You may request deletion of your account and associated personal data at any time by contacting privacy@socitic.com. We will process your request within 30 days.

We implement industry-standard security measures to protect your personal data from unauthorised access, disclosure, alteration, or destruction:

• All data transmitted between your browser and our servers is encrypted using TLS 1.3 • Passwords are hashed using bcrypt with a unique salt per user — we cannot recover your password • Access to production databases is restricted to authorised personnel with multi-factor authentication • We perform regular security audits and penetration testing • Our infrastructure is hosted on Microsoft Azure with SOC 2 Type II certification

Despite these measures, no transmission over the internet is 100% secure. We encourage you to use a strong, unique password and enable two-factor authentication on your account.

Depending on your location, you may have the following rights regarding your personal data:

Right of Access: Request a copy of the personal data we hold about you.

Right to Rectification: Request correction of inaccurate or incomplete data.

Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.

Right to Portability: Receive your data in a structured, machine-readable format.

Right to Object: Object to processing of your data for direct marketing or profiling purposes.

Right to Restrict Processing: Request that we limit how we use your data in certain circumstances.

To exercise any of these rights, submit a request to privacy@socitic.com. We will respond within 30 days. For EEA and UK users, you also have the right to lodge a complaint with your local data protection authority.

The Socitic platform is not directed at children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@socitic.com. Upon verification, we will delete the child's information from our systems promptly.

Users between 13 and 18 years of age may only use the Service with the involvement and consent of a parent or legal guardian.

Socitic operates globally. Your personal data may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

Where we transfer data outside the European Economic Area (EEA) or United Kingdom, we ensure appropriate safeguards are in place, including: • Standard Contractual Clauses (SCCs) approved by the European Commission • Transfers to countries with adequate protection decisions from the relevant authority • Binding Corporate Rules where applicable

By using our Service, you consent to the transfer of your information to countries outside your country of residence in accordance with this policy.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will:

• Post a prominent notice on our platform • Send an email notification to registered users • Update the "Last Updated" date at the top of this policy

We encourage you to review this policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.