VYRAL PRIVACY POLICY

Effective Date: Septemebr 29, 2025 Last Updated: Septemebr 29, 2025 Company: Vyral, Inc. (Wyoming Corporation)

QUICK SUMMARY (TL;DR)

We respect your privacy. Here's what you need to know:

✅ We collect: Account info, usage data, blockchain data, and (with permission) AI behavioral data
✅ We DON'T: Sell your data, read your encrypted messages, or share data without consent
✅ Your rights: Access, delete, export, opt-out of AI analysis, control cookies
✅ Security: Industry-standard encryption, regular audits, secure infrastructure
✅ Questions? Email [email protected] anytime

Read the full policy below for complete details.

Introduction
Information We Collect
How We Collect Information
How We Use Your Information
How We Share Your Information
Encrypted Messaging Privacy
Orb AI and Behavioral Analysis
Cookies and Tracking Technologies
Blockchain and Public Data
Data Security
Data Retention
Your Privacy Rights
Children's Privacy
International Data Transfers
State-Specific Privacy Rights
Third-Party Services
Changes to This Privacy Policy
Contact Us

1. INTRODUCTION

1.1 Who We Are

VYRAL is a social media platform operated by [Legal Entity Name], Inc., a Wyoming corporation. We combine social features with blockchain technology to create a platform where users can create content, communicate securely, and transact using VCoin, our utility token.

Our Commitment:

We believe privacy is a fundamental right
We collect only data necessary to provide our services
We give you control over your information
We're transparent about our practices
We never sell your personal data to third parties

1.2 Scope of This Policy

This Privacy Policy describes:

What information we collect about you
How we collect it
Why we collect it
Who we share it with (and why)
Your rights and choices
How we protect your information

This Policy applies to:

The VYRAL website (vyral.social)
VYRAL mobile applications (iOS and Android)
VYRAL desktop applications
All VYRAL services and features

By using VYRAL, you consent to this Privacy Policy. If you don't agree, please don't use our services.

Special Consents Required For:

Orb AI behavioral analysis (opt-in only)
Non-essential cookies (you control this)
Marketing communications (you can opt out)
Location data collection (you control this)

2. INFORMATION WE COLLECT

We collect different types of information to provide and improve our services.

2.1 Information You Provide Directly

Account Information

When you create an account, we collect:

Required:

Email address
Username
Password (encrypted - we never see plaintext)
Date of birth (to verify age 18+)
Country of residence

Optional:

Display name
Profile photo
Bio/description
Website link
Social media links
Phone number (for 2FA)

Identity Verification (KYC)

For withdrawals exceeding $10,000 annually, we collect:

Full legal name
Government-issued ID (driver's license, passport)
Proof of address (utility bill, bank statement)
Selfie photo for identity verification
Social Security Number or Tax ID (US users only, for tax reporting)

KYC Data Handling:

Processed by verified third-party KYC providers (e.g., Onfido, Jumio)
Encrypted in transit and at rest
Stored separately from general user data
Retained only as long as legally required
Never used for marketing or non-compliance purposes

Payment Information

When you purchase VCoins:

Credit/debit card details (processed by Stripe - we never see full card numbers)
Billing address
Purchase history and amounts

We NEVER store:

Full credit card numbers
CVV codes
Banking login credentials

Content You Create

Posts (text, images, videos)
Comments and replies
Tips and transactions
Marketplace listings
Messages (see Section 6 for encryption details)
Profile customizations

Communications with Us

Support tickets and emails
Survey responses
Feedback and suggestions
Bug reports

2.2 Information Collected Automatically

Usage Data

We automatically collect:

Pages/features viewed
Time spent on platform
Click patterns and navigation paths
Content interactions (likes, shares, comments)
Search queries
Device type and operating system
Browser type and version
IP address
Referring URLs
Session duration and frequency

Device Information

Device identifiers (UDID, advertising ID)
Device model and manufacturer
Operating system and version
Screen resolution
Language settings
Time zone
Mobile carrier
Network information (WiFi vs cellular)

Location Data

We collect location in limited circumstances:

Precise Location (GPS coordinates):

Only with your explicit permission
Used for: Nearby user discovery, local marketplace, location-based features
You can disable anytime in settings

Approximate Location:

Derived from IP address (city/region level)
Cannot be disabled (required for security and compliance)
Used for: Fraud prevention, regional content, legal compliance

Cookies and Similar Technologies

See Section 8 for complete Cookie Policy details.

2.3 Blockchain and Crypto Data

On-Chain Data (Public)

The following is permanently recorded on Solana blockchain:

VCoin transactions (amounts, timestamps, wallet addresses)
Smart contract interactions
Blockchain wallet addresses you use
Transaction fees paid

Important: Blockchain data is PUBLIC and PERMANENT. Anyone can view it using blockchain explorers. We cannot delete or modify blockchain data.

Off-Chain Crypto Data (Private)

Stored in our systems, not blockchain:

Custodial wallet balances (your VCoin balance)
Internal transaction history
Pending withdrawals
Reward calculations
This CAN be deleted upon account closure

2.4 Information from Third Parties

Payment Processors

Transaction success/failure status
Fraud risk assessments
Chargeback notifications

KYC Providers

Identity verification results
Risk scores
Sanctions/watchlist screening results

If you sign in with social media:

Public profile information (name, email, profile photo)
Friend lists (only if you grant permission)
We don't post on your behalf without permission

Analytics Providers

Aggregated usage statistics
Performance metrics
Crash reports

2.5 Information We DON'T Collect

We explicitly DO NOT collect:

❌ Content of encrypted messages (impossible - we use E2E encryption)
❌ Private keys for external wallets (you control these)
❌ Browsing history outside VYRAL
❌ Microphone/camera data without explicit permission
❌ Contacts from your device (unless you explicitly share)
❌ Health or biometric data
❌ Sensitive personal data (race, religion, political views, sexual orientation)

3. HOW WE COLLECT INFORMATION

3.1 Directly From You

When you:

Create an account
Fill out profile
Post content
Send messages
Make purchases
Contact support
Complete surveys

3.2 Automatically Through Technology

Using:

Cookies (see Section 8)
Pixels and beacons
Log files
Analytics tools (Google Analytics, Mixpanel)
Error reporting tools (Sentry)

3.3 From Blockchain

By:

Monitoring Solana blockchain for transactions
Reading smart contract events
Verifying wallet ownership

3.4 From Third Parties

Through:

Payment processors (Stripe)
KYC providers (Onfido, Jumio)
Analytics services
Security services (fraud detection)
Social media platforms (if you connect)

3.5 From Other Users

When they:

Tag you in content
Send you messages
Tip you
Report your content
Share your posts

4. HOW WE USE YOUR INFORMATION

We use your information for specific, legitimate purposes:

4.1 Provide and Maintain Services

Account Management:

