DawlessArcade Platform Privacy Policy

The DawlessArcade platform (the "Platform") is a collaboration of three affiliated legal entities:

• App Axis LLC ("App Axis") — the operating company and the entity named as developer/publisher on app stores. Operates the Platform day-to-day, provides customer support, and holds the bank account through which subscription payments are processed. Acts as the primary data controller for the relationship with subscribers.
• Dawless Arcade Global Entertainment LLC ("DAGE") — owner of all Content distributed on or through the Platform per the Terms of Service. Acts as the data controller in respect of Content and contract-participation records.
• Surety Substance and Seed Group LLC ("Surety") — owner of the underlying software, licensed to DAGE for use as the Platform.

In this Privacy Policy, "we," "us," and "our" refer collectively to these three entities. Surety holds no user data directly. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the Platform.

This Privacy Policy applies to all users of the Platform, including content creators, subscribers, and visitors. By using the Platform, you consent to the data practices described in this Privacy Policy.

1. Information We Collect

1.1 Information You Provide Directly

We collect information you voluntarily provide when creating an account, using the Platform, or communicating with us:

Account and Profile Information

• Identity Information: Full legal name, username, email address, phone number, date of birth, profile photo
• Avatar Information: Avatar name, avatar image, bio, talents (up to 3), intended content creator roles, website, social media handles
• Demographic Information: Country of residence, city, language preference
• Authentication Data: Password (stored only as a salted hash); SMS one-time codes used for phone verification and to authorise withdrawals

Payment and Financial Information

• Subscription Payment: Payment card details, billing address, payment processor customer ID
• Wallet Information: Bank account details, PayPal email, Stripe account information
• Tax Information: Tax identification number (SSN/EIN), W-9 or W-8BEN documentation, tax residency status
• Transaction History: Subscription payments, earnings, withdrawals, Purse balance history

Content and Communications

• User Content: All content you create, upload, or submit through the Platform (audio, video, images, text, code)
• Contract Information: Contract participation, role designations, percentage splits, negotiation history
• Communications: Messages to other users, support requests, feedback, survey responses
• Pre-Invitation Responses: Answers to Know, Like, and Trust questions during registration

1.2 Information Collected Automatically

When you access or use the Platform, we automatically collect certain information:

Device and Technical Information

• Device Information: Device type, operating system, browser type and version, unique device identifiers
• Network Information: IP address, internet service provider, mobile carrier
• Location Data: Country and approximate region derived from your IP address. We do not collect precise GPS location.

Usage Information

• Platform Activity: Pages visited, features used, actions taken, time spent on Platform
• Login Information: Login timestamps, login locations, session duration, login attempt history
• Content Interactions: Content views, plays, downloads, shares, engagement metrics
• Search Queries: Search terms used within the Platform

Cookies and Tracking Technologies

• Cookies: Small data files stored on your device to remember preferences and sessions
• Local Storage: Browser storage used for Platform functionality
• Server Telemetry: Server-side performance, error, and request telemetry sent to our cloud telemetry provider (Microsoft Azure Application Insights). This does not include browser-side analytics, advertising pixels, or behavioural tracking — see Section 10.2.

1.3 Information from Third Parties

We may receive information about you from third-party sources:

• Invitation Source: Information about who invited you to the Platform
• Payment Processors: Transaction confirmations, fraud alerts, payment verification
• Streaming Platforms: Revenue data, play counts, engagement metrics from integrated platforms (Spotify, YouTube, etc.)
• Identity Verification Services: Identity verification results, fraud screening

2. How We Use Your Information

2.1 Platform Operations

• Create and manage your account and Avatar
• Process subscription payments and manage billing
• Facilitate content creation, contracts, and collaborations
• Calculate and distribute revenue to Purses and Wallets
• Process withdrawals to your bank account or payment processor
• Manage invitation tokens and invitation tree relationships
• Calculate and display your Negotiation Personality score
• Distribute Community Cystern earnings monthly

2.2 Communication

• Send transactional emails (account confirmation, password reset, payment receipts)
• Notify you of contract proposals, approvals, and status changes
• Alert you to revenue distributions and withdrawal confirmations
• Inform you of policy violations, disciplinary actions, or account status changes
• Send Platform announcements and feature updates
• Respond to your support requests and inquiries

