Privacy Policy
Effective Date: 24 March 2026
Controller: SVX BETA LTD, 3 Hill Street, Edinburgh, EH2 3JP, United Kingdom
1. Purpose and Scope
This Privacy Policy explains how SVX BETA LTD (“SoapVox”, “we”, “us”) processes personal data during the SoapVox Open Beta under:
• UK GDPR
• EU GDPR (where applicable)
• Data Protection Act 2018 (UK)
SoapVox is designed to operate without creating a persistent record of political interaction. The Platform does not provide public archives or replay features. Where enabled, spectator access is optional, session-bound, limited in audience size, and subject to capped access. Participants may be visible within a live stream where streaming has been enabled for a session, including by another participant. Political context is displayed only during live interaction and is not retained once a session ends.
The Open Beta is:
• adults-only (18+);
• small-scale, with limited-capacity live sessions;
• time-limited to scheduled daily live windows; and
• subject to change, interruption, suspension, or termination at any time.
Before entering a live session, users are shown a preview of their on-screen card, including face image, selected topic, optional political stance, and displayed country, and must explicitly confirm before proceeding.
During the Open Beta, access to the live environment is subject to moderation controls. Entry occurs only after required conditions have been met.
Users may view preview cards of other active users prior to initiating a discussion. Live audio-visual interaction occurs only where both participants independently accept a connection.
SoapVox does not:
• create user-facing user accounts or public profiles;
• record live video or audio on the Platform; or
• build behavioural profiles.
This Policy applies only to the SoapVox Platform. Separate policies apply to the informational website, the Cookies Policy, the Terms of Use, and the Acceptable Use Policy.
The Platform is operated from the United Kingdom and hosted on EU-based infrastructure. Where users access the Platform from outside the UK or EU, local laws may also apply.
2. The Data We Collect
We collect only the data needed to operate, secure, and moderate the Platform.
2.1 Authentication Data
You log in using:
• a one-time email login code; or
• an OAuth login (X or Reddit).
Authentication uses pseudonymous identifiers required to operate the service while avoiding persistent political profiling or behavioural political histories.
What we receive and retain:
• A pseudonymised internal user ID (random UUID) used to run the session and operate moderation.
• A hashed OAuth identifier (one-way, irreversible) used to authenticate the user, prevent abuse, and allow the user to return to the Platform.
• For email login, a hashed email identifier may be created for security and abuse prevention.
• Short-lived technical session tokens (for example JWT cookies) to keep you logged in during an active session.
Retention:
• Hashed authentication identifiers (including hashed OAuth or email identifiers) are retained while login access remains active and are deleted within 28 days of account inactivity.
• Session identifiers and associated security records (for example IP address and derived country) may be retained in platform security and audit records for up to 28 days and are then anonymised following account inactivity.
• One-time email login codes expire quickly and are used only to complete login.
• We do not store your OAuth provider password.
Login access
Users are given the option to revoke login permissions at the end of a session via the exit controls.
When this option is selected, any active OAuth or email-based login permissions associated with the session are removed. This prevents further authentication using those credentials unless the user explicitly re-authorises access in a future session.
2.2 Third-Party Login Providers (OAuth)
SoapVox uses OAuth login providers (including X and Reddit) solely to authenticate users and create a pseudonymised session.
Although OAuth authorisation granted by some providers may technically permit broader access under their platform rules, SoapVox does not retrieve, read, store, analyse, or process posts, messages, follower data, or account content.
Any provider-derived identifiers we receive are immediately converted into a hashed value and used only for short-lived session continuity and abuse prevention. We do not use OAuth to build long-term identity or cross-session profiles.
2.3 Session Data
We process:
• IP address
• derived country (from IP)
• device/browser type (basic user agent class)
• timestamps
• a random pseudonym user ID
• a session ID
These are used for:
• Platform operation and security,
• abuse prevention and rate limiting,
• investigating reports,
• maintaining audit integrity during the beta.
