Sataday

Your Privacy, Our Commitment.

Scope & Applicability

- **Controller:**

Sataday, Inc., a Delaware C‑Corporation, is the data controller responsible for the processing of your personal data under this Policy.

- **Products Covered:**

This Policy governs Sataday’s product offerings, including Venom.AI earbuds, the Venom.AI companion app, related websites, and any future features or services labeled under the Sataday or Venom.AI brands.

- **Shadow‑Testing Phase:**

During the Venom.AI shadow‑testing phase, we collect billing, shipping, and usage data in advance to charge users one week prior to shipment and provide a personalized AI experience.

- **Updates:**

We may update this Policy from time to time. If we make material changes, we will notify you via the email address on file or post a prominent notice on our website at least thirty (30) days before the changes take effect.

Information We Collect

We collect various types of information from and about you when you interact with our Services, register for shadow testing, place orders, or use Venom.AI.

### 2.1 Personal Identification & Contact Data

- **Full Name** (first and last name)

- **Email Address** (used for order confirmations, support, and notifications)

- **Phone Number** (used to send shipping updates or troubleshoot technical issues)

- **Billing Address** (street address, city, state/province, ZIP/postal code, and country)

- **Shipping Address** (may be the same as billing; used to ship the final product)

### 2.2 Payment & Financial Information

- **Payment Method Details:**

We collect credit/debit card information or other payment method details (e.g., bank account) via our third‑party payment processor. Sataday never stores your full card number; we only store non‑reversible tokens or the last four digits for reference.

- **Transaction History:**

Information about the Venom.AI product cost, taxes, fees, dates and amounts charged, refunds issued, and related billing metadata.

### 2.3 Device & Usage Data

- **Device Identifiers:**

Unique device IDs, operating system version, app version, and hardware model to ensure compatibility and troubleshoot technical issues.

- **Usage Analytics:**

 Logs of how you interact with the Venom.AI app (e.g., feature usage, error reports), performance metrics, and crash reports.

- **IP Address & Location (Approximate):**

Collected automatically when you access our Services, used to detect suspicious activity or provide location‑based features (e.g., shipping estimates).

### 2.4 Voice & Audio Data (If Applicable)

- **Voice Commands & Audio Inputs:**

If you use Venom.AI’s voice interaction features, we may collect and process your voice recordings or transcripts to understand and execute commands. Unless you explicitly consent, we do not store full audio files indefinitely; only short‑term recordings to process immediate requests, with longer retention only where needed for personalized training (see Section 2.5).

### 2.5 AI Model‑Training & Personalization Data

- **User‑Provided Text, Voice, and Behavioral Data:**

During shadow testing, any messages you send, prompts you speak, or behavioral signals (e.g., pauses, corrections) that you explicitly provide to train a personalized Venom.AI model.

- **Derived Data & Embeddings:**

Parameters, embeddings, or model artifacts created from your raw data, used exclusively to improve your own Venom.AI experience. These are stored as long as you remain an active user (see Section 8).

How We Collect Information

- **Directly from You:**

When you fill out the shadow‑testing pre‑registration form, submit billing and shipping details, place an order, interact with customer support, or otherwise provide information through our apps or sites.

- **Automatically:**

Via cookies, web beacons, SDKs in our app (e.g., analytics SDKs), server logs, and device telemetry.

- **From Third Parties:**

- **Payment Processors (e.g., Stripe):**

We receive payment confirmation, tokenized payment details, and risk‑scoring results.

- **Shipping Carriers (e.g., UPS, FedEx):*

* We obtain shipment tracking data and delivery status.

- **Marketing Platforms (e.g., Google Analytics, Mixpanel):**

We may employ third‑party analytics to aggregate anonymous usage patterns.

- **Fraud Detection Services:**

We may share limited PII (e.g., name, address, IP) to verify identity or detect suspicious transactions.

Purposes for Which We Use Your Information

### 4.1 Order Fulfillment & Billing

- **Payment Authorization & Charges:**

To charge your payment method one week (7 days) prior to the scheduled ship date.

