Privacy Policy for MOD ATLAS MEDIA

Privacy Policy

Global & Decolonial Privacy Policy
Justice AI GPT / MOD ATLAS MEDIA
Effective Date: October 1, 2025

1. Introduction

Justice AI GPT (operated by MOD ATLAS MEDIA, Canada) is committed to protecting your privacy, honoring your data sovereignty, and upholding decolonial ethics across all jurisdictions. This privacy policy applies globally and is designed to meet or exceed compliance requirements under:

  • EU GDPR (Regulation (EU) 2016/679) Justice AI GPT does not conduct profiling, targeted marketing, or systematic monitoring of EU users. Any access by EU residents is incidental and does not constitute targeting under Recital 23 of the GDPR.

  • Germany’s BDSG (Federal Data Protection Act)

  • Canada’s PIPEDA

  • California CCPA & CPRA

  • South Africa’s POPIA

  • Brazil’s LGPD

  • Australia’s Privacy Act (1988)

  • India’s DPDP Act (2023)

  • General UN & African Union data declarations

This policy also aligns with the Decolonial Intelligence Algorithmic (DIA) Framework™, prioritizing community data governance, memory sovereignty, and anti-extractive data practices.

2. Who We Are

Justice AI GPT is a decolonial AI initiative stewarded by MOD ATLAS MEDIA Inc.
Contact: christianortiz@modatlasmedia.com
Jurisdiction: Canada, operating globally with nodes in Europe, Africa, Latin America, and Indigenous territories.

3. What Data We Collect

We may collect the following only when voluntarily provided through forms or opt-in registration:

  • Personal Data: name, email address, and mailing address.

We do not collect, store, or process any sensitive personal data such as racial or ethnic origin, gender identity, disability status, or political/philosophical beliefs. Any such information shared voluntarily within the GPT interface is processed solely by OpenAI and is not visible to, logged by, or stored by Justice AI GPT.

Justice AI GPT does not access user chats or interaction history. We have opted out of using data for model training and do not retain conversations.

For transparency on OpenAI’s role in data processing, please review OpenAI’s Privacy Policy.

4. Lawful Basis for Processing (as required by GDPR)

We process your data under these lawful bases:

  • Consent (Art. 6(1)(a)) — obtained through clear opt-in consent with logging and timestamping

  • Contract performance (Art. 6(1)(b))

  • Legal obligation (Art. 6(1)(c))

  • Legitimate interests (Art. 6(1)(f))—non-exploitative, transparent, community-aligned

5. How We Use Data

  • To respond to voluntary user outreach (e.g., via contact forms)

  • To send updates, with consent

  • To fulfill informational or collaborative requests

  • To comply with international legal obligations

We do not use your data for profiling, behavioral advertising, or model training.

6. Data Sovereignty & Decolonial Rights

  • Your data belongs to you and your community.

  • We support Indigenous data sovereignty, Afro-descendant archival reclamation, and diasporic consent models.

  • Users may request co-ownership licenses, co-governance agreements, or initiate a community audit of their data.

7. International Transfers

We use secure, encrypted transfer protocols and EU-approved Standard Contractual Clauses (SCCs) when transferring data internationally. Hosting is distributed across Canada, Germany, and sovereign data centers. For jurisdictions requiring data localization, we will comply with local hosting, encryption, and sovereignty mandates.

8. Your Rights (Global + GDPR-compliant)

You have the right to:

  • Access your data (Art. 15)

  • Rectify your data (Art. 16)

  • Erase your data (Art. 17)

  • Restrict processing (Art. 18)

  • Data portability (Art. 20)

  • Object (Art. 21)

  • Withdraw consent at any time

  • Lodge a complaint with your local Data Protection Authority

German users: You may contact the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI).

9. Data Retention

We retain your name, email, and mailing address only as long as necessary for communication or coordination purposes. You may request immediate deletion at any time. No other data is stored or processed.

10. Children’s Privacy

We do not knowingly collect data from anyone under the age of 13 (or local legal minimum). If we learn we have collected such data, we will delete it immediately.

11. Cookies & Tracking

We use minimal, essential cookies only. No third-party ad tracking. You can opt out anytime via your browser or by contacting us.

12. Data Processors

We rely on OpenAI for GPT-based functionality. OpenAI may process user interactions transiently to ensure safety and quality. However, we have opted out of model training, and no user data is stored or accessible by our team.

We only work with processors that:

  • Meet DIA Framework ethical review standards

  • Are GDPR/BDSG/POPIA compliant

  • Do not engage in exploitative data mining or profiling

A complete list of third-party processors is available upon request.

13. Security Safeguards (Art. 32 GDPR)

We use the following technical and organizational safeguards:

  • Encrypted communications (SSL/TLS)

  • Encrypted at-rest data storage

  • Two-factor authentication for system access

  • Role-based access controls

  • Secure access logging and regular audits

14. Community Audit & Redress

Every user or collective has the right to initiate an independent, third-party Decolonial Data Audit. For serious violations, a Reparative Protocol (financial, technological, symbolic) may be triggered. We recognize community councils and Indigenous entities as having legal standing in enforcing this policy.

15. Data Breach Notification

In the event of a data breach involving the limited user data we control (e.g., emails, names), we will notify all affected users and relevant supervisory authorities within 72 hours, in compliance with GDPR Article 33 and applicable local laws.

16. Policy Updates

We update this policy regularly. You will be notified of substantial changes at least 14 days in advance. Continued use after notice constitutes acceptance.

17. Governing Law & Jurisdiction

This policy is governed by the laws of Canada and, where applicable, Germany and the user’s jurisdiction. In case of legal dispute, parties may elect local jurisdiction by mutual agreement.

18. Contact & Complaints

International Privacy Contact (in lieu of GDPR Art. 27 Rep):
In alignment with the Decolonial Intelligence Algorithmic (DIA) Framework™, we do not exploit unpaid labor or enforce colonial legal proxies. While we operate globally and protect all users’ data rights equally, we have not designated a paid EU-based representative due to ethical and financial sovereignty concerns.

EU residents may still contact:
Christian Ortiz – General Contact
1701 N Marion St
Denver, Colorado 80218
Email: christianortiz@modatlasmedia.com

In good faith, we will respond to any EU data requests and cooperate fully with authorities. Any enforcement inquiries will be responded to within 72 hours.