Create and manage your account
Authenticate your identity
Enable account recovery
Process account settings

Platform Features:

Display your content to others
Enable messaging and communication
Process VCoin transactions
Show personalized content feed
Enable marketplace functionality
Deliver notifications

Payment Processing:

Process VCoin purchases
Handle withdrawals
Calculate and distribute earnings
Process refunds when applicable

4.2 Security and Fraud Prevention

Protecting You:

Detect and prevent fraud
Identify suspicious activity
Prevent unauthorized access
Monitor for security threats
Enforce Terms of Service
Prevent spam and abuse

Examples:

Flagging login from unusual location
Detecting bot-like behavior
Identifying stolen credit cards
Preventing Sybil attacks (fake accounts)
Detecting money laundering patterns

4.3 Legal Compliance

Required by Law:

Verify age (18+)
Conduct KYC for large transactions
Report suspicious activity (FinCEN)
Issue tax forms (1099-MISC for US users earning $600+)
Respond to legal requests (subpoenas, warrants)
Comply with GDPR, CCPA, and other privacy laws
Prevent illegal content (CSAM, terrorism, etc.)

4.4 Communication

Essential Communications:

Account security alerts
Transaction confirmations
Important service updates
Responses to support requests

Marketing (You Can Opt Out):

Platform news and updates
New feature announcements
Special offers or promotions
Educational content

How to Opt Out:

Click "Unsubscribe" in any email
Adjust notification settings in account
Email [email protected]

4.5 Analytics and Improvement

Understanding Usage:

Analyze how users interact with platform
Identify popular features
Discover bugs and issues
Measure performance
Understand user preferences

Improving Platform:

Develop new features
Enhance user experience
Optimize performance
Fix bugs and errors
Make data-driven decisions

Types of Analytics:

Aggregated usage statistics (not personal)
A/B testing (comparing feature variations)
Cohort analysis (group behavior patterns)
Funnel analysis (user journey mapping)

4.6 Personalization

Customizing Experience:

Recommended content based on interests
Suggested users to follow
Personalized search results
Tailored notifications
Regional content prioritization

How Personalization Works:

Based on your interactions (likes, shares, views)
Content you engage with
Users you follow
Time spent on different content types
NOT based on sensitive data

You Control This:

Disable personalized recommendations in settings
Clear your interaction history
Get chronological feed instead

4.7 Advertising (Future)

Currently: We do NOT show third-party advertisements.

If We Add Ads in Future:

We'll update this policy with 30 days notice
Ads will be based on general interests, not sensitive data
You can opt out of personalized ads
We'll NEVER sell your data to advertisers
Advertisers won't receive your personal information

5.1 Public Information

Automatically Public: The following is visible to anyone on the internet:

Your username and display name
Profile photo and bio
Public posts and content
Comments on public posts
Number of followers/following
Public VCoin transactions (on blockchain)

You Control Visibility:

Make account private (content visible to followers only)
Delete individual posts
Edit profile information
Change privacy settings

5.2 With Other Users

Other VYRAL users can see:

Your profile (unless private)
Content you post publicly
Comments and interactions
Your follower/following lists
Your activity on their content (likes, shares)

Other users CANNOT see:

Your email address (unless you share it)
Your payment information
Your private messages (encrypted)
Your precise location (unless you share)
Your real name (unless you add it to profile)
Your earnings or withdrawal history

5.3 With Service Providers

We share data with trusted third parties who help operate VYRAL:

Payment Processing:

Stripe: Credit card processing
- Receives: Payment information, billing address
- Purpose: Process VCoin purchases
- Privacy Policy: stripe.com/privacy

Identity Verification:

Onfido/Jumio: KYC verification
- Receives: ID documents, selfies, personal info
- Purpose: Verify identity for withdrawals >$10K
- Privacy Policy: onfido.com/privacy

Infrastructure:

Amazon Web Services (AWS): Hosting and storage
- Receives: All data we collect
- Purpose: Store and serve data securely
- Privacy Policy: aws.amazon.com/privacy
Cloudflare: CDN and DDoS protection
- Receives: IP addresses, usage data
- Purpose: Deliver content fast and block attacks
- Privacy Policy: cloudflare.com/privacy

Analytics:

Google Analytics: Usage analytics
- Receives: Anonymized usage data
- Purpose: Understand how platform is used
- Privacy Policy: policies.google.com/privacy
Mixpanel: Product analytics
- Receives: Usage patterns, feature adoption
- Purpose: Improve user experience
- Privacy Policy: mixpanel.com/legal/privacy-policy

Communication:

SendGrid: Email delivery
- Receives: Email addresses, message content
- Purpose: Send transactional and marketing emails
- Privacy Policy: sendgrid.com/privacy

Customer Support:

Zendesk: Support ticket system
- Receives: Support inquiries, account info
- Purpose: Manage customer support
- Privacy Policy: zendesk.com/company/privacy-and-data-protection

Security:

Sentry: Error tracking
- Receives: Error logs, device info
- Purpose: Identify and fix bugs
- Privacy Policy: sentry.io/privacy

5.4 For Legal Reasons

We may disclose information when legally required:

Law Enforcement Requests:

Valid subpoenas from court
Search warrants
Court orders
National security requests (with legal authorization)

What We Provide:

Only information specifically requested
Only after verifying request is valid
Only minimum necessary to comply
With notice to you unless legally prohibited

We Resist Overly Broad Requests:

Challenge requests that lack legal basis
Argue for narrower scope when appropriate
Publish transparency report annually

Emergency Disclosures:

Imminent danger to life or safety
Child safety concerns (CSAM)
Prevent serious crime
National security threats

Other Legal Obligations:

IRS tax reporting (Form 1099 for US users earning $600+)
FinCEN suspicious activity reports
Securities and Exchange Commission (if applicable)
State regulators (money transmission, consumer protection)

5.5 Business Transfers

If VYRAL is involved in:

Merger or acquisition
Sale of assets
Bankruptcy or insolvency
Reorganization or restructuring

Your information may be transferred to successor entity. We will:

Notify you via email and platform notice
Give you option to delete account before transfer
Require successor to honor this Privacy Policy
Give you 30 days to withdraw data

We may share information with others when you explicitly consent:

Examples:

Connecting to social media accounts
Authorizing third-party apps
Participating in partnerships or promotions
Sharing content to external platforms

Your Control:

Revoke consent anytime
Disconnect third-party apps
Review connected apps in settings

5.7 Aggregated/Anonymized Data

We may share anonymized, aggregated data that cannot identify you:

Examples:

"50% of users are ages 18-25"
"Average session duration is 23 minutes"
"Most popular content category is technology"
Platform statistics and trends

This data:

Cannot identify individuals
May be shared publicly or with partners
Helps improve platform and inform research
Not subject to privacy restrictions

