Privacy Policy.

This Privacy Policy explains how PermaShip, Inc. and CEO Arcade collect, use, disclose, retain, and protect personal information when you access or use CEO Arcade, including the CEO Arcade website, catalogue, Mission Control, credit ledger, cabinet operating tools, AI advisors, App Factory, PermaShip-powered execution services, domain and DNS services, customer-support tools, payments and cashout features, and related products, services, software, dashboards, documentation, and tools.

This Privacy Policy is incorporated into the CEO Arcade Terms of Service, Operator Agreement, Credit & Economy Policy, Refund Policy, Domain Policy, and any other policy, agreement, checkout disclosure, quote, or cabinet-specific rule that applies to your use of CEO Arcade.

For purposes of this Privacy Policy:

• “CEO Arcade,” “we,” “us,” or “our” means CEO Arcade and its operating entity, PermaShip, Inc.
• “Platform” means CEO Arcade and related PermaShip-powered systems used to provide CEO Arcade.
• “Operator” means a person or entity that reserves, manages, or operates a cabinet through CEO Arcade.
• “Cabinet” means a platform-managed SaaS business, brand package, microsite, app, operating dashboard, or related business property made available through CEO Arcade.
• “Mission Control” means the CEO Arcade operator dashboard.
• “End Customer” means a customer, lead, visitor, subscriber, purchaser, support contact, or user of a cabinet operated through CEO Arcade.
• “Personal Information” means information that identifies, relates to, describes, can reasonably be associated with, or could reasonably be linked to an individual or household, depending on applicable law.

This Privacy Policy does not create any ownership, payout, credit, or operational rights. Those rights are governed by the CEO Arcade Terms of Service, Operator Agreement, Credit & Economy Policy, Refund Policy, and any applicable cashout, domain, marketplace, or buyout terms.

1. Scope of This Privacy Policy

This Privacy Policy applies to Personal Information we collect when you:

1. visit CEO Arcade websites or landing pages;
2. browse the CEO Arcade catalogue;
3. use the guided matcher or Chief of Staff selection experience;
4. create an account;
5. reserve, manage, or operate a cabinet;
6. enter or use Mission Control;
7. purchase credits or approve credit-spend actions;
8. use or request App Factory, PermaShip, QA Agent, AI advisor, or agentic services;
9. approve domains, DNS, hosting, infrastructure, payments, email, or other platform-managed services;
10. receive cabinet revenue, earned credits, reserves, or cashout-related services;
11. interact with a cabinet as an End Customer;
12. communicate with us by email, chat, form, support request, or other channel;
13. participate in surveys, promotions, tests, demos, competitions, beta programs, or feedback loops; or
14. otherwise interact with the Platform.

This Privacy Policy also applies to information collected through internal CEO Arcade systems that support the Platform, including telemetry, logs, QA reports, deployment records, app-health data, security events, credit ledgers, revenue ledgers, support records, and operational-cost records.

2. Controller and Processor Roles

Depending on the context, PermaShip, Inc. may act as a controller, business, processor, service provider, or similar role under applicable privacy laws.

2.1 Where We Typically Act as Controller

We generally decide the purposes and means of processing for information related to:

1. CEO Arcade account registration;
2. catalogue browsing;
3. Mission Control access;
4. Operator onboarding;
5. billing, subscriptions, credits, refunds, and platform accounting;
6. fraud prevention, risk scoring, KYC, tax, cashout, and compliance;
7. product analytics, security, service improvement, and support;
8. App Factory, PermaShip, QA Agent, and agentic workflow operations;
9. platform-owned domains, DNS, infrastructure, app registry, and resource provisioning;
10. communications with Operators; and
11. legal, business, and platform operations.

2.2 Where We May Act as Processor or Service Provider

For some End Customer information collected through a cabinet, we may process information on behalf of the Operator or cabinet. This may include information submitted by End Customers through forms, checkout flows, onboarding flows, booking flows, support messages, or customer portals.

Because CEO Arcade is platform-managed and cabinets may be owned or controlled by CEO Arcade until a buyout or approved transfer, we may also process End Customer information for our own legitimate platform purposes, such as security, payment processing, fraud prevention, operational-cost accounting, service delivery, support, compliance, refunds, disputes, QA, and platform improvement.

