Feedz Privacy Policy

1. Introduction

Welcome to Feedz. This Privacy Policy explains how Feedz Corp. ("Feedz," "we," "us," or "our") collects, uses, discloses, and protects personal data when you visit our website at feedzsports.com (the "Website"), use our platform (the "Platform"), or interact with us in any other way (collectively, the "Services").

Feedz is an AI-powered software platform that connects sports clubs, leagues, and brands to content creators for campaign deployment at scale. We take the privacy of all our users - including clubs, brands, creators, and website visitors - seriously and are committed to transparent data practices.

This Privacy Policy applies to all individuals who access or use our Services, including:

• Creators - individual clients who register on the Platform to participate in campaigns as creators
• Clients - sports clubs, leagues, brands, and their authorized representatives who use the Platform to discover, manage, activate creators and run campaigns
• Website Visitors - individuals who visit our Website without registering for the Platform

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is:

• Feedz Corp. Registered in the State of Delaware, United States 1775 Tysons Blvd, 5th Floor, McLean, VA 22102, United States
• For any questions about this Privacy Policy or our data practices, contact our Data Protection team at:
• Email: privacy@feedzcorp.com Postal: Data Protection Officer, Feedz Corp., 1775 Tysons Blvd, 5th Floor, McLean, VA 22102, United States

3. Personal Data We Collect

3.1 Information You Provide Directly

Account Registration:

• Full name, email address, phone number
• Organization name, job title, and business address (for Clients)
• Social media handles, profile URLs, and platform usernames (for Creators)
• Password and authentication credentials
• Government-issued identification documents (e.g., passport, national ID, driver's license) where required for identity verification or regulatory compliance

Creator Profile Information:

• Biography, profile photograph, and content portfolio
• Social media account connections (Instagram, TikTok, YouTube, X/Twitter, and other platforms)
• Content categories, interests, and sports affiliations
• Audience demographics (as reported by social platforms via authorized API access)
• Payment information (bank details, PayPal, or other payment method details)
• Tax identification information (where required by law)

Client Account Information:

• Company name, registration number, and VAT/tax ID
• Billing address and payment method details
• Authorized user names, email addresses, and roles
• Club, league, or brand logo and branding assets uploaded to the Platform

Fan Data (collected and processed on behalf of Clients):

• Fan interaction history with club, league, or brand digital channels
• Purchase data for merchandise, tickets, and other fan commerce
• Unified fan profiles combining first-party data from multiple touchpoints
• Fan engagement metrics and behavioral data used to measure fan data Lifetime Value (LTV)

Communications:

• Messages sent through the Platform, including campaign briefs, feedback, and approvals
• Emails and correspondence with our support or sales teams
• Survey responses, feedback forms, and testimonials

3.2 Information We Collect Automatically

Website and Platform Usage Data:

• IP address, browser type and version, operating system, and device identifiers
• Pages visited, features used, links clicked, and time spent on each page
• Referring website or source, search terms, and navigation paths
• Login timestamps, session duration, and frequency of use
• Device type, model, unique device identifiers, and mobile network information
• Approximate geographic location inferred from IP address
• Content interaction data (e.g., which content you viewed, liked, or shared)
• Subscription and account status information

Cookies and Similar Technologies:

• We use cookies, web beacons, pixel tags, and similar technologies as described in our Cookie Policy

3.3 Information We Collect from Third Parties

Social Media Platforms:

• When a Creator connects their social media accounts, we receive publicly available profile information and, where the Creator grants permission via the platform's API, engagement metrics, follower demographics, content performance data, and historical post data
• We access this data solely through authorized APIs and in compliance with each platform's terms of service

AI-Powered Analysis (aimi):

• Our AI system, aimi, analyzes publicly available social media content to generate creator scores, audience insights, brand safety assessments, and performance predictions
• aimi processes aggregated and anonymized data where possible, and personal data only where necessary to deliver the Services

Business Partners and Clients:

• Clients may share Creator contact details or campaign preferences with us in the course of using the Platform

Publicly Available Sources:

• We may collect publicly available information relevant to Creator discovery, such as public social media profiles, publicly listed team affiliations, or published content

4. How We Use Your Personal Data

We process your personal data for the following purposes and on the following legal bases:

