1. Data Controller
The data controller is SOG Digital Services IKE, a private company registered under Greek law.
2. Data We Collect
Account data
- E-mail address (used for login and notifications only — never displayed to other members)
- Private alias (your chosen display name visible to verified members)
- City of residence (shown at city level only — no precise geolocation)
- Age bracket
- Lifestyle disposition tags (self-selected)
- Optional short bio
Usage data
- Login timestamps and device type (for security purposes)
- Pages visited within the platform (aggregated, not sold)
- Correspondence metadata (who sent a note to whom, timestamps — content is end-to-end encrypted)
3. Verification Documents
Verification documents are handled under maximum protection and are never accessible to other members under any circumstances.
To verify your identity, we collect one of: Greek ID card, residence permit, or passport, along with a live selfie photograph. An optional short video greeting may also be submitted.
Storage
All identity documents are encrypted at rest using AES-256 and stored in an isolated vault, separate from the main platform database. Only two named operators have access to the verification vault.
Retention
Verification documents are retained only for the duration of active membership plus 30 days. Upon account closure or erasure request, all documents are cryptographically erased — not archived.
4. How Data Is Used
Your data is used solely to operate the SOG platform. Specifically:
- To authenticate your identity and prevent duplicate or fraudulent accounts
- To display your dossier to other verified members (alias, city, disposition, and optionally photos)
- To facilitate private correspondence between members
- To notify you of events and SOG communications you have opted into
- To comply with Greek and EU legal obligations
Your data is never sold, never used for advertising, and never shared with third parties for commercial purposes.
5. Sharing & Third Parties
SOG does not sell or share personal data with third parties for commercial purposes. Limited sharing occurs only in these contexts:
- SDC partnership: If you choose to activate SDC cross-linking, your alias and disposition tags are shared with SDC. This is entirely opt-in and can be revoked at any time from Account Settings.
- Payment processor: Billing data is handled by a PCI-DSS compliant payment processor. SOG does not store card numbers.
- Legal obligations: If required by Greek law or court order, we may be compelled to disclose specific data. We will notify you unless legally prohibited.
6. Retention Periods
- Account data: retained for the duration of active membership plus 12 months
- Verification documents: retained for active membership plus 30 days, then cryptographically erased
- Correspondence: auto-deleted after 30 days (configurable in Account Settings)
- Login/security logs: retained for 90 days
- Billing records: retained for 7 years as required by Greek tax law
7. Your Rights Under GDPR
Under the General Data Protection Regulation (EU 2016/679), you have the following rights:
- Right of access: Request a copy of all personal data we hold about you
- Right to rectification: Correct inaccurate or incomplete data
- Right to erasure: Request deletion of your data ("right to be forgotten")
- Right to portability: Receive your data in a structured, machine-readable format
- Right to restrict processing: Limit how we use your data in certain circumstances
- Right to object: Object to processing based on legitimate interests
To exercise any of these rights, contact privacy@sog.gr. We will respond within 30 days. Erasure requests for account data are processed within 72 hours.
8. Security Measures
- AES-256 encryption at rest for all sensitive data
- TLS 1.3 in transit
- End-to-end encrypted correspondence (content never readable by SOG operators)
- Screenshot detection and alerts
- Photo watermarking with member ID
- Access to verification vault restricted to two named operators with audit logging
- Automatic session expiry after 30 days of inactivity
9. Cookies
SOG uses only strictly necessary cookies for session management and security. No advertising cookies, no third-party tracking pixels. Preferences and language settings are stored in your browser's local storage and are not transmitted to our servers.
10. Contact & Complaints
For privacy enquiries: privacy@sog.gr
You also have the right to lodge a complaint with the Greek Data Protection Authority (ΑΠΔΠΧ): www.dpa.gr