Privacy Policy

Last Updated: November 10, 2025

1. Introduction

This Privacy Policy explains how SYLOE GROUP, SAS (“SYLOE,” “we,” “us,” or “our”) collects, uses, stores, and protects your personal data when you use the Conceivable website, streaming platform, and related services, including Tribushare rewards and live events (collectively, the “Service”).

We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the French Data Protection Act (Loi Informatique et Libertés).

By using the Service, you agree to the terms of this Privacy Policy. If you do not agree, you must stop using the Service.

2. Data Controller

The data controller responsible for processing your personal data is:

PEOPLE THROW ROCKS AT THINGS THAT SHINE, LLC,
404 Short Hills Dr, Mt. Royal,
NEW JERSEY 08061,
Email: [email protected]

SYLOE GROUP, SAS acts solely as a Data Processor on behalf of the Data Controller and processes personal data only according to documented instructions from the Controller.

Any expansion of processing permissions shall require a mutually signed written amendment between the Controller and Processor.

3. Scope of this Policy

This Policy applies to all personal data we collect through:

The Conceivable website and streaming platform.
Tribushare reward and referral systems.
Event registration and participation.
Email communication and support.
Payment and checkout processes via Stripe.
Any surveys, promotions, or beta programs we operate.

It does not apply to external websites, apps, or partners that have their own privacy policies, even if linked through our Service.

4. Data We Collect

We collect the following categories of personal data:

4.1 Information You Provide Directly

Account data: name, email, password, country, language preferences.
Payment and billing data: billing address, transaction records (processed securely by Stripe; SYLOE never stores full card numbers).
Communications: messages sent to support or through live chat, feedback forms, or emails.
Referral and rewards data: activity related to referrals, commissions, and reward balance.

4.2 Information Collected Automatically

Device and technical data: IP address, browser type, operating system, device ID, screen resolution.
Usage data: pages visited, time spent, features used, viewing history (for service improvement and analytics).
Cookies and similar technologies: used for authentication, remembering preferences, analytics, and referral tracking.

(See Section 9 for detailed cookie information.)

4.3 Information from Third Parties

Payment processors (Stripe): payment confirmations, billing updates, fraud prevention data.
Referral or affiliate programs: referral source IDs, campaign identifiers.
Event partners or platforms: registration confirmations or event participation logs.

5. Special Categories of Data

SYLOE does not intentionally collect or process sensitive data (e.g. health, political opinions, religion, or biometric data). If such information is accidentally shared (for example, through a message or upload), it will be deleted immediately unless required by law.

6. How We Use Your Data

We process personal data only for legitimate, explicit, and lawful purposes. Specifically, SYLOE uses your information to:

Provide and operate the Service – to manage your account, stream content, issue rewards, and handle transactions.
Process payments – to manage billing, prevent fraud, and confirm purchases via Stripe.
Provide customer support – to respond to inquiries, complaints, and technical requests.
Communicate updates – to send notifications about purchases, events, and platform improvements.
Manage Tribushare Rewards and referrals – to track referral activity, distribute credits, and detect abuse.
Improve the Service – to analyze performance, measure engagement, and optimize content delivery.
Ensure legal compliance – to meet tax, accounting, and regulatory obligations.
Protect our platform – to prevent fraud, security breaches, or misuse.

We do not sell or rent your personal data to any third party.

SYLOE may process personal data as necessary for the technical operation, security, and maintenance of the Tribushare infrastructure powering the Service, provided such processing does not involve independent commercial use.

As Data Processor, SYLOE only processes personal data on documented instructions from the Data Controller. SYLOE does not use personal data for independent purposes such as advertising, profiling, or data monetization unrelated to the Conceivable platform.

This restriction does not apply to aggregated, anonymized, or technical data that does not identify individual users. SYLOE may use such non-personal data for platform performance monitoring, security, debugging, service optimization, and analytics necessary to operate the Tribushare infrastructure.

Any expanded use of personal data for analytics, audience insights, or future Tribushare features shall require mutual written agreement between the Data Controller and SYLOE as Data Processor.

1. Introduction

By using the Service, you agree to the terms of this Privacy Policy. If you do not agree, you must stop using the Service.

