Privacy Policy

The data controller for personal data processed through SoundBip is:

Mark Flynn trading as YesAllOfUs
Guernsey, Channel Islands
support@soundbip.com

SoundBip is payment software — a technology provider, not a financial services company. We process point-of-sale transaction data only. We do not perform identity verification (KYC) or business verification (KYB) and therefore do not hold customer identity documents. Identity verification is the responsibility of the regulated exchanges (such as Bitstamp, Kraken, or Gemini) where users acquire RLUSD.

Under the Data Protection (Bailiwick of Guernsey) Law 2017, we process your personal data on the following lawful bases:

• Contract: Processing necessary to provide the SoundBip service to you, including transaction processing, receipt delivery, and account management.
• Legitimate interests: Processing necessary for fraud prevention, security monitoring, service improvement, and platform integrity. We have assessed that these interests do not override your rights and freedoms.
• Legal obligation: Processing necessary to comply with applicable laws, respond to lawful requests from authorities, or establish, exercise, or defend legal claims.
• Consent: Where we send optional communications such as product updates, we rely on your consent, which you may withdraw at any time.

• Facilitate RLUSD payment transactions via the XRP Ledger
• Generate and deliver transaction receipts
• Manage your account and wallet connections
• Track and distribute affiliate commissions
• Prevent fraud and monitor for suspicious activity
• Respond to your support enquiries
• Comply with applicable legal requirements

Transactions on the XRP Ledger are public by design. Your wallet address and transaction history (amounts, timestamps, counterparty addresses) are permanently visible on the blockchain. SoundBip does not control and cannot delete on-chain data. No personally identifiable information (such as your name or email) is stored on-chain — wallet addresses are pseudonymous.

Your data is stored using industry-standard security measures including encryption in transit (TLS 1.2+) and encryption at rest. Private keys are managed via Web3Auth's distributed key management system and are never stored on SoundBip servers. Local preferences are stored on your device using standard secure storage.

We use the following third-party services, some of which involve the transfer of data outside Guernsey:

These services have their own privacy policies governing their use of your data. Where data is transferred outside Guernsey, we ensure appropriate safeguards are in place:

• United States (Firebase/Google, Social Login Providers): Transfers are protected under the EU-US Data Privacy Framework (DPF), to which Google LLC and Apple Inc. are certified. Guernsey holds EU adequacy status under the Data Protection (Bailiwick of Guernsey) Law 2017.
• Singapore/India (Web3Auth / Torus Labs): Transfers are governed by Standard Contractual Clauses (SCCs) incorporated into Web3Auth's data processing agreements.
• United Kingdom/EU (SumUp): Covered by Guernsey's EU adequacy decision, which also applies to UK transfers under the UK-Guernsey data sharing arrangements.
• Global (XRP Ledger, Cloudflare): Blockchain data is public by design and not considered a transfer of personal data. Cloudflare operates under SCCs and is certified under the EU-US DPF.

After account deletion, we remove your personal data from our servers within 30 days, except where retention is required by law or where data exists on the public blockchain.

Under the Data Protection (Bailiwick of Guernsey) Law 2017, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate personal data.
• Right to erasure: Request deletion of your personal data (subject to legal retention requirements). Note that blockchain records are permanent and cannot be deleted.
• Right to data portability: Receive your personal data in a structured, commonly used, machine-readable format.
• Right to restrict processing: Request that we limit how we use your data in certain circumstances.
• Right to object: Object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, withdraw that consent at any time.

To exercise any of these rights, contact us at support@soundbip.com. We will respond to your request within 30 days.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the Office of the Data Protection Authority (ODPA) within 72 hours of becoming aware of the breach, as required by the Data Protection (Bailiwick of Guernsey) Law 2017.
• Where the breach is likely to result in a high risk to your rights and freedoms, notify affected individuals without undue delay, providing details of the breach, its likely consequences, and the measures taken or proposed to address it.
• Maintain an internal register of all data breaches, including those not meeting the reporting threshold, for audit purposes.

SoundBip does not use automated decision-making or profiling that produces legal effects or similarly significant effects on users. Transaction processing is automated in the sense that payments are executed on the XRP Ledger as instructed, but no decisions about your access to the service, creditworthiness, or eligibility are made by automated means.

SoundBip is not intended for use by anyone under 18 years of age. We do not knowingly collect personal data from children. If we learn we have collected data from a minor, we will delete it promptly.

We may update this Privacy Policy from time to time. Material changes will be communicated via the platform or email where possible. The "Last Updated" date at the top of this page will be revised accordingly.

If you are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with the Office of the Data Protection Authority (ODPA):

We would appreciate the opportunity to address your concerns before you approach the ODPA. Please contact us at support@soundbip.com in the first instance.

For privacy-related enquiries, contact us at support@soundbip.com.

Mark Flynn trading as YesAllOfUs · Guernsey, Channel Islands