Privacy Policy

Effective: 24 September 2025 • Company: SONAMAK LLC (Delaware) • Contact: privacy@sonamak.org

1) What This Policy Covers

This policy explains how we collect, use, share, and protect information when you visit our website, submit forms, or purchase services.

2) Information We Collect

• Contact & Business Data: name, email, phone, business name/website, service area, messages.
• Project Assets: logos, brand colors, copy, reference links, and any media you provide.
• Order/Operational Data: chosen package/add-ons, deadlines, revision requests, Consent ID (if using a real face/voice).
• ID & Likeness Data (when you use a real face): a government ID image/PDF strictly for identity/age verification; consent logs; if applicable, derived facial/voice features to maintain character consistency. We treat such derived features as biometric information.
• Technical Data: IP address, user-agent, timestamps, pages/anchors visited (for security and basic analytics).
• Payments: If we use a processor (e.g., Stripe), your card/billing data is handled by the processor; we do not store full card numbers.

2A) Cookies & Tracking

We may use the following categories of cookies and similar technologies:

• Essential: required to operate the site (e.g., security, form CSRF, load balancing).
• Analytics: to understand visits and improve the site (e.g., anonymous or aggregated metrics).
• Advertising/Retargeting: to measure ads or show more relevant ads (used only if enabled).
• Preferences/Functional: to remember choices like language or region.

If and when we deploy non‑essential cookies or pixels, we will present a consent banner and configure it to block non‑essential scripts until you choose “Accept.” See “Your Privacy Choices” below.

3) How We Use Information

• Provide and operate the service; communicate about orders and support.
• Verify identity/age and record consent when using a real person’s face/voice.
• Improve prompts/styles internally (only if you opt-in on the consent form).
• Security, fraud prevention, and compliance with law.
• Portfolio display of finished deliverables (if you allowed this on the consent form/SOW).

4) When We Share Information

• Service Providers: hosting, storage, email, analytics, payment processing—under confidentiality and only for our purposes.
• Legal & Safety: to comply with law or protect rights, safety, and security.
• No Sale: We do not “sell” personal data, and we do not permit our providers to sell it.

5) Retention

• Orders/contacts: retained as needed for business records and legal compliance.
• Consent logs: retained to demonstrate authorization to use likeness/voice.
• ID images: deleted within 45 days after project close, unless required longer for legal reasons.
• Biometric templates/derived features (if used): deleted within 45 days after project close unless law requires longer.

6) Security

We use reasonable administrative, technical, and physical safeguards. No method of transmission or storage is 100% secure.

Incident Response: If we suspect unauthorized access to personal information, we will investigate, take steps to contain the event (for example, isolate affected systems and rotate credentials), assess scope (systems/data affected and relevant dates), and notify affected individuals without unreasonable delay consistent with applicable law. We may engage our hosting provider’s security team, external incident-response specialists, and legal counsel. Our short retention windows for ID images and derived biometric-related data (30–60 days after project close) help limit exposure.

7) Your Choices & Rights

• You may request access, correction, or deletion of your info at privacy@sonamak.org.
• Deletion requests do not require us to pull already-published ads or cancel ongoing media buys.
• Before acting on a request, we will verify your identity (for example, by confirming the request from the email used in prior orders or asking for limited match details such as an order ID) to protect your information.

8) Children’s Privacy

Our services are not directed to children under 13. If you believe a child provided us personal info, contact us to delete it.

9) State Notices (U.S.)

For states with privacy laws (e.g., CA, CO, CT, VA): we do not sell personal data. You may exercise rights to access, delete, or obtain a portable copy by emailing privacy@sonamak.org; we will verify your request and respond within legally required periods.

• Right to Know/Access: request the specific pieces of personal information we have collected about you.
• Right to Delete: request deletion of personal information, subject to legal exceptions.
• Right to Correct: request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: opt out of “sharing” (e.g., advertising/retargeting cookies or pixels when enabled) and any “sale” of personal information.
• Right to Limit Use of Sensitive Personal Information: when applicable, we use sensitive data (e.g., ID/likeness/biometric-related data) only to provide requested services and not for cross-context behavioral advertising.
• Non-Discrimination: we will not discriminate against you for exercising privacy rights.
• Authorized Agent: if you use an agent, we may require proof of authorization and identity to process the request.
• Response Time: we aim to respond within 45 days; we may extend once when reasonably necessary and permitted by law.

Your Privacy Choices / Do Not Sell or Share: If we implement advertising or retargeting technologies that constitute “sharing” under applicable U.S. law (e.g., California), we will provide a clearly labeled “Your Privacy Choices / Do Not Sell or Share” link in the footer and in this Policy to let you opt out of such sharing, and we will honor Global Privacy Control (GPC) signals for those categories.

10) International Visitors

We are U.S.-based. If you access the site from outside the U.S., you consent to U.S. processing and transfer of your information.

11) Changes to this Policy

We may update this Policy. Material changes will be posted with a new “Effective” date.

12) Contact

privacy@sonamak.org • legal@sonamak.org

Appendix — Biometric Policy Summary

• Purpose: identity/age verification and character consistency for projects involving real faces/voices.
• Consent: written consent required (Short-Form) before any processing.
• No Sale/No Disclosures other than service providers under confidentiality.
• Retention: biometric templates/derived features are deleted within 45 days after project close (unless law requires longer).
• Requests: privacy@sonamak.org