Privacy & Cookie Policy (GDPR + US State Privacy) — SoulMaple
Effective date: 2026-03-02
This policy explains how MB Amevo ("SoulMaple", "we", "us") processes personal data and uses cookies/tracking technologies.
1. Data controller
Controller: MB Amevo
Address: Amevo I. Kanto g. 11-25, Vilnius, Lithuania
Email: hi@soulmaple.com
2. Data categories
- Account data (name, email, credentials)
- Profile data (birth date, country, interests, user-provided text)
- Uploaded content (e.g., palm photos)
- Billing metadata (subscription plan/status/invoice metadata; card details are processed by Stripe)
- Technical/security data (IP, device/browser info, logs, events)
- Support communications
3. Purposes and legal bases (GDPR Art. 6)
- Service delivery and personalization (contract)
- Billing, invoicing, tax/accounting (contract, legal obligation)
- Security/fraud prevention (legitimate interests)
- Product analytics and quality (legitimate interests / consent where required)
- Marketing communications (consent or soft opt-in where lawful)
- Legal compliance/claims defense (legal obligation, legitimate interests)
4. AI processing notice
SoulMaple reports are generated with AI assistance using user-provided inputs. Outputs are interpretive and informational. Processing is used to deliver requested service features and improve service safety/quality.
5. Sensitive data note
Please avoid submitting unnecessary special category data. If such data appears in user-provided content, processing is limited to providing requested service and legal/security purposes.
6. Recipients/processors
We may share data with:
- Stripe (payments/fraud prevention)
- Hosting/cloud/infrastructure providers
- Email/notification providers
- Analytics/security providers
- Professional advisers and public authorities where legally required
7. International transfers
Where data is transferred outside EEA/UK, we apply safeguards (e.g., SCCs, adequacy decisions, or equivalent lawful mechanisms).
8. Retention
Typical retention:
- account/profile: account lifetime + up to 24 months after closure,
- billing/accounting records: up to 10 years (where legally required),
- security logs: typically 30–180 days (longer for incidents),
- support records: up to 24 months,
- consent records: until withdrawal + up to 5 years for compliance evidence.
We may keep data longer where required by law or dispute/fraud handling.
9. GDPR/EEA rights
You may request access, rectification, erasure, restriction, portability, objection, and consent withdrawal (for consent-based processing).
Requests are handled within statutory timelines (normally within 30 days, subject to lawful extensions).
10. US state privacy notice (incl. California)
Depending on your state, you may have rights to:
- know/access categories and specific personal data,
- correct inaccurate personal data,
- delete personal data (subject to legal exceptions),
- opt out of targeted advertising or certain data sharing,
- non-discrimination for exercising privacy rights,
- appeal denied requests (where required by state law).
SoulMaple does not sell personal data for monetary consideration.
To exercise privacy rights, contact hi@soulmaple.com.
11. Security
We use reasonable technical and organizational safeguards (access controls, role separation, transport encryption, logging), but no system is risk-free.
12. Children
Service is not intended for persons under 18.
13. Automated processing
Personalization/report generation may involve automated processing, but not legally significant automated decision-making about your legal rights.
14. Complaints
You may lodge a complaint with your local supervisory authority.
15. Changes
We may update this Policy and publish the latest effective date.
16. Contact
Privacy/cookie/data rights requests: hi@soulmaple.com