Privacy Policy - Calypso Suite

Operator: BIG TECH CORP

This Privacy Policy explains how we collect, use, disclose, retain, and otherwise process personal data when you use the Platform. We operate with a country allowlist and block certain regions. If you do not provide data that we reasonably require, we may not be able to provide some or all Platform features.

1. Data We Collect

1.1 Account, Wallet, and Usage Data

We may collect:

wallet address(es), public keys, transaction hashes, and authentication signatures;
profile information you provide;
device, browser, session, and security logs, including IP-derived region, timestamps, and fraud/risk signals;
geoblocking, sanctions, and circumvention-risk indicators; and
communications with support, legal, and safety teams.

1.2 Content, Messaging, and Interaction Data

We may collect:

content you upload and related metadata;
messages, prompts, outputs, moderation signals, and interaction metadata;
records indicating whether content or interactions were labeled as AI-generated, AI-assisted, fictional, or creator-managed; and
complaint, appeal, and enforcement records tied to Platform activity.

1.3 Verification Data (Stored or Received)

For members where access verification is required, and for creators as part of mandatory full KYC, we may collect, receive, use, and store verification data directly or through Ageevidence or other service providers, including:

age-assurance results and verification decisions;
ID images and extracted document data;
selfies, liveness videos, biometric comparison results, anti-spoofing signals, and reviewer notes;
sanctions, fraud, and risk-screening results;
source-of-funds, source-of-wealth, business, beneficial-owner, or tax information where requested; and
audit logs, re-verification history, and compliance-case notes.

1.4 Blockchain and Public-Ledger Data

Because the Platform uses blockchain settlement, we may collect or observe:

public wallet addresses;
on-chain payment amounts, timestamps, tokens, chain IDs, and routing details;
screening results tied to wallet or transaction risk; and
publicly visible transaction history associated with Platform-linked wallets.

1.5 Reports, Complaints, and Enforcement Data

We may collect:

reports submitted, evidence files, moderator decisions, case notes, and communications;
evidence-preservation records, access logs, device associations, and account restriction history; and
records relevant to suspected minors, NCII, deepfakes, copyright, fraud, or other safety complaints.

1.6 Cookies and Local Storage

We use cookies, local storage, and similar technologies for security, session integrity, preferences, fraud prevention, and, where enabled, analytics.

2. Sources of Data

We collect data:

directly from you;
automatically from your device, browser, wallet interaction, or use of the Platform;
from verification, moderation, infrastructure, security, or compliance vendors;
from public blockchains and public records where relevant to fraud, sanctions, or rights enforcement; and
from complainants, rights-holders, collaborators, or legal authorities.

3. How We Use Data

We use personal data:

to provide, secure, and operate the Platform;
to verify age and identity, including using Ageevidence or replacement providers;
to perform creator KYC, fraud prevention, abuse prevention, sanctions screening, and risk review;
to detect underage use, impersonation, NCII, deepfakes, prohibited content, and other policy violations;
to review content and messaging for trust-and-safety and legal compliance purposes;
to route and log transactions, investigate suspicious activity, and protect the Platform from fraud or misuse;
to respond to takedown requests, legal claims, and safety complaints;
to comply with legal obligations and defend legal claims; and
to improve moderation, enforcement, and safety systems, including through de-identified or limited internal analysis where appropriate.

4. Legal Bases for Processing

Depending on the context and your location, we process personal data on one or more of the following bases:

performance of a contract or steps taken at your request before entering a contract;
compliance with legal obligations;
legitimate interests, including safety, fraud prevention, sanctions compliance, abuse prevention, evidence preservation, product security, and legal defense;
consent, where law requires consent for a particular activity;
establishment, exercise, or defense of legal claims; and
substantial public interest or protection of individuals from unlawful or harmful activity, where recognized by applicable law.

5. Sensitive Data, Biometrics, and Verification Media

Verification media and related outputs may be sensitive. This can include biometric or biometric-related data, face-comparison results, government-ID data, and sexuality-related or explicit-content complaint records.