7. Legal Basis for Processing

Under the GDPR, we rely on the following lawful bases for processing your personal data:

Purpose	Legal Basis
Account creation, streaming, live events	Contract necessity (Art. 6(1)(b))
Payment processing and fraud prevention	Legal obligation (Art. 6(1)(c))
Marketing communications and newsletters	Consent (Art. 6(1)(a))
Analytics, service optimization, rewards tracking	Legitimate interest (Art. 6(1)(f))
Legal defense or compliance with regulators	Legal obligation (Art. 6(1)(c))

You may withdraw consent at any time (for example, by unsubscribing from emails or adjusting cookie preferences).

8. Sharing and Disclosure of Data

We may share your personal data only in the following circumstances:

8.1 Service Providers

We engage third-party processors who assist in operating the Service, under strict confidentiality agreements:

Stripe, Inc. – payment processing, anti-fraud, and financial compliance.
Email and hosting providers – sending notifications and secure data storage.
Analytics services – performance measurement (using anonymized data).

These providers only process data according to our instructions and for the purposes defined in this Policy.

8.2 Legal and Compliance Requirements

We may disclose your data if required by law, court order, or to enforce our Terms of Service and protect SYLOE’s legal rights.

8.3 Business Transfers

If SYLOE undergoes a merger, acquisition, or asset sale, your data may be transferred to the acquiring entity under equivalent privacy safeguards.

9. International Data Transfers

Where data is transferred outside the European Economic Area (EEA) (for example, to service providers in the United States), SYLOE ensures appropriate protection through:

European Commission Standard Contractual Clauses (SCCs)
Equivalent mechanisms approved under GDPR.

You can request a copy of these safeguards by contacting [email protected].

10. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy or as required by law.
Typical retention periods:

Account data: active period + 3 years after closure.
Payment records: 10 years (as required by French tax law).
Support correspondence: 2 years.
Referral and reward activity: 5 years (for fraud prevention and audit purposes).

When data is no longer required, it is securely deleted or anonymized.

11. Your Rights (Under GDPR)

You have the following rights under EU data protection law:

Access – Request a copy of your personal data.
Rectification – Correct inaccurate or incomplete information.
Erasure (“Right to be Forgotten”) – Request deletion of your personal data where legally applicable.
Restriction of Processing – Ask us to limit how your data is used.
Data Portability – Request transfer of your data to another controller in a machine-readable format.
Objection – Object to processing based on legitimate interests or for direct marketing.
Withdraw Consent – Withdraw consent for optional processing at any time.

You can exercise these rights by emailing [email protected] with proof of identity. We will respond within 30 days as required by GDPR.

If you are unsatisfied, you have the right to lodge a complaint with your local Data Protection Authority, or in France, with theCNIL (Commission Nationale de l’Informatique et des Libertés)at www.cnil.fr.

12. Cookies and Tracking Technologies

12.1 What Are Cookies

Cookies are small text files stored on your device when you access the Service. They help us recognize your device, remember preferences, and improve your experience.

12.2 Types of Cookies We Use

Essential – Required for login, payments, and secure site navigation.
Preference – Store your settings (e.g., language, volume).
Analytics – Measure traffic and engagement (e.g., Google Analytics or equivalent).
Referral and Rewards – Track referral IDs, campaign participation, and reward eligibility.
Marketing – Used to deliver personalized offers or retargeting ads. (optional)

12.3 Cookie Control

When you first visit the Service, you can manage consent via the cookie banner. You can modify or withdraw consent at any time through your browser settings or our cookie preferences center.

Note: disabling essential cookies may limit some platform functions (e.g., checkout or login).

13. Marketing and Communications

13.1 Email and Notifications

If you opt in, we may send you:

Updates about new films, live events, or Tribushare campaigns.
Promotional offers or invitations.
Service announcements or important legal updates.

You can unsubscribe at any time using the “Unsubscribe” link in emails or by contacting [email protected].

13.2 Analytics and Advertising

We may use anonymized analytics to understand user engagement, measure campaign success, and improve performance.

We do not engage in behavioral advertising using personally identifiable data without explicit consent.