Operators are responsible for understanding and honoring any privacy promises, notices, customer commitments, or legal obligations that apply to their cabinet, unless CEO Arcade expressly agrees in writing to handle them.

3. Personal Information We Collect

We may collect the categories of Personal Information described below.

3.1 Account and Contact Information

We may collect:

1. name;
2. email address;
3. username;
4. login credentials or password hash;
5. phone number, if provided;
6. company name;
7. role or title;
8. profile information;
9. account settings;
10. communication preferences; and
11. support contact details.

3.2 Operator Profile and Matching Information

To recommend cabinets and tailor Mission Control, we may collect information such as:

1. interests;
2. skills;
3. professional background;
4. business experience;
5. sales comfort level;
6. industry preferences;
7. audience size or audience description;
8. influencer, creator, agency, parent, student, local-operator, or business-owner profile information;
9. stated goals;
10. preferred customer types;
11. time availability;
12. risk tolerance;
13. LinkedIn URL, resume, biography, or similar information if you choose to provide it; and
14. answers submitted through guided matching, onboarding, surveys, or Chief of Staff conversations.

You should not submit sensitive personal information, confidential third-party information, or information you are not authorized to share.

3.3 Cabinet, Brand, and Business Information

We may collect and store information about cabinets, including:

1. cabinet selection and reservation history;
2. Brand Packs;
3. business names;
4. logos, taglines, images, colors, copy, and positioning;
5. business cases and competitive analysis;
6. customer segments and ideal-customer profiles;
7. business model information;
8. pricing and plan settings;
9. domain suggestions and domain decisions;
10. feature requests and approved work;
11. Mission Control missions;
12. advisor recommendations;
13. app configuration and feature flags;
14. business performance metrics;
15. revenue and operational-cost information;
16. marketplace, buyout, or transfer status; and
17. cabinet history, decision logs, and work logs.

3.4 Credit, Billing, Revenue, and Cashout Information

We may collect and process information related to:

1. subscriptions;
2. one-time purchases;
3. credit purchases;
4. credit classes and balances;
5. credit reservations, deductions, refunds, locks, holds, and settlements;
6. Operational Costs;
7. usage-based charges;
8. revenue events;
9. payment processing fees;
10. platform fees;
11. refunds;
12. disputes and chargebacks;
13. hard costs;
14. earned credits;
15. pending earned credits;
16. locked credits;
17. cashout eligibility;
18. KYC and tax status;
19. payout information;
20. invoices and receipts; and
21. payment method metadata.

Payment card details are generally handled by payment processors, such as Stripe, and are not stored directly by CEO Arcade except where a provider returns limited tokenized or metadata information.

3.5 Identity, KYC, Tax, and Compliance Information

When required for cashout, payout, high-risk activity, fraud prevention, regulatory compliance, payment processing, marketplace activity, or continued use of certain features, we or our service providers may collect:

1. legal name;
2. date of birth;
3. address;
4. country or region;
5. tax identification information;
6. business registration information;
7. beneficial ownership information;
8. identity-document information;
9. payment-account information;
10. sanctions, fraud, compliance, or risk-screening information; and
11. verification status.

Some of this information may be collected directly by third-party providers, such as payment, KYC, tax, or compliance providers.

3.6 Domain, DNS, Hosting, and Provisioning Information

If you approve domain, DNS, hosting, database, app build, infrastructure, or deployment actions, we may collect and process:

1. requested domains;
2. domain availability checks;
3. domain registration information;
4. domain ownership and renewal status;
5. DNS records;
6. Cloudflare, registrar, hosting, or deployment metadata;
7. app URLs;
8. app subdomains;
9. database connection metadata;
10. deployment identifiers;
11. environment-variable and secret references;
12. health-check results;
13. infrastructure usage;
14. logs;
15. error reports;
16. deployment reports;
17. QA Agent reports;
18. screenshots, recordings, or browser logs generated during QA or support; and
19. provider-resource identifiers.

