GDPR Privacy Policy

1. Data Controller

Under GDPR, the “data controller” is the entity that determines the purposes and means of processing personal data. For YourMatrix, the data controller is:

Company: Best ROI Media LLC
Platform: YourMatrix
Location: Houston, Texas, United States
Email: privacy@yourmatrix.io
DMCA Registration: DMCA-1070202

All data protection inquiries, requests to exercise rights, and complaints should be directed to privacy@yourmatrix.io.

2. What We Collect

YourMatrix collects only the data necessary to provide and improve our platform. The following outlines what we collect, why, and the legal basis under GDPR:

• Account Data (username, email, hashed password, date of birth) — Legal basis: Contract
• Phone Number (mobile number for SMS verification) — Legal basis: Contract
• Profile Data (display name, profile photo, bio, theme preference) — Legal basis: Contract
• Content Data (posts, photos, videos, audio, messages, comments) — Legal basis: Contract
• Usage Data (pages visited, features used, time spent, interactions) — Legal basis: Legitimate Interest
• Device Data (device type, OS, browser, IP address) — Legal basis: Legitimate Interest
• Location Data (city/region for Town Square local features) — Legal basis: Consent
• Communications (support emails, reports, feedback submitted) — Legal basis: Legitimate Interest
• Compliance Data (DMCA logs, moderation records, age verification) — Legal basis: Legal Obligation

Minimal Collection Principle: YourMatrix only collects data that is necessary for the platform to function. We do not sell your personal data to third parties. Ever.

3. Legal Basis for Processing

Under GDPR Article 6, every data processing activity must have a valid legal basis. YourMatrix relies on the following:

• Contractual Necessity — Processing required to provide the YourMatrix service you signed up for. This includes account creation, phone verification, content hosting, and platform features.
• Legitimate Interests — Processing necessary for our legitimate business interests, such as platform security, fraud prevention, abuse detection, and improving our service — where these interests are not overridden by your rights.
• Consent — For optional data processing such as location access for Town Square features. You can withdraw consent at any time without affecting the lawfulness of prior processing.
• Legal Obligation — Processing required to comply with applicable law, including DMCA compliance, responding to lawful government requests, and maintaining age verification records.

4. Your Rights

Under GDPR, EU/EEA users have the following rights regarding their personal data. To exercise any of these rights, contact us at privacy@yourmatrix.io. We respond to all requests within 30 days.

• Right to Access — Request a copy of all personal data we hold about you. We’ll provide it in a readable format within 30 days.
• Right to Rectification — Request correction of any inaccurate or incomplete personal data we hold about you.
• Right to Erasure — Request deletion of your personal data (“right to be forgotten”). We’ll delete your account and all associated data permanently.
• Right to Restriction — Request that we restrict processing of your data in certain circumstances, such as while a dispute is being resolved.
• Right to Portability — Request your personal data in a structured, machine-readable format (JSON or CSV) to transfer to another service.
• Right to Object — Object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling grounds.
• Automated Decision-Making — Right not to be subject to solely automated decisions that significantly affect you. You can request human review of automated moderation decisions.
• Right to Withdraw Consent — Withdraw consent for optional processing (e.g., location data) at any time through your account settings.

How to Exercise Your Rights: Email privacy@yourmatrix.io with your request. Include your username and the right you wish to exercise. We will verify your identity and respond within 30 days. There is no charge for exercising your rights.

5. How We Use Your Data

YourMatrix uses your personal data solely for the following purposes:

• Providing the platform — Operating your account, displaying your profile, enabling posts, chatrooms, radio stations, and all platform features.
• Account security — Phone verification, fraud detection, preventing unauthorized access, and enforcing our one-account-per-number policy.
• Content moderation — Reviewing reported content, enforcing Community Guidelines, and maintaining platform safety.
• Platform improvement — Understanding how features are used to improve the YourMatrix experience.
• Legal compliance — Meeting our obligations under DMCA, applicable data protection laws, and responding to lawful requests.
• Communications — Responding to support requests, sending service notifications, and platform updates.

What we will never do: We will never sell your personal data to third parties, use your data for targeted advertising without explicit consent, or share your data with any party except as required by law or to operate the platform.

6. Data Retention

YourMatrix retains personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law.

• Active account data — Retained for the duration of your account. You can delete your account at any time.
• Account deletion — When you delete your account, all personal data is permanently deleted within 30 days, except where retention is required by law.
• DMCA and compliance records — Retained for a minimum of 3 years as required for legal compliance.
• Moderation logs — Retained for 2 years to support appeals and compliance review.
• Backup data — Encrypted backups are purged within 90 days of account deletion.

Delete Your Account: You can permanently delete your YourMatrix account at any time from Settings → Account → Delete Account. This action is irreversible and will result in permanent deletion of all your data within 30 days.

7. Cookies & Tracking

YourMatrix uses cookies and similar tracking technologies to operate the platform. EU/EEA users are shown a cookie consent banner upon first visit. Non-essential cookies are only placed with your explicit consent.

• Essential cookies — Required for the platform to function. Includes session authentication, security tokens, and preference storage. Cannot be disabled.
• Analytics cookies — Help us understand how the platform is used. Only placed with your consent.
• No advertising cookies — YourMatrix does not use third-party advertising cookies or trackers.

You can update your cookie preferences at any time from Settings → Privacy → Cookie Preferences.

8. Data Breach Notification

In the event of a personal data breach, YourMatrix will comply with GDPR’s mandatory notification requirements:

• Within 72 hours — Supervisory Authority: We will notify the relevant EU supervisory authority within 72 hours of becoming aware of a breach that poses a risk to individuals’ rights and freedoms, as required by GDPR Article 33.
• Without undue delay — Affected Users: If the breach is likely to result in high risk to affected individuals, we will notify those users directly without undue delay, as required by GDPR Article 34.
• Notification will include: Nature of the breach, categories and approximate number of individuals affected, likely consequences of the breach, and measures taken or proposed to address the breach.
• Ongoing documentation: All breaches — regardless of whether they require notification — are documented internally in our breach register as required by GDPR Article 33(5).

9. International Data Transfers

YourMatrix is based in the United States. If you are located in the EU/EEA, your personal data will be transferred to and processed in the United States. We ensure appropriate safeguards are in place for such transfers:

• Standard Contractual Clauses (SCCs) — Where applicable, we rely on EU-approved Standard Contractual Clauses for transfers to third-party processors outside the EU.
• Adequacy decisions — Where the European Commission has issued an adequacy decision for the destination country, we rely on that decision.
• Third-party processors — Any third-party service providers we use (hosting, SMS verification, etc.) are required to provide equivalent data protection safeguards.

You can request information about the specific safeguards in place for international transfers by contacting privacy@yourmatrix.io.

10. Contact & Complaints

For any GDPR-related requests, questions, or concerns, contact our privacy team directly:

Platform: YourMatrix
Company: Best ROI Media LLC
Email: privacy@yourmatrix.io
Response Time: Within 30 days of receipt

If you are not satisfied with our response or believe we are processing your data unlawfully, you have the right to lodge a complaint with your local supervisory authority. In the EU, you can find your local authority at edpb.europa.eu.

We take privacy seriously. We aim to resolve all privacy concerns promptly and fairly. If you have any question — no matter how small — please reach out. We’d rather hear from you directly than have an unresolved concern escalate to a formal complaint.