Legal Bases Explained:
- Contract performance: Processing is necessary to provide the Services you've requested
- Consent: You have given explicit permission for the processing
- Legal obligation: Processing is required to comply with applicable laws
- Legitimate interest: Processing is necessary for our legitimate business interests, balanced against your privacy rights
You may withdraw consent at any time by contacting privacy@code27.co or adjusting settings in your Account. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.

3. Data Processing Architecture

CODE27 uses a privacy-preserving stateless architecture that minimizes data retention in cloud systems.

3.1 Cloud Processing (No Storage)
When you interact with your AI companion using our cloud services:
1. Your voice, text, and visual inputs are transmitted to our cloud services for real-time AI processing
2. Emotion detection analyzes current emotional state to inform companion responses
3. AI-generated responses are returned to your Device
4. Raw audio, images, and video are immediately deleted after processing
5. No conversation content, voice recordings, or visual data is stored in our cloud
This stateless approach means:
- Conversations are not available for our review or analysis
- Your interactions remain private and ephemeral
- We cannot retrieve or reconstruct past conversations from our servers
- Privacy is protected by design

3.2 Device Storage (User Controlled)
Data stored locally on your CODE27 Device includes:
- Conversation history with your AI companion
- Emotion context and conversation summaries (as part of companion memory)
- AI companion customizations and preferences
- Uploaded 3D models and custom assets
- Spellbook integration configurations
- Face unlock biometric templates (if enabled - stored in secure on-device storage only)
You retain full control over Device-stored data through:
- Settings > Data Management
- Device > Factory Reset
- App > Export Data (where available)
We have no access to data stored locally on your Device unless you choose to sync it or contact support for troubleshooting.

3.3 Cloud Data Storage (Minimal)
We store the following data on our servers:
- Account credentials (email, password hash)
- Subscription status and payment history (transaction records only)
- Device registration information (Device serial number, activation date, firmware version)
- Anonymized event logs (described in Section 4)
- Promotion entries and public gallery content
- Winner verification documents (retained as required by law)


4. Event Logs and Safety Monitoring

4.1 Anonymous Event Logs
To operate the Services securely and demonstrate legal compliance, we create anonymous event logs containing:
- Timestamp of event
- Event type (e.g., auth.login.success, feature.camera.activated, integration.api.called)
- Device identifier (for debugging purposes)
- Success/failure status and error codes
- General feature usage statistics
What is NOT logged: Message content, user inputs/outputs, voice recordings, images, videos, or any reconstructable personal information.
Retention: Operational event logs are retained for 90 days. Safety intervention logs are retained for 3 years in anonymized form for California SB243 reporting compliance.

4.2 Safety Monitoring and Crisis Intervention
We employ real-time automated systems to detect expressions of suicidal ideation, self-harm, or crisis situations in compliance with California Business and Professions Code Section 22601 et seq. (Assembly Bill 2939 - SB243).
When our systems detect concerning expressions:
1. You receive immediate notification with crisis resource information:
- National Suicide Prevention Lifeline: 988
- Crisis Text Line: Text HOME to 741741
- Emergency Services: 911
2. An anonymous event log records:
- Timestamp
- Intervention type (e.g., safety.crisis_detected, safety.resources_displayed)
- Device identifier
- No conversation content is stored
3. The AI companion may adjust responses to prioritize safety
Safety Metrics Reporting: Beginning July 1, 2027, we will report aggregated safety metrics to California's Office of Suicide Prevention as required by law. These reports contain only anonymized statistical data, not individual user information.
Details: Our complete safety protocols are published at code27.co/safety.

4.3 Automated Data Protection Measures
CODE27 implements real-time content filtering to detect and block transmission of highly sensitive information categories, including:
- Government identification numbers (Social Security numbers, driver's licenses, passport numbers)
- Financial account credentials (credit/debit card numbers with security codes, bank account and routing numbers)
- Authentication credentials (passwords, security codes, API keys when not used for authorized Spellbook integrations)
When our systems detect these data types:
1. The information is blocked from being processed by AI services
2. Not stored in logs or records
3. Replaced with a privacy protection notice to the user
Data You Control: CODE27's filtering is designed to prevent accidental disclosure of highly sensitive credentials. The following data types may be processed when voluntarily shared as part of normal companion interaction:
- Phone numbers and email addresses (particularly for Spellbook integrations with contacts, calendars, and email)
- General health or personal information shared in conversation
- Public information retrieved through Spellbook API integrations
Limitations: Automated filtering cannot guarantee detection of all sensitive information in all contexts. Users should avoid sharing highly sensitive credentials with AI systems and review Spellbook integration permissions carefully.
Filtering Event Logs: When sensitive data filtering is triggered, we create an anonymous event log containing:
- Timestamp
- Filter type activated
- Device identifier
- No content of filtered data or user identifiers is stored
These logs are retained for 90 days for security monitoring and compliance.

