Privacy Policy

1. Introduction

Sodacrew Global Inc. ("Company," "we," "us," or "our") operates SodaRamp at crypto.sodagift.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service. By using the Service, you consent to the practices described in this policy.

Data Controller: Sodacrew Global Inc., California, United States. For privacy inquiries, contact us at support@sodagift.com.

2. Information We Collect

2.1 Information You Provide

• Email address — for account creation and authentication (Magic Link sign-in)
• Recipient email address — for gift card delivery
• Gift messages — optional messages attached to gift card orders

2.2 Information Collected Automatically

• Order data — product selection, order amounts, currencies, order status, and points earned/redeemed
• Payment references — Coinbase Commerce charge IDs and codes (we do not store wallet addresses or private keys)
• Usage data — pages visited, browser type, device information, and IP address via standard web server logs
• IP geolocation — approximate country-level location derived from your IP address, used for region detection and fraud prevention

2.3 Identity Verification Data (if applicable)

If identity verification (KYC) is required for your account, we may collect:

• Government-issued photo identification (passport, driver's license, national ID)
• Proof of address documentation
• Source of funds information

Identity verification data is processed solely for legal compliance purposes (AML/KYC) and is handled with heightened security measures.

3. Legal Basis for Processing

We process your personal information based on the following legal grounds:

• Contractual Necessity — to fulfill gift card orders and provide the Service you requested
• Consent — when you create an account and agree to this Privacy Policy
• Legal Obligation — to comply with applicable laws, including AML/KYC regulations, tax obligations, and responses to lawful requests from authorities
• Legitimate Interest — to detect and prevent fraud, improve the Service, and ensure security of our platform

4. How We Use Your Information

• To authenticate your identity and manage your account
• To process and fulfill gift card orders
• To deliver gift cards to designated recipients via email
• To manage the points reward program (tracking points earned, redeemed, and balance)
• To communicate order status and important service updates
• To detect and prevent fraud, money laundering, or unauthorized access
• To comply with legal and regulatory obligations, including AML/KYC requirements
• To respond to lawful requests from law enforcement or regulatory authorities
• To improve, maintain, and optimize the Service

5. Third-Party Services

We share your information with the following third-party service providers only as necessary to operate the Service:

• Supabase — database hosting and authentication. See Supabase Privacy Policy.
• Coinbase Commerce — cryptocurrency payment processing. See Coinbase Privacy Policy.
• SodaGift for Biz — gift card fulfillment and delivery. See SodaGift Privacy Policy.
• Vercel — website hosting and edge computing. See Vercel Privacy Policy.

We do not sell, rent, or trade your personal information to any third parties for marketing or advertising purposes.

6. Disclosure to Authorities

We may disclose your personal information to law enforcement, regulatory authorities, or government agencies when:

• Required by applicable law, regulation, or legal process (such as a court order or subpoena)
• Necessary to comply with AML/KYC obligations, including reporting suspicious transactions to financial intelligence units
• Necessary to protect the rights, safety, or property of the Company, our users, or the public
• Required to enforce our Terms of Service

7. International Data Transfers

The Company is based in the United States, and your personal information is primarily processed and stored in the United States by us and our service providers (Supabase, Coinbase Commerce, Vercel). If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to the transfer of your information to the United States. We take reasonable steps to ensure that your personal information is treated securely and in accordance with this Privacy Policy, regardless of where it is processed.

8. Data Retention

We retain your personal information for the following periods:

• Account information — retained as long as your account is active, and for up to 12 months after account deletion to handle any outstanding issues
• Order and transaction records — retained for a minimum of 5 years to comply with financial record-keeping and AML regulations
• Points program data — retained as long as your account is active; forfeited upon account termination
• Identity verification documents — retained for the duration required by applicable AML/KYC regulations (typically 5 years after the end of the business relationship)
• Server logs and usage data — retained for up to 90 days for security and debugging purposes

You may request deletion of your account and personal data by contacting us. Certain data may be retained longer if required by law or necessary to resolve disputes.

9. Data Security

We implement industry-standard security measures to protect your personal information, including:

• Encrypted connections (TLS/HTTPS) for all data in transit
• Row-level security (RLS) on our database ensuring users can only access their own data
• Passwordless authentication via Magic Link (no password storage or exposure risk)
• Restricted access to personal data on a need-to-know basis among our team
• Regular security reviews of third-party service providers

Despite these measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Right of Access — request a copy of the personal data we hold about you
• Right to Rectification — request correction of inaccurate or incomplete data
• Right to Erasure — request deletion of your personal data (subject to legal retention requirements)
• Right to Restrict Processing — request that we limit how we use your data
• Right to Data Portability — receive your data in a structured, machine-readable format
• Right to Object — object to processing based on legitimate interests
• Right to Withdraw Consent — withdraw previously given consent at any time

For EU/EEA Residents (GDPR)

If you are located in the European Union or European Economic Area, you have the above rights under the General Data Protection Regulation (GDPR). You also have the right to lodge a complaint with your local data protection supervisory authority.

For Korean Residents (PIPA)

If you are a resident of the Republic of Korea, you have rights under the Personal Information Protection Act (PIPA), including the right to access, correct, delete, and suspend processing of your personal information.

For California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right not to be discriminated against for exercising your privacy rights. We do not sell personal information as defined by the CCPA.

To exercise any of these rights, please contact us at support@sodagift.com. We will respond to your request within 30 days (or sooner if required by applicable law).

11. Cookies and Tracking

We use essential cookies only for authentication session management (maintaining your login state). We do not use tracking cookies, third-party advertising cookies, or analytics cookies. We do not participate in cross-site tracking.

We do not currently respond to "Do Not Track" (DNT) browser signals, as there is no uniform standard for DNT signals. However, since we do not engage in third-party tracking, this has no practical effect on your privacy.

12. Children's Privacy

The Service is not intended for individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly.

13. Automated Decision-Making

We may use automated systems for fraud detection and prevention, including analyzing transaction patterns and IP geolocation data. These systems may automatically flag or block suspicious transactions. If you believe an automated decision has been made in error, you may contact us for a manual review.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. If the changes are significant, we may also notify you via email. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Sodacrew Global Inc.
California, United States
Email: support@sodagift.com