THE NATIONAL RESERVE SYSTEM OF RESOURCE FUNDING

LICENSED APPLICATION END USER LICENSE AGREEMENT

Data Controller: DAO Corporation (the “Corporation”) Scope: Apps, Websites, Services, APIs Contact: i@qitq.tech

Legal Entity

Form: Cooperative · operating as Holding Registered: 19 January 2024

This document explains how the Corporation collects, uses, shares, and protects personal data across the DAO ecosystem. It also describes user rights and options.

1. General Provisions

Content

This Privacy Policy (hereinafter referred to as the “Policy”) regulates the processing, storage, and protection of users’ personal data on the platform.
The operator responsible for personal data processing is the National Reserve System of Resource Funding (hereinafter referred to as the “Platform” or the “Operator”).
This Policy applies to all platform users and all services, functions, and system components provided.
The Operator undertakes to comply with applicable international data protection laws and standards, including GDPR, CCPA/CPRA, PDPA, LGPD, and other relevant legislation of the jurisdiction in which the user resides.
The use of the platform implies the user’s full agreement with the terms of this Policy. If the user disagrees with the terms, they must stop using the platform.
This Policy may be amended by the Operator. Material changes will be communicated to users at least 30 days prior to taking effect, in compliance with GDPR Art. 7 and applicable data protection law. Continued use of the platform after the effective date constitutes acceptance of the revised Policy.

2. User Consent

Content

By using the platform, the user confirms their consent to the processing, storage, and transfer of their personal data in accordance with this Policy.
The Operator has the right to request additional confirmation of consent to data processing if required for certain services.
The user has the right to withdraw consent to the processing of their personal data by submitting an official request to the platform’s support service. However, in this case, access to certain platform functions may be restricted or completely terminated.
The user guarantees that the provided data is accurate, up-to-date, and does not belong to third parties.

3. Personal Data

The platform collects, processes, and stores the following categories of user personal data:

Full name
Contact details (phone number, email address)
Date of birth
Gender
Payment details, including bank accounts and cryptocurrency wallets
IP address, geolocation data
Information on interactions with the platform (registration date, last login time, performed actions, and transactions)
Cookies and browser data
Any other information voluntarily provided by the user

4. Purposes of Personal Data Processing

The Operator processes personal data for the following purposes:

User registration in the system
Providing access to the platform’s functionalities
User identification upon login
Improving platform performance, including user behavior analysis
Marketing and advertising research, personalized advertising offers
Compliance with legal requirements, fraud prevention

The Operator uses the following methods of personal data processing:

Automated processing (collection, analysis, storage, transfer)
Manual processing (application analysis, data moderation)
Data encryption using modern cryptographic algorithms
Data anonymization for statistical analysis

6. Data Storage and Retention Period

User data is stored on the Operator’s servers in compliance with information protection requirements.
The data retention period is determined by the purposes of processing.
Upon expiration of the retention period, data will be deleted or anonymized unless further storage is required by law.

7. Data Transfer to Third Parties

The Operator does not transfer users’ personal data to third parties, except in cases provided by law or this Policy.

Personal data may be transferred to:

Government authorities upon lawful request
Operator’s partners to ensure platform functionality (payment services, marketing agencies, analytics services)
In case of reorganization or sale of the platform, whereby the new owners must comply with this Policy

8. Data Security and Protection

The Operator takes all necessary measures to protect personal data from unauthorized access, alteration, disclosure, or destruction.

Data protection measures include:

Modern encryption algorithms
Multi-factor authentication systems
Access control and user activity log auditing

Operator / Data Controller: THE NATIONAL RESERVE SYSTEM OF RESOURCE FUNDING — Cooperative, operating as Holding. Registered: 19 January 2024. Contact: i@qitq.tech

9. User Rights

The user has the following rights:

Obtain information about their data stored on the platform
Request correction or deletion of incorrect data
Withdraw consent to data processing
File complaints with regulatory authorities in case of rights violations

This section governs the ownership, licensing, and use of all social media handles, usernames, channel names, and related digital identifiers (collectively, “Handles”) created, operated, or managed within or on behalf of the Cooperative ecosystem.

10.1 Ownership of Handles

All Handles created, registered, or operated in connection with the Cooperative — including but not limited to accounts on any social media platform, streaming service, messaging network, content platform, or digital community — are and shall remain the exclusive property of the Cooperative, regardless of:

the length of tenure of the creator or operator;
the size, composition, or engagement level of the audience built;
the volume, quality, or originality of content produced;
any personal identification of the Handle with any individual creator.