Access controls (high level):
• Moderators do not see IP address or derived country.
• Only a small number of senior administrators, DevOps, and security personnel can access restricted security logs containing IP address and derived country, strictly for abuse investigation, platform security, and lawful disclosure requests.
2.4 Browser Storage (LocalStorage, SessionStorage, Cookies)
SoapVox uses limited browser storage solely to operate an active session and render the user interface during the Open Beta.
SessionStorage
SessionStorage is used only during an active session and is cleared automatically when the session ends or the browser tab is closed.
SessionStorage may temporarily contain:
• in-session navigation state required to render the interface; and
• the user’s selected stance and the currently displayed discussion topic (trending or user-entered) and related UI labels used solely for live interface rendering.
Stance values held in SessionStorage:
• exist only within the user’s browser memory;
• are not transmitted to server logs as stance data;
• are not written to databases, moderation tools, analytics, backups, or snapshots; and
• are not accessible to moderators or administrators.
LocalStorage
LocalStorage is used only for limited, non-sensitive client-side state required to support beta access controls and basic interface behaviour.
LocalStorage does not contain:
• political stance;
• topic selections;
• preview snapshots;
• IP addresses;
• derived country values;
• login identifiers; or
• persistent behavioural or tracking data.
Cookies
Authentication tokens may be stored as secure, HttpOnly cookies to maintain an active session. These cookies are not accessible to frontend JavaScript and are not used for cross-site tracking or profiling.
General controls
• Browser storage is not used to track users across unrelated websites or build behavioural profiles or political histories.
• Users may clear cookies, LocalStorage, and SessionStorage at any time through their browser settings. Clearing storage may end the session or require re-authentication.
Backend application, security, and audit logs are designed so that political stance data is not recorded or retained and is excluded from routine logs, databases, backups, analytics, monitoring systems, or debugging output.
The Platform’s use of browser storage and cookies is also subject to the UK Privacy and Electronic Communications Regulations (PECR). Storage is used only where strictly necessary to provide the service requested by the user.
2.5 Country Derivation
Country is derived from a user’s IP address at the time of connection.
How we use derived country:
• to display limited on-screen context during a live session;
• to support safety, abuse prevention, and compliance controls during the Open Beta; and
• to assign a short-lived service region for safety and operational management.
Derived country is not used:
• for selecting or pairing participants,
• for ranking or prioritisation,
• for content visibility decisions,
• for political inference, or
• to build user profiles or behavioural histories.
Derived country may be used for short-term operational capacity management, including allocating regional service capacity where demand exceeds available session slots.
Retention and access controls:
• Derived country may be retained in restricted security and audit logs for up to 28 days.
• Derived country is not visible to moderators.
Access to logs containing derived country is restricted to a very small number of senior administrators, DevOps, and security personnel for security, abuse investigation, and lawful disclosure only.
Geo-IP processing:
Country is obtained using an IP-to-country lookup service. The service receives only the IP address required to return a country code. It does not receive political stance, topic data, preview snapshots, or moderation data.
2.6 Preview Snapshot (Short-Lived Image)
A preview snapshot is generated when you:
• confirm your camera; or
• update your on-screen card.
The stored snapshot file contains only the face image. Any overlays:
• are rendered only in the live user interface;
• are not stored with the image file;
• are not embedded in image metadata; and
• are not persisted or displayed as part of moderation tooling.
Snapshots:
• are shown only within the Platform to other users viewing preview cards prior to initiating a discussion and, where spectator streaming is enabled, to viewers of the live stream;
• may be shown to a user making a report about a recent interaction (if still within the retention window);
• may be shown to moderators or administrators for review;
• replace the previous snapshot each time a new one is taken;
• are deleted automatically within 24 hours; and
• cannot be accessed once deleted (deleted snapshot URLs do not return any image).
CDN and caching controls:
Preview snapshots are delivered through EU infrastructure with cache settings designed to prevent long-term storage. Once deleted under the 24-hour retention policy, the snapshot becomes inaccessible.
