Privacy Policy
LAST UPDATED · 18 July 2026
Social Machines AI ("Social Machines", "we", "us") is a frontier AI lab based in Singapore. This policy explains what personal data we collect when you visit socialmachines.ai, why we collect it, the legal bases we rely on, and the rights you have. We are the data controller for this website. Questions or requests: [email protected].
1. Scope
This policy covers our public marketing website only. It does not cover any separate products, apps, or services we may operate under their own terms, or third-party sites we link to.
2. Information we collect
Information you give us. The website has no user accounts and no payment processing. If you email us, we receive your email address and message. The newsletter field on the site is not yet operational and does not currently transmit or store any address.
Information collected automatically.
- Analytics — we use a self-hosted instance of Rybbit, a privacy-first analytics tool running on our own infrastructure. It is cookieless and does not track you across other websites. It records aggregate, non-identifying usage: page views, referring site, approximate region (derived from IP, not stored as a precise location), and device/browser type.
- Hosting & security logs — our host and CDN, Cloudflare, processes standard request data (IP address, user-agent, timestamps, requested URLs) to deliver the site, defend against abuse, and keep it reliable.
3. Cookies and similar technologies
We do not use advertising or cross-site tracking cookies. Our analytics is cookieless. Cloudflare may set strictly necessary cookies for security and bot mitigation, and Cloudflare Access sets a session cookie for our internal admin area only (not for ordinary visitors). Where your local law requires consent for non-essential storage, we do not place any until it applies.
4. Why we use your data and our legal bases (GDPR)
- Operate and secure the site — legitimate interests (Art. 6(1)(f)) and, for logs, legal obligation where applicable.
- Understand aggregate usage to improve content — legitimate interests; consent where your jurisdiction requires it for analytics.
- Respond to messages you send us — legitimate interests / steps at your request (Art. 6(1)(b)/(f)).
5. How we share data
We do not sell or rent personal data, and we do not share it with advertising networks. We rely on a small number of processors acting on our instructions:
- Cloudflare, Inc. — hosting, CDN, DNS, security.
- Rybbit (self-hosted) — analytics on infrastructure we control.
We may disclose data if required by law or to protect our rights, users, or the public.
6. International transfers
The site is served from Cloudflare’s global edge network, so data may be processed in countries outside your own, including outside the EEA/UK and Singapore. Where required, such transfers are covered by appropriate safeguards such as Standard Contractual Clauses.
7. Retention
Aggregate analytics are kept only as long as useful for understanding trends and then aged out. Security and CDN logs are short-lived and retained only as needed for reliability and abuse prevention. Emails you send us are kept for as long as needed to handle your request and meet legal obligations.
8. Your rights
EEA/UK (GDPR). You have the right to access, rectify, erase, restrict, or object to processing of your personal data, to data portability, and to withdraw consent at any time. You may also lodge a complaint with your local supervisory authority.
Singapore (PDPA). You may request access to and correction of personal data we hold about you, and withdraw consent for its collection, use, or disclosure.
California (CCPA/CPRA). You have the right to know, delete, and correct personal information, and to opt out of its "sale" or "sharing." We do not sell or share personal information as those terms are defined, and we will not discriminate against you for exercising your rights.
To exercise any right, contact us at [email protected]. We honor Global Privacy Control (GPC) browser signals where applicable.
9. Children
The site is not directed to children and we do not knowingly collect data from anyone under 16 (or the minimum age in your jurisdiction). If you believe a child provided us data, contact us and we will delete it.
10. Security
We protect the site with HTTPS/HSTS, hardened HTTP security headers, restricted administrative access behind Cloudflare Access, and least-privilege infrastructure. No method of transmission or storage is perfectly secure, but we work to protect your data.
11. Changes to this policy
We may update this policy as the site evolves. Material changes will be reflected by the "Last updated" date above.
12. Contact
For any privacy question or request, email [email protected]. Social Machines AI, Singapore.