We NEVER share: ❌ Your data with advertisers (currently no ads)
❌ Your data with data brokers
❌ Your password (even encrypted form)
❌ Your encrypted messages (impossible - we can't read them)
❌ Your private keys (we don't have them)
❌ Your data for purposes unrelated to services
❌ Your data to circumvent your privacy choices

6. ENCRYPTED MESSAGING PRIVACY

6.1 How Encryption Works

End-to-End Encryption (E2E): VYRAL messages use Signal Protocol (same as Signal and WhatsApp): Your Device → Encrypted → Internet → Encrypted → Recipient Device ↑ ↓ Only you can encrypt Only they can decrypt

What This Means:

Messages encrypted on YOUR device before sending
Only the recipient can decrypt and read
VYRAL servers cannot read message content
Even if compelled by law, we cannot provide plaintext
Even our employees cannot read your messages
Even if hackers breach our servers, messages stay encrypted

Technical Details:

AES-256 encryption (military-grade)
Perfect forward secrecy (past messages stay secure if keys compromised)
Authenticated encryption (prevents tampering)
Key ratcheting (new keys for each message)

6.2 What We CAN See

Even with E2E encryption, we see:

Who you message (usernames)
When messages sent (timestamps)
Message size (approximate length)
Whether message delivered/read
Attachment presence (but not content)

Metadata We Collect:

Sender and recipient usernames
Timestamp
Message ID
Delivery status
Approximate message size

Why We Need This:

Deliver messages to correct recipient
Show delivery confirmations
Detect spam and abuse patterns
Troubleshoot delivery issues

6.3 What We CANNOT See

We CANNOT access:

❌ Message text content
❌ Shared photos, videos, files
❌ Voice messages
❌ Any content inside encrypted messages

Legal Requests: If served with valid warrant/subpoena, we can only provide:

Metadata (who, when, how often)
Account information
Public posts
We CANNOT provide message content (impossible)

6.4 Group Messages

Group messages also encrypted end-to-end:

Each member has encryption keys
All members can read messages
VYRAL still cannot read content
Group metadata visible (members, timestamps)

Group Limitations:

If member leaves, they keep past messages
If member removed, they keep history up to removal
We cannot remotely delete messages from devices

6.5 Backup and Recovery

Cloud Backups (Optional): You can enable encrypted cloud backup:

Backed up to your iCloud/Google Drive
Protected by your backup password
VYRAL cannot access these backups
If you lose backup password, messages are unrecoverable

No Backup Option: If you don't enable backup:

Messages only on your device
If you lose device, messages lost forever
We cannot recover them (don't have keys)

6.6 When Encryption Doesn't Apply

Not encrypted:

Username (visible to everyone)
Profile information (public or semi-public)
Group membership (visible to group)
Typing indicators
Online status

6.7 Reporting and Safety

Handling Illegal Content:

Users can report messages by screenshot
Reported messages reviewed by human moderators
Reporter must share content (we can't see it otherwise)
Serious violations reported to law enforcement
Accounts may be terminated for violations

Cannot Proactively Scan:

We cannot scan messages for illegal content
We rely on user reports
Trade-off between privacy and safety
This is intentional design choice

7. ORB AI AND BEHAVIORAL ANALYSIS

7.1 What is Orb

Orb is VYRAL's AI assistant that provides:

Personalized content recommendations
User matching and discovery
Dating/social connection suggestions
Conversational assistance
Smart search

7.2 Opt-In Required

Behavioral Analysis is OFF by default.

Orb offers two modes:

Basic Mode (No Consent Needed):

Simple keyword search
Basic user discovery
Manual filtering
No behavioral learning

Enhanced Mode (Requires Consent):

Learns from your behavior
Analyzes interaction patterns
Provides personalized matches
Smarter recommendations

You Control:

Enable/disable Enhanced Mode anytime
Delete all Orb data anytime
View what Orb knows about you
Export Orb data

7.3 What Data Orb Collects (Enhanced Mode Only)

With Your Explicit Consent, Orb Analyzes:

Posts you like, share, comment on
Users you interact with frequently
Time spent viewing content
Content topics you engage with
Search history on VYRAL
Profile views
Messaging patterns (frequency, not content)

Orb NEVER Accesses:

❌ Encrypted message content
❌ Payment information
❌ Private posts from others
❌ Data from other apps/websites
❌ Device contacts or photos (unless you share)

7.4 How Orb Uses Data

Personalization:

Recommend users with similar interests
Suggest content you might like
Match people for dating/networking
Prioritize relevant search results

How It Works: Example: Dating Matches

You like:

Hiking photos Tech posts Users aged 25-35 Orb finds users who:

Also like hiking Also interested in tech Match your age preferences Liked your profile

Matching Logic:

Analyzes mutual interests
Considers engagement patterns
Respects your specified preferences
Shows transparency ("Matched because...")

7.5 Orb Privacy Protections

Technical Safeguards:

Data encrypted at rest
Separate Orb database (isolated from main systems)
Access logged and monitored
Regular security audits

Algorithmic Fairness:

No discrimination by race, religion, etc.
Complies with anti-discrimination laws
Regular bias testing
Human oversight of recommendations

Transparency:

See why Orb recommended someone
View your Orb profile (what it knows)
Understand matching criteria
Challenge incorrect inferences

Limits:

Orb cannot make matches violating user boundaries
Respects blocking and privacy settings
Cannot reveal you to users who blocked you
Cannot bypass privacy controls

7.6 Your Orb Rights

Access:

View complete Orb profile
See all data points Orb collected
Understand how you're categorized
Export data in machine-readable format

Control:

Disable Enhanced Mode anytime
Delete individual data points
Delete entire Orb profile
Opt out of specific recommendations

Correction:

Challenge incorrect inferences
Update preferences
Retrain Orb with updated data

Deletion: When you delete Orb data:

Deleted within 30 days
Removed from active systems immediately
Purged from backups within 90 days
Cannot be recovered

We Don't Share Orb Insights:

Other users don't see your Orb profile
Advertisers don't receive Orb data
Third parties don't access Orb analysis
Only used for your experience

Aggregated Research:

May use anonymized, aggregated data
Cannot identify individuals
Published in research or reports
Example: "Users who like X also like Y"

7.8 Special Considerations for Dating

Enhanced Privacy for Dating:

Location shared only with explicit permission
Real name not revealed unless you add it
Can set discovery radius
Can filter who can see you

Safety Features:

Report concerning behavior
Block users from seeing you
Meeting safety tips provided
Harassment prevention tools

What Orb Shows:

"Mutual match" (both interested)
One-way interest not revealed
Match reasoning transparency
Compatibility scores

8. COOKIES AND TRACKING TECHNOLOGIES

8.1 What Are Cookies

Cookies are small text files stored on your device by websites you visit. They remember information about your visit.