5. Visual Data and Biometric Information

5.1 Camera Processing
The CODE27 Device camera enables visual interactions with your AI companion. Camera features require your explicit permission on first use and can be disabled in Settings > Privacy > Camera.
Visual Data Processing:
- Camera feed processed in real-time to enable visual AI responses
- Optional emotion recognition feature analyzes facial expressions to understand emotional context and inform companion responses
- Visual data may be processed on-device or via cloud AI services depending on feature complexity
- All visual data is immediately deleted after processing
Data Retention:
- Visual data is processed in real-time and immediately deleted after processing
- Emotion context summaries are stored on your Device as part of companion memory
- No persistent facial recognition profiles are stored in cloud systems
- No images or video recordings are retained on our servers
Physical Indicator: A physical indicator light activates when the camera is in use, providing visual confirmation of camera activity.
User Control: All camera features can be disabled in Device Settings > Privacy > Camera. Disabling the camera will prevent visual interactions but will not affect other Device functionality.
Legal Basis: Processing of camera data, including emotion recognition, is based on your explicit consent. Emotion detection processes visual data to understand emotional context for AI responses, not for identification purposes. You may withdraw consent and disable these features at any time in Settings > Privacy > Camera.

5.2 Face Unlock Authentication (Optional)
CODE27 offers an optional face unlock feature for Device authentication.
How Face Unlock Works:
1. When enabled, facial biometric data is captured and converted into an encrypted mathematical template
2. This template is stored exclusively on your CODE27 Device in secure on-device storage
3. Face authentication occurs entirely on-device through local comparison
4. Facial biometric data is NEVER transmitted to cloud servers or stored remotely
Legal Basis: Face unlock processing relies on your explicit consent. You may disable face unlock at any time in Settings > Security.
Data Retention: Face unlock templates are stored on-device until you disable the feature or perform a factory reset. We have no access to these biometric templates.
Biometric Data Notice (Illinois BIPA & Similar Laws): If you are a resident of Illinois or another jurisdiction with biometric privacy laws, you acknowledge that:
- Face unlock uses biometric identifiers (facial geometry)
- Biometric data is stored on your Device and retained until you disable the feature
- Biometric data is used solely for authentication purposes
- We do not sell, lease, or trade biometric data
- Biometric data is protected using industry-standard security measures


6. How We Share Your Information

We share personal information only in the limited circumstances described below. We do not sell personal information for monetary consideration.

6.1 Service Providers
We share personal data with third-party service providers who assist in operating our Services under contractual obligations to protect your data:
AI and Voice Services:
- ElevenLabs, Inc. provides text-to-speech voice synthesis and conversational AI services. When you interact with your AI companion, text inputs are transmitted to ElevenLabs for voice generation and AI processing. ElevenLabs processes this data according to their privacy policy: https://elevenlabs.io/privacy-policy
- Data Retention by ElevenLabs: Voice data may be retained by ElevenLabs for up to 3 years after last interaction and may be used for AI model improvement. You can opt out of ElevenLabs AI training by contacting us at privacy@code27.co to request opt-out on your behalf.
Payment Processing:
- Airwallex processes hardware purchases for CODE27 Device and accessories. Privacy policy: https://www.airwallex.com/privacy-policy
- Stripe, Inc. will process subscription payments when subscription services launch. Privacy policy: https://stripe.com/privacy
Website Analytics (Website Only):
- Google Analytics collects website usage information including page views, referring pages, and anonymized IP addresses. The CODE27 Device and mobile app do not use Google Analytics. Opt-out: https://tools.google.com/dlpage/gaoptout
- Meta Pixel enables advertising measurement and delivery on our website. Privacy policy: https://www.facebook.com/privacy/policy. The CODE27 Device and mobile app do not use Meta Pixel.
Cloud Infrastructure:
- We operate our own compute infrastructure located in North America (United States and Canada). User data is processed on our controlled servers.
A complete list of service providers, including their privacy policies and data processing details, is available at code27.co/legal/service-providers.

6.2 Spellbooks Third-Party Integrations
Spellbooks allows you to create custom integrations connecting your AI companion to third-party APIs and services. Spellbooks is currently rolling out to beta users.
When you enable a Spellbook integration:
- Data is transmitted to third-party services based on your configuration
- You control which third-party services to connect
- You are responsible for reviewing third-party services' privacy policies
- We do not control and are not responsible for third-party data practices
- Integration configurations are stored on your Device
Data Processing: We create anonymous event logs when integrations are triggered (timestamp, integration type, success/failure status) without storing API response content or personal data retrieved from third-party services.

