PRIVACY POLICY

Privacy Policy – Socra

Effective Date: September 30, 2025

Last Updated: September 30, 2025

Socra (“we,” “our,” or “us”) is operated by Socra App, Immerseelstraat 25, 5175CH Loon op Zand, The Netherlands.

This Privacy Policy explains in full detail how we collect, process, store, share, and protectyour personal data.

We comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), CalOPPA, the EU Digital Services Act (DSA), and internationalchild safety and criminal reporting laws relating to Child Sexual Abuse Material (CSAM) andChild Sexual Abuse and Exploitation (CSAE).

We aim to ensure complete transparency and the highest standard of user protectionworldwide.

0. Compliance with CSAE and CSAM Detection, Prevention, and Reporting Obligations

Socra maintains a zero-tolerance policy toward Child Sexual Abuse Material (CSAM) andChild Sexual Abuse and Exploitation (CSAE).

We strictly prohibit the uploading, sharing, distributing, or storing of any form of CSAM or CSAE on the platform.

We comply with international safety and reporting requirements, including:

• EU Digital Services Act (DSA)

• GDPR safety exceptions under Article 23

• U.S. reporting obligations applicable to digital platforms, including NCMEC reports

• Europol and national child-protection laws

• International criminal and child safety frameworks

0.1 Detection Methods

Where legally permitted, we may use the following detection methods:

• Automated detection systems including hash-matching technologies (such as PhotoDNAor equivalent)

• File and metadata analysis

• Behavioral and contextual risk assessment tools

• Human moderation conducted by trained specialists

• User reporting mechanisms

These systems may process user-generated content including images, videos, messages, posts, and comments solely for the purpose of detecting CSAM/CSAE.

0.2 Actions Taken Upon Detection or Suspicion

If CSAM/CSAE is detected or reasonably suspected, Socra may immediately:

1. Remove, block, or disable access to the content

2. Suspend or permanently terminate the user account(s) involved

3. Preserve relevant data strictly required for mandatory reporting, in accordance withGDPR Article 23

4. Report the incident to the appropriate authority, including:

o National Center for Missing & Exploited Children (NCMEC)

o Europol EC3

o Dutch National Police Cybercrime Unit

o Other competent national or international authorities as required

0.3 Access to CSAM/CSAE-Flagged Data

Only authorized personnel trained in child-exploitation handling procedures may access anyinformation flagged under these systems.

Access is strictly controlled, logged, and confidential.

1. Who We Are and Contact Information

Socra App is the Data Controller for all personal data processed on the platform.

Address: Immerseelstraat 25, 5175CH Loon op Zand, The Netherlands

Email: contact@socra-app.com

We respond to all valid privacy-related requests within the statutory GDPR deadline of onemonth, extendable by two months for complex cases.

2. Scope

This Privacy Policy applies to all users worldwide.

As an EU-based organization, GDPR serves as our primary legal framework.

We also comply with relevant laws in other jurisdictions, including California privacy legislation and international child-safety reporting obligations.

Where local law provides stronger protection than this Privacy Policy, local law prevails.

3. Eligibility & Children’s Safety

• You must be at least 13 years old to use Socra.

• In the European Union, users aged 13 to 16 may require parental or guardian consent depending on national law.

• We do not knowingly collect personal data from children below the legally required age.

• If such data is discovered, it is deleted without delay.

4. Information We Collect

We collect:

4.1 Account Information

• Email address

• Username

• Password

4.2 User-Generated Content

• Posts, comments, messages

• Photos, videos

• Friend relationships and interaction history

• Activity logs

4.3 Technical & Analytics Data

• IP address

• Device type, operating system

• Diagnostic and crash logs

• Interaction and usage statistics

• Analytics data from Google Analytics and Apple App Store Connect

4.4 Safety-Related Processing

Content may be scanned under CSAM/CSAE detection processes where legally allowed.

5. How We Use Your Information

We process personal data for:

5.1 Platform Operation

• Account registration and authentication

• Enabling app features

• Personalization and user recommendations

5.2 Safety & Enforcement

• Moderation

• Prevention of fraud, abuse, or illegal activity

• Detection and reporting of CSAM/CSAE

5.3 Analytics & Service Improvement

• Understanding usage patterns

• Improving functionality and performance

5.4 Advertising (Future Use)

• Advertising or marketing activities, only with prior explicit consent where legallyrequired

5.5 Legal Compliance

• Fulfilling regulatory obligations

• Responding to law enforcement requests

• Complying with child-safety reporting rules

5.6 GDPR Legal Bases

Processing is based on:

• Consent

• Contractual necessity

• Legitimate interest

• Legal obligation

• Public interest/safety (including Article 23 GDPR exceptions for CSAM detection)

6. Sharing of Data

We may share personal data with:

• Hosting providers

• Analytics providers such as Google and Apple

• Advertising partners (future use, consent required)

• Law enforcement or child-protection agencies when required by law

International Transfers

Transfers outside the EU are protected by:

• Standard Contractual Clauses (SCCs)

• Equivalent legal safeguards

7. Data Retention

We retain data only for as long as necessary for our services or legal obligations:

• Account data: retained while the account remains active

• Upon deletion: data is erased or anonymized within 30 days

• Backups: cleared within 90 days

• Analytics data: retained for up to 24 months

• CSAM/CSAE-relevant data: retained only for the duration required by law enforcement

8. User Rights

Under GDPR and other applicable laws, you have the right to:

• Access your data

• Correct inaccurate information

• Request deletion of your data

• Restrict certain processing activities

• Request portability of your data

• Object to processing

• Withdraw consent at any time

Limitations

In cases involving safety investigations (e.g., CSAM or CSAE), certain rights may betemporarily restricted under GDPR Article 23 to avoid obstructing legal processes or endangering individuals.

9. Security Measures

We implement:

• Encryption of data in transit

• Strict access controls

• Automated safety scanning systems

• Manual review by trained specialists

• Recurring security assessments and audits

Despite these measures, no digital service can guarantee absolute security.

10. Cookies & Tracking

We use:

• Essential cookies

• Analytics SDKs

• Advertising cookies (in the future, consent required)

Users may adjust cookie settings in their device or app preferences.

11. International Users

California

California residents have rights under CCPA/CPRA including:

• Right to access

• Right to delete

• Right to opt out of data sharing

We do not sell personal data.

EU/EEA

GDPR rights apply fully.

Other Regions

We comply with local privacy regulations applicable to your jurisdiction.

12. Changes to This Privacy Policy

This Privacy Policy may be updated as legal requirements, technology, or services evolve.

Continued use of the app after updates constitutes acceptance of the revised terms.

13. Governing Law

This Privacy Policy is governed by the laws of The Netherlands.

Disputes will be handled by the courts of Amsterdam unless mandatory consumer protectionlaws specify otherwise.

14. Contact Information

For privacy or safety inquiries, including CSAM/CSAE matters, contact:

Email: contact@socra-app.com

Address: Immerseelstraat 25, 5175CH Loon op Zand, The Netherlands

We respond to all legitimate requests within legally defined timeframes.