Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

engitech@oceanthemes.net

+1 -800-456-478-23

Twitter Facebook-f Pinterest-p Instagram

GDPR & CCPA Addendum

Effective Date: 15-Jan-2026
Last Updated: 15-Jan-2026

This GDPR & CCPA Addendum (“Addendum”) supplements the Privacy Policy, Terms & Conditions, Data Safety & Processing Disclosure, and other policies of Cafiot (“Company”, “we”, “our”, “us”).

This Addendum explains how Cafiot complies with:

  • EU General Data Protection Regulation (GDPR)
  • UK GDPR
  • California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)
  1. Scope & Applicability

This Addendum applies to:

  • Users located in the European Union (EU) and United Kingdom (UK)
  • Users who are California residents
  • Business customers using Cafiot’s services

If local laws provide stronger protections, those protections apply.

  1. Roles Under GDPR

For purposes of GDPR:

  • Cafiot acts as a “Data Controller” for user account data, platform usage data, and community reports.
  • Cafiot acts as a “Data Processor” only where processing is performed on behalf of enterprise customers (future SaaS use).
  1. Lawful Bases for Processing (GDPR)

Cafiot processes personal data under one or more of the following lawful bases:

  • Contractual necessity – to provide core app functionality
  • Consent – where explicitly provided (optional features, communications)
  • Legitimate interests – security, fraud prevention, analytics
  • Legal obligation – compliance with applicable laws

Cafiot does not rely on automated decision-making that produces legal or significant effects.

  1. Data Subject Rights (GDPR / UK GDPR)

Users located in the EU or UK have the right to:

  • Access their personal data
  • Correct inaccurate data
  • Request deletion (“Right to be Forgotten”)
  • Restrict or object to processing
  • Withdraw consent at any time
  • Data portability (where applicable)

Requests can be made at:
📧 privacy@cafiot.com

Cafiot will respond within 30 days, as required by law.

  1. California Consumer Rights (CCPA / CPRA)

California residents have the right to:

  • Know what personal data is collected
  • Request deletion of personal data
  • Correct inaccurate personal data
  • Opt out of the sale or sharing of personal data
  • Limit use of sensitive personal information

Important Clarification

Cafiot does not sell personal data and does not share personal data for cross-context behavioral advertising.

To exercise CCPA rights:
📧 privacy@cafiot.com

  1. Sensitive Personal Information

Cafiot does not intentionally collect or process sensitive personal information, including:

  • Government identifiers
  • Financial or payment data
  • Health or biometric data
  • Precise geolocation

Any accidental collection will be deleted promptly.

  1. Automated Decision-Making & Profiling

Cafiot does not engage in:

  • Automated decision-making
  • Profiling that produces legal or significant effects

All authenticity indicators are crowd-generated signals, not automated determinations.

  1. Data Transfers (International)

Cafiot may transfer data outside a user’s country of residence, including to cloud infrastructure providers.

Where required, transfers are protected using:

  • Standard Contractual Clauses (SCCs)
  • Equivalent legal safeguards
  1. Data Retention & Deletion

Personal data is retained only as long as necessary for:

  • Providing services
  • Legal compliance
  • Abuse prevention

Deletion requests are handled in accordance with the Account Deletion & Data Retention Policy.

  1. Third-Party Processors

Cafiot uses vetted third-party service providers (e.g., cloud hosting, analytics) under data protection agreements.

All processors are contractually required to:

  • Process data only on Cafiot’s instructions
  • Implement appropriate security measures
  • Maintain confidentiality
  1. Children’s Data

Cafiot does not knowingly process data of children under 13.
If identified, such data is deleted immediately.

  1. Complaints & Supervisory Authorities

EU/UK users may lodge a complaint with their local data protection authority.

Cafiot encourages users to contact us first so we can address concerns promptly.

  1. Updates to This Addendum

This Addendum may be updated periodically.
The “Last Updated” date will reflect changes.

Continued use of the Services indicates acceptance of the updated Addendum.

  1. Contact Information

For privacy or data protection inquiries:

📧 contact@cafiot.com

Final Legal Clarification

Cafiot is a community signal platform and does not provide legally binding, certified, or authoritative determinations.