- **Order Confirmation & Updates:** To send you purchase confirmations, shipping notifications, and tracking details.

### 4.2 Customer Support & Account Management

- **Troubleshooting & Technical Support:**

To diagnose and resolve issues you encounter with Venom.AI hardware or software.

- **Account Administration:**

To create and maintain your Venom.AI account, manage login credentials, and update your preferences.

### 4.3 Personalized AI Model Training

- **Customization of Venom.AI Experience:**

We use the voice, text, and behavioral data you provide during shadow testing to train a unique AI model tailored solely to you.

- **Model Updates & Maintenance:**

To refine your personal Venom.AI model over time, accommodating new preferences or language patterns.

- **Strict Limitation:**

Under no circumstances do we use your personal model‑training data to train any general Venom.AI model, for commercialization, or for third‑party use. Your data is encrypted, segmented by user, and never pooled with other users’ data.

### 4.4 Service Improvement & Product Development

- **Aggregate Analytics:**

We generate de‑identified, aggregated statistics about app usage, feature adoption, and performance trends to improve Venom.AI and related Sataday products.

- **Quality Assurance & Testing:**

We analyze logs and telemetry to identify bugs, monitor system health, and plan new feature rollouts.

### 4.5 Legal & Compliance

- **Fraud Detection & Prevention:**

- **Regulatory Compliance:** To comply with tax laws, anti‑money laundering requirements, and other obligations (e.g., Know Your Customer [KYC] checks, if applicable).

- **Enforce Our Terms:**

To investigate potential violations of our Terms of Service or applicable laws, and to defend against legal claims.

Legal Basis for Processing

While Sataday is primarily U.S.‑based, we recognize that some customers may reside in jurisdictions with data protection laws (e.g., GDPR, CCPA). Below are our primary legal bases for processing data where required:

- **Contract Performance:**

Processing your billing, shipping, and account data is necessary to fulfill our contract with you (i.e., to deliver Venom.AI and provide associated Services).

- **Legitimate Interests:**

We rely on our legitimate interest to operate and improve our business (e.g., fraud prevention, service optimization), provided that such interests do not override your fundamental rights and freedoms.

- **Consent:**

In any instance where we request optional data (e.g., marketing opt‑in, cookies for analytics beyond essential site functionality), we will seek your explicit consent before collecting or processing.

- **Legal Obligation:**

Where we process personal data to comply with applicable laws—such as tax reporting, regulatory filings, or responding to lawful requests by public authorities.

How We Share & Disclose Your Information

### 6.1 Internal Disclosure

- **Sataday Teams:**

Access to your personal data is limited to those Sataday employees, contractors, and partners who have a valid business “need to know” (e.g., engineering teams, customer support, finance). All access is governed by strict confidentiality obligations.

### 6.2 Third‑Party Service Providers

We employ third‑party vendors to help us deliver the Services. These vendors include, but are not limited to:

1. **Payment Processors (e.g., Stripe):**

To securely process your card payments. We share non‑sensitive payment tokens and transaction metadata.

2. **Shipping & Fulfillment Partners (e.g., UPS, FedEx):**

We share your name, shipping address, and order details so they can deliver your Venom.AI earbuds.

3. **Cloud Infrastructure & Hosting (e.g., AWS, Google Cloud):** We rely on encrypted storage and compute services to host our apps, databases, AI models, and backups.

4. **Analytics & Monitoring Providers (e.g., Google Analytics, Mixpanel):**

5. **Customer Relationship Management (CRM) & Email Marketers (e.g., Zendesk, Mailchimp):** To send transactional emails (order confirmations, support tickets) and, if you opt in, marketing newsletters.

All third parties are contractually bound to handle your data in compliance with this Privacy Policy, applicable law, and industry best practices (e.g., PCI‑DSS for payment data).