Snapshots are not used for identification, facial recognition, analytics, ranking, or personalisation. We do not create biometric templates or facial feature vectors.
2.7 Topic Data
Topics are used to operate the interface and support moderation.
Open Beta topic model:
• Topics may be selected from controller-maintained trending discussion topics curated by the controller.
• Users may alternatively enter their own topic text.
• User-entered topic text is stored server-side solely to operate the session and support safety and moderation during the Open Beta.
• Users are instructed not to include personal data about themselves or others in topic text.
• Trending discussion topics retained independently as platform content do not constitute personal data in isolation.
• Topic–session associations (including user-entered topics) are retained on a short-lived basis (≤ 28 days) for moderation, safety, and abuse investigation and are then deleted or irreversibly separated from identifying data.
These short-lived topic–session associations:
• may appear in restricted platform records used for safety, moderation, and abuse investigation within the defined retention window;
• are never combined with political stance data (stance is not stored server-side);
• are not used to create profiles, infer political views, or build behavioural histories;
• are not used for ranking, prioritisation, targeting, or visibility decisions; and
• are not transferred to external processors beyond the limited operational infrastructure necessary to run the Platform.
Automated topic risk signals (human-led review)
User-entered topic text may be checked against keyword rules (for example, banned-word lists) and assessed using machine-learning toxicity scoring solely to generate a risk indicator for human moderator review. These tools do not automatically block, remove, or penalise users. All decisions (including approval, removal, or enforcement) are made by human reviewers.
Moderators may see:
• the topic;
• timestamps; and
• the face-only snapshot (if still within the 24-hour window).
Moderators do not see:
• political stance;
• IP address;
• derived country;
• login identifiers;
• session identifiers; or
• cross-system linkage data.
In rare cases, senior administrators may correlate topic with restricted security logs strictly for time-limited abuse investigation or lawful requests, under segregated access controls and within the 28-day retention window.
Where discussion topics concern public affairs or civic matters, topic–session associations remain subject to the same minimisation, segregation, and short retention controls described above.
Live session observation
Where a participant has enabled spectator streaming and the session is viewable within the Platform, moderators may observe the session through the same live interface available to viewers, including where a session has been reported for review or requires moderation. In such cases moderators may see the same on-screen elements visible to viewers within the live stream. This observation occurs only within the live interface and does not provide moderators with access to backend systems, stored identifiers, or additional user data.
2.8 Stance Data (Optional)
Stance (“Left”, “Right”, “Neutral/Centrist”) is:
• voluntary;
• used only for live on-screen context;
• not stored server-side;
• not visible to moderators; and
• not retained across sessions.
Stance may temporarily exist in session-scoped browser memory (SessionStorage) during an active session solely to render the user interface. This memory is cleared automatically when the session ends or the browser tab is closed.
Segregation from identifiers
Stance is excluded from routine server logs, databases, moderation tools, analytics, backups, and snapshot metadata.
Users selecting the “Non-Political” option
• display the “Non-Political” label as contextual information during the session;
• may enter their own topic text;
• appear in the general live queue alongside other users; and
• display their country for real-time context in the same manner as other participants.
The “Non-Political” label functions solely as a voluntary contextual indicator. It does not create a political profile, restrict queue placement, or alter data-processing logic.
Political stance exists only as temporary UI state within the user’s active browser session. See Section 3 for lawful-basis safeguards.
2.9 Consent Records
We record consent and safety acknowledgements to demonstrate lawful processing and consent-flow integrity.
Examples of consent events include:
• acceptance of platform terms at entry (checkbox),
• confirmation to enter a live session (“Go Live”),
• login method confirmation (OAuth granted or email-code login),
• ending a session and, where applicable, removing OAuth permissions.
Consent logs contain only:
• the event type,
• timestamp, and
• a pseudonymised user identifier, plus limited non-political metadata where necessary to verify flow integrity.
Consent logs do not store stance, country overlays, snapshot images, or political profiles.