4.1 Performance of a Contract (GDPR Article 6(1)(b))

• Creating and managing your account
• Providing access to the Platform and its features
• Facilitating campaign matching between Clients and Creators
• Processing payments and commissions
• Delivering campaign analytics and performance reports
• Communicating with you about your account, campaigns, and transactions
• Processing personal data in connection with pilot, trial, or proof-of-concept arrangements under the same bases and safeguards as for paid subscriptions

4.2 Legitimate Interests (GDPR Article 6(1)(f))

• Improving and developing the Platform, including AI model training on aggregated and anonymized data
• Analyzing usage patterns to enhance user experience and Platform performance
• Detecting fraud, preventing abuse, and ensuring Platform security
• Conducting internal research and analytics
• Marketing our Services to prospective Clients (business-to-business marketing)
• Displaying relevant advertisements to prospective users on social media platforms using hashed contact information (you may opt out at any time)
• Enforcing our terms of service and policies

4.3 Consent (GDPR Article 6(1)(a))

• Sending you marketing communications (where consent is required)
• Processing Creator social media data beyond what is publicly available (where explicit consent is required by the social media platform's API terms)
• Placing non-essential cookies on your device (see our Cookie Policy)

4.4 Legal Obligations (GDPR Article 6(1)(c))

• Complying with tax, accounting, and financial reporting requirements
• Responding to lawful requests from regulatory authorities, law enforcement, or courts
• Maintaining records as required by applicable data protection laws

4.5 Vital Interests (GDPR Article 6(1)(d))

• Processing personal data where necessary to protect the vital interests of an individual, for example in an emergency situation

5. AI and Automated Decision-Making

5.1 How aimi Uses Your Data

Feedz uses its proprietary AI system, aimi, to provide intelligent features across the Platform, including:

• aimi Scout: Identifies and discovers creators based on fandom, relevance, momentum, and local context
• aimi Score: Evaluates creators and content against brand standards, campaign context, and performance signals
• aimi Flow: Structures briefs, content submissions, approvals, incentives, and timelines through consistent, scalable workflows
• aimi Guard: Monitors content alignment with brand, cultural, and governance rules
• aimi Signal: Tracks engagement quality and conversion signals for attribution
• aimi Learn: Synthesizes performance data to refine future recommendations

5.2 Automated Decision-Making

aimi generates scores and recommendations that assist Clients in making campaign decisions. These scores are advisory and do not constitute solely automated decisions with legal or similarly significant effects on individuals.

Clients retain full discretion over which Creators to select, approve, or reject for campaigns. No Creator is automatically excluded from opportunities based solely on an automated score without human review.

5.3 Your Rights Regarding Automated Processing

You have the right to:

• Request meaningful information about the logic involved in aimi scoring and recommendations
• Request human review of any decision significantly affected by automated processing
• Express your point of view and contest decisions influenced by automated processing

To exercise these rights, contact us at privacy@feedzcorp.com.

6. How We Share Your Personal Data

We do not sell your personal data. We share personal data only in the following circumstances:

6.1 Between Platform Users

• Creator profile information (name, bio, social media handles, content samples, audience demographics, and aimi scores) is visible to Clients using the Platform for creator discovery and campaign management
• Client campaign briefs, brand guidelines, and feedback are shared with Creators participating in those campaigns
• We do not share Creator payment details, tax information, or private contact information with Clients unless the Creator explicitly consents

6.2 Service Providers

We engage trusted third-party service providers to assist in delivering our Services, including:

• Cloud Infrastructure: Hosting and data storage providers
• Payment Processing: Payment gateway and payout providers
• Analytics: Platform usage and performance analytics tools
• Communication: Email delivery, push notification, and messaging services
• Security: Fraud detection, identity verification, and cybersecurity services
• AI/ML Services: Where third-party AI services are used to supplement aimi capabilities

All service providers are bound by data processing agreements that require them to process personal data only on our instructions, maintain appropriate security measures, and delete or return data upon termination of the engagement.

We do not share your personal data with service providers for their own independent marketing purposes. Service providers may only use your personal data to perform services on our behalf.

6.3 Legal and Regulatory Disclosures

We may disclose personal data where required or permitted by law, including:

• To comply with a legal obligation, court order, or regulatory request
• To protect the rights, property, or safety of Feedz, our users, or the public
• In connection with the investigation of suspected fraud, security incidents, or violations of our terms

6.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you of any such transfer and any changes to this Privacy Policy.

