Privacy Policy for SocioSim

SOCIOSIM, INC. ("SocioSim," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website sociosim.org and use our SocioSim service (collectively, the "Service").

Please read this Privacy Policy carefully. By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and our Terms of Service. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

1. Information We Collect

1.1. Personal Information You Provide

We collect information that you voluntarily provide to us when you:

• Register for an account
• Use our Service to create surveys, audience profiles, or other content
• Subscribe to our services or purchase tokens
• Contact us for customer support
• Sign up for marketing communications
• Participate in surveys, contests, or promotions

This information may include:

• Contact Information: Name, email address, phone number, mailing address
• Account Information: Username, password (encrypted), profile information
• Payment Information: Billing address, payment method details (processed by our third-party payment processor Stripe)
• Content Data: Survey designs, audience configurations, prompts, and other data you input into our Service
• Communication Data: Messages you send to us, feedback, and support requests

1.2. Information Automatically Collected

When you access or use our Service, we automatically collect certain information, including:

• Device Information: IP address, browser type and version, operating system, device identifiers
• Usage Information: Pages visited, time spent on pages, clicks, scrolling behavior, features used
• Log Information: Access times, error logs, referral URLs
• Location Information: General geographic location based on IP address

1.3. Information from Third Parties

We may receive information about you from third-party services, including:

• Payment Processors: Transaction information from Stripe
• Analytics Services: Usage analytics from Google Analytics
• Marketing Platforms: Advertising interaction data from Meta Pixel and similar services
• Large Language Model Providers: Service usage metrics from Google Gemini, OpenAI, and other AI providers we use to operate the Service

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1. Service Provision

• Provide, operate, and maintain our Service
• Process survey campaigns and generate AI-simulated responses
• Manage your account and subscription
• Process payments and billing
• Provide customer support and respond to inquiries

2.2. Service Improvement

• Analyze usage patterns to improve our Service
• Develop new features and functionality
• Conduct research and analytics
• Troubleshoot and fix technical issues

2.3. Communication

• Send transactional emails (account notifications, service updates, billing information)
• Send marketing communications about our Service (with your consent and ability to opt-out)
• Respond to your comments, questions, and requests
• Provide customer service and support

2.4. Legal and Security

• Comply with legal obligations and regulations
• Protect against fraud, abuse, and security threats
• Enforce our Terms of Service and other policies
• Protect the rights, property, or safety of SocioSim, our users, or others

2.5. Business Operations

• Analyze business performance and market trends
• Facilitate corporate transactions (mergers, acquisitions, etc.)
• Manage our business operations and relationships

2A. Legal Basis for Processing (GDPR)

Contract (Article 6(1)(b) GDPR): Processing necessary for the performance of our contract with you, including:

• Providing the Service you've subscribed to
• Managing your account and subscription
• Processing payments

Legitimate Interest (Article 6(1)(f) GDPR): Processing necessary for our legitimate business interests, including:

• Improving and developing our Service
• Ensuring security and preventing fraud
• Marketing our services to existing customers
• Analytics and business operations

Consent (Article 6(1)(a) GDPR): Where you have provided explicit consent, including:

• Marketing communications to prospects
• Optional data sharing for service improvements
• Non-essential cookies and tracking

Legal Obligation (Article 6(1)(c) GDPR): Processing required by law, including:

• Tax and financial record keeping
• Compliance with court orders or legal requests
• Data breach notifications

3. How We Share Your Information

3.1. Service Providers

We share information with third-party service providers who perform services on our behalf or whose services are integral to our Service's functionality. This includes:

• Payment Processing: Stripe for payment processing
• Analytics: Google Analytics for website and service analytics
• Marketing: Meta Pixel and other advertising platforms for targeted marketing
• Infrastructure: Cloud hosting, data storage, and content delivery services
• Communication: Email service providers for transactional and marketing emails

These service providers are contractually obligated to protect your information and use it only for the specified purposes, or as outlined in their own terms when their services are integral (like the LLM providers).

3.2. Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Court orders, subpoenas, or other legal processes
• Government requests or regulatory requirements
• Requests from law enforcement agencies
• Legal claims or disputes

3.3. Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred as part of the business transaction, subject to confidentiality agreements.

3.4. Consent

We may share your information with your explicit consent for purposes not described in this Privacy Policy.

3.5. Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you for research, marketing, or other business purposes.

4. Data Retention

We retain your personal information for as long as necessary to:

• Provide you with our Service
• Comply with legal obligations
• Resolve disputes and enforce our agreements
• Fulfill the purposes described in this Privacy Policy

Specific Retention Periods:

Account Data: We retain your account information for the duration of your active account plus 30 days after account closure for paying customers (immediate deletion for free accounts) to handle any account-related issues.

Content Data: Survey designs, audience profiles, and generated content are retained according to your subscription plan and our data retention policies. Paying customers have a 30-day grace period after account termination to export data before deletion. You may delete or export your content through your account settings at any time.

Usage Data: We typically retain usage and analytics data for up to 24 months unless longer retention is required for legal or business purposes.

Payment Data: Payment information is retained for 7 years to comply with financial record-keeping requirements.

Communication Records: Customer support communications are retained for 3 years for quality assurance and dispute resolution.

