Legal

Privacy Officer designation

Effective date: April 30, 2026  ·  Last updated: May 6, 2026

This page is the public-facing record of the Privacy Officer designation that PIPEDA and Quebec Law 25 require Canadian organizations handling personal information to publish. It is not legal advice. If you have questions about your privacy rights, please contact the Privacy Officer at the email below or consult a qualified lawyer.

1. Designation

Pursuant to:

• The federal Personal Information Protection and Electronic Documents Act (PIPEDA), Schedule 1, Principle 4.1.1 (“an organization shall designate an individual or individuals who are accountable for the organization’s compliance”);
• The Quebec Act respecting the protection of personal information in the private sector (CQLR c P-39.1), as amended by Law 25 / Bill 64, section 3.1 (“an enterprise shall designate a person in charge of the protection of personal information”); and
• Practical compliance posture for Apple App Review (App Store Review Guidelines §5.1) and Google Play Console (Mature 18+ tier requirements);

Moradi Labs Inc. designates Behnam Moradi (sole director, sole shareholder) as the Privacy Officer (“Person in Charge of the Protection of Personal Information”) effective April 30, 2026.

2. How to contact the Privacy Officer

Use any of the channels below to ask a privacy question, exercise a privacy right (access, correction, deletion, portability, restriction, objection, withdrawal of consent), or report a privacy incident.

• Email: [email protected]
• Mail: Privacy Officer, Moradi Labs Inc., 1223 Enfield Ct, Windsor, Ontario, Canada N8S 4N1
• Within the SobrCircle app: Settings → Privacy → Contact our Privacy Officer (deep-links to email)
• Privacy Policy: sobrcircle.com/privacy (Section 2)

We respond to privacy requests within 30 calendar days. If we need more time we will write to you within that initial 30 days with the reason for the delay and the new expected response date.

3. Responsibilities

The Privacy Officer is accountable for:

1. Compliance with all applicable Canadian privacy laws (PIPEDA federally, Quebec Law 25 / Bill 64 provincially, BC PIPA, Alberta PIPA where applicable).
2. Maintenance and annual review of the Privacy Policy, the Terms of Service, the internal Records of Processing Activities (ROPA), and Privacy Impact Assessments (PIA) for new collection types.
3. Responding to privacy requests (access, correction, deletion, portability, restriction, objection, withdrawal of consent) within 30 calendar days, or providing written notice of the reason for delay and the new expected response date.
4. Investigating, containing, and reporting personal information breaches to:
   • Affected users without unreasonable delay;
   • The Office of the Privacy Commissioner of Canada (PIPEDA s.10.1, “real risk of significant harm” standard);
   • The Commission d’accès à l’information du Québec (Quebec Law 25 §3.5, “serious injury” standard) when Quebec residents are affected;
   • Other Canadian provincial regulators as required.
5. Maintaining the breach register required under PIPEDA s.10.3 and Quebec Law 25 §3.8.
6. Responding to communications from privacy regulators in good faith and on a timely basis.
7. Conducting Privacy Impact Assessments before any new collection type, new sharing relationship, new third-party processor, or new sensitive-category processing.
8. Annual privacy training for any future employees, contractors, or agents handling personal information.
9. Confirming in writing on each anniversary of this designation that this designation, the Privacy Policy, and the ROPA remain accurate and up to date.

4. Authority

The Privacy Officer has independent authority to:

• Pause or stop any new data collection activity that has not received privacy review.
• Veto product launches that introduce a new data flow not disclosed in the Privacy Policy.
• Approve, deny, or condition approval of any new third-party processor.
• Direct the immediate response to a suspected privacy incident, including taking systems offline if necessary to contain a breach.

For the avoidance of doubt: while Behnam Moradi serves in operational, executive, and Privacy Officer capacities concurrently as sole director and shareholder, when acting as Privacy Officer he applies an independent compliance standard. If a future conflict between operational and compliance objectives arises that cannot be reconciled internally, Moradi Labs Inc. will engage external Canadian privacy counsel for an independent opinion before proceeding.

5. Service providers and material data flows

The third-party service providers that process personal information on Moradi Labs Inc.’s instructions are listed in the Privacy Policy — Section 6 (How we share your information) and are bound by data processing agreements (DPAs) where applicable. The Privacy Officer reviews this list before each release. Adding a new processor requires:

1. Documented Privacy Impact Assessment
2. DPA execution (where the processor offers one)
3. Privacy Policy update before the new processor sees user data
4. Notice to users in-app at least 30 days before the new processor goes live, for material additions

6. Records of Processing Activities (ROPA)

Moradi Labs Inc. maintains an internal ROPA covering each category of personal information processed, the legal basis, retention period, and destination. The ROPA is not published publicly but is available to Canadian privacy regulators on request and to data subjects via written request to the Privacy Officer where required by applicable law.

7. Updates to this designation

If the Privacy Officer changes (transfer of role, change of contact details, or change of legal entity), this page is updated and the change is announced in-app and by email at least 30 days before it takes effect. The Privacy Policy is updated in the same release.

Moradi Labs Inc., a federal Canadian corporation (Corporation No. 1783166-8; Ontario extra-provincial registration No. 1001564375). Registered office: 1223 Enfield Ct, Windsor, Ontario, Canada N8S 4N1.