### 6.3 Legal & Regulatory Disclosures

- **To Comply with Law:**

We may disclose your data if required by a subpoena, court order, or other legal processes. We will exercise reasonable efforts to notify you of such requests, unless prohibited by law.

- **To Protect Rights:**

We may disclose your information when we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, potential threats to safety, or violations of Sataday’s Terms of Service.

- **Business Transfers & Corporate Transactions:**

In the event of a merger, acquisition, sale of assets, or other business transaction, user data—subject to confidentiality obligations—may be transferred to the acquiring entity. We will notify you in advance of any material change to our data practices in connection with such transactions.

### 6.4 What We Never Do

- **Sale of Personal Data:**

Sataday does **not** sell, rent, or trade your personal information to any third party for their marketing or commercial use.

- **Unauthorized Data Sharing:**

We do not share your model‑training data or raw voice/text logs with any third parties for their own model development or research.

Payment & Billing Practices (Shadow‑Testing Phase)

Because you are participating in Venom.AI’s shadow‑testing program, the following practices apply:

1. **Upfront Collection of Payment & Shipping Information:**

We collect your billing and shipping address details when you sign up for shadow testing. This enables us to charge you and ship your earbuds promptly once production is ready.

2. **Timing of Charges:**

We will charge the payment method you provided exactly one week (7 days) prior to the scheduled shipment date of your Venom.AI earbuds. The charge will cover the product cost, applicable taxes, and shipping fees.

3. **Refund & Cancellation Policy:**

- **Cancellation More Than 7 Days Before Shipment:** You may cancel without penalty and receive a full refund.

- **Cancellation Within 7 Days After Charge but Before Shipment:** You will receive a full refund of the product cost and taxes, minus a processing fee of $25 (to cover transaction reversal and restocking costs).

- **Cancellation After Shipment:**

Standard return policy applies (see Section 7.4).

- **Product Defects or Seller’s Fault:**

If the product arrives damaged or defective, we will pay return shipping costs and issue a full refund or replacement at no charge.

4. **Payment Security:**

All payments are processed through our PCI‑DSS–compliant gateway (e.g., Stripe). Sataday does not store full credit card numbers—only secure tokens and the last four digits for reference.

5. **Failed Payment Fees:**

If your payment method is declined when attempting to collect one week prior to shipment, we will notify you via email and attempt a second charge within 48 hours. If the second attempt fails, your pre‑order may be canceled, and you will forfeit any promotional discounts associated with shadow testing.

Data Retention & Deletion

### 8.1 Retention Periods

- **Billing & Shipping Data:**

Retained for at least seven (7) years to comply with U.S. tax and accounting regulations.

- **Account Credentials & Contact Data:**

Retained as long as your Venom.AI account remains active. If you close your account, we will delete or anonymize your contact information within thirty (30) days, unless a longer retention is required by law.

- **AI Model‑Training Data (Raw & Derived):**

- **Raw Logs (Voice/Text):** Retained for the duration of your Venom.AI subscription or shadow‑testing participation, plus a maximum of thirty (30) days thereafter to facilitate model completion.

- **Derived Embeddings/Models:**

Stored as long as you remain an active Venom.AI user. Upon account deletion or written request, we will delete all derived parameters and model artifacts associated with you within sixty (60) days. Note that once a personalized model is trained, it is not feasible to “untrain” previous versions; however, no new data will be incorporated after deletion, and older model snapshots will be purged.

- **Usage Analytics & Logs:**

Non‑personalized, aggregated analytics may be retained indefinitely to inform long‑term product development. Any logs containing PII will be anonymized or deleted within one (1) year unless a longer period is legally required.

### 8.2 Your Rights & How to Exercise Them

- **Access & Portability:**

You have the right to request a copy of the personal data we hold about you, including structured data sets (e.g., your account profile, billing history, and raw model‑training transcripts). To request a copy, email data‑privacy@sataday.com with “Data Access Request” in the subject line. We will respond within thirty (30) days.