Retention:
Consent and audit events may be retained for up to 28 days during the Open Beta, and longer only where strictly necessary to demonstrate compliance or respond to legal claims.
2.10 Reports and Moderation
Users can report unsafe or harmful behaviour during a live session.
Report data consists of:
• a report identifier;
• timestamps;
• a structured report category selected by the reporting user;
• a reference to the reported interaction; and
• access to the most recent preview snapshot (face image only) where the snapshot still exists within the 24-hour retention window.
Reports are event-based. Short-lived counters may be maintained to prevent repeat abuse without creating behavioural profiles or persistent history.
Reports may include optional user-provided free-text details for moderation context. This text is used solely for human review, is not analysed or profiled, and is deleted with the associated moderation record.
Moderator access is strictly limited to:
• report-related information made available through the reporting workflow (active session only);
• short-lived preview snapshots (face image only, where still available);
• the reported topic and timestamps; and
• short-term counters and flag indicators, including previous flag count (number only).
Reports are reviewed only in the context of the active session. Moderators do not have access to historical report objects or prior report reasons beyond aggregated flag counts.
Moderators never see:
• political stance;
• derived country;
• IP address;
• session identifiers;
• login or authentication identifiers;
• pseudonymised internal user identifiers; or
• any cross-system linkage or persistent identifier enabling moderator-level cross-session tracking.
Backend log exclusion (political stance)
Platform application, security, audit, and moderation logs exclude political stance data. Political stance exists only as temporary, session-scoped UI state and is excluded from routine logs, databases, backups, analytics, monitoring systems, and debugging output.
Related moderation signals
Report counters record short-lived patterns of rule violations within the defined retention window for safety enforcement only and do not create long-term behavioural profiles, persistent user histories, or cross-session tracking.
Retention
Report records and associated moderation artefacts are retained for up to 28 days unless a longer period is required to comply with a lawful request or legal obligation.
2.11 Feedback and Review Submissions
Users may optionally submit written feedback during the Open Beta.
Users may also voluntarily submit a link (URL) to a publicly posted video review for reward verification purposes.
If feedback or a review link is submitted, we process:
• the feedback text provided by the user;
• an email address, where the user voluntarily provides one for follow-up or reward delivery; and
• a submitted URL to a publicly available video review, where provided.
Written feedback submissions are:
• private and not displayed on the Platform;
• processed independently of live sessions; and
• not linked to session data, political stance, selected topics, derived country, preview snapshots, moderation records, or platform identifiers.
Submitted review links:
• are reviewed solely to assess eligibility for Review Rewards;
• may be reshared by SoapVox where permitted under the Terms of Use;
• are not used to build profiles or infer political views; and
• are not linked to session identifiers or backend platform records.
Retention:
• Email addresses provided for reward delivery are deleted within 28 days.
• Submitted review links are retained only for the period necessary to review eligibility, administer rewards, and manage any associated reposting, and are then deleted.
• Written feedback text may be retained beyond 28 days for internal review and service improvement purposes, provided it is held without linkage to session data, identifiers, or live interaction records.
Feedback and review data is not used to build user profiles, infer political opinions, or influence visibility or moderation decisions.
2.12 Reminder Email (Countdown Feature)
Users may voluntarily submit an email address to receive a one-time reminder shortly before a scheduled live session.
This feature:
• collects the email address solely for reminder delivery;
• sends a single automated message approximately 10 minutes before the scheduled session;
• does not create a user account;
• does not link the email address to session data, login identifiers, political stance, topic selections, derived country, moderation records, or platform identifiers.
Retention:
• Email addresses submitted for reminder purposes are deleted automatically immediately after the reminder message is sent.
• Reminder emails are not added to marketing lists and are not reused.
2.13 Spectator Data
Where a user views a live session as a spectator, we process limited technical data necessary to deliver the stream and protect the Platform, including IP address, derived country, device/browser class, and timestamps.