2.3 Security and Compliance

• Verify your identity and eligibility (age, geographic location)
• Detect, prevent, and investigate fraud, abuse, and policy violations
• Enforce our Terms of Service and protect Platform integrity
• Comply with legal obligations, including tax reporting
• Respond to legal requests (subpoenas, court orders, law enforcement)
• Maintain audit trails and cryptographic contract-integrity hashing for contract verification

2.4 Analytics and Improvement

• Generate analytics dashboards for your Avatar (earnings, content metrics, network stats)
• Analyze Platform usage to improve features and user experience
• Conduct research and develop new products and services
• Personalize your Platform experience
• Monitor Platform performance and troubleshoot technical issues

2.5 Legal Basis for Processing (Where Applicable)

3. How We Share Your Information

3.1 With Other Platform Users

Certain information is visible to other Platform users as part of normal Platform functionality:

• Public Avatar Profile: Avatar name, image, bio, talents, intended roles, location (city/country), social links
• Negotiation Personality: Your calculated collaboration score (Maximizer to Contributor)
• Contract Participation: Your role and percentage in published Contracts (visible to Contract participants and Notaries)
• Invitation Tree: Your position in the invitation network (invitor and invitees)
• Content: Content you create that is published through the Platform

3.2 With Service Providers

We share information with third-party service providers who perform services on our behalf:

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.3 With Streaming and Distribution Platforms

When Content is published through external platforms, we share necessary information:

• Content Metadata: Title, description, credits, artwork
• Rights Information: Ownership and licensing details
• Revenue Attribution: Information needed to track and report earnings

3.4 For Legal and Safety Reasons

We may disclose your information when we believe it is necessary to:

• Comply with applicable law, regulation, or legal process
• Respond to lawful requests from public authorities (court orders, subpoenas, government agencies)
• Protect the rights, property, or safety of the Company, our users, or the public
• Detect, prevent, or address fraud, security, or technical issues
• Enforce our Terms of Service or other agreements

3.5 Business Transfers

If the Company is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

3.6 With Your Consent

We may share your information for other purposes with your explicit consent.

3.7 Aggregated and De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you for research, analytics, marketing, or other business purposes.

4. Data Retention

4.1 Retention Periods

4.2 Terminated Accounts

When your account is terminated (disciplinary) or voluntarily cancelled:

• Your account is deactivated and you lose Platform access
• Your Avatar profile is removed from public view
• Your Content remains on the Platform (Company ownership per Terms of Service)
• Contract records are retained for ongoing revenue distribution to remaining participants
• Financial and tax records are retained for 7 years for legal compliance
• We may retain information necessary to enforce bans against terminated users

Account deletion is permanent. We do not offer a grace-period recovery window — once you confirm the deletion email link, the soft-delete and anonymisation run immediately and cannot be reversed by us. See Section 5.3 for the user-initiated deletion flow.

4.3 Content Retention

5. Your Rights and Choices

5.1 Access Your Information

You have the right to request a copy of the personal information we hold about you. You can access much of your information directly through your account settings and Avatar profile.

5.2 Correct Your Information

You can update your account information, Avatar profile, and preferences at any time through the Platform. For information you cannot update directly, contact us at Music@DawlessArcade.com.

5.3 Delete Your Account

You may delete your DawlessArcade account at any time through two paths:

• In the mobile app: Settings → Account → Delete Account (requires password re-entry to confirm).
• On the web: visit DawlessArcade.com/Account/Delete and follow the in-page instructions, or submit a deletion request through our public deletion request page if you cannot access the in-app flow.

When you delete your account, we will:

• Deactivate your account and remove your Avatar from public view;
• Anonymise personally-identifying fields (legal name, email address, phone number) so they no longer identify you;
• Revoke active sessions and delete device-registration tokens;
• Mark all notification preferences as opted-out.

Certain information is retained even after account deletion, as required by law or as a material condition of Platform use:

• Financial and tax records: retained for seven (7) years for legal and tax compliance.
• Contract records: retained indefinitely for ongoing revenue distribution to remaining participants.
• Content: retained indefinitely; DAGE owns Content per the Terms of Service.
• Disciplinary records: retained to enforce account bans and protect Platform integrity.

