SUNJA LIVE - PRIVACY POLICY

Protecting Your Privacy While Enabling Global Creative Expression

Company: Sunja Labs Private Limited
Address: Ranchi, Jharkhand, India
Platform: Sunja Live
Effective Date: 21st August, 2025
Last Updated: 21st August, 2025

🛡️ OUR COMMITMENT TO YOUR PRIVACY

At Sunja Live, we believe that privacy is a fundamental right. We are committed to being transparent about how we collect, use, and protect your information while providing you with an exceptional streaming and content creation experience. This Privacy Policy explains our practices in clear, understandable language.

📋 What This Policy Covers

This Privacy Policy applies to all users of Sunja Live, including:

  • Live Streamers and Short-Form Creators
  • Viewers and Subscribers
  • Website Visitors and App Users
  • All interactions with our platform, services, and communications

📊 INFORMATION WE COLLECT

🔍 Information You Provide Directly

Account Registration:

  • Basic Information: Name, email address, phone number, date of birth
  • Profile Information: Username, profile picture, bio, preferences
  • Verification Documents: Government-issued ID, address proof (for creators)
  • Communication Preferences: Notification settings, language preferences

Creator-Specific Information:

  • Tax Information: PAN (India), TIN/SSN (International), tax residency certificates
  • Banking Details: Account information for revenue sharing payments
  • Identity Verification: Enhanced KYC documents per regulatory requirements
  • Professional Information: Content categories, streaming schedule, collaboration preferences

Payment Information:

  • Billing Details: Credit/debit card information, billing address, payment history
  • Subscription Data: Plan selection, payment dates, transaction records
  • Digital Wallet: UPI, PayPal, or other payment method identifiers
  • Tax Documentation: GST numbers (if applicable), tax exemption certificates

🤖 Information We Collect Automatically

Device and Technical Information:

  • Device Data: Device type, operating system, browser type, IP address
  • Usage Analytics: Pages visited, features used, time spent on platform
  • Performance Data: Video quality, streaming stability, connection speed
  • Log Information: Access times, error logs, crash reports

Location Information:

  • IP-Based Location: For tax compliance (GST place of supply determination)
  • Approximate Location: For content personalization and regional compliance
  • Precise Location: Only with explicit consent for location-based features
  • VPN Detection: For compliance and security purposes

Content Interaction Data:

  • Viewing History: Content watched, watch time, engagement patterns
  • Creator Interactions: Follows, likes, comments, shares, tips
  • Search and Discovery: Search queries, content preferences, recommendations
  • Live Stream Data: Chat participation, real-time interactions, audience insights

🔗 Information from Third Parties

Payment Processors:

  • Transaction Data: Payment confirmations, refund processing, fraud detection
  • Verification Information: Identity verification results from Payment Gateways like Razorpay/Stripe
  • Risk Assessment: Fraud and security risk indicators

Social Media Integration:

  • Profile Information: If you choose to link social media accounts
  • Public Content: Only content you explicitly authorize us to access
  • Friend/Contact Lists: Only with your explicit consent

Analytics and Marketing Partners:

  • Performance Metrics: App performance, user engagement analytics
  • Marketing Effectiveness: Campaign performance, conversion tracking
  • Audience Insights: Demographic and interest information (anonymized)

🎯 HOW WE USE YOUR INFORMATION

🚀 Core Platform Services

Account Management and Authentication:

  • Creating and maintaining your user account
  • Verifying your identity and preventing unauthorized access
  • Providing customer support and technical assistance
  • Enabling platform features and personalization

Content Delivery and Streaming:

  • Delivering live streams and short-form content
  • Optimizing video quality based on your connection
  • Providing content recommendations and discovery
  • Enabling real-time interactions and community features

Creator Services:

  • Processing revenue sharing payments
  • Providing analytics and performance insights
  • Facilitating creator-viewer interactions
  • Supporting content creation tools and features

💰 Payment and Financial Services

Transaction Processing:

  • Processing payments for subscriptions and pay-per-view content
  • Managing billing cycles and payment methods
  • Handling refunds per our refund policy
  • Detecting and preventing payment fraud

Tax Compliance:

  • GST Place of Supply Determination: Using 6-criteria analysis for tax compliance
  • Creator Tax Obligations: TDS processing for Indian creators, withholding tax for international creators
  • Financial Reporting: Generating tax forms and compliance documentation
  • Regulatory Compliance: Meeting Indian and international tax requirements

🛡️ Safety and Security

Platform Security:

  • Detecting and preventing fraud, spam, and abuse
  • Monitoring for prohibited content and community guideline violations
  • Protecting against unauthorized access and data breaches
  • Maintaining platform integrity and user safety

Content Moderation:

  • Automated content scanning for prohibited material
  • Age verification and parental control enforcement
  • Community guideline enforcement and appeals processing
  • Crisis response and user safety support

📈 Analytics and Improvement

Platform Enhancement:

  • Analyzing usage patterns to improve features and performance
  • Understanding user preferences for content recommendation improvements
  • Identifying technical issues and optimizing platform stability
  • Developing new features based on user needs and feedback

Business Analytics:

  • Understanding platform usage and growth trends
  • Measuring content performance and creator success
  • Analyzing market trends and user demographics
  • Supporting business development and partnership decisions

🤝 HOW WE SHARE YOUR INFORMATION

🔧 Service Providers and Partners

Payment Processing Partners:

  • Razorpay (India): Payment processing, fraud detection, compliance
  • Stripe (International): Global payment processing, currency conversion
  • Banking Partners: Direct deposit processing for creator payments
  • Tax Service Providers: Compliance reporting and documentation

Technology and Infrastructure:

  • Cloud Storage Providers: Secure data storage and content delivery
  • Analytics Services: Platform performance and user experience analysis
  • Security Services: Fraud detection, cybersecurity monitoring
  • Communication Services: Email delivery, SMS verification, customer support

Content and Moderation Services:

  • Content Delivery Networks: Global content distribution and streaming
  • AI Moderation Tools: Automated content scanning and safety monitoring
  • Human Moderation Teams: Professional content review and community management
  • Translation Services: Multi-language support and localization

⚖️ Legal and Regulatory Requirements

Government and Law Enforcement:

  • Legal Compliance: When required by valid legal process or court orders
  • Regulatory Reporting: Tax authorities, financial regulators, content oversight bodies
  • Law Enforcement: Cooperation with valid investigations related to platform safety
  • National Security: Compliance with applicable national security requirements

Tax and Financial Authorities:

  • Indian Tax Authorities: GST compliance, TDS reporting, financial transaction reporting
  • International Tax Authorities: Withholding tax compliance, DTAA documentation
  • Financial Intelligence Units: Anti-money laundering and suspicious transaction reporting
  • Regulatory Audits: Cooperation with platform compliance and financial audits

🏢 Business Transactions

Corporate Changes:

  • Mergers and Acquisitions: Due diligence and integration processes
  • Asset Sales: Transfer of platform assets and associated user data
  • Restructuring: Corporate reorganization while maintaining privacy protections
  • Bankruptcy Proceedings: Court-supervised asset distribution if applicable

🛡️ Safety and Protection

User Safety:

  • Emergency Services: When user safety is at immediate risk
  • Child Protection: Reporting to appropriate authorities when required by law
  • Crisis Response: Mental health emergencies and suicide prevention
  • Platform Security: Sharing threat information with cybersecurity partners

🌍 INTERNATIONAL DATA TRANSFERS

📡 Cross-Border Data Processing

Data Localization Compliance:

  • Critical Personal Data: Stored within India per DPDP Act 2023 requirements
  • Sensitive Personal Data: Processed locally with enhanced security measures
  • General Data: May be processed globally with appropriate safeguards
  • Creator Payment Data: Processed across jurisdictions for international payments

International Transfer Safeguards:

  • Adequacy Decisions: Transfers to countries with adequate privacy protection
  • Standard Contractual Clauses: European Commission approved data transfer agreements
  • Binding Corporate Rules: Internal privacy frameworks for corporate data sharing
  • Certification Programs: Industry-standard privacy certification compliance

🔒 Regional Compliance Frameworks

European Union (GDPR):

  • Lawful Basis: Clear legal basis for all data processing activities
  • Data Subject Rights: Full implementation of EU privacy rights
  • Data Protection Officer: Designated DPO for EU data protection matters
  • Privacy by Design: Built-in privacy protections in all platform features

India (DPDP Act 2023):

  • Data Fiduciary Obligations: Compliance with Indian data protection requirements
  • Consent Management: Granular consent collection and management systems
  • Data Principal Rights: Implementation of Indian privacy rights framework
  • Data Localization: Critical personal data storage within India

United States (CCPA/CPRA):

  • Consumer Privacy Rights: California privacy rights implementation
  • Data Sale Restrictions: Compliance with data sale limitations and opt-out requirements
  • Sensitive Data Protection: Enhanced protections for sensitive personal information
  • Third-Party Data Sharing: Transparent disclosure of data sharing practices

🎛️ YOUR PRIVACY RIGHTS AND CONTROLS

🔧 Account and Data Management

Access and Portability:

  • Data Download: Complete copy of your personal data in portable format
  • Account Information: Access to all account data and settings
  • Usage History: Complete viewing and interaction history
  • Creator Analytics: Full access to creator performance and earnings data

Correction and Updates:

  • Profile Information: Edit name, contact information, preferences
  • Payment Methods: Update billing information and payment preferences
  • Tax Information: Update tax identification and residency status
  • Content Preferences: Modify recommendation settings and content filters

Deletion and Removal:

  • Account Deletion: Complete account closure with data deletion
  • Content Removal: Delete your uploaded content and interactions
  • Selective Deletion: Remove specific data categories while maintaining account
  • Right to Erasure: EU-style "right to be forgotten" implementation

🚫 Consent and Opt-Out Controls

Marketing Communications:

  • Email Preferences: Granular control over email notifications and marketing
  • SMS/Text Messages: Opt-out of non-essential text communications
  • Push Notifications: Control app notifications and alerts
  • Personalized Advertising: Opt-out of targeted advertising

Data Processing Consent:

  • Optional Features: Consent for non-essential platform features
  • Analytics Participation: Opt-out of detailed usage analytics
  • Research Participation: Control participation in platform research and studies
  • Third-Party Integrations: Manage connected accounts and data sharing

🌍 Regional Privacy Rights

European Union Rights (GDPR):

  • Right of Access: Obtain confirmation and copy of personal data processing
  • Right to Rectification: Correct inaccurate or incomplete personal data
  • Right to Erasure: Delete personal data under specific circumstances
  • Right to Restrict Processing: Limit how we process your personal data
  • Right to Data Portability: Receive personal data in machine-readable format
  • Right to Object: Object to processing for specific purposes
  • Rights Related to Automated Decision-Making: Protection against automated profiling

California Rights (CCPA/CPRA):

  • Right to Know: Detailed information about personal information collection and use
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt-out of sale or sharing of personal information
  • Right to Non-Discrimination: Equal service regardless of privacy rights exercise
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Limit Use: Restrict use of sensitive personal information

Indian Rights (DPDP Act 2023):

  • Right to Information: Details about personal data processing
  • Right to Correction: Correct inaccurate or misleading personal data
  • Right to Erasure: Delete personal data under specified circumstances
  • Right to Grievance Redressal: Access to complaint resolution mechanisms
  • Right to Nominate: Designate nominees for data principal rights

👶 CHILDREN'S PRIVACY PROTECTION

🔒 Age Verification and Protection

Platform Age Requirements:

  • Creators: Minimum 18 years old with enhanced identity verification
  • Viewers: Minimum 13 years old with parental consent for under-18 users
  • Payment Access: Adult supervision required for payment-related activities
  • Content Rating: Age-appropriate content classification and filtering

Parental Consent and Controls:

  • Verifiable Consent: Robust parental consent verification processes
  • Family Accounts: Parental oversight and control features
  • Content Filtering: Age-appropriate content discovery and access controls
  • Time Limits: Parental controls for usage time and scheduling

🛡️ Enhanced Protection Measures

Data Minimization for Minors:

  • Limited Collection: Minimal data collection necessary for service provision
  • No Behavioral Advertising: Prohibition on targeted advertising to minors
  • Restricted Features: Age-appropriate feature access and limitations
  • Enhanced Security: Additional security measures for accounts with minors