Spectator IP addresses and related security logs are retained for up to 28 days for security, abuse prevention, and compliance purposes and are then deleted or anonymised in accordance with Section 6.
3. Lawful Basis (Including Political Data)
We rely on the following lawful bases when processing personal data during the Open Beta:
Article 6(1)(b) – Contract
For delivering the Platform service requested by the user, including authentication, session operation, and participation in live interactions.
Article 6(1)(f) – Legitimate Interests
For operating, securing, and moderating the Platform, including abuse prevention, rate limiting, investigating reports, enforcing the Acceptable Use Policy, and proportionate age-assurance measures.
Special-Category Data (Political-Opinion Data)
Special-category data may arise where a user voluntarily selects a political stance or enters topic content that reveals political opinion.
Where such data arises, we rely on:
Article 9(2)(a) – Explicit Consent
Political stance:
• is voluntary;
• is selected by the user before entering a live session;
• may be displayed to other participants during a live session as contextual information chosen by the user;
• exists only within session-scoped browser memory (SessionStorage);
• is not stored server-side;
• is excluded from routine logs, databases, backups, moderation systems, and analytics; and
• is not retained across sessions.
Users may withdraw consent at any time by deselecting their stance (where available) or by ending the session. Withdrawal does not affect processing carried out before withdrawal.
Political-opinion data (where voluntarily provided through stance selection or user-defined topic text) is not stored server-side as persistent stance data, is not retained across sessions as stance history, and is not processed outside the live user interface except for short-term moderation review of topic text as described elsewhere in this Policy.
Safeguards Applied to Special-Category Processing
We apply strict minimisation and segregation controls because:
• stance is optional and not stored server-side;
• stance is technically segregated from identifiers and never visible to moderators;
• no profiles are built and no long-term behavioural history is created;
• the Platform does not record or archive sessions;
• identifiers are pseudonymised and access to logs is strictly limited;
• short retention periods apply to logs and moderation records;
• the Platform is adults-only and subject to active human moderation.
4. How We Use Data
We use personal data to:
• run the Platform;
• show preview cards;
• process consent and login;
• prevent abuse and enforce the Acceptable Use Policy;
• investigate reports and appeals;
• maintain audit logs for safety and legal compliance;
• verify optional form submissions (for example, feedback rewards);
• respond to data-protection requests.
We do not:
• intentionally record, store, or archive live audio or video;
• build behavioural profiles;
• personalise political content;
• sell or trade personal data;
• use stance or derived country to select, pair, rank, or influence visibility;
• infer political leaning from behaviour;
• track behaviour across sessions to build persistent history.
We may generate aggregated, non-identifiable operational statistics. These metrics do not contain individual session data or joined combinations capable of identifying a participant.
User-Submitted Recordings
Where a participant voluntarily records a session and submits that recording to SoapVox, the Platform may use, reproduce, edit, distribute, and promote that content in accordance with the licence granted in the Terms of Use.
Such recordings may contain visible political stance or discussion content selected by the user during a live session.
SoapVox does not extract or process political stance data from recordings to build profiles or behavioural histories.
5. Moderation and Safety
SoapVox operates a tightly controlled, human-led moderation environment designed to meet safety and legal obligations during the Open Beta.
5.1 Human-Led Moderation Decisions
All moderation decisions (including warnings, enforcement actions, or session termination for policy reasons) are made by human reviewers.
Automated systems may provide limited support by:
• routing reported items for human review (for example, based on report volume);
• applying technical session controls necessary to operate the service (for example, terminating a session where a camera feed is unavailable); and
• generating advisory risk indicators for moderator review (for example, keyword-rule flags and machine-learning toxicity scoring of user-entered topic text).
These automated processes:
• do not make moderation or enforcement decisions;
• do not create or rely on political profiles; and
• do not apply lasting penalties or effects across sessions.
If a participant’s face is not visibly present during a live session, the session may be ended automatically where the camera feed is unavailable or technically absent, or following moderator review after a user report based on short-lived preview snapshots.