- **Correction & Updating:**

If your personal or billing/shipping data is inaccurate or incomplete, you may update it directly via your account settings or by contacting support@sataday.com. We will promptly correct any inaccuracies.

- **Deletion (“Right to Be Forgotten”):**

You may request the deletion of your Sataday account and all associated personal data by emailing data‑privacy@sataday.com with “Delete My Data” in the subject line. We will delete your PII, raw logs, and derived model artifacts (as described above) within sixty (60) days. Note: Because AI models cannot be “untrained” from historical data, certain aggregated or anonymized logs may persist in backups for up to seven (7) years, but no personally identifiable information will be retrievable by user.

- **Opt‑Out of Marketing Communications:**

To stop receiving promotional emails, click “Unsubscribe” in any marketing email or contact marketing@sataday.com. You will continue to receive transactional emails regarding orders, billing, or critical service updates.

- **Do Not Track (“DNT”):**

Our website does not currently respond to browser “Do Not Track” signals, but we do not use personal data for interest-based advertising without your explicit consent.

Security of Your Information

Sataday is committed to protecting the personal data you provide. We implement a combination of technical, physical, and administrative safeguards:

### 9.1 Technical Safeguards

- **Encryption:**

- **In Transit:** All data transmitted between your device and our servers is encrypted using industry-standard TLS (Transport Layer Security).

- **Access Controls:**

- **Authentication:** All Sataday staff access internal systems (databases, servers) using multi‑factor authentication (MFA).

- **Least-Privilege Principle:** Access to personal data is limited strictly to employees and contractors who require it for job functions (e.g., support agents, engineers).

- **Regular Audits:** We conduct annual penetration tests and quarterly vulnerability scans of our infrastructure. Any identified vulnerabilities are remediated within thirty (30) days or less if deemed critical.

### 9.2 Organizational Safeguards

- **Employee Training:**

All employees undergo annual data privacy and security training, covering best practices (e.g., phishing awareness, secure password management).

- **Incident Response Plan:**

We maintain a documented security incident response plan. In the event of a data breach involving unsecured PII,

1. Assess scope and severity within 24 hours

2. Notify affected users via email within 72 hours of discovery

3. Cooperate with regulators and, if legally required, public authorities

4. Provide affected users with remediation steps (e.g., password reset, credit monitoring offers if financial data is exposed)

Your Rights & How to Exercise Them

- **Access & Portability:**

- **Correction & Updating:**

- **Deletion (“Right to Be Forgotten”):**

- **Opt‑Out of Marketing Communications:**

- **Do Not Track (“DNT”):**

Our website does not currently respond to browser “Do Not Track” signals, but we do not use personal data for interest-based advertising without your explicit consent.

Cookies & Tracking Technologies

### 10.1 Types of Cookies We Use

- **Essential Cookies:**

Necessary for basic site functionality—keeping you logged in, maintaining your shopping cart, and enabling secure checkout.

- **Analytics Cookies:**

De‑identified cookies (e.g., Google Analytics) that help us understand how users navigate our website or app. Data is aggregated and does not identify individual users.

- **Functional Cookies:**

Remembering your preferences (e.g., language, notification settings) to improve your user experience.

- **Advertising/Marketing Cookies:** Only used if you opt in to marketing communications; may be employed to measure campaign performance or retarget cookie holders with promotional offers.

### 10.2 Managing Cookies & Tracking

- **Browser Controls:**

You can adjust your browser settings to block or delete cookies at any time. Note that blocking essential cookies may prevent you from using certain functionality on our site.

- **Consent Banner:**

Upon your first visit to our website, you will see a cookie banner explaining our use of essential and non‑essential cookies. You may accept or reject non‑essential cookies.

Organizational Safeguards

- **Employee Training:**

All employees undergo annual data privacy and security training, covering best practices (e.g., phishing awareness, secure password management).

- **Incident Response Plan:**

We maintain a documented security incident response plan. In the event of a data breach involving unsecured PII,

Managing Cookies & Tracking

- **Browser Controls:**

You can adjust your browser settings to block or delete cookies at any time. Note that blocking essential cookies may prevent you from using certain functionality on our site.