We do not intend for agents or public app code to receive raw secrets unless needed inside controlled execution or deployment environments.

3.7 End Customer Information

End Customers may provide information through cabinets, including:

1. name;
2. email address;
3. phone number;
4. account or login information;
5. billing or subscription status;
6. purchase history;
7. booking, request, order, project, profile, or form information;
8. support messages;
9. preferences;
10. feedback;
11. usage data;
12. transaction information;
13. refund or dispute information; and
14. other information submitted through the cabinet.

The exact categories depend on the cabinet type, enabled modules, approved features, business model, and customer interactions.

3.8 Communications and Support Information

We may collect:

1. support emails;
2. chat messages;
3. form submissions;
4. feedback;
5. bug reports;
6. call notes;
7. survey responses;
8. Discord, Slack, or community interactions where applicable;
9. internal support notes;
10. escalation history; and
11. communications with Operators, End Customers, vendors, and service providers.

3.9 AI, Agent, App Factory, QA, and PermaShip Information

CEO Arcade uses AI-assisted and agentic systems to provide guidance, generate business assets, build applications, analyze code, execute tickets, run QA, test workflows, fix bugs, and operate cabinets.

We may collect and process:

1. prompts;
2. conversations with the Chief of Staff or advisors;
3. mission requests;
4. feature requests;
5. bug reports;
6. QA reports;
7. code diffs;
8. PermaShip tickets and job records;
9. agent proposals;
10. work outputs;
11. model usage metadata;
12. screenshots, logs, and test artifacts;
13. app specifications;
14. generated copy, brand assets, plans, and recommendations;
15. verification results;
16. deployment results; and
17. summaries or transcripts of AI-assisted interactions.

Do not submit secrets, highly sensitive personal information, confidential third-party information, regulated health data, legal privileged information, financial account credentials, government identifiers, or other restricted data unless CEO Arcade expressly instructs that such data is supported and necessary.

3.10 Technical, Device, Log, and Usage Information

We may automatically collect:

1. IP address;
2. device identifiers;
3. browser type;
4. operating system;
5. pages viewed;
6. referring URLs;
7. actions taken;
8. clickstream data;
9. timestamps;
10. session data;
11. cookie identifiers;
12. analytics events;
13. error logs;
14. security logs;
15. app-health logs;
16. usage metrics;
17. API usage;
18. rate-limit events;
19. fraud, abuse, or risk signals; and
20. approximate location inferred from IP address.

3.11 Cookies and Similar Technologies

We may use cookies, pixels, local storage, session storage, analytics tags, and similar technologies to:

1. authenticate users;
2. maintain sessions;
3. remember preferences;
4. measure traffic and conversions;
5. understand catalogue interest;
6. track checkout and reservation funnels;
7. improve recommendations;
8. detect fraud and abuse;
9. debug the Platform;
10. measure product performance; and
11. support advertising, attribution, or retargeting where used.

You can control cookies through your browser settings and any cookie controls we provide. Blocking cookies may affect login, Mission Control, checkout, analytics, and other Platform features.

4. Sources of Personal Information

We may collect Personal Information from:

1. you directly;
2. Operators;
3. End Customers;
4. cabinet visitors;
5. payment processors;
6. KYC, tax, fraud, compliance, and risk providers;
7. domain registrars and DNS providers;
8. hosting, deployment, database, and infrastructure providers;
9. analytics and observability providers;
10. email, support, and communication providers;
11. PermaShip, App Factory, QA Agent, and AI execution systems;
12. public sources, such as websites, LinkedIn pages, public profiles, or public business information you provide or direct us to use;
13. third-party integrations you connect or approve;
14. internal logs and telemetry; and
15. service providers acting on our behalf.