14. Security of Your Data

SYLOE implements industry-standard technical and organizational measures to protect your personal data, including:

SSL/TLS encryption for all data transmissions.
Secure password hashing and multi-factor authentication for internal access.
Regular penetration testing and system audits.
Limited employee access based on role and necessity.

Despite these safeguards, no system is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

In case of a data breach that may affect your rights, SYLOE will notify you and the relevant supervisory authority within 72 hours as required by GDPR.

15. Children’s Data

The Service is not directed to children under 16 years old.

We do not knowingly collect or process personal data from minors without verifiable parental consent.

If you believe we have collected data from a minor, contact [email protected], and we will delete it immediately.

16. Policy Updates

SYLOE may update this Privacy Policy periodically to reflect legal, technical, or business changes.

We will post the revised version on this page and update the “Last Updated” date above. For major changes, we will notify you via email or through the platform.

Your continued use of the Service after any update constitutes acceptance of the revised Policy.

17. U.S. State Privacy Laws

For residents of the United States, SYLOE adheres to privacy principles consistent with applicable state laws, including the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), and similar legislation in other states.

SYLOE does not sell or share personal information as defined under these laws. U.S. users have the right to:

Request access to the categories and specific pieces of personal information collected.
Secure password hashing and multi-factor authentication for internal access.
Request deletion of their personal data, subject to legal or contractual obligations.
Opt out of any future sale or sharing of personal information (if applicable).

To exercise these rights, U.S. users may contact us at[email protected] with the subject line “U.S. Privacy Request.”

We will verify identity before responding, in accordance with applicable law.

U.S. State Privacy Notice (Residents of CA, VA, CO, CT, UT)
If you are a resident of California, Virginia, Colorado, Connecticut, or Utah, you have specific rights under state privacy laws, including the California Consumer Privacy Act (“CCPA/CPRA”), the Virginia Consumer Data Protection Act (“VCDPA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), and the Utah Consumer Privacy Act (“UCPA”).

(a) Your Rights

Depending on your state, you may have the right to:

Request access to the personal information we hold about you.
Request deletion of your personal information (subject to legal exceptions).
Request correction of inaccurate information.
Request a list of categories of data collected and disclosed.
Opt out of targeted advertising, profiling, or the sale or sharing of personal information

(b) No Sale of Personal Information

We do not sell or share personal information as those terms are defined under U.S. state privacy laws.

(c) How to Exercise Your Rights

You may submit a request by emailing:

[email protected] with the subject line “U.S. Privacy Request”.

We will verify your identity before responding.
Authorized agents may submit requests on your behalf, subject to verification.

(d) Appeals

If we decline your request, you may appeal by contacting us at[email protected] with the subject line “Appeal – Privacy Request”.

18. Contact Information

For any privacy-related questions, complaints, or data requests, contact:

SYLOE GROUP, SAS
1 rue Albert Camus
Le Plessis-Bouchard, France
Email: [email protected]
Legal inquiries: [email protected]
Support: [email protected]

Privacy Policy

Last Updated: November 10, 2025

1. Introduction

By using the Service, you agree to the terms of this Privacy Policy. If you do not agree, you must stop using the Service.

2. Data Controller

The data controller responsible for processing your personal data is:

PEOPLE THROW ROCKS AT THINGS THAT SHINE, LLC,
404 Short Hills Dr, Mt. Royal,
NEW JERSEY 08061,
Email: [email protected]

SYLOE GROUP, SAS acts solely as a Data Processor on behalf of the Data Controller and processes personal data only according to documented instructions from the Controller.

Any expansion of processing permissions shall require a mutually signed written amendment between the Controller and Processor.

3. Scope of this Policy

This Policy applies to all personal data we collect through:

The Conceivable website and streaming platform.
Tribushare reward and referral systems.
Event registration and participation.
Email communication and support.
Payment and checkout processes via Stripe.
Any surveys, promotions, or beta programs we operate.

It does not apply to external websites, apps, or partners that have their own privacy policies, even if linked through our Service.