Types of Data in Cookies:

Login session ID
Language preference
Theme choice (dark/light mode)
Items in cart
Recent searches

Cookies Don't:

Contain viruses or malware
Access other files on your device
Track you across unrelated websites (only our cookies)
Identify you personally without other information

8.2 How We Use Cookies

We use cookies for four purposes:

8.2.1 Essential Cookies (Always On)

Cannot be disabled - Required for basic functionality:

Cookie	Purpose	Duration
`session_id`	Keep you logged in	Session
`csrf_token`	Prevent security attacks	Session
`load_balancer`	Route your requests correctly	Session
`region`	Serve geographically closest servers	1 year

Why Essential: Without these, the platform wouldn't work. You can't:

Stay logged in
Make secure requests
Load pages quickly
Use any features

8.2.2 Functional Cookies (You Control)

Enhance your experience:

Cookie	Purpose	Duration	Default
`language`	Remember language preference	1 year	On
`theme`	Remember dark/light mode	1 year	On
`video_quality`	Remember video playback quality	6 months	On
`viewed_posts`	Don't show same posts repeatedly	7 days	On
`dismissed_banners`	Don't show dismissed notices again	90 days	On

Control: Cookie Settings in account

8.2.3 Analytics Cookies (You Control)

Help us understand usage:

Cookie	Purpose	Provider	Duration	Default
`_ga`	Google Analytics tracking	Google	2 years	Off*
`_gid`	Google Analytics session	Google	24 hours	Off*
`mp_`	Mixpanel analytics	Mixpanel	1 year	Off*

What Analytics Tell Us:

Which features are popular
Where users get stuck
How to improve UX
Performance issues

What Analytics DON'T Include:

Your name or personal info
Message content
Payment details
Precise locations

*Requires consent in EU/UK/CA. Default ON in other regions but you can opt out.

8.2.4 Advertising Cookies (Future)

Currently: We DON'T use advertising cookies.

If We Add Ads:

Update policy with 30 days notice
Default OFF (opt-in required)
You control completely
Can opt out anytime

8.3 Third-Party Cookies

Some third-party services may set cookies:

Embedded Content:

YouTube videos (if you watch)
Twitter embeds (if present)
Other social media embeds

Payment Processing:

Stripe (when purchasing VCoins)

Support:

Zendesk (when using support chat)

You Control:

Block third-party cookies in browser
Use private/incognito mode
Install cookie blocker extensions

8.4 Other Tracking Technologies

Web Beacons (Pixels)

Tiny invisible images that:

Track email opens
Measure page loads
Count visitors

We Use For:

Email delivery confirmation
Understanding email engagement
Measuring marketing effectiveness

Local Storage

Browser storage for:

Recent draft posts (auto-save)
Temporary cache (faster loading)
Offline functionality

Cleared When:

You clear browser data
You logout
After 30 days inactive

Session Storage

Temporary storage for current session:

Form progress
Scroll position
Temporary preferences

Cleared When:

You close tab/browser
Session expires

8.5 Managing Cookies

Location: Settings → Privacy → Cookies

Options:

Accept all cookies
Essential only (functional/analytics OFF)
Custom (choose which categories)
Reject all non-essential

Changes:

Take effect immediately
Apply to all devices where you're logged in
Persist across sessions

Browser Controls

All browsers let you control cookies:

Chrome: Settings → Privacy & Security → Cookies

Firefox: Settings → Privacy & Security → Cookies and Site Data

Safari: Preferences → Privacy → Cookies

Edge: Settings → Cookies and site permissions

Options:

Block all cookies (breaks websites)
Block third-party cookies only
Delete cookies on close
Exceptions (allow/block specific sites)

Mobile Controls

iOS (Safari): Settings → Safari → Block All Cookies

Android (Chrome): Chrome → Settings → Site settings → Cookies

8.6 Do Not Track (DNT)

What is DNT: Browser setting that requests websites not track you.

Our Response: Currently, we don't respond to DNT signals because:

No industry standard for implementation
Essential cookies still needed
You have granular cookie controls instead

Alternative: Use our cookie controls for precise tracking preferences.

GDPR Compliance:

First Visit:

Cookie banner appears
Essential cookies only until you consent
Must actively consent (no pre-ticked boxes)
Can reject non-essential cookies

Your Consent:

Freely given
Specific to each cookie category
Can be withdrawn anytime
No penalty for rejecting

No Consent Walls:

You can use platform without accepting
Essential cookies only
Full functionality available

Essential Cookies: vyral_session - Session ID - Session only csrf_token - Security token - Session only lb_sticky - Load balancing - 1 hour region_pref - Server region - 1 year auth_token - Authentication - 7 days

Functional Cookies: lang - Language preference - 1 year theme - Dark/light mode - 1 year video_quality - Playback quality - 6 months view_history - Viewed content - 7 days dismissed_notices - Hidden banners - 90 days

Analytics Cookies: _ga - Google Analytics ID - 2 years _gid - GA Session - 24 hours gat - GA Throttle - 1 minute mp* - Mixpanel - 1 year

9. BLOCKCHAIN AND PUBLIC DATA

9.1 Blockchain Fundamentals

What is Blockchain: A public, permanent ledger where all VCoin transactions are recorded.

Key Properties:

Public: Anyone can view
Permanent: Cannot be deleted or modified
Decentralized: No single entity controls it
Transparent: All transactions visible

9.2 What's Public on Blockchain

When you use VCoins, the following is PERMANENTLY and PUBLICLY recorded:

Transaction Data:

Wallet addresses (sender and receiver)
Amount of VCoins transferred
Timestamp of transaction
Transaction fee paid
Smart contract interactions

Example Transaction: From: 7xKx...m9Tz (your wallet address) To: 9bPy...k3Qw (recipient wallet) Amount: 100 VYCIN Time: 2025-01-15 14:32:07 UTC Fee: 0.000005 SOL

Anyone Can See:

Your wallet address
How many VCoins you have
All your transactions
Who you transacted with
When and how much

Visible On:

Solana blockchain explorers (Solscan, Solana Explorer)
DEX trading interfaces
Any blockchain analysis tool

9.3 Pseudonymity vs Anonymity

Pseudonymous (Not Anonymous):

Your blockchain address is pseudonymous:

Like a username, not directly tied to your real identity
But can be linked to you if:
- You withdraw to known exchange account
- You share your address publicly
- You purchase VCoins with credit card tied to name
- Someone analyzes patterns and connects to you

Blockchain Analysis: Sophisticated tools can:

Trace transaction flows
Cluster addresses belonging to same person
De-anonymize users through patterns
Link blockchain activity to real identity

We Cannot:

Delete your blockchain transactions
Hide your transactions from public view
Make past transactions anonymous
Control what's on blockchain

9.4 Linking On-Chain and Off-Chain Data

What We Know:

Your VYRAL username
Your custodial wallet address
Your blockchain transactions
Your withdrawal addresses