10.2 Limited Creator License

Creators and contributors receive only a limited, revocable, non-transferable, non-exclusive license to operate a Handle on behalf of the Cooperative during the period of active cooperation. This license:

does not confer any ownership interest, beneficial interest, or proprietary right in the Handle;
does not create any employment, partnership, or agency relationship by virtue of Handle operation;
may be expanded, restricted, or modified at any time at the Cooperative’s sole discretion;
terminates automatically and immediately upon cessation of the creator’s cooperation with the Cooperative.

10.3 No Ownership Claim

Creators expressly acknowledge and agree that they cannot and do not claim ownership of any Handle in any form, including but not limited to:

intellectual property rights;
common law or equitable rights;
rights by reason of investment of time, labor, or resources;
rights arising from audience development or content creation.

10.4 Right of Revocation

The Cooperative reserves the absolute right to revoke any Handle license at any time, with or without cause, and with or without prior notice. Upon revocation:

the creator must immediately cease operation of the Handle;
all access credentials must be surrendered as set forth in Section 10.6;
no compensation, indemnity, or claim shall arise from revocation.

10.5 Non-Solicitation of Handle Audience

For a period of twelve (12) months following the departure of a creator or contributor from the Cooperative (whether voluntary or involuntary), such individual is prohibited from:

directly or indirectly soliciting, redirecting, or migrating the audience associated with any Cooperative Handle;
publishing content designed or intended to divert followers, subscribers, or viewers from any Cooperative Handle to any competing or personal platform;
contacting or communicating with audience members acquired through a Cooperative Handle for commercial or competitive purposes.

10.6 Immediate Credential Surrender

Upon departure from the Cooperative for any reason, the departing creator or contributor must immediately and unconditionally surrender:

all login credentials, passwords, and access tokens for Cooperative Handles;
all linked email addresses, phone numbers, and recovery methods registered to Cooperative Handles;
all administrative access to associated pages, groups, and communities;
any backup codes, API keys, or third-party integrations associated with Cooperative Handles.

Failure to surrender credentials immediately upon departure constitutes a material breach and may result in legal action without further notice.

⚠️ WARNING — MATERIAL BREACH: Any attempt by any creator, contributor, or former participant to (a) claim ownership of a Cooperative Handle, (b) sell, transfer, assign, or encumber a Cooperative Handle, (c) change credentials so as to exclude the Cooperative, or (d) monetize or exploit a Cooperative Handle for personal gain without explicit written authorization, constitutes a material breach of this Agreement and will result in immediate legal action, including injunctive relief, recovery of all proceeds, and claims for damages. The Cooperative will pursue all available legal remedies without limitation.

11. Operator and User Responsibilities

The Operator is not responsible for consequences caused by the user’s violation of platform usage rules.

The user is fully responsible for the accuracy of the data provided and for actions performed within the system.

12. Cookie Policy

The Operator uses cookies and similar tracking technologies (collectively, “Cookies”) in accordance with the EU ePrivacy Directive (2002/58/EC as amended), GDPR Article 6, the UK PECR, and equivalent applicable law.

Categories of Cookies used:

Essential / Strictly Necessary: Required for platform operation (session tokens, security, load balancing). Legal basis: Legitimate interest / contract performance. No consent required.
Analytics & Performance: Aggregate, anonymised usage data to improve platform performance. Legal basis: Consent (GDPR Art. 6(1)(a)). Opt-in only.
Marketing & Personalisation: Personalised content, retargeting, and attribution. Legal basis: Consent (GDPR Art. 6(1)(a)). Opt-in only.
Functional & Preference: UI settings, language, session preferences. Legal basis: Consent (GDPR Art. 6(1)(a)). Opt-in only.

Consent records are timestamped and stored locally. You may update or withdraw consent at any time via the Cookie Settings button (🍪) at the bottom-left of the page, or by contacting i@qitq.tech. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

Cookies do not include sensitive personal data and are not shared with third parties for resale. Retention periods vary by cookie category; essential cookies expire at session end; analytical and marketing cookies are retained for a maximum of 12 months.

13. Cryptocurrency Transactions

The Operator provides the possibility of cryptocurrency transactions but does not bear responsibility for their outcomes.

The user acknowledges the risks associated with cryptocurrencies and assumes full responsibility.

14. General Provisions

This Privacy, Data & Responsibility Policy (“Policy”) governs the rules for data processing, use of services, interaction with digital products, platforms, tokens, artificial intelligence systems, DAO mechanisms, and the partner infrastructure of the Corporation.