COPPA Compliance (US Users Under 13):

  • No Data Collection: No personal information collection from children under 13
  • Parental Notification: Clear notification of data practices to parents
  • Consent Mechanisms: Robust parental consent for any data collection
  • Special Protections: Enhanced privacy protections for child users

🔐 DATA SECURITY AND PROTECTION

🛡️ Technical Safeguards

Data Encryption:

  • Data in Transit: End-to-end encryption for all data transmission
  • Data at Rest: Advanced encryption for stored personal information
  • Payment Security: PCI DSS compliance for payment data protection
  • Key Management: Secure cryptographic key management systems

Access Controls:

  • Role-Based Access: Strict employee access controls based on job requirements
  • Multi-Factor Authentication: Required for all administrative access
  • Audit Trails: Comprehensive logging of all data access and modifications
  • Regular Access Reviews: Periodic review and validation of access permissions

Infrastructure Security:

  • Secure Data Centers: SOC 2 compliant hosting facilities
  • Network Security: Advanced firewalls, intrusion detection, and prevention systems
  • Vulnerability Management: Regular security assessments and penetration testing
  • Incident Response: 24/7 security monitoring and incident response capabilities

🚨 Data Breach Response

Detection and Assessment:

  • Real-Time Monitoring: Continuous monitoring for security threats and breaches
  • Risk Assessment: Immediate evaluation of potential impact and severity
  • Containment: Rapid response to contain and mitigate security incidents
  • Investigation: Thorough investigation of breach causes and scope

Notification Procedures:

  • User Notification: Prompt notification to affected users of security incidents
  • Regulatory Reporting: Compliance with data breach notification requirements
  • Transparency Reports: Public reporting of security incidents and responses
  • Support Services: Identity protection and support services for affected users

📅 DATA RETENTION AND DELETION

Retention Periods

Account Data:

  • Active Accounts: Retained while account remains active and functional
  • Inactive Accounts: Deleted after 3 years of inactivity with prior notice
  • Deleted Accounts: Personal data deleted within 30 days of account closure
  • Legal Retention: Extended retention when required by law or legal proceedings

Content and Interaction Data:

  • User Content: Retained according to user preferences and platform policies
  • Viewing History: Retained for recommendation purposes, deletable by user
  • Chat and Comments: Retained for community safety, with user deletion options
  • Creator Analytics: Retained for business purposes with anonymization options

Financial and Tax Data:

  • Payment Records: Retained for 7 years per financial record-keeping requirements
  • Tax Documentation: Retained per applicable tax law requirements
  • Compliance Records: Retained for regulatory audit and compliance purposes
  • Fraud Prevention: Retained for fraud detection and prevention purposes

🗑️ Data Deletion Procedures

User-Initiated Deletion:

  • Immediate Deletion: Personal preferences, non-essential data deleted immediately
  • Staged Deletion: Account data deleted in stages over 30-day period
  • Verification Process: Identity verification required for major deletion requests
  • Recovery Period: Limited recovery window for accidental deletion requests

Automatic Deletion:

  • Expired Data: Automatic deletion of data beyond retention periods
  • Anonymization: Personal identifiers removed from analytics and research data
  • Secure Disposal: Cryptographic deletion and secure media destruction
  • Certification: Documentation of deletion processes for compliance verification

🍪 COOKIES AND TRACKING TECHNOLOGIES

🔧 Types of Cookies and Tracking

Essential Cookies:

  • Authentication: Maintaining user login sessions and account security
  • Security: Fraud detection, bot prevention, and platform security
  • Platform Functionality: Core features like video playback and content delivery
  • Error Reporting: Technical diagnostics and platform performance monitoring

Analytics and Performance:

  • Usage Analytics: Understanding platform usage patterns and feature adoption
  • Performance Monitoring: Tracking platform speed, reliability, and user experience
  • A/B Testing: Comparing different platform features and user interfaces
  • Crash Reporting: Identifying and resolving technical issues and bugs

Personalization and Recommendations:

  • Content Preferences: Remembering user content preferences and settings
  • Recommendation Engine: Improving content discovery and personalization
  • Language and Region: Maintaining user language and regional preferences
  • Accessibility Settings: Preserving accessibility preferences and accommodations

⚙️ Cookie Management and Controls

Browser Controls:

  • Cookie Settings: Instructions for managing cookies in different browsers
  • Opt-Out Tools: Browser-based tools for limiting tracking and data collection
  • Do Not Track: Honoring browser Do Not Track signals where technically feasible
  • Third-Party Blocking: Options for blocking third-party cookies and trackers

Platform Controls:

  • Privacy Dashboard: Centralized control over tracking and personalization settings
  • Granular Consent: Specific consent options for different types of tracking
  • Opt-Out Links: Easy access to opt-out of non-essential tracking
  • Regular Reminders: Periodic reminders about privacy settings and controls

📞 CONTACT US AND PRIVACY SUPPORT

🛠️ Privacy Support Channels

General Privacy Inquiries:

  • Email: info@sunja.co
  • Response Time: 5-7 business days for standard inquiries
  • Priority Support: Expedited response for urgent privacy concerns
  • Multi-Language Support: Support available in major regional languages

Data Subject Rights Requests:

  • Email: info@sunja.co
  • Web Portal: Online forms for privacy rights requests
  • Verification Process: Identity verification required for data access requests
  • Response Timeline: 30 days for standard requests, expedited for urgent matters

Regional Privacy Officers:

  • EU Data Protection Officer: info@sunja.co
  • India Privacy Officer: info@sunja.co
  • US Privacy Contact: info@sunja.co
  • General Counsel: info@sunja.co

🚨 Emergency Privacy Contacts

Urgent Safety Concerns:

  • 24/7 Safety Line: info@sunja.co
  • Child Safety: info@sunja.co
  • Security Incidents: info@sunja.co
  • Law Enforcement Coordination: info@sunja.co

Regulatory and Compliance:

  • Regulatory Affairs: info@sunja.co
  • Tax and Financial Compliance: info@sunja.co
  • Content Compliance: info@sunja.co
  • International Compliance: info@sunja.co

📋 UPDATES AND CHANGES TO THIS POLICY

🔄 Policy Update Process

Regular Reviews:

  • Quarterly Reviews: Regular assessment of policy effectiveness and compliance
  • Regulatory Updates: Immediate updates for new legal requirements
  • Feature Changes: Updates reflecting new platform features and capabilities
  • User Feedback: Incorporation of user feedback and privacy concerns

Notification Process:

  • Advance Notice: 30 days notice for material policy changes
  • Email Notification: Direct notification to all registered users
  • Platform Alerts: In-app notifications about important privacy changes
  • Public Communication: Blog posts and public announcements for major updates

User Consent for Changes:

  • Continued Use: Continued platform use constitutes acceptance of minor changes
  • Explicit Consent: Active consent required for material changes affecting data use
  • Opt-Out Options: Ability to close account if disagreeing with policy changes
  • Transition Periods: Reasonable transition periods for significant policy changes

🌟 OUR PRIVACY PRINCIPLES

Transparency: We believe in clear, understandable communication about our privacy practices.

User Control: You should have meaningful control over your personal information and privacy settings.

Data Minimization: We collect only the information necessary to provide our services effectively.

Purpose Limitation: We use your information only for the purposes we've disclosed to you.

Security First: We implement robust security measures to protect your personal information.

Global Standards: We meet or exceed privacy requirements across all jurisdictions where we operate.

Continuous Improvement: We regularly review and enhance our privacy practices based on evolving standards and user feedback.

📖 DEFINITIONS AND TECHNICAL TERMS

Personal Data/Information: Any information that identifies or can be used to identify an individual user.

Data Controller/Fiduciary: Sunja Labs Private Limited as the entity that determines purposes and means of personal data processing.

Data Processor: Third-party services that process personal data on our behalf under our instructions.

Pseudonymization: Processing personal data so it can no longer be attributed to a specific individual without additional information.

Data Subject/Principal: Individual users whose personal data we collect and process.

Cross-Border Transfer: Movement of personal data from one country or jurisdiction to another.

Document Version: 1.0
Next Review: [Quarterly review cycle]