Legal Center

Terms, Privacy, Cookies & Licenses

These documents govern your use of Soul Registry Authority (SRA) products and websites.

Terms of Service

Effective: 2025-10-06 · Last updated:

By creating a SoulID, using SRA APIs, or visiting our sites, you agree to these Terms.

1) Who you contract with

SRA provides both protocol-level and commercial services. Your contracting entity depends on the product you use:

Soul Registry Foundation (Hong Kong) — governance of the protocol and community programs; free citizen features such as the SoulID ceremony and non-commercial Trust Graph exploration.
Soul Registry Corporation (Ohio, USA) — commercial APIs (Identity, Trust, Exchange, Vault), paid plans, enterprise agreements and settlements.

2) Accounts & eligibility

You must be at least 13 years old (or the minimum age of digital consent in your region) to use consumer features, and 18+ to enter paid agreements.
You are responsible for the security of credentials, API keys and private keys associated with your SoulID.

3) Acceptable use

No illegal, harmful or deceptive activity; no infringement, scraping, data harvesting or model abuse.
No attempts to re-identify private data or circumvent access controls.
When operating AI agents, you must disclose agent status when it interacts with people and keep auditable logs (SoulVault recommended).

4) Content & IP

You retain rights in your content. You grant SRA a limited, revocable license to process it for providing the services.
Open-source content and SDKs are licensed as stated in the Credits & Licenses.
Report infringement (DMCA or equivalent) via the notices in Entities & Notices.

5) Service changes

We may change or discontinue features, and will provide reasonable notice for material changes affecting paid users.

6) Fees & taxes (paid plans)

Usage is billed per plan and per metered unit (see product pages). You authorize us to charge your payment method.
You’re responsible for applicable taxes; SRA may collect where required.

7) Warranties & disclaimers

Services are provided “as is”. To the extent permitted by law, SRA disclaims implied warranties (merchantability, fitness for a particular purpose, non-infringement).

8) Limitation of liability

To the extent permitted by law, SRA will not be liable for indirect, incidental, special, consequential or punitive damages, nor for loss of profits or data. Our aggregate liability for claims relating to paid services is capped at the amount you paid to SRA in the 12 months preceding the claim.

9) Termination

Either party may terminate at any time. Certain clauses (IP, confidentiality, payment, limitations, dispute resolution) survive termination.

10) Governing law & venue

For Foundation-only use (free citizen features): laws of Hong Kong; courts of Hong Kong.
For paid/commercial use: laws of the State of Ohio, USA, without regard to conflict-of-law rules; state or federal courts located in Hamilton County, Ohio.

11) Changes to Terms

We’ll post updates here with a new “Effective” date. Material changes will be notified via email or in-product notices.

Privacy Policy

Effective: 2025-10-06 · Last updated:

SRA is designed “privacy by default”. We collect only what’s necessary to provide and secure the services.

Data controller(s)

Depending on the product, the controller is Soul Registry Corporation (commercial services) and/or Soul Registry Foundation (protocol & citizen features). Contact details are in Entities & Notices.

Information we collect

Account data: name/codename, contact email, referral, organization.
Identity artifacts: SoulID number, attestations, endorsements (you control sharing), public keys.
Usage & logs: API requests, timestamps, IP/country, device/browser metadata, safety events.
Payments: plan, invoices, last 4 digits/expiry via PCI-compliant processor (SRA does not store full card data).
SoulVault content: encrypted by design; SRA cannot read private payloads.

How we use data

Provide, secure and improve the services; prevent fraud/abuse; comply with law.
Operate the Trust Graph (contextual reputation) with your controls and disclosures.
Send essential service emails (receipts, incidents). Marketing emails require opt-in and include opt-out.

Legal bases (GDPR)

Contract (providing requested services),
Legitimate interests (security, service improvement),
Consent (optional analytics/cookies, marketing),
Legal obligation (tax, accounting, KYC where applicable).

Sharing

Vendors acting as processors (hosting, email, payments) under DPAs.
When you ask us to share or make public (e.g., publishing a verifiable claim).
Lawful requests and to protect rights, safety and security.

International transfers

Data may be processed globally. Where required, we use lawful transfer mechanisms (e.g., SCCs).

Retention

We keep data as long as needed to provide the services and for legitimate business needs (e.g., security, tax). You may request deletion where applicable.

Your rights

Access, correction, deletion, portability, restriction and objection (GDPR/UK GDPR).
California: know/delete/opt-out of sharing (CCPA/CPRA).
To exercise rights, email privacy@soulregistry.org. We may need to verify your identity.

Security

Encryption in transit; encryption at rest; least-privilege access; audit logging; vulnerability management; incident response.

Children

SRA isn’t directed to children under 13. If we learn we collected such data, we’ll delete it.

Changes to this policy

We’ll update this page and adjust the effective date. Material changes will be notified in product or by email.

Cookies Policy

Effective: 2025-10-06 · Last updated:

We use cookies and similar technologies to run the site, keep you signed in, remember preferences, and (with your consent) measure usage.

Types of cookies

Strictly necessary — session, CSRF, load balancing. Required.
Functional — preferences, locale, UI state.
Analytics (optional) — aggregated metrics such as page views and latency.

Controls

You can manage non-essential cookies via the banner or browser settings.
Blocking certain cookies may impact functionality.

Example cookies

_sra_session (essential, expires when you sign out) · _sra_pref_locale (functional, 6 months) · _sra_analytics (analytics, 1 year, opt-in)

Credits & Licenses

Effective: 2025-10-06 · Last updated:

SRA SDKs

Unless otherwise stated, SRA first-party SDKs are offered under the MIT License:

MIT License © Soul Registry Authority. Permission is hereby granted, free of charge, to any person obtaining a copy of this software to deal in the Software without restriction, subject to the license notice being included in copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND.

Third-party components

Google Fonts — Inter (SIL Open Font License 1.1).
Other OSS used by SRA services will be listed in product-specific NOTICE files and build artifacts.

Trademarks

“Soul Registry Authority”, “SoulID”, “Trust Graph”, “SoulExchange”, “SoulVault” are trademarks or service marks of SRA. Do not use without permission.

Entities & Notices

Corporate & foundation details

Soul Registry Corporation — 5538 E Galbraith Rd, Apt 38, Cincinnati, OH 45236, USA. EIN 61-2287741. State of Ohio C-Corp (effective 08/28/2025).
Soul Registry Foundation — Room 101A, 1/F., Genplas Industrial Building, 56 Hoi Yuen Road, Kwun Tong, Kowloon, Hong Kong.

Contact

Copyright complaints (DMCA or equivalent)

Send a signed notice including: your contact info; description and location of the work; statement of good faith belief; and a statement under penalty of perjury that you’re authorized to act. We may notify the user and, where applicable, accept counter-notices.

Government requests

We require valid legal process. Where not prohibited, we notify affected users before producing data. Emergency disclosure requests are handled under applicable laws.

Business continuity

We maintain multi-region backups, disaster recovery procedures and incident response runbooks. Security and status are reported at /status.