7. International Data Transfers

Feedz is a U.S.-based company that operates globally. Our platform infrastructure is hosted on Google Cloud Platform with data centers located in the United States. We do not maintain local data centers in each country where we operate. As a result, personal data may be transferred to and processed in the United States or other countries outside the European Economic Area (EEA), United Kingdom, Kingdom of Saudi Arabia, or your country of residence. When we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

7.1 Infrastructure and Data Storage

Feedz uses Google Cloud Platform for platform hosting and data storage. Our primary infrastructure is located in the United States. We do not operate proprietary data centers. All data is processed through Google Cloud's infrastructure, which maintains SOC 2 Type II and ISO 27001 certifications.

7.2 Transfer Safeguards

• Standard Contractual Clauses (SCCs):We use the European Commission's Standard Contractual Clauses (June 2021 version) for transfers to countries without an adequacy decision
• UK International Data Transfer Addendum:For transfers of UK personal data, we use the UK's International Data Transfer Addendum alongside SCCs
• Adequacy Decisions: Where applicable, we rely on adequacy decisions issued by the European Commission or the UK Secretary of State
• Supplementary Measures: Where required by transfer impact assessments, we implement additional technical, organizational, or contractual measures

For information about the specific safeguards in place for transfers of your data, contact us at privacy@feedzcorp.com.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

General Retention Periods:

Retention periods are determined based on the nature of the data, legal and regulatory requirements (including U.S. tax law, UK HMRC requirements, and applicable statutes of limitations), and our legitimate business needs.

Upon expiry of the retention period, personal data is securely deleted or anonymized so that it can no longer be associated with an individual.

9. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of personal data in transit (TLS 1.2+) and at rest (AES-256)
• Access controls based on the principle of least privilege, with role-based permissions
• Multi-factor authentication for Platform access
• Regular security assessments, vulnerability scanning, and penetration testing
• Incident response and breach notification procedures
• Staff training on data protection and information security
• Secure development practices, including code review and dependency management

While we take all reasonable steps to protect your data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.

9.1 Communications Security

We do not tolerate spam, phishing, or deceptive communications. If you receive suspicious communications purporting to be from Feedz, please report them to support@feedzcorp.com. We may use automated and manual filtering to detect malicious or unauthorized activity. Abuse of our communication channels may result in account suspension or termination.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

10.1 Rights Under the GDPR and UK GDPR

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure ("Right to Be Forgotten"): Request deletion of your personal data, subject to legal retention requirements
• Right to Restriction of Processing: Request that we limit how we use your personal data in certain circumstances
• Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right Not to Be Subject to Automated Decision-Making: Request human review of decisions made solely by automated means
• Right to Withdraw Consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing

10.2 Rights Under the CCPA/CPRA (California Residents)

• Right to Know: Request disclosure of the categories and specific pieces of personal information collected, the sources, the business purposes, and the categories of third parties with whom it is shared
• Right to Delete: Request deletion of personal information collected from you
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing:We do not sell personal information. If this changes, we will provide a "Do Not Sell or Share My Personal Information" link
• Right to Limit Use of Sensitive Personal Information: Where applicable
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

10.3 Rights Under MENA Data Protection Laws

If you are located in the Middle East or North Africa, you may have additional rights under applicable local data protection laws, including the Saudi Arabia Personal Data Protection Law (PDPL), the UAE Federal Decree-Law No. 45 of 2021, and the Qatar Law No. 13 of 2016. These rights may include the right to access your personal data, request correction or deletion, withdraw consent, and object to processing. To exercise any of these rights, contact us at privacy@feedzcorp.com.

10.4 How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: privacy@feedzcorp.com
• Platform: Use the privacy settings within your Feedz account

We will respond to verified requests within 30 days (GDPR/UK GDPR) or 45 days (CCPA/CPRA). If we need additional time, we will notify you of the extension and the reasons for it.

We may need to verify your identity before processing your request. We will not charge a fee for processing your request unless it is manifestly unfounded or excessive.

10.5 Other Jurisdictions

If you are located in a jurisdiction not specifically addressed above, you may have rights under your local data protection laws. Feedz is committed to respecting data subject rights globally. To inquire about your specific rights or to submit a request, contact us at privacy@feedzcorp.com. We will respond in accordance with applicable local law.