When we no longer need your personal information, we will securely delete or anonymize it in accordance with our data retention schedule and applicable laws.

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: Data transmission is protected using industry-standard encryption (HTTPS/TLS)
• Password Security: User passwords are hashed using strong algorithms (e.g., pbkdf2_sha256)
• Access Controls: Limited access to personal information on a need-to-know basis
• Regular Security Assessments: Ongoing monitoring and testing of our security measures
• Secure Infrastructure: Use of reputable cloud service providers with strong security practices

5.1. Security Incident Response

In the event of a data breach or security incident affecting your personal information:

(a) Detection and Response: We will investigate and contain the incident within 24 hours of discovery

(b) User Notification: We will notify affected users within 72 hours via email and prominent notice on our Service

(c) Regulatory Notification: We will comply with applicable breach notification laws and report to relevant authorities as required

(d) Remediation: We will take immediate steps to address the vulnerability and prevent future incidents

(e) Communication: We will provide regular updates on our investigation and remediation efforts

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

6. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

6.1. General Rights

• Access: Request a copy of the personal information we have about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to certain exceptions)
• Portability: Request a copy of your information in a portable format
• Objection: Object to certain processing of your information
• Restriction: Request restriction of processing in certain circumstances

6.2. California Residents (CCPA/CPRA Rights)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: Request information about the categories and specific pieces of personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt-out of the sale or sharing of your personal information (Note: We do not sell personal information)
• Right to Limit: Limit the use and disclosure of sensitive personal information
• Right to Non-Discrimination: Not to receive discriminatory treatment for exercising your privacy rights

6.3. Exercising Your Rights

To exercise any of these rights, please contact us at:

• Email: legal@sociosim.org
• Mail: SocioSim Inc., 8 The Green #22869, Dover, DE, 19901, United States

(a) Verification Process: To protect your privacy and security, we will take reasonable steps to verify your identity before processing your request. This may require you to provide:

• Your registered email address
• Details about your account activity or recent interactions with our Service
• In some cases, a government-issued ID or other proof of identity, if we cannot verify your identity through other means.

We will only use this information for verification purposes.

(b) Response Timeline: We will respond to your verifiable request within 30 days of receipt. If we require more time (up to 90 days total), we will inform you of the reason and extension period in writing within the initial 30-day period.

(c) Fees: We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

(d) Appeal Process: If we deny your request in whole or in part, you may appeal our decision by contacting us at legal@sociosim.org within 30 days of receiving our decision, specifying "Privacy Request Appeal" in the subject line. We will respond to appeals within 45 days.

(e) Authorized Agent: You may designate an authorized agent to make a request on your behalf. To do so, you must provide the agent with written permission, and we may require you to verify your own identity directly with us, unless the agent provides a power of attorney executed pursuant to applicable state law.

We will respond to your request within the timeframe required by applicable law (typically 30 days). We may need to verify your identity before processing your request.

7. Marketing Communications

7.1. Opt-In and Opt-Out

We may send you marketing communications about our Service, new features, promotions, and related topics. You can:

• Opt-In: Consent to receive marketing communications during account registration or through other means
• Opt-Out: Unsubscribe from marketing emails using the unsubscribe link in each email or by contacting us directly
• Manage Preferences: Update your communication preferences in your account settings

7.2. Transactional Communications

Even if you opt-out of marketing communications, we may still send you transactional communications related to your account, such as service notifications, billing information, and important updates about our Service.

8. International Data Transfers

Our Service is operated from the United States. If you are accessing our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers and service providers are located.

By using our Service, you consent to the transfer of your information to the United States and other countries where we or our service providers operate, which may have different data protection laws than your country of residence.

9. Children's Privacy

Our Service is not intended for children under the age of 18, and we do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

If you believe that we have collected information from a child under 18, please contact us immediately at legal@sociosim.org.

10. Third-Party Services

Our Service may contain links to third-party websites, applications, or services that are not operated by us, and integrates deeply with others as core components of our Service. This Privacy Policy applies to how SocioSim handles your data, but not necessarily to third-party services once your data is shared with them as necessary for our Service.

Essential Third-Party AI Services:
As stated in Section 3.1, our Service's core functionality depends on sharing your Input Data with AI model providers. By using SocioSim, you acknowledge and agree that your data will be processed by these services. We encourage you to review their privacy policies:

• Google Gemini: (see Google's Privacy Policy)
• OpenAI: (see OpenAI's Privacy Policy)

Other Third-Party Services We Use:

• Stripe: Payment processing (see Stripe's Privacy Policy)
• Google Analytics: Website analytics (see Google's Privacy Policy)
• Meta Pixel: Advertising analytics (see Meta's Privacy Policy)

We encourage you to review the privacy policies of any third-party services before providing them with your information or if you have concerns about how they handle data that is necessarily shared for SocioSim to function.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Post the updated Privacy Policy on our website
• Update the "Last Updated" date at the top of this Privacy Policy
• Notify you via email or through our Service if the changes significantly affect how we handle your personal information
• Provide at least 15 days' notice before material changes take effect

Your continued use of our Service after any changes to this Privacy Policy constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

---

For questions about this Privacy Policy, please contact us at the information provided above.