5. How We Use Personal Information

We use Personal Information to:

1. provide, operate, and improve CEO Arcade;
2. create and manage accounts;
3. authenticate users;
4. recommend cabinets;
5. personalize Mission Control;
6. reserve, prepare, build, deploy, maintain, and operate cabinets;
7. provide AI advisor, Chief of Staff, App Factory, QA Agent, and PermaShip-powered services;
8. process credit purchases, subscriptions, Operational Costs, hard costs, and other payments;
9. maintain the credit ledger, revenue ledger, reserves, holds, and cashout workflows;
10. provide domain search, domain purchase, DNS, hosting, email, app, and infrastructure services;
11. run QA, testing, bug detection, app-health checks, and verification workflows;
12. detect, prevent, and respond to fraud, abuse, spam, chargebacks, security incidents, and platform misuse;
13. provide customer support;
14. communicate with Operators and End Customers;
15. process refunds, disputes, chargebacks, reserves, and support escalations;
16. comply with legal, tax, payment, sanctions, anti-fraud, and regulatory requirements;
17. enforce our Terms of Service, Operator Agreement, Credit & Economy Policy, Refund Policy, and other policies;
18. analyze catalogue interest, conversion, usage, revenue, costs, and product performance;
19. improve models, prompts, agents, workflows, and platform systems where permitted and appropriate;
20. operate promotions, beta tests, competitions, surveys, or research;
21. support marketplace, transfer, buyout, reclaim, or portfolio features if available;
22. maintain audit logs and business records;
23. protect the rights, safety, property, and security of CEO Arcade, PermaShip, Operators, End Customers, service providers, and others; and
24. carry out other purposes disclosed at the time information is collected.

6. AI and Automated Processing

CEO Arcade uses AI and automated systems to support business selection, Mission Control recommendations, cabinet building, code execution, QA, infrastructure monitoring, support, billing analysis, fraud detection, cost forecasting, and other platform operations.

AI and automated systems may:

1. recommend cabinets based on your profile or answers;
2. generate business names, taglines, copy, logos, or brand suggestions;
3. propose missions;
4. estimate credit costs;
5. generate App Factory plans;
6. create PermaShip tickets;
7. analyze code, logs, errors, app state, and usage;
8. run QA scenarios and summarize issues;
9. recommend operational-cost or infrastructure changes;
10. flag unusual usage or fraud risk;
11. summarize customer feedback;
12. generate support drafts;
13. create product, growth, or revenue recommendations; and
14. help internal teams operate and improve the Platform.

You should review AI-generated recommendations before acting on them. AI outputs may be incomplete, incorrect, or inappropriate for your specific business. CEO Arcade does not guarantee the accuracy, legality, profitability, completeness, or suitability of AI-generated recommendations or outputs.

Where required by law or platform policy, certain automated decisions may be reviewed by humans, especially where they involve account suspension, cashout eligibility, high-risk fraud signals, or significant platform restrictions.

7. How We Share Personal Information

We may share Personal Information as described below.

7.1 Service Providers and Vendors

We may share information with service providers that help us operate CEO Arcade, including providers of:

1. payment processing;
2. Stripe Connect, cashout, refunds, and disputes;
3. KYC, tax, fraud, sanctions, and compliance;
4. domain registration;
5. DNS and CDN services;
6. hosting, deployment, database, and infrastructure;
7. secrets management;
8. email and messaging;
9. customer support;
10. observability, logging, error tracking, analytics, and monitoring;
11. AI model and agent infrastructure;
12. App Factory, QA Agent, and PermaShip execution;
13. security and abuse prevention;
14. data storage and backups;
15. accounting, legal, and business operations; and
16. other services used to provide the Platform.

These providers may process Personal Information according to our instructions, their agreements with us, and applicable law.

7.2 Operators and Cabinet Participants

If you are an End Customer, information you submit through a cabinet may be visible to the Operator of that cabinet and to CEO Arcade. This may include your account, purchase, booking, support, form, feedback, or usage information.

If you are an Operator, certain cabinet information may be visible to End Customers, support staff, payment providers, service providers, or future operators in connection with support, marketplace transfers, buyouts, disputes, or platform operations.

7.3 Payment, Revenue, and Cashout Providers

We may share information with payment processors, tax providers, KYC providers, compliance providers, and banks or payout providers to:

1. process payments;
2. create checkout sessions;
3. manage subscriptions;
4. process refunds;
5. handle disputes and chargebacks;
6. operate earned-credit and cashout workflows;
7. complete identity and tax checks;
8. comply with legal and payment-network requirements; and
9. manage fraud and risk.