This Policy applies to all users, partners, investors, DAO participants, funds, contractors, contributors, and third parties interacting with the corporate ecosystem in any form.

By accessing or using any product, service, or platform of the Corporation, the user confirms full acceptance of this Policy.

15. Corporate Status

The Corporation operates as:

a decentralized cooperative ecosystem
a DAO-based governance structure
a technological aggregator of platforms, projects, and partners
a provider of digital infrastructure and services

The Corporation:

provides technological tools and environments
enables interaction between independent parties
applies automated systems and artificial intelligence

The Corporation functions as a platform and infrastructure provider and does not guarantee outcomes, profits, asset preservation, or commercial success.

16. Data and Information

15.1 Types of Data

Within the ecosystem, the following categories of data may be processed:

identification and account data
technical and device-related data
activity and interaction data
blockchain and public ledger data
analytical, statistical, and aggregated data
data voluntarily provided by users

15.2 Data Processing Principles

Data processing is conducted based on:

voluntary provision by users
automated and algorithmic systems
decentralized and distributed architectures
internationally recognized data-governance standards

Data may be stored and processed using distributed systems, including blockchain, cloud, and hybrid infrastructures.

15.3. Artificial Intelligence and Automated Systems

The ecosystem utilizes:

vartificial intelligence models
automated decision-support systems
analytical and recommendation engines
digital avatars and AI agents

AI systems:

generate outputs automatically
operate on probabilistic and statistical models
do not represent human judgment or intent

All AI-generated outputs are provided for informational, analytical or simulation purposes only.

17. Digital, Financial, and Tokenized Assets

The ecosystem may include:

tokens and digital units
derivative or accounting-based digital representations
internal balances, rewards, and referral mechanisms

All digital units:

have utility, accounting, or internal ecosystem functions
are subject to technological, market, and DAO-driven dynamics
do not represent guaranteed financial instruments

The Corporation:

provides infrastructure and automation
facilitates interaction between participants
does not act as a custodian, guarantor, or fiduciary

18. Guarantees

All services are provided in their current functional state and evolve dynamically.

Any metrics, forecasts, projections, calculations, valuations, ROI, CAGR, LTV, CAC, growth scenarios, or performance indicators are model-based, illustrative, and non-binding.

Actual results depend on multiple external, technological, regulatory, and market factors.

19. Limitation of Liability

The Corporation bears no responsibility for:

investment or strategic decisions made by users
actions or omissions of third parties or partners
regulatory or legal changes in any jurisdiction
market volatility or economic conditions
failures of external networks, blockchains, or providers
DAO-based collective decisions
force majeure events

Each participant:

acts independently
evaluates risks personally
assumes full responsibility for decisions

20. Partners and Third Parties

The ecosystem may integrate:

venture funds and startups
payment and financial service providers
blockchain networks
cloud and infrastructure services
analytics and data platforms

Each partner:

operates under its own rules and policies
maintains independent compliance obligations
bears its own legal and operational responsibility

The Corporation acts as a technological and coordination layer only.

21. International Scope

The ecosystem operates globally across 178+ jurisdictions.

By using the services, the user acknowledges:

the cross-border nature of data processing
the distributed jurisdictional environment
the application of international standards

Regulatory frameworks may differ depending on country and region.

22. DAO Governance

Governance is implemented through:

DAO mechanisms
smart contracts
algorithmic rules
collective voting and automated execution

DAO decisions:

are formed collectively
are executed programmatically
define operational rules of the ecosystem

23. Intellectual Property

All software, code, AI models, interfaces, designs, trademarks, documentation, and system architectures:

belong to the Corporation or its partners
are protected by international intellectual property laws
are provided under limited, licensed access

Unauthorized use, reproduction, or distribution is prohibited.

24. Policy Updates

The Corporation may:

modify or update this Policy
adapt conditions to regulatory or technological changes
expand or adjust ecosystem functionality

The current version is published through official corporate digital channels.

25. Communication

All requests, notices, and interactions are handled through the official digital interfaces of the ecosystem.

26. Statement

The corporate ecosystem represents a decentralized, technological, cooperative environment where each participant acts consciously, independently, and within digitally defined rules.

DEFAULT & ENFORCEMENT

Collateral Enforcement Framework

11. DEFAULT & ENFORCEMENT

11.1 A Default Event includes:

failure to repay
breach of agreement
asset value deterioration

11.2 Upon default:

Cooperative activates Step-in Rights
Collateral is enforced, liquidated, or retained

11.3 The Cooperative may:

assume full control of assets
transfer ownership through SPV structures
terminate Participant rights

11.4 Any reinstatement or buyback:

is at the sole discretion of the Cooperative
may be structured but is not guaranteed

12. NO GUARANTEED REDEMPTION

The Participant acknowledges:

no guaranteed right to reclaim pledged assets after enforcement
participation rights are conditional and performance-based

13. GOVERNANCE (DAO / COOPERATIVE)

13.1 The system operates under Cooperative or DAO-based governance.

13.2 The Cooperative retains:

final decision-making authority
allocation rights
risk control authority

14. COMPLIANCE & LEGAL STATUS

14.1 The Agreement is structured to operate within:

cooperative frameworks
private contractual rights
digital asset infrastructure

14.2 The Participant agrees to comply with:

KYC/AML requirements
jurisdictional regulations

15. LIMITATION OF LIABILITY

The Cooperative is not liable for:

market losses
asset devaluation
indirect damages

16. TERM & TERMINATION

This Agreement remains in force until terminated
The Cooperative may terminate at its discretion under defined conditions

17. DISPUTE RESOLUTION

Governing Law: International law and the applicable laws of the jurisdiction in which the Participant is domiciled. In the absence of a more specific provision, general principles of international commercial law shall apply.
Arbitration: Disputes shall be resolved by binding international arbitration under the rules of the London Court of International Arbitration (LCIA) or the Singapore International Arbitration Centre (SIAC), at the election of the claimant.

18. FINAL PROVISIONS

This Agreement constitutes the full understanding between the Parties
Amendments may be made by the Cooperative governance system

MASTER COOPERATIVE CAPITAL ACCESS & LICENSE AGREEMENT

Global Cooperative Account (GCA) & Cooperative Capital Lines Framework

1. PARTIES

This Master Cooperative Capital Access & License Agreement (the "Agreement") is entered into by and between:

THE NATIONAL RESERVE SYSTEM OF RESOURCE FUNDING, a cooperative organization operating under applicable international cooperative law, acting as a global capital network operator (the "Cooperative"),

and

[Client / Partner Name], an individual or legal entity participating in the Cooperative ecosystem (the "Participant").

2. PURPOSE

This Agreement establishes the legal and operational framework under which:

the Participant is granted access to a Global Cooperative Account (GCA)
the Participant may receive Cooperative Capital Lines
the Participant contributes assets as collateral and management mandate
the Participant obtains licensed participation rights in profit streams, including those derived from the Cooperative's ecosystem (including its social network and associated platforms)

3. DEFINITIONS

"GCA (Global Cooperative Account)" — a unified digital account within the Cooperative used for capital allocation, transfers, and accounting.
"Cooperative Capital Line" — a pre-approved cooperative capital access facility ranging from USD 1,000,000 to USD 1,000,000,000.
"Collateral" — assets pledged or transferred into a structured vehicle securing obligations.
"SPV (Special Purpose Vehicle)" — entity holding collateral assets.
"Licensed Profit Participation" — contractual right to receive a share of defined revenue streams.
"Ecosystem Revenue" — revenue generated from Cooperative platforms, including but not limited to social network operations.
"Default Event" — failure to meet obligations under this Agreement.

4. GLOBAL COOPERATIVE ACCOUNT (GCA)

4.1 The Cooperative shall assign the Participant a Global Cooperative Account (GCA).

4.2 The GCA enables:

internal transfers within the Cooperative network
participation in capital allocation
tracking of obligations and entitlements

4.3 The GCA does not constitute a traditional bank account and operates within the Cooperative's internal financial infrastructure as a cooperative capital instrument.

5. COOPERATIVE CAPITAL LINES

5.1 The Cooperative may grant the Participant access to a Cooperative Capital Line.

5.2 Key characteristics:

Limit: USD 1M to USD 1B+
On-demand liquidity access
request additional collateral
suspend access

§27. SOCIAL NETWORK & PLATFORM — GLOBAL JURISDICTIONAL COMPLIANCE FRAMEWORK

175+ Jurisdictions Social Network · Cooperative Platform · Data Processing Effective: 19 January 2024

This section sets out the jurisdiction-specific legal requirements, platform obligations, content rules, data localisation mandates, and access restrictions applicable to the social network and cooperative platform operated by THE NATIONAL RESERVE SYSTEM OF RESOURCE FUNDING (Cooperative, operating as Holding) across 175+ countries. Users must comply with the laws of their country of residence in addition to these cooperative terms. The Cooperative complies with applicable local law to the extent feasible; where local law conflicts with cooperative obligations, the more restrictive rule applies.

27.1 European Union & EEA (30 Jurisdictions)

GDPR, DSA, NetzDG, Age Appropriate Design — Click to expand

Applicable Framework: All EU/EEA member states are governed by the General Data Protection Regulation (GDPR) (EU) 2016/679, supplemented by national implementing legislation. The Digital Services Act (DSA) (EU) 2022/2065 imposes additional obligations on Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) with >45M EU users.

Platform obligations for the Social Network (EU/EEA):

GDPR Art. 13/14: Transparency notices at point of data collection in the language of the user's member state.
GDPR Art. 7/8: Parental consent mandatory for processing personal data of children below the member state's digital consent age (ranges from 13 to 16 — see country details above).
GDPR Art. 17: Right to erasure ("right to be forgotten") — content and profile data deletion within 30 days of valid request.
GDPR Art. 20: Data portability — users may request their data in machine-readable format.
DSA (if VLOP): Risk assessments, independent audits, transparency reports, ad repository, algorithmic accountability, ban on targeting minors with ads based on profiling.
ePrivacy Directive (2002/58/EC): Cookie consent required; opt-in for non-essential cookies; no pre-ticked boxes.
Germany (NetzDG): Platforms with >2M German users must remove clearly illegal content within 24h, complex cases within 7 days. Mandatory quarterly transparency reports. Domestic NetzDG representative required.
France (Loi Avia): 24-hour removal obligation for terrorist and CSAM content. CNIL among the most active enforcement bodies.
Ireland: Lead DPA for many global digital companies; DPC decisions have EU-wide effect.
Italy (Garante): Active enforcement; Garante may issue precautionary blocks pending investigation.

Country	Digital Consent Age	Key Law	DPA
Austria	14	GDPR + DSG 2018	DSB
Belgium	13	GDPR + Belgian DPA Act 2018	GBA/APD
Czech Republic	15	GDPR + Act No. 110/2019	ÚOOÚ
Denmark	13	GDPR + Danish DPA Act 2018	Datatilsynet
Finland	13	GDPR + Data Protection Act 2018	Tietosuojavaltuutettu
France	15	GDPR + Loi Informatique et Libertés	CNIL
Germany	16	GDPR + BDSG 2018 + NetzDG	BfDI + 16 state DPAs
Ireland	16	GDPR + Data Protection Act 2018	DPC
Italy	14	GDPR + Codice Privacy	Garante
Netherlands	16	GDPR + UAVG 2018	AP
Poland	16	GDPR + PDP Act 2018	UODO
Spain	14	GDPR + LOPDGDD 2018	AEPD
Sweden	13	GDPR + Swedish DPA Act 2018	IMY
All other EU/EEA	13–16	GDPR + national implementing law	National DPA

27.2 United Kingdom

UK GDPR · Online Safety Act 2023 · Age Appropriate Design Code

UK GDPR + DPA 2018: Same substantive rules as EU GDPR post-Brexit. ICO enforces. Data transfers from the UK to the EU: maintained under UK adequacy regulations.
Age Appropriate Design Code (Children's Code): Platforms accessible to under-18s must apply highest privacy settings by default, prohibit profiling of children without parental consent, and switch off features that could harm children's wellbeing.
Online Safety Act 2023: Mandatory duty of care for illegal content; additional duties for "legal but harmful" content for large platforms. Age verification required for pornographic content. Coimisiún na Meán (Ofcom equivalent) may impose fines up to £18M or 10% of global qualifying worldwide revenue. Ofcom has broad investigation powers.
UK GDPR Representative: Platforms targeting UK users from outside the UK must appoint a UK representative under UK GDPR Art. 27.
Digital consent age: 13 years under UK GDPR; in practice, Age Appropriate Design Code applies heightened protections for all under-18s.

27.3 United States & Territories

COPPA · Section 230 · State Privacy Laws · OFAC Compliance

Federal — COPPA: Children's Online Privacy Protection Act: mandatory verifiable parental consent for collection of personal data from under-13s. Operators must maintain COPPA-compliant privacy notices.
Section 230 (CDA): Platforms are not publishers/speakers of third-party content (significant immunity, subject to ongoing legal challenges and legislative proposals).
State Laws: California (CCPA/CPRA): right to know, delete, correct, and opt-out of data sale/sharing; opt-in required for under-16s. Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), Oregon, Montana, Indiana, Iowa, Tennessee — each with specific rights and enforcement mechanisms.
KOSA (Kids Online Safety Act): Advancing through Congress — would impose duty of care for minors and design obligations for child-safe defaults.
OFAC: All users subject to OFAC sanctions screening. Transactions with OFAC-designated individuals, entities, or sanctioned jurisdictions are prohibited. Automated sanctions screening is applied at account registration.
Digital consent age: 13 (COPPA); 16 for data sale opt-in (California CCPA). Age verification practices may need to meet state-specific standards.

27.4 Canada

PIPEDA · Quebec Law 25 · CASL

PIPEDA (federal): Consent-based framework, breach notification, access and correction rights.
Quebec Law 25 (effective Sept 2023): Most stringent Canadian privacy law — comparable to GDPR. Mandatory Privacy Impact Assessments for high-risk processing. Breach notification within 72 hours to Commission d'accès à l'information (CAI). Right to de-indexing. Data minimisation principle.
CASL (Anti-Spam Legislation): Express consent required for commercial electronic messages. Unsubscribe mechanism mandatory. Fines up to CAD 10M per violation.
Digital consent age: 13 (PIPEDA); stricter parental consent obligations under Quebec Law 25.

27.5 Russia & CIS

Data Localisation · Roskomnadzor · Content Restrictions · SORM

· Financial cooperative services and cooperative capital access are SUSPENDED for residents of the Russian Federation and Belarus due to applicable EU, US, and UK financial sanctions. Participation in cooperative capital lines by sanctioned persons or entities is prohibited.

Russia (FZ-152): DATA LOCALISATION MANDATORY — all personal data of Russian citizens must be collected, stored, and processed on servers physically located within the Russian Federation. Roskomnadzor registration is compulsory. Non-compliant platforms are subject to access restriction (blocking).
Content restrictions (Russia): Prohibition on "propaganda" of LGBTQ+ relationships, dissemination of "false information" about Russian military operations, anti-government speech. Content removal orders must be actioned within 24 hours. Platforms with >500,000 daily Russian users may be required to install SORM-3 surveillance infrastructure.
Ukraine: Data protection law applies; martial law in force since February 2022. Occupied territories (Crimea, ORDLO) are subject to OFAC/EU sanctions — service not available in those areas.
Kazakhstan: Data localisation required. Social network operators must register with MCI. Content restrictions apply.
Other CIS States: Varying degrees of data protection and content restrictions. See per-country notices in the consent gate.

27.6 China & East Asia

PIPL 2021 · ICP Licence · Data Localisation · Great Firewall · APPI · PIPA

· This platform IS NOT LICENSED TO OPERATE IN MAINLAND CHINA. Access from mainland China is unavailable through legitimate channels due to the Great Firewall and ICP licensing requirements.

China — Mainland (PIPL 2021 + DSL 2021 + CSL 2017): ICP Licence required; all data stored in China; CAC Security Assessment for any cross-border transfer; real-name registration (government ID) for all users; content censorship per CAC directives. Platform would need full Chinese legal entity establishment, data infrastructure in mainland China, and ongoing censorship compliance. This platform has not obtained such licences.
Hong Kong SAR: PDPO applies (separate from mainland). National Security Law (2020) extends mainland security provisions. Financial: SFC regulated. Generally accessible but NSL creates content risk.
Taiwan: PDPA applies. Open internet. No content restrictions related to political speech. Financial: FSC regulated.
Japan (APPI 2022): Mandatory breach notification within 72h. Opt-in for sensitive data. Cross-border data transfers: require contractual safeguards or consent. Consumer-facing services: Tokushoho (Specified Commercial Transactions Act) disclosure required.
South Korea (PIPA 2023): Breach notification within 24h. Biometric data strictly regulated. Real-name verification for news comments. Cross-border transfers require contractual safeguards + prior notification to data subjects. One of Asia's strictest privacy regimes.

27.7 South & Southeast Asia

India DPDP · Indonesia Kominfo · Vietnam Cybersecurity Law · PDPA Thailand/Singapore

India (DPDP Act 2023): Digital consent age: 18 (parental consent mandatory below 18). IT Rules 2021: platforms with >5M users must appoint Indian resident Grievance Officer, Nodal Contact Person, and Chief Compliance Officer. Content removal within 24h for court/government orders. Monthly transparency reports. Data localisation: RBI mandates payment data localisation.
Indonesia (PDP Law 2022): Effective 2024. Kominfo registration mandatory within 6 months of launch. ITE Law creates broad content liability. Data localisation for certain classifications. Digital consent age: 17 yrs.
Vietnam (Cybersecurity Law 2018): Data localisation mandatory for significant platforms. Local representative office required. User identity verification. Content removal within 24h. Government data access on request. Digital consent age: 16 yrs.
Singapore (PDPA 2020): Breach notification within 3 days (>500 persons affected). Code of Practice for Online Safety (2023). Generally business-friendly with strong rule of law. Digital consent age: 13 yrs.
Thailand (PDPA 2022): Digital consent age: 10 yrs. Computer Crimes Act: broad content restriction powers. Lèse-majesté law (§112) creates significant content removal risk. Royal Thai Police content orders must be complied with.
Pakistan (PECA 2016): PTA can block platforms for non-compliance within 24h. Data localisation expected in forthcoming PDP Act. Digital consent age: 18 yrs.
Bangladesh, Myanmar, Laos, Cambodia: Significant content restrictions and government monitoring. Limited formal data protection frameworks. See per-country notices in the consent gate.

27.8 Oceania

Australia Online Safety Act · New Zealand Harmful Digital Communications Act

Australia (Privacy Act 1988 + Online Safety Act 2021): eSafety Commissioner may issue removal notices for cyber abuse, CSAM, and harmful content — compliance within 24h mandatory. Age verification required for adult-content platforms. Privacy Act fines: up to A$50M or 30% of adjusted turnover. Defamation: High Court has ruled platforms may be liable for third-party comments as publishers. ASIC/APRA regulate financial services.
New Zealand (Privacy Act 2020 + Harmful Digital Communications Act 2015): Mandatory breach notification. HDCA: NZ Police and NetSafe can apply for content removal orders. Digital consent age: 16 yrs.
Pacific Island Nations: Most lack comprehensive data protection laws. Digital consent age: 18 yrs. Limited regulatory capacity.

27.9 Middle East & North Africa

UAE PDPL · Saudi PDPL · Turkey KVKK + Law 7253 · Content Restrictions

· Significant content restrictions apply across the MENA region. LGBTQ+ content, political opposition speech, and content critical of ruling governments or religions is prohibited in many jurisdictions and can result in criminal prosecution of both the user and the platform. The Cooperative applies mandatory geoblocking of prohibited content categories for affected countries where technically feasible.

UAE (PDPL 2021): Content restrictions: LGBTQ+, anti-government content strictly prohibited. TRA blocks VoIP. Financial: CBUAE (mainland), DIFC, ADGM (financial centres). Cooperative capital lines require appropriate licensing.
Saudi Arabia (PDPL 2021, effective Sept 2023): Local representative mandatory. Content removal within 24h. Anti-Islamic content, political opposition, LGBTQ+ content prohibited. Financial: SAMA regulated.
Turkey (KVKK 2016 + Law 7253/2020): Platforms with >1M daily Turkish users: local representative, data localisation, 48h content removal. Bandwidth throttling up to 90% for non-compliance. Financial: BDDK regulated.
Israel: GDPR-aligned. Open internet. High-tech ecosystem. Generally open platform environment.
Egypt, Morocco, Algeria: Government content-blocking powers. Political opposition and LGBTQ+ content restricted.
Libya, Yemen: Ongoing conflict. Divided governance. Severely limited regulatory framework and infrastructure.

27.10 Sub-Saharan Africa

South Africa POPIA · Nigeria NDPA 2023 · Kenya DPA 2019 · Regional Requirements

South Africa (POPIA 2013, effective 2021): GDPR-aligned. Information Regulator actively enforces. Mandatory breach notification. Financial: FSCA/SARB regulated. Digital consent age: 13 yrs.
Nigeria (NDPA 2023): Africa's most comprehensive data protection law. Registration with NDPC required for processors of >1,000 data subjects. Digital consent age: 13 yrs. Financial: CBN regulated.
Kenya (DPA 2019): GDPR-aligned. ODPC actively enforces. Digital consent age: 13 yrs. Financial: CBK regulated. "Silicon Savannah" — major tech hub.
Ghana (DPA 2012), Rwanda (PDP Law 2021), Zambia (DPA 2021), Botswana (DPA 2018), Mauritius (DPA 2017), Cape Verde: Comprehensive data protection laws in place. Generally open internet access.
Ethiopia, Tanzania, Uganda, Cameroon: Content restrictions; government internet control powers; social media monitoring; platforms must comply with government takedown orders.
Conflict-affected states (Somalia, South Sudan, DR Congo, Central African Republic, Chad, Mali, Burkina Faso, Niger): Severely limited digital infrastructure and governance. Ongoing conflict or political instability. Service availability significantly limited.

