1. Scope & Commitment
Pangolin by Synsoft Global ("Company," "we," "our," "us") is committed to protecting user privacy and complying with global privacy laws including:
- CCPA / CPRA (California)
- GDPR (EU/EEA)
- COPPA (Children under 13)
- FTC Act (U.S.)
This policy applies to our mobile apps, and web platform.
2. Data We Collect (Detailed Categories)
2.1 Identifiers
Name, email, username, IP address, device IDs
2.2 Commercial Information
Subscription data, purchases, transactions
2.3 Biometric / Media Content
Photos, videos, audio (only if uploaded)
2.4 Internet Activity
Clicks, session data, browsing behavior
2.5 Geolocation
Precise (with consent) or approximate
2.6 Sensitive Personal Information (CPRA)
- Location
- Messages (private communications)
- Account credentials
3. Legal Bases for Processing (GDPR)
We process data under:
- Consent
- Contractual necessity
- Legal obligation
- Legitimate interests
4. Cookies & Tracking (Full Disclosure)
We use:
- Essential cookies: login/authentication
- Analytics cookies: usage tracking
- Advertising cookies: personalized ads
Cookie Consent
Users are presented with a consent banner (where required).
5. Data Sharing & Selling
We may share data with:
- Cloud providers (AWS, GCP, etc.)
- Analytics (Google Analytics, etc.)
- Ad partners (Meta, Google Ads)
Sale/Sharing (CCPA Definition)
We may "share" data for advertising purposes.
Users can opt out via:
- "Do Not Sell or Share" link
6. User Rights (Global)
U.S. (CCPA/CPRA)
- Access
- Deletion
- Correction
- Opt-out of sale
EU (GDPR)
- Right to access
- Right to erasure ("right to be forgotten")
- Data portability
- Restrict processing
Requests
Email: pangolin@synsoftglobal.com
7. Data Retention Policy
- Active accounts: retained continuously
- Deleted accounts: removed within 30–90 days
- Legal obligations may extend retention
8. Data Security (Enterprise Standard)
We implement:
- Encryption (AES-256 at rest, TLS in transit)
- Access controls (RBAC)
- Regular audits and penetration testing
9. Children's Privacy (COPPA)
- Under 13: prohibited
- Ages 13–17: parental consent required (where applicable)
10. International Transfers
Data may be transferred to U.S. servers.
We use safeguards such as:
- Standard Contractual Clauses (SCCs)
11. Third-Party Integrations
Includes:
- Social login providers
- Payment processors
- Advertising SDKs
We are not responsible for third-party policies.
12. Data Breach Notification
We will notify users and authorities as required by law.
13. Changes to Policy
Material changes will be notified via app/email.