5.4 Withdraw Consent

Where we rely on consent to process your information, you may withdraw consent at any time. This will not affect the lawfulness of processing before withdrawal.

5.5 Opt-Out of Marketing

You can opt out of marketing communications at any time by:

• Clicking the "unsubscribe" link in marketing emails
• Adjusting your notification preferences in account settings
• Contacting us at Music@DawlessArcade.com

Note: You cannot opt out of transactional communications (payment confirmations, security alerts, contract notifications) while maintaining an active account.

5.6 Cookie Preferences

You can manage cookie preferences through:

• Our cookie consent banner (where applicable)
• Your browser settings
• Third-party opt-out tools

Note: Disabling certain cookies may affect Platform functionality.

5.7 How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: Music@DawlessArcade.com
• Mail: App Axis LLC, 13507 Circle Drive, Charlotte, NC 28262, United States

We will respond to your request within 30 days (or sooner if required by applicable law). We may ask you to verify your identity before processing your request.

6. Age Requirements (Adults Only)

6.1 Minimum Age

The Platform is intended for adults aged 18 and older. The financial features of the Platform — subscription billing, contract-based earnings distribution, identity verification (KYC), and payouts to external bank accounts or mobile-money wallets — require adult capacity to enter into a binding contract under the laws of the user's country of residence.

6.2 No Knowing Collection from Minors

We do not knowingly collect personal information from anyone under 18 years of age. The registration form requires a date of birth, and the server rejects any submission that indicates the user is under 18. If we discover that a person under 18 has provided personal information, we will promptly delete the account and the associated personal data.

6.3 Reporting Underage Users

If you believe a user is under 18 years of age, please report this to Music@DawlessArcade.com immediately. We will investigate and take action consistent with this Policy and applicable law.

6.4 COPPA

Because the Platform is for adults only and does not knowingly collect information from anyone under 18, the U.S. Children's Online Privacy Protection Act (COPPA) does not apply to our Platform.

7. South African Users (POPIA Compliance)

7.1 Responsible Party

The responsible party for processing your personal information under POPIA is:

App Axis LLC
13507 Circle Drive
Charlotte, NC 28262
United States

7.2 Information Officer

Our designated Information Officer is:

• Name: Jonathan Christopher (Information Officer, App Axis LLC)
• Email: Music@DawlessArcade.com (attention: Information Officer)

7.3 Your Rights Under POPIA

As a South African user, you have the following rights:

• Right to be notified: You have the right to be notified that your personal information is being collected, and the purpose for collection
• Right of access: You have the right to request access to your personal information
• Right to correction: You have the right to request correction of inaccurate personal information
• Right to deletion: You have the right to request deletion of your personal information (subject to limitations)
• Right to object: You have the right to object to the processing of your personal information for direct marketing
• Right not to be subject to automated decisions: You have the right to not be subject to decisions based solely on automated processing
• Right to complain: You have the right to lodge a complaint with the Information Regulator

7.4 Lodging a Complaint

If you are unsatisfied with how we handle your personal information, you may lodge a complaint with:

Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
P.O. Box 31533, Braamfontein, Johannesburg, 2017
Email: inforeg@justice.gov.za
Website: https://www.justice.gov.za/inforeg/

7.5 Cross-Border Transfers

Your personal information will be transferred to and processed in the United States, where our servers and Company are located. By using the Platform, you consent to this transfer. We ensure that appropriate safeguards are in place to protect your personal information in accordance with POPIA requirements.

8. International Data Transfers

8.1 Transfer to the United States

The Platform is operated from the United States. If you are located outside the United States, your personal information will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

8.2 Safeguards

We implement appropriate safeguards for international data transfers, including:

• Standard contractual clauses with service providers
• Data processing agreements requiring adequate protection
• Security measures described in Section 9 of this Policy

8.3 Consent to Transfer

By using the Platform, you explicitly consent to the transfer of your personal information to the United States and other countries as necessary for Platform operation.

