Digital Society Commune — Privacy Policy

Digital Society Commune (also "DS Commune", "Commune", "we", "us", "our") operates the website commune.my.

If you have privacy questions or want to exercise any privacy rights, contact us at contact@commune.my.

Note: We do not have a Data Protection Officer (DPO) listed. For legal compliance in some jurisdictions we may appoint a representative or DPO later.

This policy explains how we collect, use, share, and store personal data from people who use commune.my and related services (the "Service"). It applies to visitors, registered users, customers, and contributors worldwide. You may be subject to specific rights under laws such as the EU GDPR, UK GDPR, California CCPA/CPRA, COPPA (for children), and Russia's personal data law (152-FZ).

We collect only the data needed to run the Service and keep it safe. Principal categories:

• Account & contact: Email (required to register and sign in); display name (optional/free text).
• Technical & safety: IP address, browser user agent, session cookie. These are used for security, fraud prevention, and to keep the service working.
• User content: Any files, images, text or other content you upload or publish in the forum, blog comments, bookings, or SaaS features — this can include personal data if you (or others) put personal information in uploads. We do not proactively screen uploads for personal data.
• Other: Any information you choose to add to your profile, messages, or public posts.

• Directly from you via forms and registration pages.
• Automatically when you use the Service (IP, user agent, session cookie).
• From content you upload or publish.

We use personal data for the following purposes:

• To provide and operate the Service (create accounts, login, manage bookings, deliver SaaS features). Legal basis (GDPR): performance of a contract/necessary for service.
• Account security & fraud prevention (monitor logins, block abuse). Legal basis: legitimate interests (keeping the platform secure).
• Customer support and communications (responding to emails to contact@commune.my). Legal basis: contract performance or legitimate interest.
• Analytics and product improvement (aggregate metrics, error logs). Legal basis: legitimate interests or consent where required.
• Billing / future payments (if enabled in future) — we will disclose processors and legal basis when implemented.

If you are a California resident, you have specific rights under CCPA/CPRA (right to know, delete, opt-out of sale or sharing). We do not sell personal information.

We use a single session cookie to keep you signed in and to secure sessions. We will show a cookie banner that explains this and (if/when we add analytics or other optional cookies) will request consent for non-essential cookies.

• At present you stated no regular sharing with third parties for analytics, marketing or resale. If we add hosting, analytics, email delivery, or payment providers, we will list them and use processors under contracts.
• We will not sell personal data (this is consistent with your project principles).

Our servers are located in the Netherlands (NL). Data stored in NL is processed inside the European Union. If we transfer personal data outside the EU/EEA (for example, to a vendor outside the EEA), we will use appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) or other lawful mechanisms to protect transfers.

• Account data (email, profile): retained until you delete your account or request deletion.
• Backups & logs (technical): typically retained for a limited period for security and operations — suggested default: 12 months for logs; 90 days for backups unless needed for security or legal reasons.
• Uploaded content: retained until you delete it, unless removal is required by law.

If you need different retention periods to meet local legal requirements, we will update the policy and communicate retention details on request.

We try to keep this easy. You can exercise the following rights:

• Access — ask what personal data we hold about you.
• Rectification — ask to correct inaccurate data.
• Deletion — ask us to delete your account and personal data (subject to legal exceptions).
• Restriction — ask us to limit how we use your data.
• Portability — request a machine-readable copy of the personal data you provided.
• Object — object to processing based on legitimate interests (we'll explain impacts).

California-specific: California residents can request disclosure of categories and specific pieces of personal information we collect, request deletion, and opt-out of sale/sharing (we do not sell).

To exercise any right, contact contact@commune.my with a clear description of your request. We will verify your identity before acting on certain requests.

Note about COPPA and minors

We allow users with emails to register and do not knowingly restrict general registration to adults. If we obtain actual knowledge that we are collecting personal information from a child under 13, COPPA requirements will be triggered (parental notice and verifiable consent). We will comply with COPPA rules where they apply. If you are a parent and believe we have collected your child's information, contact us.

We use HTTPS/TLS, session management, and passwordless authentication. We implement reasonable administrative, technical, and physical safeguards to protect personal data. No system is perfectly secure — if we become aware of a breach involving your personal data we will follow applicable laws and notify you and relevant authorities where required.

If a security incident affects your personal data we will investigate and, where required by law, notify affected users and supervisory authorities without undue delay in accordance with applicable law (for example, GDPR notification timelines).

We do not knowingly target children under 13. If you are under 13 (or local minimum age), do not register without parental consent. If you believe a child under 13 has registered without parent/guardian consent, contact us so we can remove the data.

We may update this policy as the Service or laws change. Material changes will be posted on the site with a new effective date.

Email: contact@commune.my. Please include enough detail so we can locate your account and verify your request. We typically respond within the time frames required by local law.