4. Data We Collect

We collect the following categories of personal data:

4.1 Information You Provide Directly

Account data: name, email, password, country, language preferences.
Payment and billing data: billing address, transaction records (processed securely by Stripe; SYLOE never stores full card numbers).
Communications: messages sent to support or through live chat, feedback forms, or emails.
Referral and rewards data: activity related to referrals, commissions, and reward balance.

4.2 Information Collected Automatically

Device and technical data: IP address, browser type, operating system, device ID, screen resolution.
Usage data: pages visited, time spent, features used, viewing history (for service improvement and analytics).
Cookies and similar technologies: used for authentication, remembering preferences, analytics, and referral tracking.

(See Section 9 for detailed cookie information.)

4.3 Information from Third Parties

Payment processors (Stripe): payment confirmations, billing updates, fraud prevention data.
Referral or affiliate programs: referral source IDs, campaign identifiers.
Event partners or platforms: registration confirmations or event participation logs.

5. Special Categories of Data

6. How We Use Your Data

We process personal data only for legitimate, explicit, and lawful purposes. Specifically, SYLOE uses your information to:

Provide and operate the Service – to manage your account, stream content, issue rewards, and handle transactions.
Process payments – to manage billing, prevent fraud, and confirm purchases via Stripe.
Provide customer support – to respond to inquiries, complaints, and technical requests.
Communicate updates – to send notifications about purchases, events, and platform improvements.
Manage Tribushare Rewards and referrals – to track referral activity, distribute credits, and detect abuse.
Improve the Service – to analyze performance, measure engagement, and optimize content delivery.
Ensure legal compliance – to meet tax, accounting, and regulatory obligations.
Protect our platform – to prevent fraud, security breaches, or misuse.

We do not sell or rent your personal data to any third party.

Any expanded use of personal data for analytics, audience insights, or future Tribushare features shall require mutual written agreement between the Data Controller and SYLOE as Data Processor.

1. Introduction

By using the Service, you agree to the terms of this Privacy Policy. If you do not agree, you must stop using the Service.

7. Legal Basis for Processing

Under the GDPR, we rely on the following lawful bases for processing your personal data:

Purpose	Legal Basis
Account creation, streaming, live events	Contract necessity (Art. 6(1)(b))
Payment processing and fraud prevention	Legal obligation (Art. 6(1)(c))
Marketing communications and newsletters	Consent (Art. 6(1)(a))
Analytics, service optimization, rewards tracking	Legitimate interest (Art. 6(1)(f))
Legal defense or compliance with regulators	Legal obligation (Art. 6(1)(c))

You may withdraw consent at any time (for example, by unsubscribing from emails or adjusting cookie preferences).

8. Sharing and Disclosure of Data

We may share your personal data only in the following circumstances:

8.1 Service Providers

We engage third-party processors who assist in operating the Service, under strict confidentiality agreements:

Stripe, Inc. – payment processing, anti-fraud, and financial compliance.
Email and hosting providers – sending notifications and secure data storage.
Analytics services – performance measurement (using anonymized data).

These providers only process data according to our instructions and for the purposes defined in this Policy.

8.2 Legal and Compliance Requirements

We may disclose your data if required by law, court order, or to enforce our Terms of Service and protect SYLOE’s legal rights.

8.3 Business Transfers

If SYLOE undergoes a merger, acquisition, or asset sale, your data may be transferred to the acquiring entity under equivalent privacy safeguards.

9. International Data Transfers

Where data is transferred outside the European Economic Area (EEA) (for example, to service providers in the United States), SYLOE ensures appropriate protection through:

European Commission Standard Contractual Clauses (SCCs)
Equivalent mechanisms approved under GDPR.

You can request a copy of these safeguards by contacting [email protected].

10. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy or as required by law.
Typical retention periods:

Account data: active period + 3 years after closure.
Payment records: 10 years (as required by French tax law).
Support correspondence: 2 years.
Referral and reward activity: 5 years (for fraud prevention and audit purposes).

When data is no longer required, it is securely deleted or anonymized.