9. Data Security

9.1 Security Measures

We implement technical and organizational measures to protect your personal information:

Technical Measures

• Encryption in transit: All API and web traffic protected with TLS/SSL.
• Encryption at rest: The most sensitive identifying fields — verified phone numbers, identity document numbers, bank account and routing numbers, payout email addresses, mobile-money account numbers, and tax identifiers — are encrypted with AES-256 at the application layer. All other data is protected by platform-level encryption provided by our cloud database host.
• Access Controls: Role-based access controls limiting data access to authorized personnel.
• Authentication: Secure salted password hashing; SMS one-time-code verification for sensitive actions such as withdrawals.
• Network Security: Firewalls, intrusion detection, DDoS protection.
• Monitoring: Security monitoring and logging of access attempts.

Organizational Measures

• Employee Training: Regular security and privacy training for staff
• Background Checks: Background checks for employees with data access
• Vendor Management: Security assessments of third-party service providers
• Incident Response: Documented procedures for security incidents
• Regular Audits: Periodic security assessments and penetration testing

9.2 Payment Security

Payment information is processed by PCI-DSS compliant payment processors. We do not store complete payment card numbers on our servers.

9.3 Tax Information Security

Tax identification numbers and documentation are encrypted and stored with additional access restrictions. Access is limited to personnel who require it for tax compliance purposes.

9.4 Your Security Responsibilities

You are responsible for:

• Maintaining the confidentiality of your login credentials
• Using strong, unique passwords
• Completing SMS verification when prompted (phone verification and withdrawal authorisation)
• Logging out from shared devices
• Reporting suspected unauthorized access immediately

9.5 Security Incidents

In the event of a data breach that affects your personal information, we will:

• Notify affected users as required by applicable law
• Notify relevant regulatory authorities as required
• Take steps to mitigate harm and prevent future incidents

10. Cookies and Tracking Technologies

10.1 Types of Cookies We Use

10.2 Third-Party Cookies

We may use cookies from third-party services including:

• Payment Processors (Stripe, PayStack): Fraud prevention and payment processing.

We do not currently use a third-party web-analytics provider (such as Google Analytics) and do not embed advertising or behaviour-tracking pixels. If this changes in the future, we will update this Policy and provide notice as required.

10.3 Managing Cookies

You can manage cookies through:

• Browser Settings: Most browsers allow you to block or delete cookies
• Platform Settings: Adjust cookie preferences in your account settings (where available)
• Opt-Out Tools:
  • Network Advertising Initiative: https://optout.networkadvertising.org/
  • Digital Advertising Alliance: https://optout.aboutads.info/

10.4 Do Not Track

Some browsers have a "Do Not Track" feature. We currently do not respond to Do Not Track signals, as there is no industry standard for compliance.

11. Third-Party Links and Services

11.1 External Links

The Platform may contain links to third-party websites, services, or applications. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access.

11.2 Integrated Platforms

When Content is distributed through third-party streaming platforms (Spotify, YouTube, TikTok, etc.), those platforms have their own privacy policies governing how they collect and use data. We are not responsible for the privacy practices of these platforms.

11.3 Social Media Features

If you connect your social media accounts to your Avatar profile, the social media platforms may collect information about your use of the Platform. Please review the privacy policies of those platforms.

12. Changes to This Privacy Policy

12.1 Updates

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated Privacy Policy on the Platform
• Updating the "Last Updated" date at the top of this Policy
• Sending you an email notification for significant changes
• Displaying a notice on the Platform

12.2 Review

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12.3 Continued Use

Your continued use of the Platform after changes become effective constitutes acceptance of the revised Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

General Privacy Inquiries

Email: Music@DawlessArcade.com
Mail:
App Axis LLC
Attn: Privacy Team
13507 Circle Drive
Charlotte, NC 28262
United States

POPIA Requests (South African Users)

Information Officer: Jonathan Christopher (App Axis LLC)
Information Officer Email: Music@DawlessArcade.com

Data Protection Requests

For formal data access, correction, or deletion requests, please email Music@DawlessArcade.com with the subject line "Data Protection Request" and include:

• Your full name and email address associated with your account
• A description of your request
• Any additional information that may help us locate your data

Response Time

We aim to respond to all privacy-related inquiries within 30 days. Complex requests may require additional time, and we will keep you informed of our progress.

BY USING THE DAWLESSARCADE PLATFORM, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY.