Privacy & Data Sovereignty Policy

Last updated: June 1, 2026 — Effective immediately

1. Decentralized Storage and Zero-Knowledge Principle

The central licensing server ("TitiLisa Core SaaS") does not collect, log, intercept, or store sensitive social media credentials, authentication tokens, session cookies, or scraped video media assets.

All private keys, account cookies, proxy login combinations, and ingested media paths reside completely within the encrypted, containerized state volumes of the Customer's isolated Virtual Private Server (VPS). The central platform operates on a strict zero-knowledge architecture.

2. Data Encrypted at the Edge

All multi-account sessions utilized to simulate engagement matrices are executed entirely at the edge. The central platform developers cannot access, review, or retrieve:

Transaction histories or campaign analytics
Target content links or engagement strategies
Comment text strings handled by local automation pods
Proxy credentials or rotation configurations
Social media session tokens or authentication data

Each customer deployment maintains complete data sovereignty within their self-managed infrastructure boundary.

3. What the Central SaaS Collects

The TitiLisa licensing and update server collects only the minimum data necessary for license management and service delivery:

License Authentication: License key, activation timestamp, and deployment node identifier (hashed)
Billing Information: Payment processor tokens (PayPal transaction IDs), email address for invoice delivery
Update Telemetry: Software version number, update check timestamp, and runtime environment type (OS, container engine)
Support Requests: Name, email, and message content submitted through the contact form

We explicitly do not collect, and structurally cannot access, any social media credentials, content data, or automation configurations processed by your edge deployment.

4. Intellectual Property and Transcription Liability

When utilizing the software's automated video extraction features (e.g., via yt-dlp binaries), the user is solely responsible for verifying the intellectual property rights, localization distribution rights, and creative licensing of the source content.

TitiLisa does not monitor, index, or catalog any media assets processed through the ingestion pipeline. All content processing occurs entirely within the customer's self-hosted environment.

5. Zero Logging of Cookies to Central APIs

The TitiLisa architecture is designed with a strict data isolation wall. The session_cookies database table payload is never transmitted to central SaaS servers during telemetry pings, license checks, or update synchronization. This data remains strictly inside the client's local PostgreSQL database. If the central server is ever subpoenaed or audited, we cannot hand over data we structurally do not possess.

6. Third-Party Services

The central SaaS platform utilizes the following third-party services for operational purposes only:

PayPal: Payment processing (subject to PayPal's Privacy Policy)
Cloudflare: CDN and DDoS protection for the licensing portal

No customer VPS data, social media credentials, or automation logs are shared with any third-party service.

7. Data Retention and Deletion

Central SaaS data (license keys, billing records) is retained for the duration of the license validity plus 12 months for legal compliance. Customers may request deletion of their central account data by contacting mediaxtremeusa@gmail.com.

Edge data (session cookies, media assets, automation logs) is entirely under the customer's control and is deleted when the customer destroys their VPS containers.

8. International Data Transfers

The central licensing server may process minimal operational data across international boundaries. Because the architecture enforces edge-level data sovereignty, all sensitive social media data remains within whatever jurisdiction the customer chooses to deploy their VPS infrastructure.

9. Contact

For privacy inquiries or data deletion requests, contact: mediaxtremeusa@gmail.com