6.3 Promotion Partners
For Winners and Finalists (With Your Consent): If you are selected as a finalist or winner in a Promotion and provide opt-in consent, we may share your contact information with approved partners so they can contact you about potential licensing, collaboration, or commission opportunities related to your entry.
For minors, we require guardian consent before sharing contact information with partners.
For Non-Winners: We do not share non-winners' contact details with partners unless you opt in. We may forward partner inquiries to you without sharing your contact details.

6.4 Public Display
Promotion Entries: If you submit an entry to a Promotion, certain information will be publicly displayed in galleries:
- Your display name/pen name
- Entry artwork and images
- Entry title and public description
- Portfolio links you provide
- Metadata tags
This information may be indexed by search engines and shared by other users. We cannot control third-party reposts or caches.
Winner Announcements: If you are selected as a winner, we will publicly announce:
- Your name or display name
- Hometown (city/state/country)
- Entry title and images
- Portfolio link

6.5 Legal Requirements
We may disclose personal information when required by law or to protect our rights:
- In response to lawful requests from law enforcement, courts, or government authorities
- To comply with legal obligations, court orders, subpoenas, or legal processes
- To protect the rights, property, or safety of SyBran Technology Limited, our users, or the public
- To prevent, detect, or investigate fraud, security threats, or illegal activities
- In connection with legal proceedings or investigations

6.6 Business Transfers
If SyBran Technology Limited is involved in a merger, acquisition, asset sale, financing, bankruptcy, or other corporate transaction, your personal data may be disclosed to or transferred to potential or actual acquirers, investors, advisors, and other parties involved in the transaction.
In such events:
- Acquirers must agree to protect your data consistent with this Privacy Policy
- We will provide notice via email and prominent notice on our website before transfer
- Your data rights under applicable law continue with the new entity
- You may exercise deletion rights before the transfer completes where legally permitted
Data stored locally on your CODE27 Device remains under your direct control and is not transferred as part of corporate transactions.

6.7 With Your Consent
We may share personal information with third parties when you direct us to do so or provide explicit consent.


7. Promotions and Public Galleries

7.1 Information Collected for Promotions
When you participate in Promotions (contests, sweepstakes, competitions), we collect:
- Entry Submissions: Artwork, images, descriptions, titles, portfolio links, metadata
- Account Information: Display name, email, country/region
- Voting Activity: Your votes and voting patterns
- Winner Verification: Full name, address, phone number, date of birth, tax forms, government ID (for finalists/winners only)
- Guardian Data (for minors): Guardian name, contact details, documentary proof of consent

7.2 Public Gallery Display
Entries in the public gallery may include:
- Your display name/pen name
- Artwork and images
- Entry title and description
- Portfolio links
- Metadata tags (art style, rendering method, mood/theme)
Public Visibility: Public gallery content may be indexed by search engines and shared by others. You may request removal of non-winning entries after the Promotion, subject to feasibility and residual copies beyond our control.

7.3 How Promotion Data Is Used
We use Promotion data for:
- Receiving and validating entries
- Public gallery display
- Voting and judging
- Finalist and winner selection
- Announcements and publicity
- Prize delivery and tax compliance
- Fraud prevention and vote integrity
- Analytics to improve future Promotions

7.4 Retention of Promotion Data
- Non-winner data: Retained for up to 12 months after Promotion conclusion, then deleted or anonymized
- Winner lists and winning entries: Retained for archival and transparency purposes while Promotion results remain published or otherwise promoted, subject to periodic review and your rights
- Prize-related and tax records: Retained as required by law (typically 7 years)


8. Minors (Ages 13-17)

8.1 Eligibility
Participants aged 13–17 may use the Services only with the consent of a parent or legal guardian. Persons under 13 are not eligible to use the Services, and we will delete any data inadvertently collected from them.

8.2 Parental Consent
At Account creation or Promotion entry, minors must affirm that parental consent has been obtained. Documentary proof will be requested only if the minor becomes a finalist or winner in a Promotion, or if otherwise required by law.
Required Documentation (for finalists/winners):
- Guardian name and contact information
- Documentary proof of consent (signed consent form, notarized statement, or video verification)
- Minor's date of birth and government-issued ID (for age verification)
Failure to provide proof within the stated timeframe will result in disqualification from Promotions or Account suspension.

8.3 EEA/UK Digital Age of Consent
For EEA/UK participants, where required by local law, consent must be provided or authorized by the holder of parental responsibility for users under the applicable digital age of consent (13–16 depending on country).

8.4 Enhanced Protections for Minors
For users under 18:
- Content Safety Filters are enabled by default and cannot be adjusted
- Sexually explicit visual material is blocked
- Enhanced safety monitoring is applied
- Crisis intervention resources are prominently displayed
- Reminder notifications appear every 3 hours to take breaks and remember you are interacting with AI
- Parental oversight features are available through Account settings


9. Data Retention

We retain personal information only as long as necessary for the purposes set out in this Policy, subject to periodic review and applicable legal requirements.