This measure exists solely to enforce participation requirements and platform safety and does not involve facial recognition, biometric analysis, profiling, or lasting enforcement actions.
5.2 Moderator Access Controls
Moderators have access only to the minimum information required to assess reported content and enforce the Acceptable Use Policy.
Moderator access is strictly limited to:
• report-related information made available through the reporting workflow;
• short-lived preview snapshots (face image only, where still available);
• the reported topic and timestamps; and
• short-term counters and flag indicators.
Moderators never have access to:
• political stance;
• derived country;
• IP addresses;
• login or authentication identifiers;
• session identifiers;
• pseudonymised internal user identifiers; or
• any joined datasets capable of identifying a participant or reconstructing political opinion.
All moderator actions are logged for accountability and oversight.
5.3 Administrative Access Controls
A very limited number of senior administrators may access restricted security and audit logs containing:
• IP address and derived country;
• session identifiers; and
• moderation action records.
This access is permitted solely for:
• abuse or fraud investigation;
• platform security and integrity; or
• compliance with lawful disclosure requests.
Moderation systems and restricted security logs are segregated by design and governed by separate access controls. Moderators cannot access security logs or identifier data through the moderation interface. Political stance is not accessible to administrators because it is not stored server-side.
5.4 Face Visibility Requirement (Non-Biometric)
Participation requires that a user’s face remain visibly present during a live session.
SoapVox does not perform facial recognition, biometric identification, facial analysis, or automated age estimation.
Moderators may review short-lived, face-only preview snapshots for safety and policy compliance, including potential under-18 concerns. Technical session controls may terminate a session where participation requirements are not met (for example, camera unavailability). These controls are operational and do not constitute biometric processing.
5.5 Recording and Screenshots
SoapVox does not record, store, or archive live audio or video sessions.
Participants are informed that sessions may be recorded and shared publicly by other participants.
SoapVox cannot technically prevent independent recording by users. Any recording made by a participant is the responsibility of that participant and must comply with applicable law and the Terms of Use.
5.6 No Biometric Processing
SoapVox does not engage in:
• facial recognition;
• biometric template creation;
• facial feature extraction;
• automated age estimation; or
• identity inference.
Preview snapshots are used only for short-lived human review and are not processed into biometric identifiers.
5.7 Reporting Tools
Reporting tools are structured and category-based. Reports do not contain stored political stance, derived country, login identifiers, session identifiers, or persistent identity profiles.
Reports and related moderation records are retained for up to 28 days. After this period, identifiers and session linkages are deleted or irreversibly separated, and only non-identifying compliance records may remain.
Where required to comply with a legal obligation or lawful request, specific records may be preserved under restricted legal-hold controls.
5.8 Spectator Mode (Optional)
When Spectator Mode is enabled for a live session, a participant’s live audio-visual stream may be viewable by a limited number of concurrent spectators (view-only).
Spectator Mode is disabled by default and must be actively enabled before going live.
Spectators may be located outside the UK or EEA. Where this occurs, the participant’s live audio-visual stream may be viewed in those jurisdictions as part of the Spectator Mode functionality enabled by the participant.
SoapVox does not provide replay or archive functionality.
Spectators may independently attempt to capture recordings using their own devices. SoapVox cannot technically prevent this, does not control or monitor how such recordings may be redistributed once created outside the Platform, and any such recording must comply with applicable law and the Terms of Use.
6. Data Retention
SoapVox applies strict data-minimisation and storage-limitation principles.
Personal data is retained only for the shortest period necessary to operate the Open Beta safely, meet moderation and compliance obligations, and respond to lawful requests. Data is then deleted automatically or irreversibly separated.
Preview snapshots (face-only images)
Purpose: Safety review and moderation
Retention: Deleted within 24 hours
IP address, derived country, session and security logs
Purpose: Platform security, abuse prevention, and audit integrity
Retention: Deleted within 28 days
For spectators who view a session without logging in, security logs (including IP address) are deleted or anonymised within 28 days of collection.