7.4 Domain, DNS, Hosting, and Infrastructure Providers

When domain, DNS, hosting, app deployment, database, email, monitoring, or infrastructure actions are approved or required, we may share information with providers that register domains, create DNS records, host apps, operate databases, manage logs, deliver email, or provide monitoring and infrastructure.

Some domain-registration information may be required by registrars, registries, ICANN-related processes, or applicable law.

7.5 AI and Execution Providers

We may share prompts, specifications, code, logs, screenshots, QA reports, tickets, summaries, and related content with AI model providers, coding-agent systems, QA systems, App Factory systems, PermaShip systems, and other execution tools used to provide the Platform.

We attempt to limit what is shared to what is reasonably needed for the relevant task. You are responsible for not submitting information that you are not authorized to share.

7.6 Legal, Safety, Compliance, and Enforcement

We may disclose information when we believe disclosure is reasonably necessary to:

1. comply with law, subpoena, court order, government request, regulator request, or legal process;
2. enforce our agreements and policies;
3. protect rights, property, safety, or security;
4. prevent fraud, abuse, spam, chargebacks, unlawful activity, or security incidents;
5. investigate misuse of the Platform;
6. resolve disputes;
7. respond to payment-network, bank, registrar, hosting, or provider requirements;
8. comply with tax, sanctions, anti-money-laundering, or identity-verification requirements; or
9. protect CEO Arcade, PermaShip, Operators, End Customers, service providers, and others.

7.7 Business Transfers

We may share or transfer information in connection with an actual or proposed merger, acquisition, financing, investment, corporate transaction, reorganization, bankruptcy, sale of assets, transfer of platform assets, or similar business transaction involving CEO Arcade, PermaShip, cabinets, marketplace assets, or related business operations.

7.8 With Your Direction or Consent

We may share information when you direct us to do so, approve a workflow, connect an integration, approve a domain or infrastructure action, approve a cashout or KYC workflow, invite a team member, connect a provider, or otherwise consent.

8. Cookies, Analytics, Advertising, and Tracking

We may use analytics, attribution, advertising, and product-measurement tools to understand how people discover, browse, reserve, and operate cabinets. These tools may collect information such as pages visited, conversion events, checkout events, device information, browser information, IP address, identifiers, and actions taken.

We may use this information to:

1. measure catalogue interest;
2. improve business recommendations;
3. understand conversion funnels;
4. debug product issues;
5. prevent fraud;
6. improve pricing and credit mechanics;
7. analyze feature usage;
8. improve Mission Control; and
9. market CEO Arcade.

Some analytics or advertising activities may be considered “sharing,” “targeted advertising,” or similar concepts under certain privacy laws. Where required, we will provide applicable notices and opt-out mechanisms.

You may also use browser-level controls, cookie settings, or opt-out tools where available. Blocking cookies may limit functionality.

9. Data Retention

We retain Personal Information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:

1. provide the Platform;
2. maintain accounts and cabinets;
3. operate Mission Control;
4. maintain credit, revenue, refund, dispute, reserve, and cashout records;
5. maintain audit logs;
6. support App Factory, PermaShip, QA Agent, and CI/CD operations;
7. comply with tax, accounting, legal, payment, domain, registrar, security, and regulatory obligations;
8. prevent fraud, abuse, chargebacks, and disputes;
9. resolve support issues;
10. enforce agreements;
11. handle marketplace, buyout, transfer, suspension, reclaim, or cancellation workflows; and
12. maintain backups and business records.

Retention periods vary depending on the type of information, the cabinet status, legal requirements, payment and tax requirements, domain and DNS requirements, security requirements, and operational needs.

If your account or cabinet is closed, cancelled, suspended, reclaimed, sold, transferred, or bought out, we may retain certain information as needed for legal, accounting, security, operational, fraud-prevention, chargeback, dispute, marketplace, or platform-continuity purposes.

Backups and logs may persist for a limited period after deletion from active systems.

10. Security

We use administrative, technical, and organizational measures designed to protect Personal Information. These may include access controls, authentication, encryption, secret management, audit logs, vendor controls, security monitoring, rate limits, provider isolation, CI/CD checks, and controlled execution environments.