11. Your Rights (Under GDPR)

You have the following rights under EU data protection law:

Access – Request a copy of your personal data.
Rectification – Correct inaccurate or incomplete information.
Erasure (“Right to be Forgotten”) – Request deletion of your personal data where legally applicable.
Restriction of Processing – Ask us to limit how your data is used.
Data Portability – Request transfer of your data to another controller in a machine-readable format.
Objection – Object to processing based on legitimate interests or for direct marketing.
Withdraw Consent – Withdraw consent for optional processing at any time.

You can exercise these rights by emailing [email protected] with proof of identity. We will respond within 30 days as required by GDPR.

12. Cookies and Tracking Technologies

12.1 What Are Cookies

Cookies are small text files stored on your device when you access the Service. They help us recognize your device, remember preferences, and improve your experience.

12.2 Types of Cookies We Use

Essential – Required for login, payments, and secure site navigation.
Preference – Store your settings (e.g., language, volume).
Analytics – Measure traffic and engagement (e.g., Google Analytics or equivalent).
Referral and Rewards – Track referral IDs, campaign participation, and reward eligibility.
Marketing – Used to deliver personalized offers or retargeting ads. (optional)

12.3 Cookie Control

When you first visit the Service, you can manage consent via the cookie banner. You can modify or withdraw consent at any time through your browser settings or our cookie preferences center.

Note: disabling essential cookies may limit some platform functions (e.g., checkout or login).

13. Marketing and Communications

13.1 Email and Notifications

If you opt in, we may send you:

Updates about new films, live events, or Tribushare campaigns.
Promotional offers or invitations.
Service announcements or important legal updates.

You can unsubscribe at any time using the “Unsubscribe” link in emails or by contacting [email protected].

13.2 Analytics and Advertising

We may use anonymized analytics to understand user engagement, measure campaign success, and improve performance.

We do not engage in behavioral advertising using personally identifiable data without explicit consent.

14. Security of Your Data

SYLOE implements industry-standard technical and organizational measures to protect your personal data, including:

SSL/TLS encryption for all data transmissions.
Secure password hashing and multi-factor authentication for internal access.
Regular penetration testing and system audits.
Limited employee access based on role and necessity.

Despite these safeguards, no system is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

In case of a data breach that may affect your rights, SYLOE will notify you and the relevant supervisory authority within 72 hours as required by GDPR.

15. Children’s Data

The Service is not directed to children under 16 years old.

We do not knowingly collect or process personal data from minors without verifiable parental consent.

If you believe we have collected data from a minor, contact [email protected], and we will delete it immediately.

16. Policy Updates

SYLOE may update this Privacy Policy periodically to reflect legal, technical, or business changes.

We will post the revised version on this page and update the “Last Updated” date above. For major changes, we will notify you via email or through the platform.

Your continued use of the Service after any update constitutes acceptance of the revised Policy.

17. U.S. State Privacy Laws

SYLOE does not sell or share personal information as defined under these laws. U.S. users have the right to:

Request access to the categories and specific pieces of personal information collected.
Secure password hashing and multi-factor authentication for internal access.
Request deletion of their personal data, subject to legal or contractual obligations.
Opt out of any future sale or sharing of personal information (if applicable).

To exercise these rights, U.S. users may contact us at[email protected] with the subject line “U.S. Privacy Request.”

We will verify identity before responding, in accordance with applicable law.

(a) Your Rights

Depending on your state, you may have the right to:

Request access to the personal information we hold about you.
Request deletion of your personal information (subject to legal exceptions).
Request correction of inaccurate information.
Request a list of categories of data collected and disclosed.
Opt out of targeted advertising, profiling, or the sale or sharing of personal information

(b) No Sale of Personal Information

We do not sell or share personal information as those terms are defined under U.S. state privacy laws.

(c) How to Exercise Your Rights

You may submit a request by emailing:

[email protected] with the subject line “U.S. Privacy Request”.

We will verify your identity before responding.
Authorized agents may submit requests on your behalf, subject to verification.

(d) Appeals

If we decline your request, you may appeal by contacting us at[email protected] with the subject line “Appeal – Privacy Request”.

18. Contact Information

For any privacy-related questions, complaints, or data requests, contact:

SYLOE GROUP, SAS
1 rue Albert Camus
Le Plessis-Bouchard, France
Email: [email protected]
Legal inquiries: [email protected]
Support: [email protected]