Trending discussion topics (content)
Purpose: Platform operation
Retention: Retained as platform content without linkage to session data, identifiers, or live interaction records
Topic–session associations
Purpose: Moderation and review
Retention: Deleted or irreversibly separated within 28 days
Consent and audit events
Purpose: Consent-flow integrity and compliance evidence
Retention:
• 28 days during the Open Beta
• retained longer only where strictly necessary to establish, exercise, or defend legal claims or meet regulatory obligations
Reports and moderation records
Purpose: Safety enforcement and compliance oversight
Retention: Deleted within 28 days
Feedback email identifiers
Purpose: Verification, follow-up, or reward delivery
Retention: Deleted within 28 days
Feedback text (non-linked content)
Purpose: Internal review and service improvement
Retention: Retained without linkage to session data, identifiers, or live interaction records
Encrypted backups of short-lived logs
Purpose: Disaster recovery and integrity of security records
Retention: Deleted within 28 days
Aggregated operational telemetry
Purpose: Platform performance and reliability
Retention: Aggregated prior to storage and contains no personal data or identifiers
Interpretation of retention periods
Where this Policy refers to retention periods expressed as “≤ 28 days”, those periods are calculated by reference to account inactivity rather than as rolling, per-record expiry periods from the time each log, session, or event is created.
After approximately 28 days of account inactivity, identifying data such as IP address and derived country are removed or irreversibly separated from remaining records. Non-identifying logs and compliance records may be retained in anonymised form for safety, audit, and legal purposes.
Exception: preview snapshot images (face-only) are subject to a fixed, automatic deletion period of ≤ 24 hours, independent of account activity, and are permanently deleted once that period expires.
Additional Retention Safeguards
• Political stance is not stored server-side and is therefore not subject to retention.
• Preview snapshots and stance data are excluded from backups and cannot be recovered once deleted.
• Topic–session associations and derived country values may appear in backups only within their defined retention windows and are deleted under the same schedule.
• Retention controls are applied consistently across live systems, logs, and backup environments.
• Where data is preserved beyond standard retention periods due to a lawful request or legal obligation, access is restricted and subject to legal-hold controls.
Post-retention handling
After the retention period, identifiers and session linkages are deleted or irreversibly separated. Only non-identifying compliance records may remain.
7. International Transfers and Service Providers
The SoapVox Platform is hosted and processed primarily within the European Economic Area (EEA). Where limited transfers outside the UK or EEA are required to support ancillary workflows (for example, form handling or operational tooling), data is protected using appropriate safeguards in accordance with UK GDPR and EU GDPR, including adequacy regulations, Standard Contractual Clauses, or equivalent lawful transfer mechanisms.
We do not send political stance data to external processors. Preview snapshots and live audio-visual media are delivered only through infrastructure providers for transient delivery during the session and are not used for advertising, analytics, profiling, or storage beyond the Platform’s defined retention controls.
7.1 Form Submissions
Contact, appeal, deletion, and feedback forms are processed through configured EU systems.
Form data is:
• used only to respond to the request;
• kept in access-controlled systems;
• not linked to Platform session data, moderation records, preview snapshots, derived country values, or session/security logs; and
• deleted within 28 days unless a longer period is required by law.
7.2 Service Providers
We use a limited number of provider categories to operate the Platform.
Examples include:
• cloud hosting and infrastructure (EU);
• snapshot and static-asset delivery (EU);
• backup and disaster-recovery storage for short-lived logs (EU);
• email delivery for one-time codes (EU);
• Geo-IP lookup (IP to country code only);
• operational telemetry (aggregated metrics only, no session-level identifiers);
• automated content analysis for safety (topic-text keyword screening and machine-learning toxicity scoring);
• form processing and workflow automation (configured for EU/EEA where available); and
• informational website hosting (separate from the Platform).
No external processor receives political stance data or snapshot images beyond the short-lived delivery required to display preview snapshots within the Platform.
