Privacy Policy — Soapbox

PRIVACY POLICY v1.0

This Privacy Policy describes how SOAPBOX LLC (“SOAPBOX,” “we“, “us” or “our“) handles personal information about you that we collect through our website (the “Site”), Meta QuestTM mobile application for virtual and augmented reality devices (the “App”) and other online services (collectively, the “Service”). The data is broadly organized into two categories, anonymized and non- anonymized. Non-anonymized data may be considered personal identifying information (“PII”).

Anonymized Data

Once you install the Meta Quest application and login successfully the Service will generate a unique anonymized ID for you. This unique anonymized ID (“UAID”) allows SOAPBOX to collate data across your sessions with the Service while ensuring anonymity. SOAPBOX will never combine and store this UAID with any non-anonymized data/PII that we collect about you, on our servers or third-party services, that would allow us to discern your true identity. Your VR headset system is the only place which stores both UAID and PII. Typically, your email address and your UAID will both be stored on your VR headset system. Your UAID is not regenerated on every login, but at the initial login and will be used on all of your further sessions with the Service. If you choose to uninstall the App, this UAID is removed. A new UAID is generated on each install and successful login.

Anonymized Data Collection
All of the following data points are collected and associated with your UAID:

  
    Application
    Usability
    Content
  

    Open
Login
Sign Up
Average frame rates
Device storage space
    Menu selection
Spatial data, floor space available
Hand or controller usage
    Download time
Watch time
Selection
Removal
Viewing position and posture
  

Application	Usability	Content
Open Login Sign Up Average frame rates Device storage space	Menu selection Spatial data, floor space available Hand or controller usage	Download time Watch time Selection Removal Viewing position and posture

Non-Anonymized (PII) Data Collection

Soapbox will store email as the primary identifier for a given user and we collect and process the following data points that are linked to said email. We will use this data to provide a personalized experience and/or improve the user experience in the future. We do not sell PII to third parties. If you cancel your account, we will delete your PII in accordance with our data retention policies. Our data retention policy is to purge PII associated with cancelled accounts, or accounts that have not been logged into within five (5) years, on an annual basis unless we are required to retain this for legal reasons.

  
    User
    Content
    Optional fields (Not required
to sign up)
  

    Email
IP Address
For Oculus login:Org Scoped ID
User ID
Username

    Preferences to genres or themes
    Username
First name
Surname
  

User	Content	Optional fields (Not required to sign up)
Email IP Address For Oculus login: Org Scoped ID User ID Username	Preferences to genres or themes	Username First name Surname

Additional Data Collection

In addition to our core data collection, we also have anonymous data collection via third party platforms and their default implementations:

Oculus development platform

https://developer.oculus.com/resources/publish-monitor/

GA4

https://support.google.com/analytics/answer/11593727?hl=en

GA4 and EU Capability

https://support.google.com/analytics/answer/12017362?hl=en

Your Rights Relating to PII

The information above is provided so you know how we collect and use (i.e. process) your PII. We process and use your PII in order to In addition, you have the right to request access to your PII and that we correct any inaccurate PII that we store. You may also request that we delete your PII. Obviously, deletion of PII relating to an active account will result in your account being cancelled and deleted and you will not be able to use the Service. You can also object to our use of your PII, although this may also impact your ability to use the Service. We do not, nor do we anticipate using your PII as part of an automated decision-making process.

If you have any questions regarding your rights, or you wish to exercise any of the rights to access, deletion, or correction, you should not hesitate to contact Soapbox directly at support@soapbox.us. We will respond to these requests as soon as possible, but in no case less than one month from receipt. If you have any issue with how we have handled your PII, you also have the right to file a complaint with a government agency having oversight over data jurisdiction matters (i.e. the state data protection authority).

International data transfer

We are headquartered in the United States and may use service providers that operate in other countries. PII may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.

How we use PII

We may use PII for the following purposes or as otherwise described at the time of collection: Service delivery. We may use PII to:

provide, operate and improve the Service and our business;
communicate with you about the Service, including by sending announcements, updates,
security alerts, and support and administrative messages;
understand your needs and interests, and personalize your experience with the Service and our communications; and
provide support for the Service, and respond to your requests, questions and feedback. Research and development. We may use PII for research and development purposes, including to
analyze and improve the Service and our business.
Marketing and advertising. We, our service providers and our third-party advertising partners may collect and use PII for marketing and advertising purposes:
Direct marketing. We may send you direct marketing communications. You may opt-out of our marketing communications as described in the Opt-out of marketing section below.
Interest-based advertising. Our third-party advertising partners may use cookies and other technologies to collect information about your interaction (including the data described in the automatic data collection section above) with the Service, our communications and other online services over time, and use that information to serve online ads that they think will interest you. This is called interest-based advertising. We may also share user lists with these companies to facilitate interest-based advertising to those or similar users on other online platforms. You can learn more about your choices for limiting interest-based advertising in the Your choices section below.
Compliance and protection. We may use PII to:

comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
audit our internal processes for compliance with legal and contractual requirements or our internal policies;
enforce the terms and conditions that govern the Service; and
prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal
activity, including cyberattacks and identity theft.
Cookies and other technologies. In addition to the other uses included in this section, we may use cookies and other technologies described above for the following purposes:

To allow the technical operation of the Service, such as by remembering your selections and preferences as you navigate our website, and whether you are logged in when you visit password protected areas of the Service.
To help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails. For example, we use Google Analytics for this purpose. You can learn more about Google Analytics and how to prevent the use of Google Analytics relating to your use of our sites here: https://tools.google.com/dlpage/gaoptout?hl=en.

Security

We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of PII.

For more information on how we transfer the personal information of individuals based in Europe, please see the Notice to European Users section.

Children

The Service is not intended for use by anyone under 13 years of age. If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact us. If we learn that we have collected personal information through the Service from a child without the consent of the child’s parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service or other appropriate means. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.

This Privacy Policy is effective 1/23/2024