Critic – Global Legal Review & Adjustments Checklist

Critic is operated globally by VeranoSoft Private Limited (“VeranoSoft”), based in India, together with its subsidiaries and affiliates where applicable.

This checklist is a working tool for internal teams and local counsel to review Critic’s legal documentation and product design before launch in the United States, the United Kingdom, India, and other markets. It is not legal advice.

1. Data Protection & Privacy

• Confirm the global Privacy Policy and data-flow documentation describe account/profile data; approximate location/proximity handling; contacts/invitations; tags/notes; retention/deletion.
• Validate lawful bases for each category (contract, legitimate interests, consent, or other grounds).
• Confirm whether a Data Protection Officer, Data Fiduciary representative, or other formal role is required.
• Confirm cross-border transfers are covered with appropriate safeguards.

2. Content, Defamation & Safety

• Review Terms of Use and community standards on harassment, bullying, hate speech, doxxing, defamation, and false statements.
• Confirm rights to remove content and ban users; ensure reporting, blocking, and appeal mechanisms are surfaced.

3. Age Gating

• Confirm Critic is launched as 18+ and flows/copy/marketing support this stance.
• Assess whether additional age verification is needed per region.

4. User Rights & Requests

• Ensure Privacy Policy covers regional rights (access, deletion, correction, objection, portability, etc.).
• Maintain a unified, auditable process for rights requests (verification, logging, timeframes).
• Validate regional notices (US, UK, India) align with local law.

5. Liability & Dispute Resolution

• Confirm liability caps, warranty disclaimers, indemnity provisions meet local consumer/contract law.
• Verify region-specific governing law and jurisdiction terms are enforceable and appropriate.

6. Region-Specific Checks

6.1 United States

• Align with key US state privacy laws (e.g., CCPA/CPRA and similar state laws).
• Provide clear paths for access/deletion rights where applicable.
• Meet disclosure standards for approximate location and personal information sharing.

6.2 United Kingdom

• Operationalise UK GDPR principles (lawfulness, transparency, minimisation, etc.).
• Ensure rights (access, correction, deletion, restriction, objection, portability) are described and supported.
• Mitigate defamation/harassment risks via reporting/removal tools.

6.3 India

• Align with the Digital Personal Data Protection Act 2023 and rules.
• Provide grievance redressal details in-app and in the Privacy Policy.
• Ensure retention, consent withdrawal, and deletion processes work for Indian users.

7. Platform & Store Policies

• Review Apple App Store and Google Play policies on UGC, harassment/hate speech, location data, and background tracking.
• Confirm product behaviour, legal docs, and safety tools comply in all launch countries.

8. Documentation & Training

• Keep updated internal summaries of legal advice and implementation.
• Train support/moderation teams to apply Terms and Privacy Policy in practice.