Email delivery for one-time login codes is handled by a third-party email delivery provider acting as a data processor.
The Platform does not retain email identifiers once authentication is complete. The processor may retain limited delivery logs for operational, security, and abuse-prevention purposes.
8. Informational Website Separation
This section relates solely to the SoapVox informational website and not to the live SoapVox Platform.
SoapVox operates a separate informational website used to publish documentation and accept optional user communications.
This informational website is technically and operationally separate from the SoapVox live Platform and does not participate in Platform authentication, session management, moderation, or visibility logic. It does not receive or access any live Platform user data.
9. Security
SoapVox applies appropriate technical and organisational security measures, including:
• encryption in transit and at rest;
• strict access controls;
• pseudonymisation of identifiers;
• automatic deletion aligned with the retention schedule;
• separation between moderation tools and restricted security logs;
• 2FA for administrative systems;
• audit logging of administrative and moderation actions.
If a personal-data breach occurs, we will notify the ICO and affected users where required under Articles 33 to 34 UK GDPR.
10. Your Rights
Users have the following rights under UK GDPR (and EU GDPR where applicable):
• Access
• Rectification
• Erasure
• Restriction
• Objection (where processing is based on legitimate interests)
• Data portability (where applicable)
• Withdrawal of consent
Because SoapVox does not use accounts and data is pseudonymised, we may require technical details (for example approximate session date and IP address) to locate records.
If we cannot reliably confirm your identity, we will not disclose data. Where appropriate, we may instead delete matching pseudonymised records to protect your privacy.
To object to processing based on legitimate interests (for example security logs), contact us using the details in this Policy and describe the basis of your objection.
Requests may be submitted at:
• Email: privacy@soapvox.live
• Form: info.soapvox.live/forms/data-deletion
We aim to respond without undue delay and in any event within one month, in accordance with Article 12 UK GDPR.
11. Age Assurance (18+ Only)
SoapVox is strictly for users aged 18 and over.
To meet safety and legal duties, we apply proportionate measures, including:
• a mandatory 18+ declaration;
• mandatory webcam activation before entering;
• a preview snapshot (face-only) for short-lived human review;
• user reporting tools to flag suspected minors;
• human-led moderation and enforcement.
Users who do not grant camera access or do not provide a face-visible preview snapshot cannot enter or remain in a live session.
We do not use biometric age estimation, facial recognition, or automated facial analysis.
Age-assurance processing is carried out under Article 6(1)(f) UK GDPR (legitimate interests) for safety and prevention of under-18 access, and does not involve biometric processing under Article 9.
12. Contact and EU Representative
Controller
SVX BETA LTD
3 Hill Street
Edinburgh, EH2 3JP
United Kingdom
Email: privacy@soapvox.live
European Representative under Article 27 of GDPR
We have appointed EU Rep as our Representative under Article 27 of the EU General Data Protection Regulation (“GDPR”).
All GDPR queries from EU Data Subjects or Data Protection authorities should be submitted to eurep.ie via their dedicated form. BizLegal Ltd trading as EU Rep have their registered office at 27 Cork Road, Midleton Co. Cork, Ireland. Company number 635921.
Complaints may be made to:
• the UK Information Commissioner’s Office (ICO), or
• your local EU Data Protection Authority.
13. Plain-English Summary (Open Beta)
• The Platform does not record or archive live sessions
• Optional spectator viewing may be enabled by a participant (limited audience)
• Sessions may be recorded and shared by participants
• No user-facing accounts or public profiles
• Stance is optional and not stored server-side
• Stance exists only in session browser memory to render the interface
• Country is derived from IP and retained in restricted logs for up to 28 days
• Preview snapshots last ≤ 24 hours (face-only)
• Logs and reports follow the ≤ 28-day retention rule
• Moderation decisions are human-led
• No biometric processing
• Adults-only (18+); minors are blocked
• No political profiling, behavioural inference, or stored political histories
If our data use changes, we will update this Policy and, where required, seek new consent.