Privacy Policy

Last updated: October 12, 2025

1. Introduction

social.fabric ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our service.

This policy applies to information collected through our website (socialfabric.shop) and when you purchase and use our products.

Data Controller:

Корпорът Бизнес Технолоджийс ООД (Corporate Business Technologies OOD)

EIK: 207473602 | VAT: BG207473602

Address: гр. София, р-н Изгрев, бул. Цариградско шосе, 8, бл. 4, вх. А, ет. 1, Bulgaria

Email: [email protected]

2. Information We Collect

2.1 Information You Provide

•Username: Your chosen username for your t-shirt and profile
•Contact Information: Email address, phone number (if provided)
•Shipping Information: Name, shipping address, postal code
•Payment Information: Processed securely through Stripe (we do not store your full payment card details)
•Profile Content: Links, bio, and other information you add to your profile
•Comments & Messages: Public comments and private messages you post on profiles

2.2 Information Collected Automatically

•QR Code Scans: Date, time, and approximate location (country/city level) when your QR code is scanned
•Usage Data: Pages visited, features used, time spent on pages
•Device Information: Browser type, operating system, device type, IP address
•Cookies & Similar Technologies: Session cookies, preference cookies (see Section 11)

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Service Delivery (Contract Performance)

•Process and fulfill your orders
•Create and maintain your unique profile
•Generate and link your QR code
•Facilitate comments and messages on your profile

3.2 Communication (Legitimate Interest)

•Send order confirmations and shipping updates
•Respond to your inquiries and support requests
•Notify you about changes to our terms or policies

3.3 Safety & Moderation (Legitimate Interest/Legal Obligation)

•Moderate content using AI tools (OpenAI) to detect violations of our Community Guidelines
•Prevent fraud, spam, and abuse
•Enforce our Terms of Service

3.4 Analytics & Improvement (Legitimate Interest)

•Analyze how users interact with our service
•Improve our products and develop new features
•Track QR code scan statistics

3.5 Legal Compliance (Legal Obligation)

•Comply with applicable laws and regulations (GDPR, CCPA, tax laws, etc.)
•Respond to legal requests and prevent illegal activity

GDPR Legal Basis

Under the EU General Data Protection Regulation (GDPR), our legal bases for processing are: Article 6(1)(b) Contract Performance, Article 6(1)(f) Legitimate Interests, and Article 6(1)(c) Legal Obligation.

4. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

4.1 Service Providers

•Stripe: Payment processing (subject to Stripe's privacy policy)
•OpenAI: Content moderation services (usernames and comments are sent for AI analysis)
•Email Service Provider: Transactional emails (order confirmations, shipping notifications)
•Shipping Partners: Delivery of your orders
•Hosting Provider: Website and database hosting

4.2 Public Information

By design, certain information is publicly accessible:•Your username and public profile page (accessible via QR code)•Public comments posted on your profile or others' profiles•Profile links and bio (if you add them)

Private messages are only visible to the profile owner.

4.3 Legal Requirements

We may disclose your information if required by law, legal process, or to protect the rights, property, or safety of social.fabric, our users, or others.

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

5. International Data Transfers

Our company is based in Bulgaria (European Union). However, some of our service providers (such as OpenAI for content moderation) may be located outside the EU/EEA.

When we transfer personal data outside the EU/EEA, we ensure appropriate safeguards are in place, such as:

•Standard Contractual Clauses (SCCs) approved by the European Commission
•Data Processing Agreements with GDPR-compliant terms
•Ensuring recipients comply with adequate data protection standards

You have the right to obtain information about the safeguards we use for international transfers by contacting us.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy:

•Profile Data: Retained as long as your profile is active
•Order & Payment Data: Retained for 7 years for tax and accounting purposes (legal requirement)
•Comments & Messages: Retained as long as the profile is active or until deleted by user
•Analytics Data: Aggregated and anonymized after 24 months

When data is no longer needed, we securely delete or anonymize it. You may request deletion of your data subject to legal retention requirements (see Section 8).

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

•Encryption of data in transit (HTTPS/TLS)
•Secure database storage with access controls
•Private key-based authentication for profile management
•PCI DSS-compliant payment processing via Stripe
•Regular security updates and vulnerability assessments

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Your Rights (GDPR - EU/EEA Residents)

If you are in the European Union or European Economic Area, you have the following rights under the GDPR:

8.1 Right of Access (Article 15)

You have the right to request a copy of the personal information we hold about you.

8.2 Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal information.

8.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You can request deletion of your personal data, subject to certain exceptions (e.g., legal retention requirements).

8.4 Right to Restriction of Processing (Article 18)

You can request that we limit how we use your data in certain circumstances.

8.5 Right to Data Portability (Article 20)

You can request a copy of your data in a structured, machine-readable format to transfer to another service.

8.6 Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

8.7 Rights Related to Automated Decision-Making (Article 22)

We use automated moderation (AI) to detect policy violations. You have the right to contest automated decisions and request human review.

8.8 Right to Withdraw Consent

Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

8.9 Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your rights.

How to Exercise Your Rights

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days as required by law.

9. Your Rights (CCPA - California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

9.1 Right to Know

You have the right to request information about the personal data we have collected about you in the past 12 months, including:

• Categories of personal information collected
• Sources from which it was collected
• Purposes for collection
• Categories of third parties with whom we share it

9.2 Right to Delete

You can request deletion of your personal information, subject to certain exceptions (e.g., completing transactions, legal compliance, security purposes).

9.3 Right to Opt-Out of Sale

We do not sell your personal information. You do not need to opt-out of any sale.

9.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights (e.g., by denying service, charging different prices, or providing different quality of service).

How to Exercise Your CCPA Rights

To make a request under the CCPA, contact us at [email protected] or through our contact page.

We will verify your identity before processing your request. You may designate an authorized agent to make requests on your behalf.

10. Children's Privacy

Our Service is not directed to individuals under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will delete such information from our systems.

11. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience:

•Essential Cookies: Required for the website to function (e.g., session management, authentication)
•Functional Cookies: Remember your preferences and settings
•Analytics Cookies: Help us understand how users interact with our service (anonymized)

You can control cookies through your browser settings. Note that disabling essential cookies may affect website functionality.

12. Third-Party Links

Your profile may contain links to external websites or social media that you add. We are not responsible for the privacy practices of these third-party sites.

We encourage you to review the privacy policies of any third-party sites you visit through profile links.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date.

For material changes, we will notify you via email (if we have your email address) or through a prominent notice on our website.

Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Data Controller: Корпорът Бизнес Технолоджийс ООД

EIK: 207473602

VAT: BG207473602

Address: гр. София, р-н Изгрев, бул. Цариградско шосе, 8, бл. 4, вх. А, ет. 1, Bulgaria

Email: [email protected]

EU Data Protection Authority

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the Bulgarian Commission for Personal Data Protection (CPDP) or your local supervisory authority.