SODU, INC.

PRIVACY POLICY

Last updated: [September,17,2025]

Sodu, Inc. (“Sodu”, “we”, “us”, “our”) operates gosodu.com and the Sodu mobile apps (iOS and Android), together the “Platform.” This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use the Platform, purchase products, or interact with us. By using the Platform, you agree to this Policy.

If you do not agree, please do not use the Platform.

1. Who we are and how to contact us

• Controller: Sodu, Inc., a Delaware corporation (File No. 10292899)

• Address: 1111B S Governors Ave STE 29775, Dover, DE 19904, USA

• Email: privacy@gosodu.com

• Support: support@gosodu.com

• Data protection contact: privacy@gosodu.com

2. What we collect
   A) Information you provide

• Account and identity data: name, business name, role/title, email, phone, password, addresses.

• KYC/AML data: government IDs, corporate registration docs, tax numbers, sanctions screening info (where legally required).

• Order and payment data: purchase history, invoices, billing, shipping details. If you pay by card/Apple Pay/Google Pay, our PCI‑DSS compliant processors collect card details; we receive tokens/transaction IDs, not full card numbers.

• Communications: emails, chat, support tickets, feedback, and call notes.

• Compliance submissions: product certifications, import permits, or destination‑country compliance documents you upload.

B) Information we collect automatically

• Device and usage data: IP address, device identifiers, OS/browser type/version, app version, language, time zone, referring URLs, pages/screens viewed, clicks, session duration.

• Log data: timestamps, diagnostics, performance metrics, crash data.

• Location: rough location from IP; if you enable precise location in the app, we may collect it for delivery or fraud prevention purposes.

C) Information from third parties

• Payment processors: payment status, tokens, chargeback info.

• KYC/AML providers: sanctions/PEP screening results, identity verification status.

• Logistics partners: shipment tracking events, delivery confirmations.

• Marketing and analytics partners: campaign attribution and engagement metrics.

3. How we use your information
   We process personal data for:

• Account creation and management.

• KYC/AML, sanctions screening, and fraud prevention.

• Order processing, fulfillment, logistics, export/customs clearance, and delivery updates.

• Payments processing and billing; handling refunds, chargebacks, and disputes.

• Customer support and service communications.

• Platform operation, security, debugging, and performance monitoring.

• Product improvement, analytics, and personalization (e.g., saved preferences).

• Marketing communications with your consent or as permitted by law; you can opt out anytime.

• Legal compliance, enforcement of our Terms, and protection of our rights and users.

Legal bases (where applicable, e.g., GDPR):

• Contract performance (providing the Platform, processing orders)

• Legitimate interests (security, fraud prevention, product improvement, B2B marketing)

• Legal obligations (KYC/AML, tax and accounting)

• Consent (optional analytics, marketing where required, precise location if enabled)

4. Cookies and similar technologies
   We use cookies, SDKs, pixels, and similar technologies to:

• Keep you signed in and remember preferences

• Analyze usage and improve features

• Measure campaigns and prevent fraud

Manage cookies:

• Web: Adjust settings via our Cookie Banner/Preferences Center and your browser settings.

• Mobile apps: Use your device settings to control advertising identifiers and permissions.

See our Cookie Notice for details: https://gosodu.com/cookies

5. How we share information
   We do not sell personal data. We share data with:

• Service providers/processors: hosting, cloud, analytics, payment processing, KYC/AML screening, communications, customer support, logistics, and security vendors bound by contracts to process data only on our instructions.

• Logistics and trade partners: factories, freight forwarders, carriers, customs brokers, and insurers to fulfill your orders and arrange export/customs clearance and freight.

• Professional advisors and auditors: legal, accounting, compliance.

• Corporate transactions: in connection with a merger, acquisition, financing, or sale of assets (your data may be transferred as part of the transaction).

• Legal and safety: to comply with laws, lawful requests, and legal processes; to protect rights, safety, and prevent fraud/abuse.

We may disclose aggregated or de‑identified information that does not identify you.

6. International transfers
   We operate globally and may transfer personal data to countries that may have different data protection laws than your country. Where required, we implement appropriate safeguards (e.g., Standard Contractual Clauses for EU/UK data) and technical measures to protect your data. You can contact us for a copy of applicable safeguards.

7. Data retention
   We keep personal data only as long as necessary for the purposes described in this Policy, including:

• Account data: for the life of the account and a reasonable period after closure.

• Order, billing, and logistics records: typically 7–10 years for tax, accounting, and regulatory requirements.

• KYC/AML records: as required by law (often 5–10 years after the relationship ends).

• Marketing data: until you opt out or your data becomes inactive for a defined period.
  We will securely delete or de‑identify data when it is no longer needed.

8. Your rights and choices
   Depending on your location, you may have rights to:

• Access and get a copy of your data

• Correct inaccurate data

• Delete your data

• Restrict or object to processing

• Port your data to another service

• Withdraw consent where processing is based on consent

• Opt out of marketing communications at any time

How to exercise:

• Email privacy@gosodu.com with your request and the email/phone tied to your account.

• In the app or website, use available account and privacy settings.
  We may need to verify your identity and, for some requests, confirm authorization (e.g., for corporate accounts). We will not discriminate against you for exercising your rights.

California (CCPA/CPRA) notice:

• We do not “sell” personal information as defined by CCPA, nor do we “share” it for cross‑context behavioral advertising without your opt‑in where required.

• Categories collected: identifiers, commercial info, internet activity, geolocation (approximate), professional info, inferences (limited), and KYC data where applicable.

• Sensitive data: limited to identity/KYC information for compliance and payments tokens; used only for permitted purposes.

• You can exercise your rights via privacy@gosodu.com.

EU/UK GDPR:

• Sodu, Inc. is the controller. Where required, we will appoint an EU/UK representative and list them here: [Add if applicable].

• You can lodge a complaint with your local supervisory authority, but we encourage you to contact us first.

9. Security
   We implement administrative, technical, and physical safeguards designed to protect personal data, including encryption in transit, access controls, logging, and vendor due diligence. No system is 100% secure; you are responsible for maintaining the security of your account credentials and devices.

10. Children’s privacy
    Our Platform is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child provided us data, contact privacy@gosodu.com and we will delete it.

11. Third‑party links and integrations
    The Platform may contain links to third‑party sites or integrate third‑party SDKs (e.g., payments, analytics, crash reporting). Their privacy practices are governed by their own policies. Review those policies before providing data to them.

12. App‑specific disclosures

• Apple Pay/Google Pay: If enabled, payments are processed by Apple/Google and your card issuer. We receive confirmation of payment and tokens, not full card details.

• Permissions: The app may request permissions (e.g., notifications, camera for document uploads, location for delivery/fraud prevention). You can change permissions in your device settings. If you deny certain permissions, some features may be limited.

• Crash analytics and diagnostics: We may use crash reporting tools to improve app stability.

13. Region‑specific notices

• Middle East/Africa operations: We process data to arrange Egyptian export/customs clearance and cross‑border logistics. This may require sharing business contact and shipment details with customs brokers and authorities in origin and destination countries.

• If local law requires a dedicated grievance officer or contact, we will list them here: [Add if applicable].

14. Changes to this Policy
    We may update this Policy from time to time. We will post the updated Policy with a new “Last updated” date and, where required, provide notice in‑app or by email. Your continued use of the Platform after an update means you accept the changes.

15. How to contact us

• Email: privacy@gosodu.com

• Postal: Sodu, Inc., 1111B S Governors Ave STE 29775, Dover, DE 19904, USA

• In‑app: Use the Help/Support section