Last Updated: April 2nd, 2020
Effective: April 2nd, 2020

Who We Are

The Celestial Atlantis Treaty Organization, or CATO. We are the data controllers for all CATO Directorates: the Kepner Foundation, Consortium of the Infinity Star, NortheBridge, Assembly of Concorde, and the Scientific and Advanced Research Laboratories. Our web address is Our primary mailing address is:

Celestial Atlantis Treaty Organization (CATO)
c/o Privacy & Trust Division
445 S. Figueroa St.,
Floor 31
Los Angeles, California 90071
United States of America

How do you handle my personal data

As Data Controller

The Celestial Atlantis Treaty Organization is the primary data controller of all personal data collected through CATO affiliated sites and web apps. As data controller, CATO determines how to use your personal data including how that data is read and transacted by and between the various CATO Directorates as well as any third-parties.

As Data Processor

The Celestial Atlantis Treaty Organization is the primary data processor for all data collected through CATO sites and apps. As data processor, in addition to any privacy controls, we may offer you, we maintain custody of your personal data and only making it known with the minimum amount required for the transacting of the data for a particular purpose. We only provide enough data to any third party for the operations of sites, apps, and services as you would expect them. We do not sell your personal data to third parties. For the ease of use and security of all sites, apps, and services, CATO makes available in full without any redactions, your personal data to its Directorates only. Different privacy policies may apply to your personal data after being used on a Directorates’ site, app, or service even though CATO remains the data controller. In the event of a conflict of privacy policies regarding personal data, the policy containing more data collection supersedes the policy with less data collection unless otherwise noted in the conflicting policy.

What personal data we collect and why we collect it

Membership Account Data

When you register for an OneWorld Passport which is required for the use of certain portions of our sites as well as our apps and services, we ask you for personal details including name, location and the permission to use your GPS location while using our site, apps, and services, age, gender, and OAuth 2 compatible social network handles from Twitter and Facebook. We consider all of this to be personal information. At this time, the only information controls afforded to OneWorld Passport are the ability to modify GPS location permissions and modify connectivity between OAuth 2 compatible services.

Data Telemetry

The Celestial Atlantis Treaty Organization’s sites, services, and apps use “telemetry” to acquire general detailed and behavioral information regarding users of the sites, services, and apps for improving user experience and analytical purposes including any resulting reasons thereof. Data telemetry is provided in the form of a globally unique “Session Beacon” generated by calculating relational data generated by Google Marketing Analytics, Microsoft Bing Webmaster Analytics, and Matomo Analytics to form a globally unique “Session User Identifier” to associate activity in our sites, apps, and services with you.


We use cookies, a small file that web browsers and apps store, to facilitate the use of our sites, services, and mobile or web apps. Your continued use of our sites, services, and apps constitute an unconditional acceptance under applicable governing laws to the use of cookies by the Celestial Atlantis Treaty Organization for the purposes of the sites, services, and apps we provide to you and anything resulting thereof. Certain pages and features use cookies to match Beacons with Session Identifiers so that we may provide you a tailored made user experience across all platforms and stores this as “Visitor IDs.” For deep learning, OneWorld Passport will try to associate your “Visitor ID” with your OneWorld Passport. If you do not have a OneWorld Passport or if you clear your cookies before signing into OneWorld, your “visitor ID” will remain ‘unique’ and non-associated unless deep learning is able to associate the information within Matomo Cloud Enterprise.

You cannot opt-out of the use of cookies. Cookies are required to make the internet work. However, if you would like to browse CATO sites privately, use “In-Private Browsing” or “Incognito Mode” on your web browser which will not store cookie information for longer than the session the browser windows are open for. You may also clear your cookies from the “Settings” menu of Microsoft Edge (, Mozilla Firefox ( and Google Chrome (

Embedded content from other websites

Certain parts of our web apps, sites, and services may use “embedded content” from third parties. Embedded Content works the same way as if you visited the website from which the content is coming from. We do not maintain or otherwise control how data collected by embedded websites are used for any purposes including but not limited to marketing and analytics.

We limit the access and ability of embedded content strictly to the functionality it is intended for but we cannot guarantee the fitness for a particular privacy purpose of the embedded content.

Who we share your data with

The Celestial Atlantis Treaty Organization shares your data between its Directorates as well as any required third party to transact the functionality of web apps, sites, and services. CATO may also share high-level data regarding analytics collected with third-party partners for the purposes of catalyzing the data or for universal analytical tracking.

How long we retain your data

If you use any of the social features, the social feature and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up social feature usage automatically. You may partially control this functionality by limiting how much access our sites, apps, and services have to specific functions of our social features.

When you sign up for Membership, CATO requires personally identifiable information to create an OneWorld Passport. If you do not retain your OneWorld Passport, the data retention of your inactive OneWorld Passport is twenty-five years.

What rights you have over your data

If you have an OneWorld Passport, you can request to receive an exported file of the data we hold about you, including any data you have provided to us. You can also request that we erase the personal data we hold about you. This does not include any data we are obligated to keep for administrative, legal, or security purposes.

Where we send your data

Although we limit the use of personal data as much as possible to organizations outside of the Celestial Atlantis Treaty Organization, transacting certain features and services requires the sharing of particular data. Information collected during OneWorld Passport registration may be analyzed by Cloud Security AI for fraud protection purposes. If you purchase something from us, including memberships, we forward only the necessary information to the payment processors we use such as PayPal, Square, Skrill, Stripe, and Chase Pay. We will receive associated data back from the payment processors related to what we forwarded. By using our sites, apps, and services we will automatically send analytical data to the Matomo Cloud for market and behavioral analysis. When you register for one of our newsletters, we will share certain information with Mailchimp and this information will also be sent to the Matomo Cloud.

How we protect your data

Our sites, apps, and services undergo compliance certifications for the transfer of particular types of data. We also implement Advanced Cloud Security AI to protect your data.

What data breach procedures we have in place

Our sites, apps, and services are monitored by the CATO Network Authority Global Operations Center SecOps. In the event of a data breach, we will perform the SecOps Breach Recovery Procedure and perform a full audit on the affected sites, apps, or services.

Regulatory Disclosure Requirements

Your data is stored by us in the United States and Switzerland. We do not provide access to your data for purposes other than outlined within this policy unless presented with a court order properly filed and executed within the jurisdiction of the State of California. If some of your data is stored in the European Union such as a service, we will only present your data residing in the European Union by court order to a recognized law enforcement agency in the European Union. Unless we expressly allow it, law enforcement agencies are required to obtain a court order from a recognized court jurisdiction in the State of California and the European Union in order to obtain your global data.