11. Children's Privacy

The Feedz Platform is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from anyone under 16.

11.1 Age Requirement for Creators

To register as a Creator on Feedz, you must be at least 16 years of age. If a Creator is between 16 and 18 years of age, a parent or legal guardian must consent to the Creator's registration and accept responsibility for the Creator's participation on the Platform. Feedz reserves the right to request proof of age or parental consent at any time.

11.2 Users Under 13 (COPPA Compliance)

In compliance with the U.S. Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided personal data, we will delete it promptly.

11.3 Users Aged 13–15

In jurisdictions where the digital age of consent is lower than 16 (e.g., 13 in the United States under COPPA for general website use), users aged 13–15 may access the Website for informational purposes only but may not register as Creators. Where GDPR applies, parental consent is required for processing personal data of individuals under 16.

11.4 Parental Rights

Parents or legal guardians may contact us at privacy@feedzcorp.comto review, correct, or request deletion of their child's personal data, or to withdraw consent for further processing.

If you believe a child under 16 has provided personal data to us, please contact us at privacy@feedzcorp.com.

12. Third-Party Links and Services

Our Services may contain links to third-party websites, social media platforms, or services that are not operated by Feedz. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party service before providing your personal data.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this document
• Notify registered users by email or through the Platform
• Where required by law, obtain your consent to material changes

We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Feedz Corp. Data Protection Team
Email: privacy@feedzcorp.com
Postal: 1775 Tysons Blvd, 5th Floor, McLean, VA 22102, United States

Supervisory Authority

If you are in the EEA or UK, you have the right to lodge a complaint with your local data protection supervisory authority. A list of supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

If you are in the UK, you may contact the Information Commissioner's Office (ICO) at: https://ico.org.uk/make-a-complaint/

15. Jurisdiction-Specific Provisions

15.1 Regulatory Framework

This Privacy Policy is designed to comply with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the UK General Data Protection Regulation ("UK GDPR"), the Saudi Arabia Personal Data Protection Law ("PDPL"), the California Consumer Privacy Act/California Privacy Rights Act ("CCPA/CPRA"), and all other applicable data protection laws worldwide. Where there is any conflict between this Policy and applicable data protection law, the law prevails. Feedz Corp. is incorporated in the State of Delaware, United States, and operates globally.

15.2 United States - California

For California residents, the disclosures required by the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA") are included in Section 10.2 above and throughout this Policy.

Categories of Personal Information Collected (CCPA Categories):

Sale and Sharing: We do not sell personal information as defined by the CCPA/CPRA. We share personal information with Clients for the purpose of campaign matching, which is a business purpose integral to our Services.

15.3 Brazil (LGPD)

Users in Brazil have rights under the Lei Geral de Proteção de Dados ("LGPD"), including the right to confirmation of processing, access, correction, anonymization, portability, deletion, information about sharing, and revocation of consent. Contact us at privacy@feedzcorp.com to exercise these rights.

15.4 Saudi Arabia (PDPL)

We comply with the Saudi Arabia Personal Data Protection Law ("PDPL") for users in the Kingdom of Saudi Arabia. Under the PDPL, personal data is processed based on consent or other lawful bases recognized under the law. Data subjects in Saudi Arabia have the right to be informed of the purpose of processing, to access their personal data, to request correction or destruction of data, and to withdraw consent. Where the PDPL requires data localization or specific cross-border transfer mechanisms, Feedz will comply with applicable requirements. For any inquiries related to PDPL rights, contact us atprivacy@feedzcorp.com.

15.5 Middle East and North Africa (Other Jurisdictions)

We comply with applicable data protection laws in the jurisdictions where we operate, including the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data and the Qatar Law No. 13 of 2016 Concerning Personal Data Privacy. Where local law requires additional disclosures or consents, we will provide them at the point of data collection.

15.6 Other Jurisdictions

Feedz operates globally and complies with applicable data protection laws in all jurisdictions where we provide Services. This includes, but is not limited to, applicable laws in the European Union member states, Asia-Pacific jurisdictions (including Singapore's PDPA and Australia's Privacy Act), and any other jurisdiction where our users are located. Where local law imposes requirements beyond those described in this Policy, we will comply with those requirements. For jurisdiction-specific inquiries, contact privacy@feedzcorp.com.