Privacy Policy

This Privacy Policy explains how SodaSoft LLC (“SodaSoft”, “we”, “us”, or “our”), a Wyoming limited liability company and the operator of ratomir.com(the “Site”), collects, uses, discloses, retains, and protects information about visitors and users of the Site (“you”).

The Site is owned and operated by SodaSoft LLC. References on the Site to “Ratomir Jovanovic” identify an individual author whose writing and personal brand are published on the Site; all data processing, business activity, and legal responsibility associated with the Site is conducted by and through SodaSoft LLC. By using the Site you acknowledge that you are interacting with SodaSoft LLC for these purposes.

By accessing or using the Site, you agree to the practices described in this Privacy Policy. If you do not agree, do not use the Site.

1. Who is responsible for your information

The data controller (for purposes of the EU and UK General Data Protection Regulation, “GDPR”) and the “business” (for purposes of the California Consumer Privacy Act, “CCPA/CPRA”) is:

SodaSoft LLC
Sheridan, Wyoming, United States
Contact: via the contact form on the Site

2. What information we collect

2.1 Information you provide directly

• Contact form submissions: name, email address, subject, and the message body you submit through the contact form on the Site.
• Newsletter signups: email address you submit to subscribe.
• Purchases or paid content (if and when offered): billing name, billing address, and payment details. Payment card numbers are processed by our payment processor and are never stored on our servers.
• Account information (if and when account creation is offered): username, email, hashed password, and any optional profile fields you choose to provide.

2.2 Information collected automatically

• Server and request logs: IP address, user-agent string, referring URL, requested URL, request timestamps, response status, and approximate location derived from IP.
• Analytics: page views, session duration, referrer, device class, language, viewport size, anonymized identifiers used to deduplicate visits.
• Cookies and similar technologies: see section 7 below.

2.3 Information we do not collect

We do not knowingly collect special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data). We do not knowingly collect information from children under 13 (or 16 in jurisdictions that apply that threshold). See section 11.

3. How we use your information

We use the information described above to:

• Operate, maintain, and secure the Site;
• Respond to your inquiries submitted through the contact form;
• Send newsletter emails you have explicitly opted into, including transactional confirmations and unsubscribe links;
• Detect, investigate, and prevent fraud, abuse, security incidents, or violations of our Terms of Service;
• Improve content quality, fix bugs, and understand aggregate usage patterns;
• Comply with applicable laws, court orders, and lawful requests from public authorities;
• Enforce our Terms of Service and protect the rights, property, or safety of SodaSoft LLC, our users, or others.

4. Legal bases for processing (EU/UK visitors)

For visitors in the European Economic Area, United Kingdom, or Switzerland, we process personal data under the following lawful bases under GDPR/UK GDPR:

• Consent - for newsletter sign-ups and optional analytics cookies. You can withdraw consent at any time.
• Performance of a contract - to respond to contact requests you initiate and to deliver any purchases.
• Legitimate interests - to secure the Site, prevent abuse, measure aggregate usage, and improve content. Where we rely on legitimate interests, we balance those interests against your rights and freedoms.
• Legal obligation - to comply with applicable law.

5. Who we share information with

We do not sell personal information, and we do not share personal information with third parties for their own marketing purposes. We share limited information only with the following categories of processors and recipients:

• Hosting and infrastructure: Vercel Inc. (edge hosting and serving) and Supabase Inc. (database, file storage, and authentication). These processors receive information strictly to operate the Site.
• Email delivery: Resend, Inc. (transactional email and contact form forwarding to a private inbox controlled by SodaSoft LLC).
• Payments (if applicable): Stripe, Inc. processes payment card data directly; we receive only a payment confirmation token and the metadata you provide at checkout.
• Analytics: aggregate, privacy-respecting analytics provider(s) that may receive your IP address and user-agent in order to compute pageview metrics. We configure analytics with IP anonymization where the provider supports it.
• Legal, safety, and compliance: we may disclose information to law enforcement, regulators, courts, or other authorities when required by law, subpoena, or other legal process, or where we believe disclosure is necessary to protect our rights, the safety of you or others, investigate fraud, or respond to a government request.
• Business transfers: if SodaSoft LLC is involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, or sale of assets, your information may be transferred as part of that transaction, subject to standard confidentiality protections.

6. International data transfers

SodaSoft LLC is established in the United States. The processors listed in section 5 may store and process data in the United States, the European Union, and other regions. When personal data is transferred out of the EEA, the United Kingdom, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK's International Data Transfer Addendum, or recognized adequacy decisions, as applicable.

7. Cookies and similar technologies

We use a small set of cookies and similar storage mechanisms (localStorage, sessionStorage) for the following purposes:

• Strictly necessary: session continuity, security, theme preference (light/dark), and remembering that you dismissed the “Install” prompt. These cannot be disabled without breaking the Site.
• Analytics: aggregate measurement of pageviews and session quality. These may be disabled in your browser or via any cookie banner the Site displays in your region.

You can control cookies through your browser settings. Most browsers let you refuse cookies, delete existing cookies, or be notified when a cookie is set. Disabling cookies may affect Site functionality.

8. Data retention

We retain personal data only as long as needed for the purposes described in this Privacy Policy:

• Contact form submissions: up to 36 months after the most recent correspondence, then deleted or anonymized;
• Newsletter subscriber lists: until you unsubscribe, after which we retain a record of unsubscribe to honour your preference;
• Server and request logs: typically up to 90 days unless required longer for security investigations;
• Analytics aggregates: indefinitely in non-identifiable, aggregated form;
• Records required by law: retained for the minimum legally required period (for example, tax records).

9. Your rights

9.1 EU / UK / Swiss residents (GDPR)

You have the right to:

• Request access to the personal data we hold about you;
• Request correction of inaccurate or incomplete personal data;
• Request erasure of personal data (subject to exceptions in applicable law);
• Request restriction of processing in certain circumstances;
• Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller (data portability);
• Object to processing based on legitimate interests, including objection to direct marketing at any time;
• Withdraw consent at any time where processing is based on consent;
• Lodge a complaint with your local supervisory authority.

9.2 California residents (CCPA/CPRA)

You have the right to know what personal information we collect, disclose, or “sell” (we do not sell personal information); request deletion of personal information; correct inaccurate personal information; limit the use and disclosure of sensitive personal information; and not be discriminated against for exercising these rights.

9.3 How to exercise your rights

Submit a request through the contact form. We will respond within the timeframe required by applicable law (typically 30 days under GDPR, 45 days under CCPA/CPRA, extendable when necessary). We may need to verify your identity before fulfilling certain requests.

10. Security

We use commercially reasonable administrative, technical, and physical safeguards designed to protect personal data, including TLS in transit, encryption at rest where supported by our processors, access controls, hashed credentials, and regular security review. No system is perfectly secure, however, and we cannot guarantee absolute security.

11. Children

The Site is not directed to and is not intended for use by children under 13 (or under 16 in jurisdictions where that is the applicable age of digital consent). We do not knowingly collect personal information from children. If you believe we have inadvertently collected personal information from a child, please contact us so we can delete it.

12. Third-party links

The Site may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third-party services you interact with.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date above. If changes are material, we will provide additional notice (for example, by a banner on the Site or, where appropriate, by email to subscribers). Your continued use of the Site after changes become effective constitutes acceptance of the updated Privacy Policy.

14. Contact

For privacy questions, data subject requests, or to exercise any right described above, please contact us via the contact form. Mark your request as “Privacy Request” in the subject so we can route it appropriately.