No system is perfectly secure. We cannot guarantee that information will never be accessed, disclosed, altered, lost, or destroyed by a breach of our safeguards. You are responsible for using strong account credentials, safeguarding your login information, and promptly notifying us if you suspect unauthorized access to your account, cabinet, Mission Control, payment, or cashout features.

11. International Data Transfers

CEO Arcade is operated by PermaShip, Inc., a Delaware corporation. We and our service providers may process information in the United States and other countries. These countries may have data-protection laws that differ from the laws of your jurisdiction.

Where required, we use appropriate safeguards for international transfers, such as contractual commitments, provider data-processing agreements, standard contractual clauses, or other legally recognized mechanisms.

12. Your Choices and Privacy Rights

Depending on where you live and applicable law, you may have rights to:

1. access Personal Information we hold about you;
2. correct inaccurate Personal Information;
3. delete Personal Information;
4. restrict or object to certain processing;
5. receive a portable copy of certain information;
6. opt out of certain sharing, targeted advertising, or sale-like uses;
7. limit certain uses of sensitive Personal Information;
8. withdraw consent where processing is based on consent;
9. appeal a privacy-rights decision; and
10. lodge a complaint with a privacy regulator.

To submit a request, contact legal@permaship.ai. We may need to verify your identity or authority before responding. If you are making a request on behalf of someone else, we may require proof of authorization.

Some requests may be denied or limited where information is needed for security, fraud prevention, legal compliance, payment processing, tax records, dispute handling, chargebacks, cashout records, operational records, account administration, cabinet operation, or other legally permitted purposes.

If you are an End Customer of a cabinet and you contact us about information controlled by an Operator, we may direct the request to the relevant Operator or handle it as required by law and platform policy.

13. Notice to California Residents

This section provides additional information for California residents under the California Consumer Privacy Act, as amended, and related California privacy laws, to the extent they apply.

13.1 Categories of Personal Information Collected

In the past 12 months, we may have collected the following categories of Personal Information:

Category	Examples
Identifiers	Name, email, IP address, account identifiers, customer identifiers, device identifiers
Customer records information	Billing contact details, support records, payment metadata, business contact information
Commercial information	Purchases, subscriptions, credits, refunds, revenue events, Operational Costs, cabinet activity
Internet or network activity	Page views, clicks, usage data, logs, analytics events, app-health data
Geolocation information	Approximate location inferred from IP address
Professional or employment-related information	Role, company, LinkedIn URL, resume, professional background, if provided
Inferences	Cabinet recommendations, operator profile, risk indicators, preference signals
Sensitive personal information	KYC, tax, identity-verification, payment, fraud, or compliance information when required
Audio/visual/electronic information	Screenshots, QA recordings, support attachments, user-submitted media, where applicable
Other information you provide	Messages, support requests, cabinet configuration, feedback, prompts, AI interactions

13.2 Sources

We collect information from the sources described in Section 4 of this Privacy Policy.

13.3 Purposes

We use information for the purposes described in Section 5 of this Privacy Policy.

13.4 Disclosures

We may disclose the categories above to service providers, contractors, payment processors, infrastructure providers, domain and DNS providers, AI and execution providers, analytics providers, support providers, professional advisors, legal authorities, and other parties described in Section 7.

13.5 Sale or Sharing

We do not sell Personal Information for money. We may use analytics, advertising, attribution, or tracking technologies that could be considered “sharing” or “targeted advertising” under certain laws. Where required, we will provide a method to opt out of such activities.

13.6 Sensitive Personal Information

We use sensitive Personal Information only as reasonably necessary for permitted business purposes, such as identity verification, fraud prevention, payment processing, security, compliance, tax, cashout, and platform safety, unless otherwise disclosed or permitted by law.

13.7 California Rights

California residents may have rights to know, access, correct, delete, opt out of sale or sharing, limit use of sensitive Personal Information, and not be discriminated against for exercising privacy rights. To exercise rights, contact legal@permaship.ai.