Privacy Implication: If someone knows your VYRAL username and blockchain address:

They can see all your VCoin activity
They can track your earnings
They can see who you tip
They can monitor your balance

Mitigation:

Use different wallets for different purposes
Withdraw to privacy-enhanced wallets
Don't publicize your wallet addresses
Use username that doesn't reveal identity

9.5 Off-Chain Privacy (What's Private)

Stored in Our Systems (Private):

Your VYRAL username
Custodial balance details
Internal transaction history
Reward calculations
Pending transactions

Can Be Deleted: Upon account closure, we delete:

Username/wallet linkage
Internal transaction records
Custodial balance records
Associated metadata

But Blockchain Records Remain:

Your past transactions stay public
Cannot be deleted or hidden
Permanent historical record

9.6 Withdrawal Address Privacy

When You Withdraw: You provide external wallet address:

We record this address
It's linked to your account
Appears on blockchain
Connection is permanent

Privacy Tips:

Use new address for each withdrawal
Don't reuse addresses
Use hardware wallet for privacy
Consider privacy-focused wallets

9.7 Marketplace and Public Transactions

Marketplace Purchases: Visible on blockchain:

That transaction occurred
Amount paid in VCoins
Wallet addresses involved

Not visible on blockchain:

What was purchased
Shipping address
Buyer/seller names

Stored in Our System:

Item details
Buyer/seller info
Shipping details
Can be deleted upon account closure

9.8 DEX Trading Privacy

After DEX Launch:

Trading on decentralized exchanges:

All trades public on blockchain
Trading patterns visible
Wallet balances public
Cannot hide trading activity

Liquidity Pool:

Our liquidity wallet addresses public
Amounts deposited visible
Anyone can verify backing

9.9 Your Blockchain Privacy Rights

What You CAN Do:

✅ Use multiple wallet addresses
✅ Withdraw to private wallets
✅ Delete VYRAL account (off-chain data)
✅ Keep username/wallet unlinkable
✅ Use privacy tools (coin mixers, etc.)

What You CANNOT Do:

❌ Delete blockchain transactions
❌ Hide past transactions
❌ Make public data private retroactively
❌ Prevent others from viewing blockchain

Our Limits:

We cannot control blockchain
We cannot delete immutable data
We cannot hide public information
We can only control off-chain data

10. DATA SECURITY

10.1 Our Security Commitment

We take security seriously and implement multiple layers of protection.

Our Promise:

Industry-standard encryption
Regular security audits
Proactive threat monitoring
Rapid incident response
Transparent communication

Reality:

No system is 100% secure
Breaches can happen despite best efforts
We commit to responsible disclosure
We continuously improve defenses

10.2 Encryption

Data in Transit

All data transmitted between you and VYRAL is encrypted:

TLS 1.3 (Transport Layer Security):

Same encryption banks use
256-bit encryption keys
Perfect forward secrecy
Prevents eavesdropping

What's Protected:

Login credentials
Personal information
Payment data
All platform communications

Verified By:

SSL certificate (padlock in browser)
Certificate issued by trusted authority
Regular certificate renewal

Data at Rest

Data stored on our servers is encrypted:

AES-256 Encryption:

Military-grade encryption
Separate encryption keys per user
Keys stored separately from data
Regular key rotation

Encrypted Data:

Passwords (hashed with bcrypt)
Payment information
Personal details
KYC documents
Custodial wallet private keys

Not Encrypted:

Public posts (no need)
Usernames (need to be searchable)
Public blockchain data (already public)

10.3 Access Controls

Internal Access

Principle of Least Privilege:

Employees access only data needed for job
Role-based access control
Regular access reviews
Automatic access expiration

Who Can Access What: Customer Support: ✅ Account info, support tickets ❌ Payment details, KYC documents

Engineers: ✅ Anonymized usage data for debugging ❌ Personal information, messages

Finance: ✅ Transaction records for reconciliation ❌ User content, messages

No one: ❌ Encrypted message content (impossible) ❌ Your password plaintext (we hash it)

Access Logging:

All data access logged
Audit trails maintained
Suspicious access flagged
Regular log reviews

Technical Controls

Multi-factor authentication (MFA) required
VPN required for remote access
IP whitelisting for sensitive systems
Session timeouts
Failed login lockouts

10.4 Infrastructure Security

Hosting

Amazon Web Services (AWS):

SOC 2 Type II certified
ISO 27001 certified
Physically secure data centers
Redundant systems
DDoS protection

Cloudflare:

DDoS mitigation
Web application firewall (WAF)
SSL/TLS termination
Bot protection

Network Security

Firewall protection
Intrusion detection system (IDS)
Intrusion prevention system (IPS)
Network segmentation
Regular penetration testing

Database Security

Encrypted database connections
Database firewall rules
Regular backups (encrypted)
Point-in-time recovery
Automated backup testing

10.5 Application Security

Secure Development

Code review before deployment
Automated security scanning
Dependency vulnerability checking
Regular security training for developers
Bug bounty program

Common Vulnerabilities Prevented

SQL injection (parameterized queries)
Cross-site scripting (XSS) (input sanitization)
Cross-site request forgery (CSRF) (tokens)
Clickjacking (X-Frame-Options)
Man-in-the-middle (HTTPS only)

API Security

Rate limiting (prevent abuse)
API authentication required
Request signing
Input validation
Output encoding

10.6 Monitoring and Detection

24/7 Monitoring

Real-time security alerts
Anomaly detection
Automated threat response
On-call security team

Monitored:

Failed login attempts
Unusual access patterns
Large data exports
Configuration changes
System vulnerabilities

Incident Response

If Breach Occurs:

Detect and contain immediately
Assess scope and impact
Notify affected users within 72 hours
Coordinate with authorities if required
Publish public transparency report
Implement additional safeguards

Breach Notification:

Email to affected users
Platform notification
Public blog post
Details about what happened
What data was affected
Steps you should take
Our remediation actions

10.7 Third-Party Security

Vendor Requirements: All third-party services must:

Have SOC 2 or ISO 27001 certification
Undergo security assessment
Sign data processing agreements
Comply with GDPR/CCPA
Report breaches within 24 hours

Regular Audits:

Annual security assessments
Penetration testing
Compliance verification
Right to audit clause in contracts

10.8 Your Security Responsibilities

You Are Responsible For:

Creating strong, unique password
Enabling two-factor authentication (2FA)
Keeping login credentials secret
Logging out on shared devices
Reporting suspicious activity
Using secure internet connections
Keeping devices updated and secure

Strong Password:

At least 12 characters
Mix of upper/lower case, numbers, symbols
Not reused from other sites
Changed if compromised
Consider password manager

Enable 2FA:

Adds second layer of security
Even if password stolen, account protected
Options: Authenticator app (best), SMS, backup codes

Warning Signs: Report immediately if:

Login from unrecognized location
Unrecognized activity on account
Password change you didn't make
Emails about actions you didn't take
Unexpected withdrawal requests

10.9 What We Don't Do

We Never: ❌ Store passwords in plaintext
❌ Ask for password via email
❌ Request remote access to your device
❌ Call asking for account verification
❌ Email requesting sensitive information
❌ Store full credit card numbers

Phishing Prevention:

We'll never email asking for password
Check sender address carefully
Hover over links before clicking
Go directly to vyral.social (don't click links)
Report suspicious emails to [email protected]

11. DATA RETENTION

11.1 Retention Principles

We keep data only as long as necessary for:

Providing services
Legal compliance
Business purposes
Security and fraud prevention

When We Delete:

You request deletion
Account closed
Data no longer needed
Legal retention period expires

11.2 Retention Periods by Data Type

Account Data

Data	Retention	After Deletion
Email, username	While account active + 30 days	Deleted permanently
Profile info	While account active + 30 days	Deleted permanently
Password (hashed)	While account active	Deleted immediately
Login history	1 year	Rolling deletion
Device info	While account active	Deleted after 30 days

Content Data

Data	Retention	After Deletion
Public posts	Until you delete + 30 days cache	Deleted permanently*
Private posts	Until you delete + 30 days cache	Deleted permanently
Comments	Until you delete + 30 days cache	Deleted permanently*
Encrypted messages	Until you delete (on device)	Cannot recover
Marketplace listings	Until removed + 90 days	Deleted permanently

*If others shared/screenshot, copies may exist outside our control

Financial Data

Data	Retention	Reason
Transaction history	7 years after transaction	Tax law, accounting
Purchase records	7 years after purchase	Tax law, refund disputes
KYC documents	5 years after verification	AML compliance
Tax forms (1099)	7 years after issue	IRS requirement
Withdrawal records	7 years after withdrawal	Financial regulation

Usage Data

Data	Retention	Purpose
Analytics data (aggregated)	2 years	Product improvement
Access logs	90 days	Security monitoring
Error logs	30 days	Debugging
IP addresses	90 days	Fraud prevention
Cookies	Per cookie duration	Varies by type

Communication Data

Data	Retention	After Case Closed
Support tickets	3 years	90 days
Email correspondence	3 years	90 days
Chat transcripts	1 year	30 days

Blockchain Data

Data	Retention
On-chain transactions	PERMANENT (cannot delete)
Wallet addresses	PERMANENT (public blockchain)
Smart contract interactions	PERMANENT (public blockchain)

11.3 Account Closure

When You Close Account:

Immediately Deleted:

Login access revoked
Profile hidden from search
Username freed for reuse (after 30 days)
Active sessions terminated

Deleted Within 30 Days:

Account information
Profile details
Preferences and settings
Usage data
Orb AI profile

Deleted Within 90 Days:

Cached content
Backup copies
Log files mentioning you

Retained for Legal Compliance:

Financial records (7 years)
Transaction history (7 years)
KYC documents (5 years)
Tax forms (7 years)

Cannot Be Deleted:

Blockchain transactions (permanent)
Content others saved/shared
Legal holds (if applicable)
Fraud investigation records

11.4 Backup Retention

Disaster Recovery Backups:

Created daily
Encrypted
Stored geographically distributed
Kept for 90 days
Then permanently deleted

Your Deletion Request:

Removed from active systems immediately
Removed from backups within 90 days
Cannot be recovered after deletion

11.5 Legal Holds

Exception to Deletion: If you're subject to:

Active lawsuit
Government investigation
Subpoena or court order
Fraud investigation

We May:

Suspend normal retention schedule
Preserve relevant data
Hold data until matter resolved
Only hold data actually needed

You'll Be Notified:

If legally permitted
Scope of hold
Expected duration
When hold is lifted

11.6 Inactive Accounts

Definition: No login or activity for 3 years

What Happens:

Email reminder at 2.5 years
Final notice at 2 years 11 months
If no response, account closed at 3 years
Normal deletion schedule applies

Your VCoins:

Transferred to state unclaimed property
You can still claim through state
Not forfeited or deleted

11.7 Deceased Users

If We Learn You Passed Away:

Options for Family:

Memorialize Account:
- Profile preserved
- No login access
- Public memorial
- Content remains
Delete Account:
- Permanent deletion
- Normal deletion schedule
- Requires death certificate

Family Must Provide:

Proof of death (death certificate)
Proof of authority (executor documents)
Valid ID
Account information

We Cannot:

Provide login access (violates terms)
Share encrypted messages (impossible)
Transfer account to someone else

11.8 Data Portability vs Retention

Exporting Data: You can export your data anytime:

Account information
Content you created
Activity history
Settings and preferences

Export Does Not:

Extend retention periods
Include others' content
Include encrypted message backups
Include deleted items

Format:

JSON (machine-readable)
CSV (spreadsheet)
PDF (human-readable)
Images/videos (original format)

12. YOUR PRIVACY RIGHTS

12.1 Universal Rights (All Users)

These rights apply to ALL users, regardless of location:

Right to Access

What: See what personal data we have about you

How to Exercise:

Go to Settings → Privacy → Download Data
Or email [email protected] with subject "Access Request"
We'll provide within 30 days

What You'll Receive:

Account information
Profile details
Content you created
Transaction history
Usage data
Settings and preferences

Format: JSON, CSV, or PDF

Right to Correction

What: Fix inaccurate or incomplete data

How to Exercise:

Update directly in account settings
Or email [email protected] with corrections

Examples:

Correct misspelled name
Update email address
Fix incorrect birthday
Update profile information

Response Time: Immediate for self-service, 14 days for email requests

Right to Deletion

What: Delete your personal data

How to Exercise:

Settings → Account → Delete Account
Or email [email protected] with subject "Deletion Request"
Confirm identity (security check)
Confirm understanding (data cannot be recovered)

What Gets Deleted:

Account information
Profile and content
Preferences and settings
Most usage data

What Remains:

Financial records (legal requirement)
Fraud prevention records
Blockchain transactions (cannot delete)
Backups (deleted within 90 days)

Response Time: 30 days maximum

Right to Object

What: Object to certain data processing

You Can Object To:

Marketing communications
Non-essential cookies
Orb AI behavioral analysis
Personalized recommendations
Data sharing with partners

How to Exercise:

Opt out in settings
Click "Unsubscribe" in emails
Manage cookie preferences
Email [email protected]

Right to Data Portability

What: Receive your data in portable format

How to Exercise: Settings → Privacy → Export Data

Formats Available:

JSON (for technical users/developers)
CSV (for spreadsheet import)
PDF (for reading/printing)
Original files (images, videos)

Includes:

Your profile information
Posts and content
Connections and interactions
Transaction history
Settings

Does Not Include:

Others' content
System logs
Internal analytics

What: Withdraw consent you previously gave

Examples:

Disable Orb AI
Stop marketing emails
Revoke app permissions
Disconnect social accounts

How to Exercise:

Change in settings (immediate)
Email [email protected]
No penalty for withdrawing

Effect:

Takes effect immediately
Doesn't affect prior processing
May limit functionality

12.2 How to Exercise Your Rights

Self-Service (Fastest)

Settings → Privacy → Your Privacy Rights

Available Options:

Download your data
Delete your account
Manage consent
Cookie preferences
Orb AI controls

Email Request

To: [email protected]
Subject: [Right] Request (e.g., "Access Request")

Include:

Your username or email
Specific right you're exercising
Details of request
Preferred response format

Response Time:

Access request: 30 days
Deletion request: 30 days
Correction request: 14 days
Objection: Immediate to 7 days

Verification Required

To protect your privacy, we verify identity:

Low-Risk Requests: Security questions

High-Risk Requests (deletion, access):

Login to account, or
Answer security questions, or
Provide government ID (last resort)

Authorized Representatives

You can authorize someone to exercise rights on your behalf:

Required:

Written authorization
Your signature
Representative's ID
Valid reason (if requesting for deceased)

13. CHILDREN'S PRIVACY

13.1 Age Requirement

VYRAL is NOT for children under 18.

We:

Do not knowingly collect data from users under 18
Do not target marketing to minors
Require birth date during registration
Verify age claims when suspicious

COPPA Compliance: We comply with Children's Online Privacy Protection Act (COPPA) which protects children under 13.

13.2 If We Discover Underage Users

Our Process:

Suspend account immediately
Delete all personal information within 30 days
Notify parents if contact information available
Prevent future registration

Cannot Delete:

Blockchain transactions (permanent)
Data required for legal compliance

13.3 Parental Rights

If Your Child Used VYRAL:

Email [email protected] with:

Child's username/email
Proof of parent-child relationship
Valid parent ID

We Will:

Delete child's account
Delete personal information
Provide data collected (if requested)
Prevent future use

Response Time: 7 business days

13.4 Age Verification

How We Verify:

Birth date provided during registration
Patterns suggesting underage use
User reports
Suspicious account behavior

If We Suspect Underage:

Request additional verification
Government ID review
Account suspended until verified
Deleted if cannot verify age 18+

14. INTERNATIONAL DATA TRANSFERS

14.1 Where Data is Stored

Primary Servers: United States (AWS US-East-1 and US-West-2)

Your data may be:

Stored in US data centers
Processed by US-based service providers
Accessed by US-based employees
Subject to US laws

14.2 Legal Basis for Transfers

For EU/UK/Swiss Users:

Standard Contractual Clauses (SCCs):

Approved by European Commission
Legally binding data protection obligations
Enforceable rights for data subjects
Available on request: [email protected]

Adequacy Decisions: Where applicable (UK-US, Swiss-US), we rely on adequacy decisions recognizing similar protection levels.

Additional Safeguards:

Encryption in transit and at rest
Access controls and logging
Data minimization
Regular security audits

For Other International Users:

We transfer data based on:

Your consent (by using the service)
Necessity for contract performance
Legitimate business interests
Legal obligations

14.3 Your Rights for International Transfers

EU/UK/Swiss Users Can:

Object to specific transfers
Request transfer details
Request data localization (if technically feasible)
File complaint with supervisory authority

Contact:

Data Protection Officer: [email protected]
EU Representative: [If applicable]

14.4 Government Access

US Government Requests:

Subject to US law (FISA, ECPA, etc.)
We resist overly broad requests
Notify users when legally permitted
Publish transparency report

EU Users: Under GDPR Article 48:

We don't disclose EU user data to US government without proper legal basis
EU user consent or court order required
We challenge invalid requests

14.5 China Data

No Data in China:

We do NOT operate servers in China
We do NOT transfer data to China
Chinese government cannot access user data
May block Chinese users if required for compliance

15. STATE-SPECIFIC PRIVACY RIGHTS

15.1 California Residents (CCPA/CPRA)

Your CCPA Rights:

Right to Know:

What personal information collected
Sources of collection
Business/commercial purposes
Third parties we share with
Specific pieces of data we have

Right to Delete:

Request deletion of personal information
Subject to legal exceptions
Confirmed within 30 days

Right to Opt-Out of Sale:

We DON'T sell personal information
"Do Not Sell My Info" available as confirmation

Right to Non-Discrimination:

No discrimination for exercising rights
Same service quality regardless

Right to Correct:

Correct inaccurate personal information

Right to Limit Sensitive Data:

Limit use of sensitive personal information
Control via settings

Categories We Collect (CCPA Disclosure):

Category	Collected	Business Purpose
Identifiers (name, email)	Yes	Account management
Financial information	Yes	Process payments
Commercial information	Yes	Transaction history
Internet activity	Yes	Platform improvement
Geolocation	Yes (approximate)	Fraud prevention
Sensory data	No	N/A
Professional information	No	N/A
Education information	No	N/A
Inferences	Yes (with consent)	Personalization

How to Exercise CCPA Rights:

Online: Settings → Privacy → California Privacy Rights
Phone: 1-800-XXX-XXXX
Email: [email protected] with subject "CCPA Request"

Verification: We'll verify your identity using:

Account login, or
Security questions, or
Last 4 digits of payment method

Authorized Agent:

Written authorization required
Power of attorney acceptable
Proof of California residency

Response Time: 45 days (extendable to 90 days with notice)

California "Shine the Light" Law:

Annual disclosure of information shared with third parties for marketing.

Request: [email protected] with subject "Shine the Light Request"

Our Disclosure: We don't share personal information for third-party marketing.

15.2 Virginia Residents (VCDPA)

Your Virginia Rights:

Right to access personal data
Right to correct inaccuracies
Right to delete personal data
Right to data portability
Right to opt out of:
- Targeted advertising (not applicable - we don't advertise currently)
- Sale of personal data (we don't sell)
- Profiling for legal/similar effects (not applicable)

How to Exercise: [email protected] with subject "Virginia Privacy Request"

Appeal Process: If request denied:

Email [email protected] within 30 days
We'll respond within 60 days
File complaint with Virginia Attorney General if unsatisfied

15.3 Colorado Residents (CPA)

Your Colorado Rights: Similar to Virginia, plus:

Right to opt out of targeted advertising
Right to opt out of profiling
Right to data portability
Universal opt-out mechanism (honors Global Privacy Control)

How to Exercise: [email protected] with subject "Colorado Privacy Request"

15.4 Connecticut Residents (CTDPA)

Your Connecticut Rights:

Access personal data
Correct inaccuracies
Delete personal data
Data portability
Opt out of targeted advertising and sale

How to Exercise: [email protected] with subject "Connecticut Privacy Request"

15.5 Utah Residents (UCPA)

Your Utah Rights:

Access personal data
Delete personal data
Data portability
Opt out of targeted advertising and sale

How to Exercise: [email protected] with subject "Utah Privacy Request"

Note: Utah law has fewer requirements than other state laws. Effective date: December 31, 2023.

