Privacy Policy

Cords ("Cords," "we," "our," or "us") is a social networking platform accessible at joincords.com and any associated applications or services (collectively, the "Platform"). This Privacy Policy describes how Cords collects, uses, discloses, retains, and protects personal information from users ("you," "your," or "User") who access or use the Platform anywhere in the world.

This Privacy Policy is incorporated into and subject to the Cords Terms of Use. By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the collection and use of your information as described herein. If you do not agree, you must discontinue use of the Platform immediately.

Cords is operated from and subject to the laws of the State of New York, United States. Where applicable, we comply with the European Union General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Children's Online Privacy Protection Act (COPPA), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), the United Kingdom UK GDPR, Brazil's Lei Geral de Proteção de Dados (LGPD), Australia's Privacy Act 1988, and other applicable international data protection frameworks.

We use the information we collect for the following purposes:

• Platform Operation: to create and maintain your account, authenticate your identity, deliver content, enable features, and provide technical support.
• Safety and Security: to detect, investigate, and prevent fraud, abuse, spam, policy violations, illegal activity, and threats to the safety of Users or the public.
• Content Moderation: to review reported content, enforce our Platform Guidelines, and administer sanctions including content removal, suspension, or termination.
• Product Improvement: to analyze usage patterns, diagnose technical issues, conduct research, and develop new features and services.
• Communications: to send transactional messages (e.g., email verification, password reset, security alerts, policy update notices) and, where lawful, promotional communications.
• Legal Compliance: to comply with applicable laws, regulations, court orders, subpoenas, legal process, and lawful requests from governmental authorities.
• Dispute Resolution: to investigate and resolve complaints, disputes, and legal claims.
• Aggregate Analytics: to generate de-identified, aggregated statistical data for internal business intelligence and reporting.

We do not sell your personal information to third parties for monetary compensation. We do not use your personal information to serve third-party behavioral advertising on the Platform.

For Users in the European Economic Area (EEA), the United Kingdom, and other jurisdictions that require a legal basis for processing, we process your personal data under the following lawful bases:

• Contractual Necessity: processing required to perform our contract with you (the Terms of Use), including providing the Platform and its features.
• Legitimate Interests: processing necessary for our legitimate interests in operating a safe, secure, and functional Platform, preventing abuse, improving our services, and communicating with Users, where those interests are not overridden by your rights.
• Legal Obligation: processing required to comply with applicable laws and legal process.
• Consent: where we process data based on your consent (e.g., optional communications), you may withdraw consent at any time without affecting the lawfulness of prior processing.

We use cookies, local storage, session tokens, and similar technologies to operate and improve the Platform. The types we use include:

• Strictly Necessary: authentication tokens and session identifiers required to keep you logged in and protect your account. These cannot be disabled without breaking core functionality.
• Functional: preferences you set such as theme (light/dark mode) and sidebar state.
• Analytics: aggregate usage data to understand how Users interact with the Platform. We use de-identified analytics only.
• Security: tokens used to detect and prevent fraudulent activity.

Most web browsers allow you to control cookies through browser settings. Disabling certain cookies may affect the functionality of the Platform. Where required by law, we will seek your consent before placing non-essential cookies.

We retain your personal information for as long as your account is active or as necessary to provide the Platform, comply with legal obligations, resolve disputes, enforce agreements, and pursue legitimate business purposes.

If you delete your account, we will delete or anonymize your personal information within ninety (90) days, except that we may retain: (a) de-identified or aggregated data that cannot identify you; (b) information required to comply with legal obligations, including tax, accounting, and regulatory requirements; (c) information necessary to resolve open disputes, investigate policy violations, or fulfill pending legal holds; and (d) archived backup copies for a commercially reasonable period.

User Content you delete will be removed from public view within a commercially reasonable time; however, residual copies may remain in backup systems for up to ninety (90) days.

We implement administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, use, alteration, and destruction. These measures include encrypted data transmission (TLS), encrypted data storage, access controls, authentication requirements, and regular security assessments.

No method of transmission over the internet or method of electronic storage is one hundred percent (100%) secure. We cannot guarantee absolute security. In the event of a data breach that requires notification under applicable law, we will notify affected Users and relevant authorities as required.

Cords is operated from the United States. If you access the Platform from outside the United States, your information will be transferred to and processed in the United States and potentially other jurisdictions. Data protection laws in these jurisdictions may differ from those in your country.

For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, the UK International Data Transfer Agreement (IDTA), or other lawful transfer mechanisms as applicable. You may request a copy of the applicable transfer mechanisms by contacting us at the address in Section 15.

By using the Platform, you expressly consent to the transfer of your information to the United States and other jurisdictions as described in this Section, subject to the safeguards described herein.

The Platform is not directed to children under the age of thirteen (13). We do not knowingly collect personal information from children under 13. Users must be at least 13 years of age to register for and use the Platform. If we learn that we have inadvertently collected personal information from a child under 13, we will delete that information promptly and terminate the associated account.

If you believe that a child under 13 may have provided us with personal information, please contact us immediately at the address in Section 15. Parents or legal guardians who become aware that their child has created an account may request deletion of the account and associated data.

Users between 13 and 18 are encouraged to use the Platform with the involvement of a parent or legal guardian. Certain features may be restricted for Users under 18 in compliance with applicable law.

The Platform may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to third-party services, and we are not responsible for the privacy practices of those services. We encourage you to review the privacy policies of any third-party services you access through the Platform.

Link previews displayed on the Platform are generated from publicly available metadata. Your interaction with linked content is governed by the privacy policies of the linked site.

Some browsers transmit "Do Not Track" (DNT) signals. Because there is no universal standard for how platforms should respond to DNT signals, the Platform does not currently alter its data collection practices in response to DNT signals. We will revisit this policy as industry standards develop.

We reserve the right to modify this Privacy Policy at any time. If we make material changes, we will notify you by posting the revised policy on the Platform with an updated effective date and, where required by law or where we deem appropriate, by sending you an email or prominent in-platform notice at least thirty (30) days before the changes take effect. Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

EEA and UK Users may also contact our Data Protection Representative or lodge a complaint with their local supervisory authority. We will respond to verifiable requests within the timeframes required by applicable law (typically thirty (30) days, with an extension of up to sixty (60) additional days where permitted).