14. Notice to EEA, UK, and Swiss Users

If European data-protection laws apply, we process Personal Information under one or more legal bases, including:

1. Contract — to provide CEO Arcade, Mission Control, cabinets, payments, credits, support, and related services;
2. Legitimate interests — to operate, secure, improve, and market the Platform; prevent fraud; manage Operational Costs; run analytics; support App Factory and PermaShip workflows; and protect users and the Platform;
3. Consent — where required for certain cookies, marketing, optional profile information, or other activities;
4. Legal obligation — to comply with tax, accounting, KYC, fraud, sanctions, payment, regulator, and legal requirements; and
5. Vital or public interests — where applicable in rare cases involving safety, security, or legal duties.

You may have rights to access, rectify, erase, restrict, object, port data, withdraw consent, and complain to a supervisory authority. To exercise rights, contact legal@permaship.ai.

15. Children

CEO Arcade is not intended for children under 13, and we do not knowingly collect Personal Information from children under 13. If you believe a child under 13 has provided Personal Information to us, contact legal@permaship.ai and we will take appropriate action.

If CEO Arcade is used by a parent, guardian, teacher, or adult to help a minor learn about business, the adult is responsible for supervising the minor's use, ensuring account ownership and payment activity remain under the adult's control, and complying with applicable laws.

16. Marketing Communications

We may send service-related communications, legal notices, security alerts, billing notices, operational-cost notices, Mission Control updates, and support messages. These are transactional or administrative and may be necessary to provide the Platform.

We may also send marketing communications. You may opt out of marketing emails by using the unsubscribe link or contacting hello@permaship.ai. Even if you opt out of marketing, we may still send transactional, legal, security, billing, support, and service-related messages.

17. Third-Party Services and Links

CEO Arcade may link to or integrate with third-party services, including payment processors, domain registrars, DNS providers, hosting providers, database providers, email providers, analytics providers, support tools, AI providers, KYC providers, tax providers, and other services.

Your use of third-party services may be governed by their own terms and privacy policies. We are not responsible for the privacy practices of third parties except where required by law or by our agreements with them.

18. Operator Responsibilities for End Customer Privacy

Operators must use cabinets and End Customer information lawfully. Operators are responsible for:

1. providing truthful customer-facing descriptions;
2. avoiding deceptive privacy or data-use claims;
3. using customer data only for legitimate cabinet purposes;
4. responding to customer privacy or support requests where required;
5. avoiding spam and unlawful marketing;
6. honoring refund and service commitments;
7. notifying CEO Arcade of privacy, security, or legal issues;
8. avoiding collection of unsupported sensitive information;
9. complying with applicable privacy, consumer-protection, email, and payment laws; and
10. following CEO Arcade policies and Mission Control guidance.

Operators may not use CEO Arcade to collect or process regulated health data, children's data, financial account credentials, legal privileged information, government identifiers, biometric data, or other high-risk data unless CEO Arcade expressly authorizes the relevant use case in writing and appropriate safeguards are in place.

19. Data in Marketplace, Transfer, Reclaim, and Buyout Scenarios

If a cabinet is sold, transferred, reclaimed, suspended, bought out, or moved to a secondary-market or direct-operation state, we may process and disclose information needed to evaluate, document, execute, and support that transition.

This may include:

1. cabinet history;
2. domain records;
3. app and infrastructure status;
4. revenue summaries;
5. credit-spend history;
6. Operational Costs;
7. customer counts;
8. refund and dispute history;
9. support burden;
10. app-health metrics;
11. feature history;
12. QA and PermaShip work history;
13. marketplace listing data; and
14. data export or transfer records.

We may withhold, aggregate, redact, or anonymize information where needed to protect privacy, security, fraud controls, legal obligations, platform IP, or other users.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice by posting the updated policy, changing the effective date, notifying you through Mission Control, sending an email, or using another reasonable method.

Your continued use of the Platform after the updated Privacy Policy becomes effective means you accept the updated policy, to the extent permitted by law.

21. Contact Us

For support questions, contact:

hello@permaship.ai

For legal, privacy, data rights, or compliance questions, contact:

legal@permaship.ai

CEO Arcade is operated by PermaShip, Inc., a Delaware corporation.