Privacy Policy for Simulacra Synthetic Data Studio

We aim to make this policy  transparent and informative, explaining how Simulacra collects, uses, and protects personal data while adhering to both GDPR and SOC 2 principles. It outlines the rights of individuals under GDPR and how they can exercise those rights, as well as demonstrating the company's commitment to data security and privacy through SOC 2 compliance.

Introduction

Simulacra Synthetic Data Studio ("Simulacra," "we," "us," or "our") is committed to protecting the privacy and security of your personal data. ThisPrivacy Policy explains how we collect, use, disclose, and safeguard your personal information in accordance with the General Data Protection Regulation (GDPR), SOC 2 principles, and other applicable data protection laws.
By using our services or interacting with our website, you consent to the practices described in this Privacy Policy.

Data Controller and Data Protection Officer

Simulacra Synthetic Data Studio is the data controller responsible for your personal data. We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy or our data practices, please contact our DPO at:
Jason@simulacra-data.com

Personal Data We Collect

We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped as follows:

• Identity Data: first name, last name, username or similar identifier
• Contact Data: email address, telephone number, postal address
• Technical Data: internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website
• Usage Data: information about how, when, for how long, etc., you use our
  website, platform and services
• Financial Data: payment card details (processed securely through our payment service provider)
• Transaction Data: details about payments to and from you and other details of products or services you have purchased from us
• Marketing and Communications Data: your preferences in receiving marketing from us and our third parties and your communication preferences

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).

How We Collect Your Personal Data

We use different methods to collect data from and about you through:

• Direct interactions: You may give us your Identity, Contact, and Financial Data by filling in forms or by corresponding with us by post, phone, email, or otherwise.
• Automated technologies or interactions: As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns.
• Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources, such as analytics providers, advertising networks, and search information providers.

How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Where we need to perform the contract we are about to enter into or have entered into with you, or are in the process of entering a contract with you
• Where it is necessary for our legitimate interests (or those of a third party)and your interests and fundamental rights do not override those interests
• Where we need to comply with a legal or regulatory obligation
• Where you have given consent for specific purposes

We have set out below a description of all the ways we plan to use your personal data:

• To register you as a new customer
• To provide and manage our services
• To manage our relationship with you
• To process and deliver your order
• To administer and protect our business, platform and website
• To deliver relevant website and platform content and advertisements to you
• To use data analytics to improve our website, products/services, platform, marketing, customer relationships, and experiences
• To make suggestions and recommendations to you about goods or services that may be of interest to you

Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
‍
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
‍
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting our DPO.

Aggregated, Non-personally Identifying Information

We may share certain aggregated, non-personally identifying information with others about the collective use of Simulacra by its user base (both platform and website), or how our users respond to and employ specific areas of the platform.  For example, we may compile statistics on the various uses of the Analyze tab across Simulacra users. Information may be used in aggregated form, however, it is never used in a manner that would identify you personally.

Your Legal Rights

Under the GDPR, you have the following rights in relation to your personal data:

• Right to access
• Right to rectification
• Right to erasure
• Right to restrict processing
• Right to data portability
• Right to object
• Right to withdraw consent

If you wish to exercise any of these rights, please contact our DPO using the details provided in Section 2.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. These measures include:

• Encryption of sensitive data at rest and in transit
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Regular backup procedures
• Incident response and disaster recovery plans

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

International Transfers

We may transfer your personal data to countries outside the European Economic Area (EEA) or your country of residence. Whenever we transfer your personal data internationally, we ensure a similar degree of protection is afforded to it by using specific contracts approved by the European Commission which give personal data the same protection it has in Europe, or other appropriate safeguards in compliance with applicable data protection laws.

SOC 2 Compliance

As part of our commitment to data security and privacy, we adhere to SOC 2principles. SOC 2 is a voluntary compliance standard developed by the American Institute of CPAs (AICPA) that specifies how organizations should manage customer data. Our SOC 2 compliance ensures that we maintain:

• Security: Our system is protected against unauthorized access
• Availability: Our system is available for operation and use as committed or agreed
• Processing Integrity: System processing is complete, valid, accurate, timely, and authorized
• Confidentiality: Information designated as confidential is protected as committed or agreed
• Privacy: Personal information is collected, used, retained, disclosed, and disposed of in conformity with our privacy notice and GDPR principles

Cookies and Similar Technologies

We use cookies and similar tracking technologies to track the activity on our service and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service.

Children's Privacy

Our service does not address anyone under the age of 16 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 16. If you are a parent or guardian and you are aware that your Child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers

Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes.

Third-Party Links

Our website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact our Data Protection Officer at: jason@simulacra-data.com
You have the right to make a complaint at any time to the supervisory authority for data protection issues in your country. We would, however, appreciate the chance to deal with your concerns before you approach the authority, so please contact us in the first instance.