27.11 Latin America & Caribbean

Brazil LGPD · Mexico LFPDPPP · Argentina (EU Adequacy) · Colombia · Chile

Brazil (LGPD 2018, effective 2020): GDPR-aligned, 10 legal bases. ANPD actively enforces. Marco Civil da Internet: local representative mandatory for platforms offering services in Brazil. PIX payment system integration. Digital consent age: 13 yrs (parental consent below). Financial: BCB/CVM regulated.
Mexico (LFPDPPP 2010): ARCO rights (Access, Rectification, Cancellation, Opposition). INAI enforces. Ley Olimpia: non-consensual intimate imagery obligations. Fintech Law 2018. Digital consent age: 13 yrs.
Argentina: EU adequacy decision — strong data protection. GDPR-aligned reform underway. Generally open internet. Digital consent age: 13 yrs.
Colombia, Chile, Peru, Ecuador, Uruguay, Costa Rica, Panama: Varying degrees of comprehensive data protection. Uruguay has EU adequacy. Chile reform will align with GDPR. Active enforcement in Colombia (SIC) and Uruguay.
Venezuela: US/EU financial sanctions apply — cooperative capital services not available for Venezuelan residents.
Caribbean Islands: Varying frameworks. Jamaica (DPA 2020), Barbados (DPA 2019), Bahamas (DPA 2003) have data protection laws. Eastern Caribbean: ECTEL framework.

27.12 Sanctioned & Blocked Jurisdictions

· The following jurisdictions are subject to international sanctions. THE NATIONAL RESERVE SYSTEM OF RESOURCE FUNDING does NOT provide cooperative capital services, financial services, or platform services to persons located in, ordinarily resident in, or incorporated in the following sanctioned jurisdictions:

North Korea (DPRK): OFAC + UN Security Council comprehensive sanctions. ALL services prohibited.
Iran: OFAC IEEPA/CISADA sanctions. Financial and cooperative services prohibited. Social network informational access may be available under OFAC General License D-2 (personal communications) — verify with legal counsel before engagement.
Syria: OFAC, EU, UN comprehensive sanctions. ALL services prohibited.
Cuba: OFAC CACR sanctions. Financial/cooperative services prohibited. Limited informational access may be permissible under applicable OFAC General Licenses.
Sudan: OFAC/UN targeted sanctions. Verify counterparty status. Service availability limited.
Crimea (Ukraine, Russian-occupied): OFAC/EU sanctions. Services not available in occupied territory.
Donetsk/Luhansk (Ukraine, Russian-occupied): OFAC/EU sanctions. Services not available.
Myanmar (financial services): EU/US/UK sanctions on military-linked entities. Financial cooperative services not available to sanctioned entities. Platform access subject to human rights due diligence.

Persons on OFAC Specially Designated Nationals (SDN) list, EU Consolidated Sanctions List, or UN Consolidated Sanctions List are prohibited from accessing any service regardless of jurisdiction. The Cooperative conducts automated sanctions screening at account registration and periodically thereafter.

27.13 Universal Platform Requirements

The following requirements apply to the social network globally, regardless of jurisdiction, in accordance with the Cooperative's baseline standards:

Age verification: Minimum age of 13 years to create an account. Users in jurisdictions with higher digital consent ages must meet the local requirement. Age verification mechanisms are applied at registration.
Prohibited content (universal): Child sexual abuse material (CSAM) — zero tolerance, immediate removal and mandatory reporting to NCMEC (US) and applicable national authorities. Terrorist content — removal within 1 hour of a valid referral. Content facilitating genocide, mass atrocity, or war crimes.
Real-name policy: Not required globally. However, in jurisdictions where local law mandates real-name registration (China, Russia, South Korea — news comments, Vietnam), appropriate verification is required.
Transparency reports: The Cooperative publishes transparency reports covering government information requests, content removal actions, and law enforcement cooperation, in accordance with DSA, NetzDG, and equivalent obligations.
Law enforcement cooperation: The Cooperative responds to lawful government requests for user data in accordance with applicable law and internal policy. Emergency disclosure to law enforcement is available 24/7 for imminent threats to life.
Content appeals: All users have the right to appeal content removal decisions through the Cooperative's internal appeals mechanism, and through relevant out-of-court dispute settlement bodies as required by the DSA.
Localisation: Key platform interfaces are available in the official language(s) of jurisdictions where the platform is primarily targeted, in compliance with DSA Art. 12 and equivalent obligations.

For jurisdiction-specific legal inquiries, regulatory cooperation requests, or law enforcement contact, please email i@qitq.tech with the subject line: Legal / [Jurisdiction] / [Matter Type]. Response within 5 business days for standard requests; 24h for emergency law enforcement matters.

🍪 Cookie Preferences