- **Consent Banner:**

Upon your first visit to our website, you will see a cookie banner explaining our use of essential and non‑essential cookies. You may accept or reject non‑essential cookies.

Children’s Privacy

Venom.AI and related Sataday Services are intended for users aged 13 and older. We do not knowingly collect personal data from children under 13. If we become aware that we have inadvertently obtained information from a child under 13, we will promptly delete such data. If you are a parent or guardian and believe we have collected information from a child under 13, please contact data‑privacy@sataday.com.

International Data Transfers

Although Sataday is headquartered in the United States, we may process or store your personal data on servers located in the U.S. or in other countries where our service providers operate. By using our Services, you authorize the transfer of your data to the United States or any other country where our third‑party processors conduct business. For residents of the European Economic Area (EEA) or United Kingdom (UK), we employ Standard Contractual Clauses (SCCs) where required, to ensure that your data continues to receive an adequate level of protection.

Third‑Party Links & Embedded Content

Our websites, applications, or emails may contain links to third‑party websites, payment portals, or embedded content (e.g., videos, social media widgets). This Privacy Policy does not apply to those third‑party sites. We encourage you to review their privacy policies before providing any personal data. Sataday is not responsible for the privacy practices or content of third‑party sites.

Your Rights Under Applicable Laws

Depending on your jurisdiction, you may have additional rights concerning your personal data:

- **California Residents (CCPA/CPRA):**

- **Right to Know/Access:** Request details on categories of personal data we collect, share, or sell (Sataday does not sell personal data).

- **Right to Delete:** Request deletion of personal data, subject to exceptions (e.g., legal retention requirements).

- **Right to Opt Out of Sale or Sharing:**

Sataday does not sell or share personal data for cross‑context behavioral advertising; if that changes, you may opt out.

- **European Residents (GDPR):**

- **Right of Access:** Obtain a copy of your personal data in a structured, commonly used format.

- **Right to Rectification:** Correct inaccurate or incomplete personal data.

- **Right to Erasure (“Right to Be Forgotten”):** Request deletion of your data, subject to legal obligations.

- **Right to Restrict Processing:** Request limitation of processing activities in certain circumstances.

- **Right to Data Portability:** Request transfer of your data to another controller in a commonly used format.

- **Right to Object to Processing:** Object if we process your data based on legitimate interests or direct marketing.

- **United Kingdom (UK GDPR):** Comparable rights as the EU GDPR.

- **Other Jurisdictions:** You may have additional local rights to access, correct, or delete your data, or to withdraw consent if processing is based on consent. Please contact data‑privacy@sataday.com to exercise any such rights.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

**Sataday, Inc.**

Attn: Data Privacy Team

1234 Innovation Way

Wilmington, DE 19801, USA

Email: data‑privacy@sataday.com

For support related to orders, shipping, or product issues, please contact: support@sataday.com.

For marketing inquiries or to unsubscribe from promotional emails, please contact: marketing@sataday.com.

Governing Law & Dispute Resolution

This Privacy Policy and any disputes arising out of or related to it will be governed by the laws of the State of Delaware, United States, without regard to its conflict‑of‑law provisions. Any legal action or proceeding related to this Policy shall be brought exclusively in the state or federal courts located in New Castle County, Delaware. You agree to submit to the personal jurisdiction of these courts.

Severability & Changes to This Policy

If any provision of this Privacy Policy is held invalid or unenforceable, the remaining provisions will continue in full force and effect. Sataday reserves the right to modify this Policy at any time. If we make material changes, we will notify you via email or by posting a notice on our website at least thirty (30) days before those changes become effective. Your continued use of our Services after the updated Policy takes effect constitutes your acceptance of the revised terms.

---

Acknowledgment

By using the Venom.AI shadow‑testing program, placing an order, or otherwise interacting with Sataday’s Services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. If you do not agree, please refrain from providing your personal information or using our Services.