15.6 Other States

As more states pass privacy laws, we'll update this policy and provide required rights.

Currently monitoring:

Massachusetts
New York
Washington
Oregon
Nevada (has limited opt-out rights)

16. THIRD-PARTY SERVICES

16.1 Service Providers We Use

We share data with third parties who help operate VYRAL. Each has own privacy policy:

Payment Processing

Stripe - stripe.com/privacy

Credit card processing
PCI DSS compliant
Receives: Payment info, billing address
Purpose: Process VCoin purchases
Retention: Per Stripe policy

Identity Verification

Onfido - onfido.com/privacy-policy

KYC/AML verification
ID document verification
Receives: Government ID, selfie, personal info
Purpose: Verify identity for withdrawals >$10K
Retention: 5 years (AML requirement)

Jumio - jumio.com/legal-information/privacy-policy

Alternative KYC provider
Same purpose as Onfido
Used based on region/availability

Infrastructure

Amazon Web Services (AWS) - aws.amazon.com/privacy

Cloud hosting
Storage and computing
Receives: All platform data
Purpose: Host platform
Location: US-East-1, US-West-2

Cloudflare - cloudflare.com/privacypolicy

Content delivery network
DDoS protection
Receives: IP addresses, request data
Purpose: Protect and accelerate platform
Caching: 30 days

Analytics

Google Analytics - policies.google.com/privacy

Usage analytics
Anonymized data
Receives: Page views, clicks, sessions
Purpose: Understand platform usage
Opt-out: Cookie controls or browser extension

Mixpanel - mixpanel.com/legal/privacy-policy

Product analytics
Feature usage tracking
Receives: User interactions, feature adoption
Purpose: Improve product
Opt-out: Settings → Privacy → Analytics

Communication

SendGrid (Twilio) - sendgrid.com/policies/privacy

Email delivery
Transactional and marketing emails
Receives: Email addresses, message content
Purpose: Send emails
Opt-out: Email preferences

Zendesk - zendesk.com/company/agreements-and-terms/privacy-policy

Customer support platform
Receives: Support inquiries, account info
Purpose: Manage support tickets
Retention: 3 years

Security

Sentry - sentry.io/privacy

Error tracking and monitoring
Receives: Error logs, stack traces, device info
Purpose: Identify and fix bugs
Retention: 90 days

16.2 Third-Party Links

External Links: Platform may contain links to external websites:

We don't control these websites
Not responsible for their privacy practices
Read their privacy policies before providing data
Clicking link doesn't imply endorsement

Examples:

Social media profiles
News articles
External tools/resources
Partner websites

If You Connect Social Accounts:

We May Receive:

Basic profile info (name, photo)
Email address
Friend lists (with permission)
Public posts (with permission)

We Won't:

Post on your behalf without permission
Access private messages
Share your VYRAL data with social networks
Follow/unfollow people without permission

You Control:

Disconnect anytime in settings
Revoke permissions in social network
Data collected before disconnect stays

16.4 Embedded Content

Third-Party Embeds:

YouTube videos
Twitter tweets
Instagram posts
Other social media content

Privacy Impact:

Third party may set cookies
May track that you viewed embed
Subject to their privacy policy
Use incognito/private mode if concerned

We Don't Control:

What data they collect
How they use it
Their tracking practices

16.5 Blockchain Explorers

Public Blockchain Data: Anyone can view your transactions on:

Solscan (solscan.io)
Solana Explorer (explorer.solana.com)
Other blockchain explorers

These Sites:

Not affiliated with VYRAL
Display public blockchain data
Have own privacy policies
May use cookies/tracking

16.6 Decentralized Exchanges (Post-Launch)

When Trading VCoins on DEXs:

Decentralized (not controlled by anyone)
Non-custodial (you control funds)
Trades are public blockchain transactions
DEX interfaces may have tracking
Read DEX privacy policy/terms

Popular DEXs:

Raydium
Jupiter
Orca

16.7 Data Processing Agreements

All Service Providers Sign:

Data Processing Agreement (DPA)
Commits to GDPR/CCPA compliance
Requires data security measures
Prohibits unauthorized use
Allows audits

Available on Request: Email [email protected] for DPA copies.

17. CHANGES TO THIS PRIVACY POLICY

17.1 When We Update

We May Update When:

Laws change
We add new features
We change data practices
Industry best practices evolve
User feedback suggests improvements

17.2 How We Notify You

For Material Changes:

Email to registered address (at least 30 days advance)
Prominent notice on platform
Pop-up notification on next login
Summary of changes provided

For Minor Changes:

Updated "Last Updated" date
Posted on website
No individual notification

17.3 What Constitutes "Material Change"

Material Changes Include:

New categories of data collected
New purposes for using data
New third parties we share with
Reduced user rights
Significant security changes
Changes to data retention

Non-Material Changes:

Clarifications
Formatting improvements
Contact information updates
Adding examples
Fixing typos

17.4 Your Acceptance

Continued Use = Acceptance: By continuing to use VYRAL after changes take effect, you accept updated policy.

If You Don't Accept:

Stop using VYRAL
Delete your account before changes take effect
Withdraw VCoins before deletion

Timeframe: 30 days to decide after material change notification.

17.5 Previous Versions

Access Old Versions:

vyral.social/privacy-history
Contact [email protected]

Archived:

All prior versions
Effective dates
Summary of changes

18. CONTACT US

18.1 Privacy Questions

General Privacy Inquiries: Email: [email protected]
Response Time: 5 business days

Data Protection Officer: Email: [email protected]
(For GDPR/serious privacy matters)

Privacy Rights Requests: Email: [email protected]
Subject: [Specific Right] Request
Response Time: 30 days maximum

18.2 Mailing Address

Vyral, Inc. Attn: Privacy Department
32 N Gould St. Sheridan, WY 82801 United States

18.4 Supervisory Authorities

If You're Unsatisfied: You have the right to file complaint with your data protection authority:

EU Users: Find your authority: edpb.europa.eu/about-edpb/board/members_en

UK Users: Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113

California Users: California Attorney General
Website: oag.ca.gov/privacy
Privacy Enforcement Section

18.5 Security Concerns

Security Issues: Email: [email protected]
(For vulnerability reports, suspected breaches, security questions)

Bug Bounty: Email: [email protected]
(Responsible disclosure of security vulnerabilities)

EFFECTIVE DATE & ACKNOWLEDGMENT

This Privacy Policy is effective as of Septemebr 29, 2025.

By using VYRAL, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

Last Updated: Septemebr 29, 2025 Version: 1.0