We may rely on third-party verification providers, including Ageevidence, and may receive from them raw data, derived data, risk scores, pass/fail outcomes, or verification metadata.

We store or control access to sensitive verification data using measures such as:

encryption at rest and in transit;
role-based access controls;
logging and audit trails for access and use; and
separation from routine product content storage where feasible.

6. Sharing

We may share data with:

service providers, including hosting, storage, security, trust-and-safety, moderation, age-verification, KYC, chain-analytics, fraud, sanctions-screening, and support providers;
professional advisers such as lawyers, auditors, investigators, and insurers;
legal authorities, regulators, courts, or law-enforcement bodies where required or where we reasonably believe disclosure is necessary;
complainants, rights-holders, affected parties, collaborators, or counterparties where reasonably necessary to investigate, resolve, or defend disputes or claims; and
actual or potential buyers, investors, or corporate counterparties in connection with a reorganization, financing, or transaction, subject to appropriate confidentiality or legal safeguards.

We do not sell personal data.

7. International Transfers

Your data may be processed in multiple countries depending on infrastructure, support operations, vendors, and legal requests. Where required, we use safeguards appropriate to the nature of the data and the risks involved.

8. Public Blockchain Notice

Blockchains are public, third-party networks. Wallet addresses, transaction hashes, and on-chain activity may be visible to others and may be effectively immutable.

Where data is written to a public blockchain, we may be unable to delete, alter, restrict, or reverse that data. Your privacy rights may therefore be limited with respect to information that is permanently recorded on a public blockchain and not solely under our control.

9. Retention

We retain data for as long as reasonably necessary for the purposes described above, including safety, fraud prevention, sanctions screening, legal defense, and compliance.

Data Type	Retention Period
Account, device, and security logs	18-36 months
Reports, appeals, and enforcement logs	5 years or longer if needed for safety, repeat-offender tracking, or legal defense
Member age-assurance records	For account duration and generally 2-5 years thereafter, or longer if needed for access control, fraud prevention, or legal defense
Creator verification, KYC, and compliance records	For account duration and generally 5-7 years thereafter, or longer if needed for safety reviews, legal defense, or compliance
Transaction, wallet-screening, and sanctions records	Generally 5-7 years or longer where required by law or compliance need
Takedown, rights-enforcement, and evidence-preservation records	5 years or longer if needed for disputes, investigations, or legal obligations

Data may be retained longer if required for legal defense, safety investigations, repeat-offender tracking, fraud prevention, or compliance.

10. Your Rights

Depending on your location, you may have rights to access, correct, delete, restrict, object to, or obtain a copy of certain data, subject to legal limits and retention obligations. You may also have a right to withdraw consent where processing depends on consent.

Available Rights (where applicable)

Access: Request a copy of certain personal data;
Correction: Request correction of inaccurate data;
Deletion: Request deletion of certain data, subject to our legal, safety, and fraud-prevention retention needs;
Portability: Receive certain data in a portable format where applicable;
Objection: Object to certain processing activities where applicable;
Withdrawal of consent: Withdraw consent for consent-based processing, without retroactive effect where permitted by law.

We may refuse or limit a request where necessary to protect another person's rights, comply with law, maintain legally required records, preserve evidence, prevent fraud, enforce Platform rules, or where the data is on a public blockchain outside our sole control.

11. Children

We do not permit minors. The Platform is for adults (18+) only. Report suspected minors immediately at [email protected].

12. Security Measures

We implement technical and organizational measures intended to protect personal data, such as:

encryption for sensitive data in transit and at rest;
signed URLs, scoped credentials, or equivalent access controls where applicable;
session security controls and access restrictions;
wallet screening, fraud detection, risk scoring, rate limiting, and abuse monitoring; and
audit logging, role-based access, and internal review controls.

No system is perfectly secure, and we cannot guarantee absolute security.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Continued use of the Platform after the effective date of the revised Policy indicates acceptance of the revised Policy.

14. Contact

For privacy inquiries, data requests, or general questions, please use our contact form. Urgent safety concerns: [email protected]